METHOD AND SYSTEM FOR AUTHENTICATING A POINT OF ACCESS

US 20130019298A1
Filed: 03/30/2011
Published: 01/17/2013
Est. Priority Date: 03/30/2010
Status: Active Grant

First Claim

Patent Images

1. A method of detecting the intervention of a rogue point of access in a communication between a wireless device and a wired network reachable via a genuine point of access, said method comprising:

operating said wired network to provide to a comparator, data indicative of an identifier of said wireless device presented to it in said communication;

operating said wireless device to provide to the comparator, data indicative of the identifier of the wireless device; and

operating said comparator to compare the two sets of data, and to signal the result of said comparison to said wireless device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Rogue or malicious access points pose a threat to wireless networks (32) and the users of these networks. In order to prevent or reduce this threat a method and system is proposed that verifies that an access point (31) is genuine and not rogue before setting up a connection between the access point and a wireless device (34). The authentication is based on comparing an identifier of the wireless device (34) obtained from an authentication server (33, 35) in the wired network to an identifier of a wireless device obtained directly from the wireless device. A comparator (39) in an information server (36) receives the two sets of data and compares the two identifiers and if they match the access point is verified as genuine.

50 Citations

View as Search Results

17 Claims

1. A method of detecting the intervention of a rogue point of access in a communication between a wireless device and a wired network reachable via a genuine point of access, said method comprising:
- operating said wired network to provide to a comparator, data indicative of an identifier of said wireless device presented to it in said communication;
  
  operating said wireless device to provide to the comparator, data indicative of the identifier of the wireless device; and
  
  operating said comparator to compare the two sets of data, and to signal the result of said comparison to said wireless device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 14, 15, 16)
- - 2. A method according to claim 1 wherein the wired network is operated to further provide to the comparator data indicative of an identifier of the point of access used in the communication between the wireless device and the wired network and wherein the comparator is further operated to compare the data indicative of an identifier of the point of access to identifiers of known points of access previously stored at the comparator.
  - 3. A method according to claim 1 wherein the identifier of the wireless device is an identifier of the device'"'"'s wireless network interface.
  - 4. A method according to claim 3 wherein said comparator is accessible to said wireless device via a second wireless interface of said wireless device, and said wireless device sends data indicative of its first wireless interface identifier to said comparator via the second wireless interface.
  - 5. A method according to claim 4 wherein the comparator comprises a database which relates the wireless interface identifier for each wireless device to another identifier of the wireless device, the comparator further being operated to determine said other identifier from information submitted by the device via said second wireless interface and said database.
  - 6. A method according to claim 4 wherein the comparator is co-located with an information server, which supports handover of said wireless device between wireless heterogeneous networks.
  - 7. A method according to claim 1 wherein the wired network provides said indicative data via first communications channel routed via said wireless device to said comparator.
  - 8. A method according to claim 1 wherein the indicative data is processed in the wired network in a manner which provides assurance to the comparator that the indicative data was generated by the wired network and has not been altered since.
  - 9. A method according to claim 8 wherein indicative data is processed in the wired network on behalf of a plurality of genuine access points by a central processor.
  - 10. A method according to claim 1 wherein the comparator is operated to send log-in credential to the wireless device upon determining that the compared identifiers match.
  - 14. A system according to claim 3 wherein the comparator comprises a database which relates the wireless interface identifier of each wireless device to another identifier of the wireless device, the comparator further comprising means for determining said other identifier from information submitted by the wireless device over a second wireless interface, and said database.
  - 15. A wireless device having a plurality of wireless network interfaces, the device being arranged in operation to send data indicative of a wireless interface identifier for a first network interface to a comparator via a second of its wireless network interfaces in support of a method for detecting intervention of a rogue point of access in a communication between said wireless device and a wired network according to claim 4.
  - 16. An authentication server for use in a wired network, said authentication server being arranged in operation to provide to a comparator data indicative of an identifier of the wireless device used to communicate with the wired network via a point of access which provides wireless access to the wired network, said identifier being provided in support of the method for detecting intervention of a rogue point of access in a communication between said wireless device and the wired network according to claim 1.

11. A system for detecting the intervention of a rogue point of access in a communication between a wireless device and a wired network reachable via a genuine point of access, said system comprising:
- means in said wired network for providing to a comparator data indicative of an identifier of the wireless device presented to it in said communication;
  
  means in said wireless device for providing to said comparator data indicative of the identifier of the wireless device;
  
  a comparator operated to compare the two sets of data; and
  
  means for signaling the result of said comparison to said wireless device.
- View Dependent Claims (12, 13)
- - 12. A system according to claim 11 wherein the identifier of the wireless device is an identifier of the device'"'"'s wireless network interface.
  - 13. A system according to claim 11 wherein the comparator is co-located with an information server, which supports handover of said wireless device between wireless heterogeneous networks.

17. A comparator arranged in operation to receive from a wired network data indicative of an identifier used by a wireless device in communication with the wired network via a point of access which provides wireless access to the wired network;
- and to receive from a wireless device data indicative of an identifier of the wireless device seeking to authenticate said point of access and to compare the two sets of data and detecting intervention of a rogue point of access in a communications between said wireless device and the wired network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Jover Segura, Xavier, El-Moussa, Fadi

Granted Patent

US 8,893,246 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 63/18   using different networks or...

H04W 12/08   Access security

H04W 12/122   Counter-measures against at...

METHOD AND SYSTEM FOR AUTHENTICATING A POINT OF ACCESS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR AUTHENTICATING A POINT OF ACCESS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links