System and method for secure provisioning of a mobile station from a provisioning server using IWF-based firewall
First Claim
1. For use in a wireless network comprising a plurality of base stations capable of communicating with a plurality of mobile stations, a security apparatus for preventing unprovisioned mobile stations from accessing an Internet protocol (IP) data network via said wireless network, said security apparatus comprising:
- a database capable of storing a first server IP address of a first provisioning server associated with said wireless network; and
a first controller capable of receiving a first IP data packet transmitted by a first one of said plurality of mobile stations, said first IP data packet comprising a first source IP address and a first destination IP address, wherein said first controller is capable of
1) determining if said first mobile station is provisioned,
2) transmitting said first IP data packet to said IP data network if said first mobile station is provisioned, and
3) if said first mobile station is unprovisioned, one of;
a) transmitting said first IP data packet to said IP data network if said first destination IP address matches said first server IP address and b) preventing transmission of said first IP data packet to said IP data network if said first destination IP address does not match said first server IP address.
1 Assignment
0 Petitions
Accused Products
Abstract
There is disclosed a security apparatus, for use in a wireless network comprising base stations that communicate with mobile stations, for preventing unprovisioned mobile stations from accessing an Internet protocol (IP) data network via the wireless network. The security apparatus comprises a database that stores a first server IP address of a first provisioning server in the wireless network, and a first controller for receiving a first IP data packet transmitted by a first mobile station, wherein the first IP data packet comprises a first source IP address and a first destination IP address. The first controller determines if the first mobile station is provisioned and transmits the first IP data packet to the IP data network if the first mobile station is provisioned. If the first mobile station is unprovisioned, the first controller transmits the first IP data packet to the IP data network if the first destination IP address matches the first server IP address and prevents transmission of the first IP data packet to the IP data network if the first destination IP address does not match the first server IP address.
-
Citations
27 Claims
-
1. For use in a wireless network comprising a plurality of base stations capable of communicating with a plurality of mobile stations, a security apparatus for preventing unprovisioned mobile stations from accessing an Internet protocol (IP) data network via said wireless network, said security apparatus comprising:
-
a database capable of storing a first server IP address of a first provisioning server associated with said wireless network; and
a first controller capable of receiving a first IP data packet transmitted by a first one of said plurality of mobile stations, said first IP data packet comprising a first source IP address and a first destination IP address, wherein said first controller is capable of
1) determining if said first mobile station is provisioned,
2) transmitting said first IP data packet to said IP data network if said first mobile station is provisioned, and
3) if said first mobile station is unprovisioned, one of;
a) transmitting said first IP data packet to said IP data network if said first destination IP address matches said first server IP address and b) preventing transmission of said first IP data packet to said IP data network if said first destination IP address does not match said first server IP address.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A wireless network comprising:
-
a plurality of base stations capable of communicating with a plurality of mobile stations; and
a security apparatus for preventing unprovisioned mobile stations from accessing an Internet protocol (IP) data network via said wireless network, said security apparatus comprising;
a database capable of storing a first server IP address of a first provisioning server associated with said wireless network; and
a first controller capable of receiving a first IP data packet transmitted by a first one of said plurality of mobile stations, said first IP data packet comprising a first source IP address and a first destination IP address, wherein said first controller is capable of
1) determining if said first mobile station is provisioned,
2) transmitting said first IP data packet to said IP data network if said first mobile station is provisioned, and
3) if said first mobile station is unprovisioned, one of;
a) transmitting said first IP data packet to said IP data network if said first destination IP address matches said first server IP address and b) preventing transmission of said first IP data packet to said IP data network if said first destination IP address does not match said first server IP address.- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. For use in a wireless network comprising a plurality of base stations capable of communicating with a plurality of mobile stations, a method of preventing unprovisioned mobile stations from accessing an Internet protocol (IP) data network via the wireless network, the method comprising the steps of:
-
storing in a database a first server IP address of a first provisioning server associated with the wireless network;
receiving a first IP data packet transmitted by a first one of the plurality of mobile stations, the first IP data packet comprising a first source IP address and a first destination IP address;
determining if the first mobile station is provisioned;
if the first mobile station is provisioned, transmitting the first IP data packet to the IP data network; and
if the first mobile station is unprovisioned, one of;
transmitting the first IP data packet to the IP data network if the first destination IP address matches the first server IP address; and
preventing transmission of the first IP data packet to the IP data network if the first destination IP address does not match the first server IP address. - View Dependent Claims (22, 23, 24, 25, 26, 27)
receiving from the IP data network a second IP data packet directed to a second one of the plurality of mobile stations, the second IP data packet comprising a second source IP address and a second destination IP address;
determining if the second mobile station is provisioned;
if the second mobile station is provisioned, transmitting the second IP data packet to the second mobile station; and
if the second mobile station is unprovisioned, one of;
transmitting the second IP data packet to the second mobile station if the second source IP address matches the first server IP address; and
preventing transmission of the second IP data packet to the second mobile station if the second source IP address does not match the first server IP address.
-
-
26. The method as set forth in claim 25 wherein the step of determining whether the second mobile station is provisioned comprises the substep of comparing the second destination IP address to a plurality of IP addresses of provisioned mobile stations stored in the database.
-
27. The method as set forth in claim 25 wherein the step of determining whether the second mobile station is provisioned comprises the substep of comparing the second destination IP address to a plurality of IP addresses of unprovisioned mobile stations stored in the database.
Specification