Distributed wireless network security system
First Claim
1. In a wireless network environment comprising a plurality of access elements for wireless communication with at least one remote client element, a method enabling an enhanced wireless network security system, comprisingmaintaining security states for remote client elements detected by the access elements,applying a security mechanism to control access to wireless connections to remote client elements, wherein operation of the security mechanism is based on the security states of the remote client elements,adjusting the security state associated with a remote client element based on its interaction with the security mechanism, andexchanging with other access elements security states associated with remote client elements.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatuses and systems enabling a distributed wireless network security system. In one embodiment, the present invention provides a wireless network system where security policies are automatically distributed and uniformly implemented across wireless network access points. Embodiments of the present invention address the situation where a malicious user moves to a different access point within a wireless network environment after failing to properly authenticate and/or associate at a first access point. Embodiments of the present invention enable an integrated, multi-layer network security system, wherein a security mechanism at one layer (e.g., link layer security mechanisms) can set policies based on information gleaned from operation of a security mechanism at another layer (e.g., application layer authentication servers).
146 Citations
39 Claims
-
1. In a wireless network environment comprising a plurality of access elements for wireless communication with at least one remote client element, a method enabling an enhanced wireless network security system, comprising
maintaining security states for remote client elements detected by the access elements, applying a security mechanism to control access to wireless connections to remote client elements, wherein operation of the security mechanism is based on the security states of the remote client elements, adjusting the security state associated with a remote client element based on its interaction with the security mechanism, and exchanging with other access elements security states associated with remote client elements.
-
2. A central control element for supervising a plurality of access elements, comprising
a processor operative to manage wireless connections between access elements and corresponding remote client elements, maintain security states for remote client elements detected by access elements, apply, at access elements, a first security mechanism to control access to the wireless connections to remote client elements, wherein operation of the security mechanism is based on the security states of the remote client elements, wherein a remote client element for which there is no security state information is initially allowed access to interact with a second security mechanism; - and
adjust the security state associated with the remote client element based on its interaction with the second security mechanism.
- and
-
3. A wireless network security system, comprising
a plurality of access elements for wireless communication with at least one remote client element and for communication with a central control element; -
a central control element for supervising said access elements, wherein the central control element is operative to manage wireless connections between the access elements and corresponding remote client elements, wherein the central, control element is operative to maintain security states for remote client elements detected by the access elements, apply, at the access elements, a first security mechanism to control access to the wireless connections to remote client elements, wherein operation of the security mechanism is based on the security states of the remote client elements, wherein a remote client element for which there is no security state information is initially allowed access to interact with a second security mechanism; and adjust the security state associated with the remote client element based on its interaction with the second security mechanism. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. In a wireless network environment comprising a plurality of access elements for wireless communication with at least one remote client element, the wireless network environment maintaining security states for remote client elements detected by the access elements, a method enabling an enhanced wireless network security system, comprising
receiving, at a wireless access element, a link layer authentication request from a remote client element; -
querying one or more elements of a wireless network environment for a security state associated with the remote client element; conditionally responding to the link layer authentication request with an authentication challenge, wherein the responding to the link layer authentication request is conditioned on the security state associated with the remote client element; adjusting the security state based on the interaction between the wireless access element and the remote client element. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A wireless network security system, comprising
a wireless network infrastructure comprising a plurality of access elements for wireless communication with at least one remote client element, wherein each access element is operative to maintain security states for remote client elements detected by the access elements, apply a security mechanism to control access to the wireless connections to remote client elements, wherein operation of the security mechanism is based on the security states of the remote client elements, adjust the security state associated with a remote client element based on its interaction with the security mechanism, and exchange with other access elements security states associated with remote client elements.
-
37. In a network environment including a plurality of security mechanisms operating at different layers with the network environment, a method enhancing the security of network environments, comprising
detecting an attempt by a network access device to access a computer network; -
applying a first security mechanism operative to control access to the computer network, wherein the first security mechanism operates at a first network layer to a network access device, and wherein the applying step comprises authenticating the user associated with the network access device, comprising;
maintaining an authentication count, transmitting an authentication challenge to the network access device, receiving an authentication response from the network access device, validating the authentication response;
if the authentication count is below a threshold count and the response is not valid, repeating the authentication step;
if the authentication count exceeds the threshold count and the response is not valid, then configuring the second security mechanism to deny access to the network access device; andconfiguring a policy for a second security mechanism operating at a second network layer based on information obtained from the applying step;
wherein the first security mechanism is an application-level security mechanism, and wherein the second security mechanism is a link layer security mechanism. - View Dependent Claims (38, 39)
-
Specification