Laws, customs, and business agreements typically regulate the dissemination of data. Access to network data such as files, records, and streams often must be kept within an enterprise network or consumer (household) network. Such restrictions are not automatically controlled on Internet Protocol (IP) networks in the current art. A device on an IP network can send data to remote networks. An IP tunnel, for instance, can give an IP address for a local network to a remote device. Such tunnels can be transparent to the local network. Thus, a device is located on a network for which it has an address and not necessarily on the network to which it is physically attached. In general, a device may belong to multiple networks, serially or concurrently, anywhere on Earth or in Space.
One network data security scheme is the DTCP/IP (Digital Transmission Content Protection on Internet Protocol) standard, which attempts to restrict the physical distance between data source and destination (sink) devices. The source DTCP/IP device executes a ping command before transferring content to a sink device; if the ping exceeds a time threshold, DTCP/IP logic concludes that the sink device is remote to the household and refuses access, i.e., the DTCP/IP source refuses to give the content decryption keys to the sink when the ping takes too long. This scheme is not robust when there is great diversity in the networks and devices that interconnect them. Nor is it future-proof to improvements in network speeds. In addition, DTCP/IP devices on wireless networks will indiscriminately share data across households and violate household-based subscription models. This reality of IP networking poses a problem for business models and security policies that attempt to constrain the networks to which data can be copied, streamed, downloaded or otherwise transported.
Accordingly, an apparatus and/or method that can identify devices that are authorized for accessing data on a network regardless of tunneling, network-address translation, or multi-homing would be advantageous. The present invention provides a novel solution to this problem and related problems.