Wireless lan intrusion detection based on location

US 20050136891A1
Filed: 12/22/2003
Published: 06/23/2005
Est. Priority Date: 12/22/2003
Status: Active Grant

First Claim

Patent Images

1. In a wireless local area data communications system, wherein mobile units communicate with access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, a method for detecting unauthorized signals, comprising:

maintaining a database relating authorized transmitters to location;

detecting selected signals at said access points and recording location data corresponding to said signals for use in locating a source of said signals;

locating said source using said location data;

comparing said source location to a corresponding location in said database; and

signaling an alarm if said source location is inconsistent with said corresponding database location.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A intrusion detection method is disclosed for use in a wireless local area data communications system, wherein mobile units communicate with access points, and wherein the system is arranged to locate transmitters using signals transmitted by the transmitters. A database relating authorized transmitters to location is maintained. Selected signals are detected at the access points and location data corresponding to the selected signals for use in locating a source of the signals is recorded. The source location is determined using the location data, and the source location is compared to a corresponding location in the database. An alarm is signaled if the source location is inconsistent with the corresponding database location.

34 Citations

View as Search Results

22 Claims

1. In a wireless local area data communications system, wherein mobile units communicate with access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, a method for detecting unauthorized signals, comprising:
- maintaining a database relating authorized transmitters to location;
  
  detecting selected signals at said access points and recording location data corresponding to said signals for use in locating a source of said signals;
  
  locating said source using said location data;
  
  comparing said source location to a corresponding location in said database; and
  
  signaling an alarm if said source location is inconsistent with said corresponding database location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as specified in claim 1 wherein said selected signal is a signal transmitted by a mobile unit and wherein said source location is compared to a location for said mobile unit in said database.
  - 3. A method as specified in claim 2 wherein said selected signal is an association request signal.
  - 4. A method as specified in claim 2 wherein said signal is an EAPoL signal.
  - 5. A method as specified in claim 1, wherein additional locating devices are used to detect said selected signals to improve the accuracy of the locating of said source.
  - 6. A method as specified in claim 1 wherein said selected signal is a signal type transmitted by an access point, and wherein said source location is compared to a location for said access point.
  - 7. A method as specified in claim 6 wherein said selected signal is a management/control signal.
  - 8. A method as specified in claim 6 wherein said signal is a beacon signal.
  - 9. A method as specified in claim 6 wherein said signal is a de-authorization or de-authentication signal.
  - 10. A method as specified in claim 6 wherein said signal is a disassociation signal.
  - 11. A method as specified in claim 6 wherein said signal is an EAPoL signal.

12. In a wireless local area data communications system, wherein mobile units communicate with access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, a method for detecting unauthorized signals, comprising:
- maintaining a database relating authorized transmitters to location, said database further comprising MAC information;
  
  detecting selected signals at said access points and recording location data corresponding to said signals for use in locating a source of said signals;
  
  locating said source using said location data;
  
  comparing said source location to a corresponding location in said database;
  
  extracting a MAC address from said source location;
  
  comparing said MAC address with MAC information in said database; and
  
  signaling an alarm if analysis of said source location and said MAC address suggest possible unauthorized network access.
- View Dependent Claims (13, 14)
- - 13. A method as specified in claim 12 wherein said analysis indicates that said MAC address is inconsistent with MAC information relating to substantially the same location.
  - 14. A method as specified in claim 12 wherein said analysis indicates that said MAC address is located at more than one location.

15. In a wireless local area data communications system, wherein mobile units communicate with access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, a method for detecting unauthorized signals, comprising:
- maintaining a database relating to allowed locations;
  
  detecting selected signals at said access points and recording location data corresponding to said signals for use in locating a source of said signals;
  
  locating said source using said location data;
  
  comparing said source location to the allowed locations in said database; and
  
  signaling an alarm if said source location is not within said allowed locations.
- View Dependent Claims (16, 17, 18, 19)
- - 16. A method as specified in claim 15, wherein said allowed locations correspond to locations which are authorized locations for mobile units.
  - 17. A method as specified in claim 15, wherein said allowed locations correspond to locations which are physically feasible locations for mobile units.
  - 18. A method as specified in claim 15, wherein said allowed locations correspond to locations which are unobstructed by structures.
  - 19. A method as specified in claim 15, wherein additional locating devices are used to detect said selected signals to improve the accuracy of the locating of said source.

20. In a wireless local area data communications system, wherein mobile units communicate with a first and second access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, and further wherein said first and second access points are located substantially within proximity such that under normal conditions they detect signals transmitted by same said transmitters, a method for detecting unauthorized signals, comprising:
- detecting selected signals at said first access point and recording location data corresponding to said signals for use in locating a source of said signals; and
  
  signaling an alarm if said signals are not detected at said second access point.

21. In a wireless local area data communications system, wherein mobile units communicate with access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, a method for detecting unauthorized signals, comprising:
- maintaining a database comprising network data traffic information;
  
  detecting selected signals at said access points and recording location data corresponding to said signals for use in locating a source of said signals;
  
  locating said source using said location data;
  
  monitoring said selected signals to determine network data traffic characteristics at said source location;
  
  comparing said determined network data traffic characteristics to information in said database; and
  
  signaling an alarm if said determined network data traffic characteristics at said source location is inconsistent with information in said database.

22. In a wireless local area data communications system, wherein mobile units communicate with access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, a method for detecting unauthorized signals, comprising:
- maintaining a database relating authorized transmitters to location;
  
  detecting selected signals by one or more mobile units and recording location data corresponding to said signals for use in locating a source of said signals;
  
  locating said source using said location data;
  
  comparing said source location to a corresponding location in said database; and
  
  signaling an alarm if said source location is inconsistent with said corresponding database location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symbol Technologies, LLC (Zebra Technologies Corporation)
Original Assignee
Symbol Technologies, Inc. (Zebra Technologies Corporation)
Inventors
Willins, Bruce, Wang, Huayan Amy, Sharony, Jacob, Goren, Dave

Granted Patent

US 7,426,383 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/410
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/08   for authentication of entit...

H04L 63/107   wherein the security polici...

H04L 63/1416   Event detection, e.g. attac...

H04W 4/16   Communication-related suppl...

H04W 64/00   Locating users or terminals...

H04W 84/12   WLAN [Wireless Local Area N...

Wireless lan intrusion detection based on location

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless lan intrusion detection based on location

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links