Wireless Local Area Network access points, end-point communication devices, and computer program products that generate security alerts based on characteristics of interfering signals and/or connection messages

US 20080101324A1
Filed: 10/30/2006
Published: 05/01/2008
Est. Priority Date: 10/30/2006
Status: Active Grant

First Claim

Patent Images

1. A wireless local area network access point (WAP) comprising:

a transceiver that is configured to communicate messages with an end-point communication device through a wireless air interface in a defined frequency band;

a controller that is configured to receive through the transceiver a connection request message containing a password from the end-point communication device, to authenticate the received password, and to respond to the authentication by transmitting through the transceiver to the end-point communication device an encryption key as a connection response message; and

a security unit that is configured to generate a security alert based on measured characteristics of one or more received connection request messages and/or based on measured characteristics of interfering signals in the defined frequency band.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless local area network access point (WAP) includes a transceiver, a controller, and a security unit. The transceiver communicates messages with an end-point communication device through a wireless air interface in a defined frequency band. The controller receives through the transceiver a connection request message containing a password from the end-point communication device, authenticates the received password, and responds to the authentication by transmitting through the transceiver to the end-point communication device an encryption key as a connection response message. The security unit generates a security alert based on measured characteristics of one or more received connection request messages and/or based on measured characteristics of interfering signals in the defined frequency band.

Citations

20 Claims

1. A wireless local area network access point (WAP) comprising:
- a transceiver that is configured to communicate messages with an end-point communication device through a wireless air interface in a defined frequency band;
  
  a controller that is configured to receive through the transceiver a connection request message containing a password from the end-point communication device, to authenticate the received password, and to respond to the authentication by transmitting through the transceiver to the end-point communication device an encryption key as a connection response message; and
  
  a security unit that is configured to generate a security alert based on measured characteristics of one or more received connection request messages and/or based on measured characteristics of interfering signals in the defined frequency band.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The WAP of claim 1, wherein:
    - the security unit is further configured to generate the security alert by generating a visual and/or audible notification to a user that indicates that the user should take action to better secure communications by the WAP and/or an end-point communication device.
  - 3. The WAP of claim 1, wherein:
    - the WAP comprises an IEEE 802.11 access point; and
      
      the controller is configured to receive an IEEE 802.11 formatted probe request message as the connection request message, and to transmit an IEEE 802.11 formatted probe response message as the connection response message.
  - 4. The WAP of claim 1, wherein:
    - the security unit is further configured to measure a time between;
      
      1) receipt of the connection request message and/or transmission of the connection response message; and
      
      2) a subsequent onset of at least one interfering signal having at least a threshold magnitude in the defined frequency band, and to generate the security alert based on the measured time being less than a threshold time.
  - 5. The WAP of claim 1, wherein:
    - the controller is further configured to transmit a beacon message that contains information that is indicative of a present connection configuration availability of the WAP; and
      
      the security unit is further configured to measure a time between transmission of the beacon message and subsequent onset of at least one interfering signal having at least a threshold magnitude in the defined frequency band, and to generate the security alert based on the measured time being less than a threshold time.
  - 6. The WAP of claim 1, wherein:
    - the security unit is further configured to generate the security alert based on detecting at least one disassociation message received from another device that contains an identifier associated with the WAP and therefore incorrectly appears to have originated from the WAP.
  - 7. The WAP of claim 1, further comprising a user interface, wherein:
    - the controller is further configured to transmit the beacon message in response to a pushbutton mode activated by a user selection on the user interface of the WAP; and
      
      the security unit is further configured to measure a time correlation between transmission of the beacon message responsive to a user selection on the user interface of the WAP and a subsequent receipt of the connection request message which is expected to have been generated by a subsequent delayed user selection on a user interface of the end-point communication device, and to generate the security alert in response to the time correlation measurement indicating that less than a threshold time occurred between the transmission of the beacon message and the subsequent receipt of the connection request message.
  - 8. The WAP of claim 1, further comprising:
    - a rewritable non-volatile memory, wherein the security unit is further configured to generate the security alert by recording information relating to the security alert as a user accessible log in the nonvolatile memory.
  - 9. The WAP of claim 1, further comprising:
    - an interface that is configured to be communicatively connected to the Internet through a broadband modem, wherein the security unit is further configured to communicate information relating to the security alert through the interface and connected Internet to a network management center.
  - 10. The WAP of claim 1, further comprising:
    - an interface that is configured to be communicatively connected to the Internet through a broadband modem, wherein the security unit is further configured to communicate information relating to the security alert as an email message and/or as an instant message through the interface and connected Internet to a defined user destination address.

11. An end-point communication device comprising:
- a transceiver that is configured to communicate messages with a wireless local area network access point (WAP) through a wireless air interface in a defined frequency band;
  
  a controller that is configured to transmit through the transceiver to the WAP a connection request message containing a password, to receive a connection response message through the transceiver from the WAP that contains an encryption key, and to configure a communication network with the WAP in response to the connection response message; and
  
  a security unit that is configured to generate a security alert based on measured characteristics of one or more received connection response messages and/or based on measured characteristics of interfering signals in the defined frequency band.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The end-point communication device of claim 11, wherein:
    - the security unit is further configured to generate the security alert by generating a visual and/or audible notification to a user that indicates that the user should take action to better secure communications by the WAP and/or an end-point communication device.
  - 13. The end-point communication device of claim 11, wherein:
    - the security unit is further configured to measure a time between;
      
      1) transmission of the connection request message and/or receipt of the connection response message; and
      
      2) a subsequent onset of at least one interfering signal having at least a threshold magnitude in the defined frequency band, and to generate the security alert based on the measured time being less than a threshold time.
  - 14. The end-point communication device of claim 11, wherein:
    - the controller is further configured to receive a beacon message from the WAP that contains information that is indicative of a present connection configuration availability of the WAP; and
      
      the security unit is further configured to measure a time between receipt of the beacon message and subsequent onset of at least one interfering signal having at least a threshold magnitude in the defined frequency band, and to generate the security alert based on the measured time being less than a threshold time.
  - 15. The end-point communication device of claim 11, wherein:
    - the controller is further configured to receive a beacon message from the WAP that contains information that is indicative of a present connection configuration availability of the WAP; and
      
      the security unit is further configured to generate the security alert based on a measurement of a rate and/or periodicity of receipt of a plurality of the beacon messages.
  - 16. The end-point communication device of claim 11, further comprising a user interface, wherein:
    - the controller is further configured to transmit the connection request message in response to a pushbutton mode activated by a user selection on the user interface of the end-point communication device; and
      
      the security unit is further configured to measure a time between transmission of the connection request message and a subsequent receipt of the connection response message which is expected to have been generated by a subsequent delayed user initiation of a pushbutton mode by a user selection on a user interface of the WAP which initiates transmission of the connection response message from the WAP, and to generate the security alert based on the measured time being less than a threshold time.
  - 17. The end-point communication device of claim 11, further comprising:
    - a rewritable non-volatile memory, wherein the security unit is further configured to generate the security alert by recording information relating to the security alert as a user accessible log in the nonvolatile memory.
  - 18. The end-point communication device of claim 11, further comprising:
    - an interface that is configured to be communicatively connected to the Internet through a modem, wherein the security unit is further configured to communicate information relating to the security alert through the interface and connected Internet to a network management center.
  - 19. The end-point communication device of claim 11, wherein the controller is further configured to generate the security alert in response to receiving a disassociation message.
  - 20. The end-point communication device of claim 19, wherein the controller is further configured to generate the security alert in response to receiving at least a threshold plurality number of disassociation messages within a threshold time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bellsouth Intellectual Property Corporation (AT&T, Inc.)
Original Assignee
Bellsouth Intellectual Property Corporation (AT&T, Inc.)
Inventors
Stark, Barbara

Granted Patent

US 7,929,513 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/345
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04W 12/065   Continuous authentication

H04W 12/122   Counter-measures against at...

H04W 12/125   Protection against power ex...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/08   Access point devices

Wireless Local Area Network access points, end-point communication devices, and computer program products that generate security alerts based on characteristics of interfering signals and/or connection messages

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless Local Area Network access points, end-point communication devices, and computer program products that generate security alerts based on characteristics of interfering signals and/or connection messages

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links