History-based downgraded network identification

US 20090064299A1
Filed: 02/19/2008
Published: 03/05/2009
Est. Priority Date: 09/04/2007
Status: Active Grant

First Claim

Patent Images

1. A method of use by a client computer for verifying the identity of a network that identifies itself to the client computer via a unique identifier, the method comprising:

comparing at least one additional characteristic of the network that identifies itself using the identifier to stored information that identifies at least one expected value for the same at least one additional characteristic for an authentic network identified by the identifier; and

when the at least one additional characteristic of the network matches the stored information that identifies the expected value, allowing the client computer to connect to the network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments of the invention are directed to increasing security and lowering risk of attack in connecting automatically to networks by enabling client devices to verify the identity of the networks by, for example, confirming the identity of networks and network components such as wireless access points. In some embodiments, a client device may maintain a data store of characteristics of a network—including, for example, characteristics of a wireless access point or other portion of the network and/or characteristics of a connection previously established with the wireless access point and/or network. Stored characteristics may include characteristics other than those minimally necessary to identify a wireless access point and/or wireless network. The stored characteristics may be compared to known good characteristics of a network (including characteristics of a wireless access point or other portion of the wireless network) prior to connection to the network to determine whether the characteristics match.

Citations

20 Claims

1. A method of use by a client computer for verifying the identity of a network that identifies itself to the client computer via a unique identifier, the method comprising:
- comparing at least one additional characteristic of the network that identifies itself using the identifier to stored information that identifies at least one expected value for the same at least one additional characteristic for an authentic network identified by the identifier; and
  
  when the at least one additional characteristic of the network matches the stored information that identifies the expected value, allowing the client computer to connect to the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein, the network is an unmanaged network, the identifier is the Service Set Identifier (SSID) for the network, and the at least one additional characteristic of the network comprises a Gateway MAC for the network.
  - 3. The method of claim 1, wherein the network is a managed network, the identifier for the network comprises a globally unique identifier (GUID) for the network, and the at least one additional characteristic comprises a result of an authentication attempt for the network.
  - 4. The method of claim 1, further comprising, when the at least one additional characteristics of the network does not match the stored information that identifies the expected value, preventing the client computer from automatically connecting to the network.
  - 5. The method of claim 1, further comprising, when the at least one additional characteristic of the network does not match the stored information that identifies the expected value, establishing a connection to the network and configuring the connection to be more secure than a connection that would have been established had the at least one additional characteristics of the network matched the stored information.
  - 6. The method of claim 5, wherein configuring the connection to be more secure comprises preventing future connections to the computer on one or more ports.
  - 7. The method of claim 1, further comprising, when the at least one additional characteristic of the network does not match the stored information that identifies the expected value, displaying to a user an indication that the identity of the network cannot be verified.
  - 8. The method of claim 1, wherein the network is a wireless network.

9. An apparatus for verifying the identity of a network that identifies itself to the apparatus via a unique identifier, the apparatus comprising:
- at least one data store; and
  
  at least one processor adapted to;
  
  compare at least one additional characteristic of the network that identifies itself using an identifier to information, stored in the data store, that identifies at least one expected value for the same at least one additional characteristic for an authentic network identified by the identifier; and
  
  when the at least one additional characteristic of the network matches the stored information that identifies the expected value, allowing the apparatus to connect to the network.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The apparatus of claim 9, further comprising a user interface to provide to a user an indication when the at least one additional characteristic of the network does not match the stored information that identifies the expected value.
  - 11. The apparatus of claim 9, wherein the network is an unmanaged network, and the at least one processor is adapted to identify the network using a Service Set Identifier (SSID) for the network, and compares as the at least one additional characteristic of the network comprises a Gateway MAC for the network.
  - 12. The apparatus of claim 9, wherein the network is a managed network, and the at least one processor is adapted to identify the network using a globally unique identifier (GUID) for the network, and compares as the at least one additional characteristic of the network comprises a result of an authentication attempt for the network.
  - 13. The apparatus of claim 9, wherein the processor is further adapted to, when the at least one additional characteristic of the network does not match the stored information that identifies the expected value, establish a connection to the network and configure the connection to be more secure than a connection that would have been established had the at least one additional characteristics of the network matched the stored information.
  - 14. The apparatus of claim 13, wherein configuring the connection to be more secure comprises preventing future connections to the apparatus on one or more ports.

15. A method of use by a client computer, the method comprising:
- receiving information regarding a network, the information comprising a unique identifier that identifies the network and at least one additional characteristic of the network which may be used to identify the network; and
  
  storing in a data store the unique identifier and the at least one additional characteristic of the network.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the information regarding the network is specified by a user.
  - 17. The method of claim 15, wherein the information regarding the network is retrieved from the network automatically when the client computer connects to the network.
  - 18. The method of claim 15, wherein the at least one characteristic of the network is at least one characteristic of a network device of the network.
  - 19. The method of claim 15, wherein the network is an unmanaged network, the unique identifier for the network is a Service Set Identifier (SSID) for the network, and the at least one additional characteristic of the network is a Gateway MAC for the network.
  - 20. The method of claim 15, wherein the network is a managed network, the unique identifier is a globally unique identifier (GUID) for the network, and the at least one additional characteristic of the network comprises a result of an authentication attempt for the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Sinha, Alok, Brewis, Deon C., Begorre, Bill

Granted Patent

US 8,769,639 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2129   Authenticate client device ...

H04L 63/1466   Active attacks involving in...

H04W 12/06   Authentication

H04W 12/122   Counter-measures against at...

History-based downgraded network identification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

History-based downgraded network identification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links