Network client validation of network management frames
First Claim
1. In a wireless client that includes one or more wireless network interfaces for communicating with at least one access point, a method comprising:
- associating with a wireless access point;
authenticating to an authentication server; and
conditionally applying, at the wireless client, one or more security policies based on a failure to authenticate to the authentication server.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for use in a wireless client that includes one or more wireless network interfaces for communicating with at least one access point wherein the method enables the wireless client to validate the authenticity and integrity of received management frames. The method includes receiving a protected wireless network management frame from an access point verifying a message integrity check (MIC) appended to the protected wireless network management frame. One or more security policies are then conditionally applied based on a failure to verify the MIC.
-
Citations
38 Claims
-
1. In a wireless client that includes one or more wireless network interfaces for communicating with at least one access point, a method comprising:
-
associating with a wireless access point; authenticating to an authentication server; and conditionally applying, at the wireless client, one or more security policies based on a failure to authenticate to the authentication server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A wireless client comprising:
-
a wireless network interface; one or more processors; a memory; a wireless network interface driver application, stored in the memory, including instructions operable to cause the one or more processors and the wireless network interface to; associate with a wireless access point; authenticate to an authentication server; and conditionally apply, at the wireless client, one or more security policies based on a failure to authenticate to the authentication server. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A wireless client, comprising:
-
means for establishing a wireless network connection with a wireless access point; means for authenticating to an authentication server; and means for conditionally applying, at the wireless client, one or more security policies based on a failure to authenticate to the authentication server.
-
-
19. In a wireless client that includes one or more wireless network interfaces for communicating with at least one access point, a method comprising:
-
receiving a wireless network management frame from an access point; verifying, if the wireless network management frame is protected, a message integrity check (MIC) appended to the protected wireless network management frame; and conditionally applying, at the wireless client, one or more security policies based on a failure to verify the MIC. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A wireless client comprising:
-
a wireless network interface; one or more processors; a memory; a wireless network interface driver application, stored in the memory, including instructions operable to cause the one or more processors and the wireless network interface to; receive a wireless network management frame from an access point; verify, if the wireless network management frame is protected, a message integrity check (MIC) appended to the protected wireless network management frame; and conditionally apply one or more security policies based on a failure to verify the MIC. - View Dependent Claims (26, 27, 28, 29, 30)
-
-
31. A wireless client comprising
means for establishing a wireless network connection with a wireless access point, and for receiving a wireless network management frame from the access point; -
means for verifying, if the wireless network management frame is protected, a message integrity check (MIC) appended to the protected wireless network management frame; and means for conditionally applying one or more security policies based on a failure to verify the MIC.
-
-
32. In an access point operable in a wireless network infrastructure, a method for preventing a rogue wireless client from connecting to an access point compromising:
-
receiving, from a wireless client, a re-association request containing a message integrity check (MIC); receiving connection state information that includes one or more keys for the wireless client; verifying the MIC; establishing a connection with the wireless client if the MIC is valid; and conditionally applying one or more security policies if the message integrity check (MIC) can not be verified. - View Dependent Claims (33, 34)
-
-
35. An access point compromising:
-
a wireless network interface; one or more processors; a memory; a wireless access point application, stored in the memory, including instructions operable to cause the one or more processors and the wireless network interface to; receive a re-association request that contains a message integrity check (MIC) from a wireless client; receive connection state information that includes one or more keys for the wireless client; verify the MIC; establish a connection if the MIC is valid; and conditionally apply one or more security policies if the message integrity check (MIC) can not be verified. - View Dependent Claims (36, 37)
-
-
38. A wireless access point, comprising
means for receiving, from a wireless client, a re-association request containing a message integrity check (MIC); -
means for receiving connection state information that includes one or more keys for the wireless client; means for verifying the MIC; means for establishing a connection with the wireless client if the MIC is valid; and means for conditionally applying one or more security policies if the message integrity check (MIC) can not be verified.
-
Specification