Mobile unit configuration management for WLANs

US 7,522,906 B2
Filed: 08/09/2002
Issued: 04/21/2009
Est. Priority Date: 08/09/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A normal-communications inhibitor, comprising:

an electronic device comprising a representation of data;

the data comprising a program for inhibiting normal wireless communications via at least one wireless local area network between a wireless device and at least one resource;

the program being configured to allow or inhibit normal communications between the wireless device and the at least one resource based on a compliance determination of whether the wireless device complies with at least one policy;

the compliance determination being based on at least one structure/function determination of at least one aspect of the structure or function of the wireless device performed by the program executed on the wireless device;

wherein the at least one policy is selected from a collection of one or more candidate policies based on an identifier of an access point.

View all claims

27 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for enforcing configuration requirements for hardware and software on mobile units operating on Wireless Local Area Networks (WLAN). The system allows the configuration policy to change dynamically with the access point or sub-network association. Whenever a mobile unit connects to a new sub-network or access point, the system invokes and then verifies the proper configuration profile for that sub-network or access point. Thus the system ensures the configuration of the mobile unit meets the requirements for the sub-network being used.

Citations

84 Claims

1. A normal-communications inhibitor, comprising:
- an electronic device comprising a representation of data;
  
  the data comprising a program for inhibiting normal wireless communications via at least one wireless local area network between a wireless device and at least one resource;
  
  the program being configured to allow or inhibit normal communications between the wireless device and the at least one resource based on a compliance determination of whether the wireless device complies with at least one policy;
  
  the compliance determination being based on at least one structure/function determination of at least one aspect of the structure or function of the wireless device performed by the program executed on the wireless device;
  
  wherein the at least one policy is selected from a collection of one or more candidate policies based on an identifier of an access point.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein the integrity of software and stored data is verified periodically.
  - 3. The system of claim 1, wherein the policy contains information on required versions of the mobile unit software and stored data.
  - 4. The system of claim 1, wherein the operation of software and network connections or sessions is periodically verified.
  - 5. The system of claim 1 wherein the policy contains information on required versions of the mobile unit hardware.
  - 6. The system of claim 1 wherein the operation of mobile unit hardware is periodically verified.
  - 7. The system of claim 1, wherein the policy comprises security information, the security information further comprising one or more master keys, pre-shared keys, tokens, and/or certificates.
  - 8. The system of claim 1, wherein the policy comprises radio information, the radio information further comprising one or more country codes, transmit signal strength indications, and/or channel indications.
  - 9. The system of claim 1, wherein the policy comprises hardware information, the hardware information further comprising one or more operating system indications, and/or network interface indications.
  - 10. The system of claim 1, wherein the policy comprises software information, the software information further comprising one or more network interface firmware indications, applications software indications, network interface driver indications, protocol enable/disable indications, anti-virus software indications, virtual private network indications, file sharing indications, and/or printer sharing indications.
  - 11. The system of claim 1, wherein the at least one policy is selected from a collection of one or more candidate policies based on an identifier of a sub-network.
  - 12. The system of claim 1 or 11 wherein the identifier of an access point or sub-network is determined from information received via an access point.
  - 13. The system of claim 1 or 11 wherein the identifier of an access point or sub-network comprises at least a portion of an IP address.
  - 14. The system of claim 1 or 11 wherein the identifier of an access point or sub-network comprises an ESSID.

15. A configuration management system, comprising:
- a client program embodied on a wireless device for execution;
  
  a policy that the wireless device be configured in accord with a determinable profile;
  
  the client program being configured to determine a BSSID of an access point through which access point the wireless device may communicate, and based on the determination, select a configuration profile from a collection of one or more configuration profiles and to configure the wireless device in accordance with the configuration profile, andthe client program being further configured to provide an indication that the wireless device is configured in accord with the profile in order to cause a normal-communications inhibitor to permit normal communications between the wireless device and at least one server program.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 81, 82, 83, 84)
- - 16. The system of claim 15 wherein the configuration profile for the wireless device is specific to the type of the mobile unit.
  - 17. The system of claim 15 wherein the configuration profile is specific to the application of the wireless device.
  - 18. The system of claim 15 wherein the configuration profile is specific to the user of the wireless device.
  - 19. The system of claim 15 wherein the integrity of software and stored data is verified periodically.
  - 20. The system of claim 15 wherein the configuration profile contains information on required versions of the mobile unit software and stored data.
  - 21. The system of claim 15 wherein the operation software and network connections or sessions is periodically verified.
  - 22. The system of claim 15 wherein the integrity of hardware is verified periodically.
  - 23. The system of claim 15 wherein the configuration management profile contains information on required versions of the wireless device hardware.
  - 24. The system of claim 15 wherein the operation of the wireless device hardware is periodically verified.
  - 25. The system of claim 15 wherein the selected configuration profile is specified by a configuration management server.
  - 26. The system of claim 25 wherein two or more configuration management servers are organized in a hierarchy.
  - 27. The system of claim 26 wherein the configuration management policies from a higher level in the hierarchy can be modified at lower levels.
  - 28. The system of claim 26 wherein new configuration management policies can be created on servers at any level in the hierarchy.
  - 29. The system of claims 26 wherein configuration management policies set at a higher level in the hierarchy cannot be modified at lower levels in the hierarchy.
  - 30. The system of claim 25 wherein the selected configuration profile cannot be modified by users of the wireless device.
  - 31. The system of claim 15 wherein a wireless device not configured in accord with the profile are given limited access to the at least one resource.
  - 32. The system of claim 15 wherein the collection of one or more configuration profiles are stored in the wireless device.
  - 33. The system of claim 32 wherein the collection of one or more configuration profiles is periodically updated by communicating with one or more servers.
  - 34. The system of claim 33 wherein a server authenticates the wireless device before the collection is updated.
  - 35. The system of claim 33 wherein the wireless device authenticates the one or more servers before the collection is updated.
  - 36. The system of claim 33 wherein the one or more servers can load or update software and stored data on the wireless device.
  - 37. The system of claim 36 wherein a server authenticates the wireless device before software is loaded or updated.
  - 38. The system of claim 37 wherein the wireless device authenticates a server before software is loaded or updated.
  - 39. The system of claim 36 wherein the system verifies the integrity of loaded or updated software and stored data prior to using the loaded or updated software and stored data.
  - 40. The system of claim 36 wherein a server maintains records used to ensure compliance with software license terms and conditions.
  - 41. The system of claim 36 wherein software is loaded or updated on the wireless device so that it can be configured in accord with the configuration profile.
  - 42. The system of claim 32 wherein the system verifies the integrity of a configuration profile prior to using the configuration profile.
  - 43. The system of claim 15 wherein the collection of one or more configuration profile is updated to include the profile required by the policy.
  - 44. The system of claim 15 wherein a user of the wireless device can create and modify one or more configuration profiles for the wireless device.
  - 81. The system of claim 15 or 45 wherein the configuration profile comprises security information, the security information further comprising one or more master keys, pre-shared keys, tokens, and/or certificates.
  - 82. The system of claim 15 or 45 wherein the configuration profile comprises radio information, the radio information further comprising one or more country codes, transmit signal strength indications, and/or channel indications.
  - 83. The system of claim 15 or 45 wherein the configuration profile comprises hardware information, the hardware information further comprising one or more operating system indications, and/or network interface indications.
  - 84. The system of claim 15 or 45 wherein the configuration profile comprises software information, the software information further comprising one or more network interface firmware indications, applications software indications, network interface driver indications, protocol enable/disable indications, anti-virus software indications, virtual private network indications, file sharing indications, and/or printer sharing indications.

45. A system for the enforcement of configurations of mobile units, comprisinga configuration management software client on the mobile units,one or more servers for controlling the hardware, software and stored data configurations on the mobile units,one or more sub-networks connected to the one or more servers,one or more configuration profiles specific to some of the one or more of the sub-networks on which the mobile units can roam,one or more wireless access points connected to each of the one or more sub-networks and capable of communicating with the mobile units,wherein the integrity of hardware is verified periodically.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80)
- - 46. The system of claim 45 wherein the one or more configuration profile for the mobile unit is specific to the type of the mobile unit.
  - 47. The system of claim 45 wherein the one or more configuration profile is specific to the application of the mobile unit.
  - 48. The system of claim 45 wherein the one or more configuration profile is specific to the user of the mobile unit.
  - 49. The system of claim 45 wherein mobile unit software and stored data configurations are under configuration management.
  - 50. The system of claim 49 wherein the integrity of software and stored data is verified periodically.
  - 51. The system of claim 49 wherein the one or more configuration profile contains information on required versions of the mobile unit software and stored data.
  - 52. The system of claim 49 wherein the operation software and network connections or sessions is periodically verified.
  - 53. The system of claim 45 wherein mobile unit hardware configurations are under configuration management.
  - 54. The system of claim 45 wherein the one or more configuration profile contains information on required versions of the mobile unit hardware.
  - 55. The system of claim 45 wherein the operation of mobile unit hardware is periodically verified.
  - 56. The system of claim 45 wherein a configuration management server determines the profile to be used by the access point the mobile unit associates with.
  - 57. The system of claim 45 wherein the client on the mobile unit determines the identity of the sub-network from information received via the access points.
  - 58. The system of claim 57 wherein the sub-network identifier is the IP sub-network address mask.
  - 59. The system of claim 57 wherein the sub-network is identified by the ESSID as specified in the IEEE 802.11 family of protocols.
  - 60. The system of claim 45 wherein mobile units not able to meet the configuration management requirements for a particular sub-network are not allowed to associate with that sub-network.
  - 61. The system of claim 45 wherein mobile units not able to meet the configuration management requirements for a particular sub-network are given limited access to the applications, data, connections and services on that sub-network.
  - 62. The system of claim 45 wherein one or more configuration profiles are stored in the mobile unit and are invoked when the mobile unit roams to a specific sub-network of the one or more sub-networks.
  - 63. The system of claim 62 wherein the one or more configuration profiles are periodically synchronized between the one or more servers and each mobile unit.
  - 64. The system of claim 63 wherein a server authenticates the mobile unit before the one or more configuration profiles are synchronized.
  - 65. The system of claim 63 wherein the mobile unit authenticates a server before the one or more configuration profiles are synchronized.
  - 66. The system of claim 63 wherein the system verifies the integrity of loaded one or more configuration profiles prior to their use.
  - 67. The system of claim 63 wherein one or more configuration profiles are loaded or updated on the mobile unit so that the profile required for a sub-network become available.
  - 68. The system of claim 45 wherein the one or more servers can update software and stored data on the mobile units
  - 69. The system of claim 68 wherein a server authenticates the mobile unit before software is loaded.
  - 70. The system of claim 68 wherein the mobile unit authenticates a server before software is loaded.
  - 71. The system of claim 68 wherein the system verifies the integrity of loaded software and stored data prior to its use.
  - 72. The system of claim 68 wherein the server maintains records used to ensure compliance with software license terms and conditions.
  - 73. The system of claim 68 wherein software is loaded or updated on the mobile unit so that it can meet the configuration management requirements for a particular sub-network.
  - 74. The system of claim 45 wherein two or more configuration management servers are organized in a hierarchy.
  - 75. The system of claim 74 wherein the configuration management policies from a higher level in the hierarchy can be modified at lower levels.
  - 76. The system of claim 74 wherein new configuration management policies can be created on servers at any level in the hierarchy.
  - 77. The system of claims 75 or 76 wherein configuration management policies set at a higher level in the hierarchy cannot be modified at lower levels in the hierarchy.
  - 78. The system of claim 45 wherein the wireless network uses radio frequency signals.
  - 79. The system of claim 78 wherein the wireless local area network confirms to the IEEE 802.11 family of specifications.
  - 80. The system of claim 78 wherein the wireless local area network conforms to the specifications promulgated by the Bluetooth SIG, Inc.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
Wavelink Corporation (Ivanti Software, Inc.)
Inventors
Morris, Roy, van Wagenen, Lamar, Whelan, Robert
Primary Examiner(s)
TRINH, TAN H

Application Number

US10/215,701
Publication Number

US 20040203593A1
Time in Patent Office

2,447 Days
Field of Search

455/456.3, 455/41.2, 455/422, 455/450, 455/426.2, 455/67.11, 455/226.1, 455/67.16, 455/214, 455/525, 455/411, 455/410, 455/426.1, 455/418, 455/515, 455/434, 725/25, 370/338, 370/349, 370/474, 370/252, 713/1, 713/100
US Class Current

455/411
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 63/123   received data contents, e.g...

H04L 67/61   taking into account QoS or ...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/35   Protecting application or s...

H04W 12/73   Access point logical identity

H04W 48/02   Access restriction performe...

H04W 8/18   Processing of user or subsc...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/02   Terminal devices

Mobile unit configuration management for WLANs

First Claim

27 Assignments

0 Petitions

Accused Products

Abstract

Citations

84 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile unit configuration management for WLANs

First Claim

27 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

84 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links