Method and apparatus for enhancing security in a wireless network using distance measurement techniques

US 6,961,541 B2
Filed: 05/24/2002
Issued: 11/01/2005
Est. Priority Date: 05/24/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for establishing a secure wireless connection between a first wireless device and a second wireless device, said method comprising:

measuring a radio-frequency communications delay between said second wireless device and at least one other wireless device;

computing an indication of physical location of said second wireless device with respect to said at least one other wireless device;

determining whether or not said indication of physical location indicates that connection between said first wireless device and said second wireless device is desirable by comparing said indication of physical location to a predetermined security perimeter, and if said indication of physical location is outside of said predetermined security perimeter, second determining whether or not said second wireless device is a known device; and

in response to determining that said connection is desirable, initiating said secure wireless connection between said first wireless device and said second wireless device, and wherein said initiating is performed only in response to determining that said second wireless device is a known device when said indication of physical location is outside of said predetermined security perimeter.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for enhancing security in a wireless network using distance measurement techniques provides an additional layer of security and privacy in wireless communications. A distance measurement or location-finding is performed between two devices by transmitting and receiving one or more signals and computing a distance between the two devices or a location of a connecting device. The resulting computed distance or location is used to determine whether or not to permit pairing, secure connection or secure transactions between the two devices. The computed distance or location can be further used in combination with a signal strength measurement to link to locate and measure nearby devices first, reducing the time required to initialize network communications. Management software may be enhanced to facilitate connecting to desired devices by providing an indication of computed distance or location of each device, and a list may be generated in order of proximity, further facilitating connection to the desired devices. Set-up of wireless networks may automated by using a short distance to facilitate connection between nodes.

216 Citations

31 Claims

1. A method for establishing a secure wireless connection between a first wireless device and a second wireless device, said method comprising:
- measuring a radio-frequency communications delay between said second wireless device and at least one other wireless device;
  
  computing an indication of physical location of said second wireless device with respect to said at least one other wireless device;
  
  determining whether or not said indication of physical location indicates that connection between said first wireless device and said second wireless device is desirable by comparing said indication of physical location to a predetermined security perimeter, and if said indication of physical location is outside of said predetermined security perimeter, second determining whether or not said second wireless device is a known device; and
  
  in response to determining that said connection is desirable, initiating said secure wireless connection between said first wireless device and said second wireless device, and wherein said initiating is performed only in response to determining that said second wireless device is a known device when said indication of physical location is outside of said predetermined security perimeter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein said at least one other wireless device is said first wireless device, wherein said computing computes a distance between said first wireless device and said second wireless device, and wherein said determining determines whether or not said distance indicates that said connection is desirable.
  - 3. The method of claim 2, wherein said comparing compares said distance to a predetermined distance corresponding to an expected distance between said first wireless device and said second wireless device.
  - 4. The method of claim 2, wherein said determining determines that said distance is less than a predetermined security perimeter distance, and said initiating is performed without determining whether or not said second wireless device is a known device.
  - 5. The method of claim 4, wherein said determining determines that said distance is less than a predetermined distance and wherein said initiating is performed automatically in response to placing said first wireless device and said second wireless device within said predetermined distance.
  - 6. The method of claim 1, wherein said at least one other wireless device comprises at least two other wireless devices, wherein said computing computes a triangulated location of said second wireless device in conformity with said radio-frequency communications delay between said two other wireless devices, and wherein said determining determines whether or not said location of said second wireless device indicates that said connection is desirable.
  - 7. The method of claim 6, wherein one of said at least two other wireless devices is said first wireless device, whereby said triangulation is performed between said first wireless device and at least one other wireless device.
  - 8. The method of claim 1, further comprising in response to determining that said connection is not desirable, alerting a user to a presence of said second wireless device.
  - 9. The method of claim 1, wherein said second wireless device comprises multiple wireless devices and wherein said measuring and computing are performed for said multiple wireless devices.
  - 10. The method of claim 1, wherein said first wireless device is a server, and wherein said determining provides additional security for access to a wireless network.
  - 11. The method of claim 1, wherein said first wireless device is a workstation, and wherein said determining provides additional security for access to said workstation.
  - 12. The method of claim 1, wherein said measuring is performed by receiving and decrypting an encrypted distance measurement signal.
  - 13. The method of claim 1, wherein said secure wireless connection activates a physical access device.
  - 14. The method of claim 1, wherein a non-secure connection exists between said first wireless device and said second wireless device and wherein said determining and initiating are performed in response to a secure transaction request from one of said first wireless device or said second wireless device.
  - 15. The method of claim 1, further comprising adjusting a power level of transmissions associated with said connection in conformity with said indication of physical location, whereby security of said connection is improved.
  - 16. The method of claim 1, wherein said connection represents a connection hand-off of a connection between a connected device and said second wireless device for handoff from said connected device to said first wireless device, and further comprising determining whether or not to accept said hand-off in conformity with said indication of physical location.

17. A method for establishing a secure wireless connection between a first wireless device and a second wireless device, said method comprising:
- measuring a radiofrequency communications delay between said second wireless device and at least one other wireless device;
  
  computing an indication of physical location of said second wireless device with respect to said at least one other wireless device;
  
  providing a display of said indication of physical location of said second wireless device to a user;
  
  determining whether or not said indication of physical location indicates that connection between said first wireless device and said second wireless device is desirable; and
  
  in response to determining that said connection is desirable and further in response to receiving a user input confirming that connection to said second wireless device is desirable, initiating said secure wireless connection between said first wireless device and said second wireless device.

18. A method for establishing a secure wireless connection between a first wireless device and multiple other second wireless devices, said method comprising:
- measuring a radiofrequency communications delay between said multiple other wireless devices and at least one other third wireless device;
  
  determining signal strengths of signals received from said second wireless devices;
  
  computing indications of physical location of said second wireless devices with respect to said at least one other third wireless device;
  
  determining whether or not said indication of physical location indicates that connection between said first wireless device and said second wireless devices is desirable; and
  
  in response to determining that said connection is desirable, initiating said secure wireless connection between said first wireless device and said second wireless devices, and wherein said measuring and computing are performed in order of decreasing signal strength, whereby a time of said initiating is reduced for said multiple devices.

19. A method for establishing a secure wireless connection between a first wireless device and multiple other second wireless devices, said method comprising:
- measuring a radiofrequency communications delay between said multiple other wireless devices and at least one other third wireless device;
  
  computing indications of physical location of said second wireless devices with respect to said at least one other third wireless device;
  
  determining whether or not said indication of physical location indicates that connection between said first wireless device and said second wireless devices is desirable; and
  
  in response to determining that said connection is desirable, initiating said secure wireless connection between said first wireless device and said second wireless devices; and
  
  providing a list of said multiple second wireless devices to a user, said list including said computed indications of physical location, whereby said user may view a number of said multiple second wireless devices and their corresponding physical location indications.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein said list is displayed in order of increasing distance, whereby selection of nearby devices is facilitated.

21. A method for establishing a secure wireless connection between a first wireless device and a second wireless device, said method comprising:
- measuring a radiofrequency communications delay between said second wireless device and at least one other wireless device;
  
  computing an indication of physical location of said second wireless device with respect to said at least one other wireless device;
  
  determining whether or not said indication of physical location indicates that connection between said first wireless device and said second wireless device is desirable by comparing said indication of physical location to a predetermined security perimeter, and if said indication of physical location is outside of said predetermined security perimeter, second determining whether or not said second wireless device is of a type within a set of predetermined types; and
  
  in response to determining that said connection is desirable, initiating said secure wireless connection between said first wireless device and said second wireless, and wherein said initiating is performed only in response to determining that said second wireless device is of a type within said set.

22. A wireless network comprising:
- a first wireless communications device;
  
  at least one other wireless communications device, including a measurement sub-system for measuring a radio-frequency delay between said at least one other wireless device and a connecting wireless device;
  
  a processing subsystem for computing an indication of a physical location of said connecting wireless device in conformity with said measured delay; and
  
  a security subsystem for determining whether or not a connection between said first wireless device and said connecting wireless device is desirable in conformity with said indication of physical location, and wherein said security subsystem further includes means for providing a display of said indication of physical location of said connecting wireless device to a user.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- - 23. The wireless network of claim 22, wherein said at least one other wireless device comprises at least two other wireless devices, wherein said processing subsystem computes a triangulated location of said connecting wireless device in conformity with said radio-frequency communications delay between said two other wireless devices, and wherein said security subsystem determines whether or not said location of said connecting wireless device indicates that said connection is desirable.
  - 24. The wireless network of claim 23, wherein one of said at least two other wireless devices is said first wireless device, whereby said triangulation is performed between said first wireless device and at least one other wireless device.
  - 25. The wireless network of claim 22, further comprising means for receiving a user input confirming that connection to said connecting wireless device is desirable, and wherein said security subsystem permits connection of said first wireless device with said connecting wireless device in conformity with said user input.
  - 26. The wireless network of claim 22, wherein said security subsystem further provides an alert in response to determining that connecting to said connecting wireless device is undesirable.
  - 27. The wireless network of claim 22, wherein said means for providing a display displays a list of multiple wireless devices to a user, said list including said computed indications of physical location provided by said measurement subsystem, whereby said user may view a number of said multiple devices and their corresponding physical location indications.
  - 28. The wireless network of claim 27, wherein said list is displayed in order of increasing distance, whereby selection of nearby devices is facilitated.
  - 29. The wireless network of claim 22, wherein said first wireless device is a server, and wherein said security subsystem provides additional security for access to a wireless network.
  - 30. The wireless network of claim 22, wherein said first wireless device is a workstation, and wherein said security subsystem provides additional security for access to said workstation.

31. A wireless network comprising:
- a first wireless communications device;
  
  at least one other wireless communications device, including a measurement sub-system for measuring a radio-frequency delay between said at least one other wireless device and a connecting wireless device;
  
  a processing sub-system for computing an indication of a physical location of said connecting wireless device in conformity with said measured delay; and
  
  a security subsystem for determining whether or not a connection between said first wireless device and said connecting wireless device is desirable in conformity with said indication of physical location, wherein said first wireless device further comprises a signal strength measuring circuit coupled to said measurement subsystem for measuring a signal strength of signals received from multiple wireless devices, and wherein said measurement subsystem measures said multiple wireless devices in order of decreasing signal strength, whereby connection time is reduced for said multiple devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AeroScout (US) LLC (Stanley Black & Decker, Inc.)
Original Assignee
AeroScout Incorporated (Stanley Black & Decker, Inc.)
Inventors
Sullivan, Michael James, Overy, Michael Robert
Primary Examiner(s)
Nguyen, Lee

Application Number

US10/156,244
Publication Number

US 20030220765A1
Time in Patent Office

1,257 Days
Field of Search

455/410, 455/411, 455/41.2, 455/41.3, 713/168, 380/247, 380/270
US Class Current

455/41.2
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 63/14   for detecting or protecting...

H04L 63/1466   Active attacks involving in...

H04L 67/52   specially adapted for the l...

H04W 12/08   Access security

H04W 12/50   Secure pairing of devices

H04W 24/00   Supervisory, monitoring or ...

H04W 64/00   Locating users or terminals...

H04W 76/10   Connection setup

Method and apparatus for enhancing security in a wireless network using distance measurement techniques

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

216 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for enhancing security in a wireless network using distance measurement techniques

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

216 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links