METHOD AND APPARATUS FOR SECURITY CONFIGURATION AND VERIFICATION OF WIRELESS DEVICES IN A FIXED/MOBILE CONVERGENCE ENVIRONMENT

US 20080301773A1
Filed: 01/21/2008
Published: 12/04/2008
Est. Priority Date: 05/30/2007
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

an information server storing network and related security configuration information for a plurality of networks; and

an administrative domain comprising a handoff server, the handoff server operating in response to an event notification from a domain device to access the information server and selectively forward connectivity information and security configuration information for a selected network to the domain device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is described that enables autonomic discovery of wireless network security mechanisms by mobile devices. Stateful monitoring of wireless devices facilitates identification of pending network connectivity loss, enabling a handoff server to proactively advertise new points of access and their associated security mechanisms to devices before connectivity is lost. As a result, devices may seamlessly transition between secure networks. Stateful monitoring of device reachability may be used together with device certificates and/or tokens to decrease the potential of MAC spoofing and further secure the network. Stateful monitoring of device connectivity status during network transitions facilitates the identification of rogue access points. The token or certificate on the device may be used to authenticate the device while transitioning between networks by a centralized entity, managing the initiation and the execution of the handover for the device.

44 Citations

View as Search Results

20 Claims

1. A system comprising:
- an information server storing network and related security configuration information for a plurality of networks; and
  
  an administrative domain comprising a handoff server, the handoff server operating in response to an event notification from a domain device to access the information server and selectively forward connectivity information and security configuration information for a selected network to the domain device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1 wherein the event notification is a notification of the occurrence of an event trigger, and wherein events associated with event triggers are defined by the handoff server.
  - 3. The system of claim 1 wherein the handoff server is further operable to monitor a transition of the domain device to the selected network.
  - 4. The system of claim 1, wherein the handoff server performs active stateful monitoring of the domain device.
  - 5. The system of claim 1, wherein the handoff server performs a two step authentication of the domain device which includes validating reachability of the domain device and validating a token of the domain device.
  - 6. The system of claim 4 wherein the handoff server forwards a request to the information server for a list of networks satisfying at least one predetermined criteria.
  - 7. The system of claim 6 wherein the predetermined criteria is selected from a group including a roaming agreement, an application service and a security mechanism.
  - 8. The system of claim 1 wherein the handoff server acts as a proxy gateway for the domain device using the security configuration information.

9. A method for autonomously deploying security configuration information to a device of an administrative domain includes the steps of:
- receiving notification of an event trigger from the device;
  
  retrieving, from an information store that stores network and related security configuration parameters, a point of access to a new network and security information associated with the new network; and
  
  selectively forwarding the point of access and related security information to the device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 10. The method of claim 9 wherein the step of selectively forwarding includes the step of determining whether the new network satisfies a criteria of the handoff server and forwarding the point of access to the new network only if the new network satisfies the criteria.
  - 11. The method of claim 9 wherein the step of selectively forwarding determines whether the device is capable of implementing a security mechanism associated with the security information.
  - 12. The method of claim 11, wherein, responsive to a determination that the device is capable of implementing the security mechanism, forwarding the security information to the device.
  - 13. The method of claim 11, wherein, responsive to a determination that the device is not capable of implementing the security mechanism, providing a proxy gateway to act as a supplicant for the device.
  - 14. The method of claim 9 including monitoring the device to determine whether it has connected to the new network.
  - 15. The method of claim 14 including the step of quarantining the device if it has not connected to the new network in a predetermined time period.
  - 16. The method of claim 9 further including the step of authenticating the device prior to selectively forwarding the point of access and security information to the device.
  - 17. The method of claim 16 wherein the step of authenticating validates a reachability of the device and a token of the device.
  - 18. The method of claim 9 further including the step of performing active, stateful monitoring of the device connection status to identify potential rogue access points during device transition between networks.
  - 19. The method of claim 9 further including the step of performing active, stateful monitoring of a reachability of the device to identify potential MAC spoofing.
  - 20. The method of claim 9 wherein the step of retrieving from an information store includes the step of providing at least one network criteria to the information store, the at least one network criteria describing a characteristic of a desired network, the characteristic selected from a group including a roaming agreement, a security mechanism, an application service, a location and a security level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Bernier, Eric, Achtari, Guyves, Plante, Denis

Granted Patent

US 9,319,879 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 21/35   communicating wirelessly

H04L 63/0876   based on the identity of th...

H04L 63/164   at the network layer

H04L 63/20   for managing network securi...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/086   using security domains

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 36/0038   of security context informa...

METHOD AND APPARATUS FOR SECURITY CONFIGURATION AND VERIFICATION OF WIRELESS DEVICES IN A FIXED/MOBILE CONVERGENCE ENVIRONMENT

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR SECURITY CONFIGURATION AND VERIFICATION OF WIRELESS DEVICES IN A FIXED/MOBILE CONVERGENCE ENVIRONMENT

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links