Network infrastructure validation of network management frames
First Claim
Patent Images
1. A method for validating network management frames, comprising:
- receiving a management frame;
obtaining a key for a source of the management frame; and
validating the management frame using the key.
1 Assignment
0 Petitions
Accused Products
Abstract
A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.
70 Citations
31 Claims
-
1. A method for validating network management frames, comprising:
-
receiving a management frame;
obtaining a key for a source of the management frame; and
validating the management frame using the key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for distributing signature keys between access points of a wireless network by a security server, comprising:
-
authenticating a first access point;
authenticating a second access point;
assigning a first signature key to the first access point;
receiving a request from the second access point for a signature key for the first access point; and
sending the first signature key to the second access point. - View Dependent Claims (22, 23, 31)
-
-
24. An access point, comprising:
-
a wireless transceiver;
a controller coupled to the wireless transceiver for controlling the wireless transceiver; and
a network backbone transceiver enabling the controller to communicate with another node on a network;
wherein the wireless transceiver receives a management frame from a second access point, the controller responsive to the receipt of the management frame obtains a key for the second access point via the network backbone transceiver; and
wherein the controller is configured for validating the management frame using the key. - View Dependent Claims (25, 26)
-
-
27. A computer-readable medium of instructions, comprising:
-
means for receiving a management frame from a second access point;
means for obtaining a key for the second access point; and
means for validating the management frame using the key. - View Dependent Claims (28, 29)
-
-
30. A computer-readable medium of instructions, comprising:
-
means for authenticating a first access point;
means for authenticating a second access point;
means for assigning a first signature key to the first access point;
means for receiving a request from the second access point for a signature key for the first access point; and
means for sending the first signature key to the second access point.
-
Specification