Wireless network system, terminal management device, wireless relay device, and communications method

US 10,575,177 B2
Filed: 03/17/2014
Issued: 02/25/2020
Est. Priority Date: 03/22/2013
Status: Active Grant

First Claim

Patent Images

1. A wireless network system including a wireless relay device and a terminal management device, wherein the terminal management device comprises:

a CPU that is configured to;

communicate with a wireless terminal via a different communication network from the wireless network system;

receive state information indicating a state of the wireless terminal from the wireless terminal;

determine whether or not the wireless terminal satisfies a predetermined security policy based on the state information indicating the state of the wireless terminal;

transmit connection information for connection to the wireless relay device to the wireless terminal which is determined to satisfy the security policy; and

transmit a unique identifier of the wireless terminal to the wireless relay device to cause the wireless relay device to update a filter such that the wireless terminal is allowed to be connected to the wireless network system, whereinthe terminal management device, the wireless relay device, and the wireless terminal are each remotely distinct and separate entities,wherein the CPU is also configured to;

periodically receive state information indicating a state of the wireless terminal from the wireless terminal, and when the state of the wireless terminal does not satisfy the security policy, delete the connection information from the wireless terminal and cause the wireless relay device to update the filter to exclude connection of the wireless terminal to the wireless network system, whereinthe determine whether or not the wireless terminal satisfies a predetermined security policy is based on the state information indicating the state of the wireless terminal, andthe connection information for connection to the wireless relay device is transmitted to the wireless terminal when the state of the wireless terminal is determined to satisfy the security policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a technology for allowing only a wireless terminal satisfying a security policy to be connected to an in-company network without causing a significant increase in costs. The terminal management device including a determination part communicating with a wireless terminal via a different communication network from the wireless network system, and determining whether or not the wireless terminal satisfies a predetermined security policy, and a connection information transmission part transmitting connection information for connection to the wireless relay device to the wireless terminal which is determined to satisfy the security policy by the determination part is provided in a wireless network system that includes a wireless access point device constituting an in-company network and connecting a wireless terminal for which predetermined connection information has been set.

26 Citations

22 Claims

1. A wireless network system including a wireless relay device and a terminal management device, wherein the terminal management device comprises:
- a CPU that is configured to;
  
  communicate with a wireless terminal via a different communication network from the wireless network system;
  
  receive state information indicating a state of the wireless terminal from the wireless terminal;
  
  determine whether or not the wireless terminal satisfies a predetermined security policy based on the state information indicating the state of the wireless terminal;
  
  transmit connection information for connection to the wireless relay device to the wireless terminal which is determined to satisfy the security policy; and
  
  transmit a unique identifier of the wireless terminal to the wireless relay device to cause the wireless relay device to update a filter such that the wireless terminal is allowed to be connected to the wireless network system, whereinthe terminal management device, the wireless relay device, and the wireless terminal are each remotely distinct and separate entities,wherein the CPU is also configured to;
  
  periodically receive state information indicating a state of the wireless terminal from the wireless terminal, and when the state of the wireless terminal does not satisfy the security policy, delete the connection information from the wireless terminal and cause the wireless relay device to update the filter to exclude connection of the wireless terminal to the wireless network system, whereinthe determine whether or not the wireless terminal satisfies a predetermined security policy is based on the state information indicating the state of the wireless terminal, andthe connection information for connection to the wireless relay device is transmitted to the wireless terminal when the state of the wireless terminal is determined to satisfy the security policy.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The wireless network system according to claim 1, wherein the CPU transmits the connection information via the different communication network from the wireless network system.
  - 3. The wireless network system according to claim 1, further comprising:
    - a detection device that detects that the wireless terminal enters a service area of the wireless network system,wherein the CPU of the terminal management device performs a determination as to the security policy on the wireless terminal which is detected to enter the service area of the wireless network system by the detection device.
  - 4. The wireless network system according to claim 3, wherein the wireless relay device functions as the detection device.
  - 5. The wireless network system according to claim 1, wherein the state information indicating the state of the wireless terminal includes install data indicating a type or a version of an OS and application software installed in the wireless terminal.
  - 6. The wireless network system according to claim 5, wherein the CPU of the terminal management device is configured to determine whether or not the wireless terminal satisfies the predetermined security policy according to a comparison between the install data received from the wireless terminal and security policy data stored in the terminal management device.

7. A terminal management device comprising:
- a CPU that is configured to;
  
  communicate with a wireless terminal via a different communication network from a wireless network system including a wireless relay device;
  
  receive state information indicating a state of the wireless terminal from the wireless terminal;
  
  determine whether or not the wireless terminal satisfies a predetermined security policy based on the state information indicating the state of the wireless terminal;
  
  transmit connection information for connection to the wireless relay device to the wireless terminal which is determined to satisfy the security policy; and
  
  transmit a unique identifier of the wireless terminal to the wireless relay device to cause the wireless relay device to update a filter such that the wireless terminal is allowed to be connected to the wireless network system, whereinthe terminal management device, the wireless relay device, and the wireless terminal are each remotely distinct and separate entitieswherein the CPU is also configured to;
  
  periodically receive state information indicating a state of the wireless terminal from the wireless terminal, and when the state of the wireless terminal does not satisfy the security policy, delete the connection information from the wireless terminal and cause the wireless relay device to update the filter to exclude connection of the wireless terminal to the wireless network system, whereinthe determine whether or not the wireless terminal satisfies a predetermined security policy is based on the state information indicating the state of the wireless terminal, andthe connection information for connection to the wireless relay device is transmitted to the wireless terminal when the state of the wireless terminal is determined to satisfy the security policy.

8. A wireless relay device included in a wireless network system, the wireless relay device comprising:
- a CPU that is configured to;
  
  transmit, to a terminal management device, a terminal identifier of a wireless terminal when radio wave intensity of a request message received from the wireless terminal exceeds a predetermined threshold value and when the transmitted terminal identifier of the wireless terminal matches one of a registered terminals list; and
  
  update a filter for limiting wireless terminals of communicating via the wireless relay device according to an instruction from the terminal management device, whereinthe CPU updates the filter such that the wireless terminal is allowed to be connected to the wireless network system when instructed from the terminal management device, whereinthe terminal management device, the wireless relay device, and the wireless terminal are each remotely distinct and separate entities.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The wireless relay device according to claim 8, wherein the request message is a probe request, the terminal identifier is a MAC address, and the filter is a MAC address filter.
  - 10. The wireless relay device according to claim 8,wherein the CPU connects to the wireless terminal which has obtained connection information for connection to the wireless relay device via a different communication network from the wireless network system, and perform communication using the wireless network system with the wireless terminal.
  - 11. The wireless relay device according to claim 8, wherein the wireless relay device is a wireless access point device.
  - 12. The wireless relay device according to claim 8, wherein the wireless relay device is a wireless switching hub.
  - 13. The wireless relay device according to claim 8, wherein the wireless relay device is a wireless router.

14. A communications method comprising:
- communicating with a wireless terminal via a different communication network from a wireless network system including a wireless relay device, and determining whether or not the wireless terminal satisfies a predetermined security policy;
  
  receiving a state information indicating a state of the wireless terminal from the wireless terminal;
  
  transmitting connection information for connection to the wireless relay device to the wireless terminal which is determined to satisfy the security policy based on the state information indicating the state of the wireless terminal; and
  
  transmitting a unique identifier of the wireless terminal to the wireless relay device to cause the wireless relay device to update a filter such that the wireless terminal is allowed to be connected to the wireless network system, whereinthe wireless terminal communicates with a terminal management device, andthe terminal management device, the wireless relay device, and the wireless terminal are each remotely distinct and separate entitiesthe communications method further comprising;
  
  periodically receiving state information indicating a state of the wireless terminal from the wireless terminal, anddeleting, when the state of the wireless terminal does not satisfy the security policy, the connection information from the wireless terminal and causing the wireless relay device to update the filter to exclude connection of the wireless terminal to the wireless network system, whereinthe determine whether or not the wireless terminal satisfies a predetermined security policy is based on the state information indicating the state of the wireless terminal, andthe connection information for connection to the wireless relay device is transmitted to the wireless terminal when the state of the wireless terminal is determined to satisfy the security policy.
- View Dependent Claims (15, 16, 17)
- - 15. The communications method according to claim 14, wherein the connection information is transmitted via the different communication network from the wireless network system.
  - 16. The communications method according to claim 14, further comprising:
    - detecting that the wireless terminal enters a service area of the wireless network system,wherein a determination is performed as to the security policy on the wireless terminal which is detected to enter the service area of the wireless network system.
  - 17. The communications method according to claim 14, wherein the unique identifier is a MAC address, and the filter is a MAC address filter.

18. A communications method in a wireless relay device included in a wireless network system, the communications method comprising:
- transmitting, to a terminal management device, a terminal identifier of a wireless terminal when radio wave intensity of a request message received from the wireless terminal exceeds a predetermined threshold value and when the transmitted terminal identifier of the wireless terminal matches one of a registered terminals list; and
  
  updating a filter for limiting wireless terminals of communicating via the wireless relay device according to an instruction from the terminal management device, whereinthe filter is updated such that the wireless terminal is allowed to be connected to the wireless network system when instructed from the terminal management device, andthe terminal management device, the wireless relay device, and the wireless terminal are each remotely distinct and separate entities.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The communications method according to claim 18, wherein the request message is a probe request, the terminal identifier is a MAC address, and the filter is a MAC address filter.
  - 20. The communications method according to claim 18, further comprising:
    - connecting to the wireless terminal which has obtained connection information for connection to the wireless relay device via a different communication network from the wireless network system; and
      
      performing communication using the wireless network system with the wireless terminal.
  - 21. The communications method according to claim 18, further comprising:
    - periodically acquiring state information of the wireless terminal from the wireless terminal,confirming whether the state information satisfies the security policy, andwhen the state information does not satisfy the security policy, deleting the connection information of the wireless network system, and causing the wireless relay device to update the filter such that the wireless terminal is excluded from the wireless network system.
  - 22. The communications method according to claim 18, wherein further comprising:
    - causing the wireless terminal to delete the connection information of the wireless network system when connection of the wireless terminal to the wireless relay device is disconnected, and when the wireless terminal is not handed over to another wireless relay device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yamaha Corporation
Original Assignee
Yamaha Corporation
Inventors
Asano, Takahiro, Kimura, Toshihiro
Primary Examiner(s)
Chang, Kenneth W

Application Number

US14/778,921
Publication Number

US 20160050567A1
Time in Patent Office

2,171 Days
Field of Search
US Class Current
CPC Class Codes

H04B 7/15   Active relay systems

H04L 63/0236   Filtering by address, proto...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04W 12/08   Access security

H04W 16/26   Cell enhancers or enhanceme...

H04W 48/08   Access restriction or acces...

H04W 84/12   WLAN [Wireless Local Area N...

Wireless network system, terminal management device, wireless relay device, and communications method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Wireless network system, terminal management device, wireless relay device, and communications method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others