Spoofing Detection

US 20150334131A1
Filed: 05/21/2015
Published: 11/19/2015
Est. Priority Date: 04/03/2003
Status: Active Grant

First Claim

Patent Images

1-10. -10. (canceled)

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless access device in a wireless network, whether a known or unknown entity, can be located using a geolocation system according to the present invention. A signal strength is determined by a wireless intrusion detection system (WIDS) node in a wireless network for each wireless access device that it detects. Based on the signal strength, an approximate distance from the node is determined, which, in one embodiment corresponds to a radius of a circle around the node. To account for error, an approximation band of the circle is calculated that will allow a user to determine the approximate location of the device within the wireless network.

Citations

32 Claims

1-10. -10. (canceled)

11. A method comprising:
- determining a location of a wireless access device;
  
  comparing said location of said wireless access device to policy elements applicable to said wireless access device; and
  
  creating an alert if said wireless access device violates more than a threshold number of said policy elements.
- View Dependent Claims (12, 13, 14)
- - 12. A method as in claim 11, wherein said determining step further comprises determining an approximate location.
  - 13. A method as in claim 11, wherein said comparing the location further comprises evaluating said location against a plurality of policy elements.
  - 14. A method as in claim 13, wherein each policy element is selected from the group consisting of:
    - fixed wireless access device location, moving wireless access device, movable wireless access device, or unknown wireless access device.

15-19. -19. (canceled)

20. A method to detect spoofing, the method comprising:
- determining a first location of a wireless access device having an identifier at a first time;
  
  associating the first location with the wireless access device;
  
  determining a second location of the wireless access device at a second time;
  
  comparing the first location and the second location to determine whether the first location and the second location are within a possible distance of one another for the wireless access device to travel between the first and second times; and
  
  sending an alert in response to determining that the first location and the second location are outside of the possible distance.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20 further comprising calculating the possible distance including tolerances.
  - 22. The method of claim 20 further comprising determining whether the wireless access device is mobile.
  - 23. The method of claim 20 further comprising determining whether the wireless access device is static.
  - 24. The method of claim 20 wherein determining the first and second locations comprises:
    - detecting the wireless access device using a plurality of nodes at known locations;
      
      determining a signal strength of the wireless access device with respect to individual ones of the plurality of nodes;
      
      determining a distance to the wireless access device from the individual ones of the plurality of nodes based on the signal strength to determine possible locations of the wireless access device; and
      
      estimating an area for the individual ones of the plurality of nodes corresponding to the possible locations of the wireless access device by detecting a band around the individual ones of the plurality of nodes within which the wireless access device could be located based on the determined distance from the individual ones of the plurality of nodes.

25. A method to detect spoofing with a collector device in connection with a plurality of nodes, the method comprising:
- receiving a first state of a wireless access device and a first communication device to which the wireless access device is communicating over a particular network at a first time at a particular node of the plurality of nodes;
  
  receiving or generating a first event for the wireless access device identifying the first state and the first communication device;
  
  receiving a second state of the wireless access device and a second communication device to which the wireless access device is communicating over the particular network at a second time at a particular node of the plurality of nodes;
  
  receiving or generating a second event for the wireless access device identifying the second state and the second communication device in response to determining that at least one of;
  
  the first state and the second state are different, andthe first communication device and the second communication device are different;
  
  checking the first and second events with the collector device for activities prohibited by one or more policy elements of the particular network, wherein the collector device is configured with the one or more policy elements; and
  
  sending an alert signal in response to determining that the first and second events identify an activity that is prohibited by the one or more policy elements.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The method of claim 25 wherein the one or more policy elements comprise one or more indicators that a wireless access device is a fixed wireless access device, a movable wireless access device, a moving wireless access device, an unknown wireless access device, or a spoofed wireless access device.
  - 27. The method of claim 25 further comprising receiving first and second location information for the wireless access device.
  - 28. The method of claim 27 wherein the receiving the first and second location information comprises receiving first and second access points of the wireless access device.
  - 29. The method of claim 25 wherein the wireless access device is operating in an ad hoc mode.
  - 30. The method of claim 25 wherein receiving the first and second states comprises receiving indication of:
    - a disconnected state, an authenticating state, an associating state, a reassociating state, a transmitting data state, a disassociating state, and a deauthenticating state.
  - 31. The method of claim 25 wherein receiving or generating the first and second events comprises the collector device generating the first and second events.
  - 32. The method of claim 25 wherein the first and second events are generated by the respective particular node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ozmo Licensing LLC
Original Assignee
Tekla PEHR LLC (Intellectual Ventures LLC)
Inventors
Harvey, Elaine, Walnock, Matthew

Granted Patent

US 9,800,612 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/107   wherein the security polici...

H04L 63/1483   service impersonation, e.g....

H04L 63/20   for managing network securi...

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 64/00   Locating users or terminals...

H04W 84/18   Self-organising networks, e...

Spoofing Detection

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Spoofing Detection

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links