Methods for surreptitious manipulation of CDMA 2000 wireless devices

US 20100309884A1
Filed: 07/29/2010
Published: 12/09/2010
Est. Priority Date: 07/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method of using an interloping beacon to cause a target wireless device to respond to an overriding control message provided by the interloping beacon instead of to a control message provided by the target wireless device'"'"'s live beacon, the target wireless device operating on a frequency channel of the live beacon in a wireless network that operates according to a standard that employs code division multiplexing to define code channels in the frequency channel, the code channels including a pilot channel for a pilot provided by the live beacon, the target wireless device responding to the live beacon'"'"'s pilot by listening for a control message provided by the live beacon on another code channel, the control message occurring in the other code channel at a location which is determined by the standard, andthe method comprising the steps performed by a signal generator which generates the interloping beacon of:

on the live beacon'"'"'s frequency channel, generating an overriding pilot on the pilot channel to which the target wireless device responds instead of to the live beacon'"'"'s pilot; and

on the live beacon'"'"'s frequency channel, generating the overriding control message at the location in the other code channel specified by the standard for the control message provided by the live beacon,the overriding pilot and the overriding control message being generated by the signal generator only as long as required to cause the target wireless device to respond to the overriding control message instead of to the control message provided by the live beacon, whereby causing the target wireless device to respond to the overriding control message does not cause another wireless device operating on the frequency channel to respond to the overriding pilot in a manner which is noticeable by a user of the other wireless device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for generating an interloping beacon which can control the behavior of a target wireless device on a CDMA frequency channel without noticeably altering the behavior of non-target wireless devices which share the frequency channel of the target wireless device'"'"'s live beacon. The interloping beacon is an override beacon which overrides the live beacon'"'"'s pilot channel and a control message on a code channel on which control messages may be addressed to the target wireless device. The override beacon provides the overriding pilot and the overriding control message only as long as is required for the target wireless device to respond to the overriding control message. The period of time during which the overriding pilot and the overriding control message are generated for the override beacon is so short that only the target wireless device responds without noticeable effect on collateral wireless devices.

75 Citations

View as Search Results

22 Claims

1. A method of using an interloping beacon to cause a target wireless device to respond to an overriding control message provided by the interloping beacon instead of to a control message provided by the target wireless device'"'"'s live beacon, the target wireless device operating on a frequency channel of the live beacon in a wireless network that operates according to a standard that employs code division multiplexing to define code channels in the frequency channel, the code channels including a pilot channel for a pilot provided by the live beacon, the target wireless device responding to the live beacon'"'"'s pilot by listening for a control message provided by the live beacon on another code channel, the control message occurring in the other code channel at a location which is determined by the standard, andthe method comprising the steps performed by a signal generator which generates the interloping beacon of:
- on the live beacon'"'"'s frequency channel, generating an overriding pilot on the pilot channel to which the target wireless device responds instead of to the live beacon'"'"'s pilot; and
  
  on the live beacon'"'"'s frequency channel, generating the overriding control message at the location in the other code channel specified by the standard for the control message provided by the live beacon,the overriding pilot and the overriding control message being generated by the signal generator only as long as required to cause the target wireless device to respond to the overriding control message instead of to the control message provided by the live beacon, whereby causing the target wireless device to respond to the overriding control message does not cause another wireless device operating on the frequency channel to respond to the overriding pilot in a manner which is noticeable by a user of the other wireless device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method set forth in claim 1 wherein:
    - the other code channel is a public code channel wherein the live beacon provides control messages for the target wireless device and the other wireless device at locations in the public code channel which are specified in the standard for the target wireless device and the other wireless device.
  - 3. The method set forth in claim 2 wherein:
    - the public code channel is a paging channel wherein the live beacon provides paging messages addressed to the target wireless device and the other wireless device; and
      
      the overriding control message is a paging message addressed to the target wireless device.
  - 4. The method set forth in claim 3 wherein:
    - the overriding paging message specifies that the target wireless device is to move to a beacon that is another interloping beacon,the target wireless device responding thereto by moving to the other interloping beacon.
  - 5. The method set forth in claim 3 whereinthe step of generating the overriding control message addressed to the target wireless device includes the steps of:
    - generating a first overriding control message to which the target wireless device will respond with a response message if the overriding pilot is sufficiently strong at the target wireless device; and
      
      if the target wireless device responds to the first overriding control message with the response message,generating a second overriding control message which specifies that the target wireless device is to move to a beacon that is another interloping beacon, the target wireless device responding thereto by moving to the other interloping beacon.
  - 6. The method set forth in claim 2 wherein:
    - there is a plurality of the public code channels, the plurality including a quick alert control message public code channel and a full control message public channel, the quick alert control message for the target wireless device indicating that a full control message for the target wireless device will follow on the full control message public channel and the target wireless device responding to the quick alert control message by responding to the following full control message; and
      
      the method further comprises the step performed in the signal generator of;
      
      on the live beacon'"'"'s frequency channel, generating an overriding quick alert control message for the target wireless device at the location of the quick alert control message provided by the live beacon,the overriding pilot, the overriding control message, and the overriding quick alert control message being generated by the signal generator only as long as required to cause the target wireless device to respond to the overriding quick alert message by responding to the overriding control message.
  - 7. The method set forth in claim 6 wherein:
    - the full control message public channel is a paging channel wherein the live beacon provides paging messages for the target wireless device and the other wireless device;
      
      the quick alert control message channel is a quick page alert channel wherein the live beacon provides quick page alert signaling including a quick page alert control message for the target wireless device which indicates that a paging message will follow on the paging channel for the target wireless device; and
      
      there is a plurality of the overriding control messages, includingan overriding quick page alert control message andan overriding paging message.
  - 8. The method set forth in claim 7 wherein:
    - the overriding paging message includes an overriding null paging message followed by an overriding non-null paging message,the overriding null paging message resetting the target wireless device'"'"'s paging channel decoder for the overriding non-null paging message.
  - 9. The method set forth in claim 7 wherein:
    - there is another interloping beacon;
      
      the overriding paging message specifies that the target wireless device is to move to the other interloping beacon; and
      
      the target wireless device responds thereto by moving to the other interloping beacon.
  - 10. The method set forth in claim 4 wherein:
    - the other interloping beacon is a catch beacon that retains the target wireless device on the catch beacon'"'"'s frequency channel.
  - 11. The method set forth in claim 10 further comprising the step performed by a signal generator for the catch beacon of:
    - issuing a control message to the target wireless device which causes the target wireless device to return to the live beacon.
  - 12. The method set forth in claim 1 wherein:
    - the other code channel is a dedicated code channel which is dedicated to the target wireless device; and
      
      the dedicated code channel has a dedicated code channel control message for the target wireless device at a location in the dedicated code channel which is determined by the standard.
  - 13. The method set forth in claim 12 whereinthe other wireless device also has a dedicated code channel in the live beacon which is dedicated to the other wireless device andthe method further comprises the step of:
    - determining which dedicated code channel is dedicated to the target wireless device.
  - 14. The method set forth in claim 1 wherein:
    - the target wireless device responds to the overriding control message by performing a handover to another interloping beacon specified in the overriding control message; and
      
      the other interloping beacon fails to respond to the handover,whereby the target wireless device returns to the live beacon after the other interloping beacon fails to respond.
  - 15. The method set forth in claim 1 wherein:
    - the target wireless device responds to the overriding control message by associating itself with a dedicated code channel of the code channels, the dedicated code channel being specified in the overriding control message,whereby the interloping beacon which provides the overriding control message or another interloping beacon may use control messages in the dedicated code channel to control the target wireless device.
  - 16. The method set forth in claim 15 wherein:
    - the interloping beacon which is using the control messages to control the target device functions as a “
      
      man in the middle”
      
      between the target wireless device and the live beacon.
  - 17. The method set forth in claim 15 wherein:
    - the target wireless device further responds to the overriding control message by putting itself into loopback mode,whereby the target wireless device retransmits what the target wireless device receives from the interloping beacon which provides the overriding control message or another interloping beacon that is controlling the target wireless device.
  - 18. The method set forth in claim 15 wherein:
    - the dedicated code channel specified in the overriding control message has characteristics which make the target wireless device easier to disambiguate from the other wireless device and to track the target wireless device.
  - 19. The method set forth in claim 1 wherein:
    - the target wireless device responds to the overriding control message by setting the target wireless device'"'"'s transmission power level as specified therein.
  - 20. The method set forth in claim 1 wherein:
    - the target wireless device responds to the overriding control message by disabling itself.
  - 21. The method set forth in claim 1 wherein:
    - the overriding control message causes wireless devices operating on the live beacon'"'"'s pilot channel to move from the live network to an interloping beacon that is a catch beacon, the catch beacon being generated such that the catch beacon elicits a registration from each of the wireless devices that moves to the catch beacon.

22. An interloping beacon generated by a signal generator, the interloping beacon causing a target wireless device to respond to an overriding control message provided by the interloping beacon instead of to a control message provided by a live beacon, the target wireless device operating on a frequency channel of the live beacon in a wireless network that operates according to a standard that employs code division multiplexing to define code channels in the frequency channel, the code channels including a pilot channel for a pilot generated by the live beacon, the target wireless device responding to the live beacon'"'"'s pilot by listening for a control message generated by the live beacon on another code channel, the control message occurring in the other code channel at a location which is determined by the standard,and the interloping beacon being characterized in that:
- the interloping beacon provides on the live beacon'"'"'s frequency channelan overriding pilot on the pilot channel to which the target wireless device responds instead of to the live beacon'"'"'s pilot; and
  
  the overriding control message at the location in the other code channel of the control message provided by the live beacon,the overriding pilot and the overriding control message being generated by the interloping beacon only as long as required to cause the target wireless device to respond to the overriding control message instead of to the control message provided by the live beacon.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
L-3 Communications Corporation (L3Harris Technologies, Inc.)
Original Assignee
ComHouse Wireless LP
Inventors
Haverty, James D.

Granted Patent

US 8,477,727 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/331
CPC Class Codes

H04L 63/30   for supporting lawful inter...

H04W 12/02   Protecting privacy or anony...

H04W 12/80   Arrangements enabling lawfu...

H04W 48/12   using downlink control channel

H04W 60/04   using triggered events

Methods for surreptitious manipulation of CDMA 2000 wireless devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for surreptitious manipulation of CDMA 2000 wireless devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links