Threat index based WLAN security and quality of service

US 10,524,130 B2
Filed: 07/13/2017
Issued: 12/31/2019
Est. Priority Date: 07/13/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving a request from a client device connected to a network via a wireless link, wherein the request is communicated from the client device over the wireless link to a wireless access point;

determining, by the wireless access point, a threat index value for the client device, wherein the threat index value is determined based on one or more radio frequency (RF) characteristics of the client device communicating over the wireless link and a reliability index value associated with the client device, wherein the one or more RF characteristics comprise an angle of arrival, a beamforming characteristic, or a received signal strength indicator (RSSI);

determining one or more security policies associated with one or more respective network resources, wherein each security policy applies one or more rules for allocating one of the network resources; and

determining allocation of one or more of the network resources to the client device based on the one or more security policies and the threat index value.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations generally relate methods, systems, and computer readable media for providing threat index based wireless local area networks (WLAN) security and quality of service. In one implementation, a method includes receiving a request from a client device connected to a network via a network link. The method further includes determining a threat index value for the client device. The method further includes determining one or more security policies associated with one or more respective network resources, where each security policy applies one or more rules for allocating one of the network resources. The method further includes determining allocation of one or more of the network resources to the client device based on the one or more security policies and the threat index value.

Citations

17 Claims

1. A computer-implemented method comprising:
- receiving a request from a client device connected to a network via a wireless link, wherein the request is communicated from the client device over the wireless link to a wireless access point;
  
  determining, by the wireless access point, a threat index value for the client device, wherein the threat index value is determined based on one or more radio frequency (RF) characteristics of the client device communicating over the wireless link and a reliability index value associated with the client device, wherein the one or more RF characteristics comprise an angle of arrival, a beamforming characteristic, or a received signal strength indicator (RSSI);
  
  determining one or more security policies associated with one or more respective network resources, wherein each security policy applies one or more rules for allocating one of the network resources; and
  
  determining allocation of one or more of the network resources to the client device based on the one or more security policies and the threat index value.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the determining the threat index value for the client device by the wireless access point comprises:
    - monitoring, by the wireless access point, the one or more RE characteristics of the client device communicating over the wireless link; and
      
      comparing the one or more RF characteristics to baseline characteristics.
  - 3. The method of claim 1, wherein the reliability index value is based on one or more physical characteristics of the client device.
  - 4. The method of claim 1, wherein one of the network resources includes virtual local area network (VLAN) assignments, and wherein the method further comprises applying one of the security policies to the VLAN assignments based on the threat index value.
  - 5. The method of claim 1, wherein one of the network resources includes airtime, and wherein the method further comprises applying one of the security policies to airtime allocation based on the threat index value.
  - 6. The method of claim 1, wherein one of the network resources includes band steering, and wherein the method further comprises applying one of the security policies to the band steering based on the threat index value.
  - 7. The method of claim 1, wherein one of the network resources includes service set identifier (SSID) steering, and wherein the method further comprises applying one of the security policies to the SSID steering based on the threat index value.

8. A system comprising:
- one or more processors coupled to a computer-readable medium having stored thereon software instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including;
  
  receiving a request from a client device connected to a network via a wireless link to a wireless access point, wherein the request is communicated from the client device over the wireless link;
  
  determining a threat index value for the client device, wherein the threat index value is determined based on one or more radio frequency (RF) characteristics of the client device communicating over the wireless link and a reliability index value associated with the client device, wherein the one or more RF characteristics comprise an angle of arrival, a beamforming characteristic, or a received signal strength indicator (RSSI);
  
  determining one or more security policies associated with one or more respective network resources, wherein each security policy applies one or more rules for allocating one of the network resources; and
  
  determining allocation of one or more of the network resources to the client device based on the one or more security policies and the threat index value.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein determining the threat index value for the client device comprises:
    - monitoring the one or more RF characteristics of the client device communicating over the wireless link; and
      
      comparing the one or more RF characteristics to baseline RF characteristics.
  - 10. The system of claim 8, wherein one of the network resources includes virtual local area network (VLAN) assignments, and wherein the operations further comprise applying one of the security policies to the VLAN assignments based on the threat index value.
  - 11. The system of claim 8, wherein one of the network resources includes airtime, and wherein the operations further comprise applying one of the security policies to airtime allocation based on the threat index value.
  - 12. The system of claim 8, wherein one of the network resources includes band steering, and wherein the operations further comprise applying one of the security policies to the band steering based on the threat index value.
  - 13. The system of claim 8, wherein one of the network resources includes service set identifier (SSID) steering, and wherein the operations further comprise applying one of the security policies to the SSID steering based on the threat index value.

14. A non-transitory computer-readable medium having stored thereon software instructions that, when executed by one or more processors, cause the one or more processors to perform operations including;
- receiving a request from a client device connected to a network via a wireless link to a wireless access point, wherein the request is communicated from the client device over the wireless link;
  
  determining a threat index value for the client device, wherein the threat index value is determined based on one or more radio frequency (RF) characteristics of the client device communicating over the wireless link and a reliability index value associated with the client device, wherein the one or more RF characteristics comprise an angle of arrival, a beamforming characteristic, or a received signal strength indicator (RSSI);
  
  determining one or more security policies associated with one or more respective network resources, wherein each security policy applies one or more rules for allocating one of the network resources; and
  
  determining allocation of one or more of the network resources to the client device based on the one or more security policies and the threat index value.
- View Dependent Claims (15, 16, 17)
- - 15. The non-transitory computer-readable medium of claim 14, wherein determining the threat index value for the client device comprises:
    - monitoring, by the wireless access point, the one or more RF characteristics of the client device communicating over the wireless link; and
      
      comparing the one or more RF characteristics to baseline RF characteristics.
  - 16. The non-transitory computer-readable medium of claim 14, wherein one of the network resources includes virtual local area network (VLAN) assignments, and wherein the operations further comprise applying one of the security policies to the VLAN assignments based on the threat index value.
  - 17. The non-transitory computer-readable medium of claim 14, wherein one of the network resources includes airtime, and wherein the operations further comprise applying one of the security policies to airtime allocation based on the threat index value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Sophos Limited (Sophos Group Ltd.)
Inventors
Shanmugavadivel, Senthilraj, Bolte, Dirk, Talati, Shail
Primary Examiner(s)
Perungavoor, Venkat

Application Number

US15/649,548
Publication Number

US 20190021004A1
Time in Patent Office

901 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 72/04   Wireless resource allocation

H04W 84/12   WLAN [Wireless Local Area N...

Threat index based WLAN security and quality of service

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Threat index based WLAN security and quality of service

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links