Rogue access point detection and restriction

US 20070049323A1
Filed: 08/25/2005
Published: 03/01/2007
Est. Priority Date: 08/25/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for securing a network, comprising:

detecting a rogue access point; and

responsive to said detecting, performing an action on at least one of said network and at least some of a number of clients.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing a network having a number of access points which comprises detecting a rogue access point and responsive to the detecting, hindering a client from accessing the network via the rogue access point. The network comprises a number of access points and a first device having stored thereon a list of access points determined to be acceptable access points. The network is structured to enable communication between the first device and a second device through at least one of the number of access points. Furthermore, the network is structured to hinder the second device from accessing the first device via an access point other than an acceptable access point.

Citations

30 Claims

1. A method for securing a network, comprising:
- detecting a rogue access point; and
  
  responsive to said detecting, performing an action on at least one of said network and at least some of a number of clients.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein said detecting a rogue access point comprises:
    - detecting a number of access points;
      
      gathering information related to at least some of said number of access points;
      
      comparing one of said at least some of said number of access points to a list of access points; and
      
      determining that said one of said at least some of said number of access points is a rogue access point.
  - 3. The method of claim 2 wherein said detecting a number of access points includes detecting at least some of said number of access points with said at least some of a number of clients.
  - 4. The method of claim 2 wherein said gathering information related to at least some of said number of access points includes gathering information related to a first one of said at least some of said number of access points with at least one of said at least some of a number of clients and another one of said at least some of said number of access points.
  - 5. The method of claim 2 wherein said comparing one of said at least some of said number of access points to a list of access points includes comparing said one of said at least some of said number of access points to a list of access points stored on said at least some of a number of clients.
  - 6. The method of claim 2 wherein said comparing one of said at least some of said number of access points to a list of access points occurs at least one of when said at least some of a number of clients attempt to connect to said network and attempts to roam from a first access point to said one of said at least some of said number of access points.
  - 7. The method of claim 2 further comprising updating said list of access points in response to said gathered information.
  - 8. The method of claim 7 wherein said updating said list of access points includes:
    - transmitting a signal representative of at least some of said information from said at least some of a number of clients to said server; and
      
      responsive to said transmitting, updating on said server said list of access points to generate an updated list of access points.
  - 9. The method of claim 8 further comprising communicating to said at least some of a number of clients a signal representative of at least a portion of said updated list of access points.
  - 10. The method of claim 1 further comprising generating at least one of a list of acceptable access points and a list of rogue access points.
  - 11. The method of claim 10 wherein generating a list of acceptable access points comprises:
    - determining that each of at least some of a number of access points is an acceptable access point; and
      
      adding at least a first said acceptable access point to said list of acceptable access points.
  - 12. The method of claim 11 wherein said generating a list of acceptable access points further comprises listing at least one of an extended service set identifier associated with said at least a first said acceptable access point and a basic service set identifier associated with said at least a first said acceptable access point.
  - 13. The method of claim 10 wherein generating a list of rogue access points comprises:
    - determining that at least a first access point from among a number of access points is a rogue access point; and
      
      adding said rogue access point to said list of rogue access points.
  - 14. The method of claim 2 wherein said gathering information related to at least some of said number of access points includes gathering, for each access point of said at least some of said number of access points, at least one of an extended service set identifier and a basic service set identifier associated with said access point.
  - 15. The method of claim 14 wherein said comparing one of said at least some of said number of access points to a list of access points includes comparing a service set identifier associated with said one of said at least some of said number of access points to a service set identifier associated with an acceptable access point.
  - 16. The method of claim 1 wherein said performing an action includes at least one of hindering at least one of said number of clients from accessing said network via said rogue access point, updating a list of acceptable access points stored on at least one of said number of clients, updating a list of rogue access points stored on at least one of said number of clients, continuously issuing disassociation requests from trusted access points, flooding said rogue access point, and locating said rogue access point through triangulation.
  - 17. The method of claim 16 wherein said hindering comprises limiting access to said network by at least one of said number of clients to acceptable access points.

18. A network comprising:
- a number of access points; and
  
  a first device having stored thereon at least one of a list of access points determined to be acceptable access points and a list of access points determined to be rogue access points;
  
  wherein said network is structured to enable communication between said first device and a second device through at least one of said number of access points determined to be acceptable access points, and wherein said network is structured to hinder said second device from accessing said first device through at least one of said number of access points determined to be a rogue access point.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The network of claim 18 wherein said first device is structured to generate and communicate to said second device at least one of said list of access points determined to be acceptable access points and said list of access points determined to be rogue access points, each of at least some of said number of access points determined to be acceptable access points and each of said number of access points determined to be rogue access points having at least one of an extended service set identifier and a basic service set identifier associated therewith.
  - 20. The network of claim 19 wherein said first device is structured to make a comparison between a prospective access point and said list of access points determined to be acceptable access points, and responsive to said comparison, determine that said prospective access point is an acceptable access point.
  - 21. The network of claim 19 wherein said first device is structured to make a comparison between a prospective access point and said list of access points determined to be rogue access points, and responsive to said comparison, determine that said prospective access point is a rogue access point.
  - 22. The network of claim 18 wherein said second device includes at least one of said list of access points determined to be acceptable access points and said list of access points determined to be rogue access points stored thereon, each access point of at least a portion of said at least one of said list of access points determined to be acceptable access points and said list of access points determined to be rogue access points having a service set identifier associated therewith.
  - 23. The network of claim 22 wherein said second device is structured to make a comparison between a prospective access point and said list of access points determined to be acceptable access points and, responsive to said comparison, determine that said prospective access point is an acceptable access point.
  - 24. The network of claim 22 wherein said second device is structured to make a comparison between a prospective access point and said list of access points determined to be rogue access points and, responsive to said comparison, determine that said prospective access point is a rogue access point.
  - 25. The network of claim 18 wherein said network is structured to hinder said second device by at least one of limiting access to said network by the second device to acceptable access points, updating at least one of said a list of access points determined to be acceptable access points and a list of access points determined to be rogue access stored on said first device, updating at least one of said a list of access points determined to be acceptable access points and a list of access points determined to be rogue access stored on said second device, flooding said rogue access point, and locating said rogue access point through triangulation.
  - 26. The network of claim 18 wherein said first device is one of a server, an access controller, and another electronic device and said second device is a client.

27. A method of controlling access to a wireless network comprising:
- maintaining at least one of a list of acceptable access points and a list of rogue access points; and
  
  transmitting to a client at least a portion of at least one of a list of acceptable access points and a list of rogue access points.
- View Dependent Claims (28, 29, 30)
- - 28. The method of claim 27 wherein said maintaining includes storing information associated with each of at least some of a number of access points that are acceptable.
  - 29. The method of claim 27 further comprising hindering a client from accessing said network via an access point that is not contained on said list of acceptable access points.
  - 30. The method of claim 27 further comprising detecting a number of access points and transmitting from said client to said server information associated with at least some of said number of access points.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Wang, James, Chen, Michael, Dunk, Craig

Application Number

US11/211,280
Publication Number

US 20070049323A1
Time in Patent Office

Days
Field of Search
US Class Current

455/525
CPC Class Codes

H04W 12/122 Counter-measures against at...

H04W 88/08 Access point devices

Rogue access point detection and restriction

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Rogue access point detection and restriction

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links