System and method for detection of a rouge wireless access point in a wireless communication network

US 7,676,218 B2
Filed: 05/03/2006
Issued: 03/09/2010
Est. Priority Date: 08/02/2002
Status: Expired due to Term

First Claim

Patent Images

1. A device, comprising:

a communications arrangement providing at least one mobile unit with access to a communication network, wherein the communication arrangement scans a plurality of radio frequency channels to detect a beacon transmitted by an unverified access point in the communications network, the beacon including identification information of the unverified access point; and

a processor verifying the identification information with a preexisting database, the verifying comprising comparing a portion of a MAC (medium access controller) address representing a manufacturer identification included in the beacon to manufacturer identification information stored in the preexisting database and comparing a SSID (service set identification) included in the beacon to SSID information stored in the preexisting database, the preexisting database including identification information of a plurality of access points authorized to access the communications network, wherein when the verification of the identification information fails, the processor identifies the unverified access point as an unauthorized access point and sets conditions for which the unauthorized access point is allowed to access the communication network.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described are a system and method for detecting an unauthorized access point accessing a communication network. An authorized access point and/or an authorized mobile unit detects a beacon generated by a transmitting access point. The beacon includes identification information of the transmitting access point. A computing arrangement verifies the identification information of the transmitting access point with a preexisting database of the communication network. The preexisting database includes data corresponding to identification information of a plurality of authorized access points. The computing arrangement initiates a tracking procedure to determine a location of the unauthorized access point where the verification of the transmitting access point identification information with the preexisting database fails.

Citations

20 Claims

1. A device, comprising:
- a communications arrangement providing at least one mobile unit with access to a communication network, wherein the communication arrangement scans a plurality of radio frequency channels to detect a beacon transmitted by an unverified access point in the communications network, the beacon including identification information of the unverified access point; and
  
  a processor verifying the identification information with a preexisting database, the verifying comprising comparing a portion of a MAC (medium access controller) address representing a manufacturer identification included in the beacon to manufacturer identification information stored in the preexisting database and comparing a SSID (service set identification) included in the beacon to SSID information stored in the preexisting database, the preexisting database including identification information of a plurality of access points authorized to access the communications network, wherein when the verification of the identification information fails, the processor identifies the unverified access point as an unauthorized access point and sets conditions for which the unauthorized access point is allowed to access the communication network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The device according to claim 1, wherein, when the verification fails, the processor initiates a tracking procedure to determine a location of the unauthorized access point.
  - 3. The device according to claim 1, wherein the device is an authorized access point.
  - 4. The device according to claim 1, wherein the identification information includes at least one of (i) a serial number of the corresponding unverified access point and (ii) a virtual private network identifier.
  - 5. The device according to claim 1, wherein the processor notifies a network administrator when the verification fails.
  - 6. The device according to claim 1, wherein the processor generates an activity record of activities of the unauthorized access point.
  - 7. The device according to claim 6, wherein the activity record includes at least one of a manufacturer serial number, a virtual private network number, a time and date of the unauthorized access, a signal strength of the beacon, a time and date of subsequent communications with the unauthorized access point, a source and a destination of each of the subsequent communications and a signal strength of each of the subsequent communications.
  - 8. The device according to claim 7, wherein the processor determines the location of the unauthorized access point as a function of the activity record and geographic locations of the device and at least two access points of the plurality of access points.

9. A system, comprising:
- a communications arrangement providing at least one mobile unit with access to a communication network, wherein the communication arrangement communicates with a plurality of access points authorized to communicate on the communications network, wherein the communications arrangement scans a plurality of radio frequency channels to detect a beacon transmitted by an unverified access point in the communications network;
  
  a memory storing identification information of the unverified access point that was received in the beacon from the unverified access point, the memory further storing a preexisting database including identification information of the plurality of authorized access points, the preexisting database storing at least one of a manufacturer identification information and a SSID (service set identification) information; and
  
  a processor performing a verification procedure by comparing a portion of a MAC (medium access controller) address representing a manufacturer identification included in the detected beacon to the stored manufacturer information in the preexisting database and a SSID included in the detected beacon to the stored SSID information in the database, wherein when the verification fails, the processor identifies the unverified access point as an unauthorized access point and sets conditions for which the unauthorized access point is allowed to access the communications network.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system according to claim 9, wherein, when the verification fails, the processor determines a location of the unauthorized access point.
  - 11. The system according to claim 9, wherein the identification information includes at least one of a manufacturer serial number of the corresponding unverified access point and a virtual private network identifier.
  - 12. The system according to claim 9, wherein the processor notifies a network administrator of the detection of the unauthorized access point.
  - 13. The system according to claim 9, wherein the system receives an activity record of activities of the unauthorized access point from the at least one of the plurality of authorized access points.
  - 14. The system according to claim 13, wherein the activity record includes at least one of a manufacturer serial number, a virtual private network number, a time and date of the unauthorized access, a signal strength of the beacon, a time and date of subsequent transmissions by with the unauthorized access point, a source and a destination of each of the subsequent transmissions and a signal strength of each of the subsequent transmissions.
  - 15. The system according to claim 14, wherein a location of the unauthorized access point is determined as a function of the activity record and a geographic location of the at least one of the plurality of access points.

16. A method, comprising:
- scanning, by a computing arrangement, a plurality of radio frequency channels in a wireless communications network to detect a beacon from an unverified access point, the beacon including identification information of the access point, the computing arrangement providing at least one mobile unit with access to the communication network;
  
  transmitting the identification information to the computing arrangement for performing a verification procedure, the verification procedure including comparing a portion of a MAC (medium access controller) address representing a manufacturer identification included in the detected beacon to stored manufacturer information in a preexisting database and comparing a SSID (service set identification) included in the detected beacon to stored SSID information in the preexisting database, the preexisting database comprising identification information of a plurality of access points authorized to communicate on the communications network; and
  
  when the unverified access point fails the verification procedure, identifying the unverified access point as an unauthorized access point and generating an activity record of activities of the unauthorized access point.
- View Dependent Claims (17, 18, 19)
- - 17. The method according to claim 16, further comprising:
    - transmitting the activity record to the computing arrangement.
  - 18. The method according to claim 16, wherein the activity record includes at least one of a manufacturer serial number, a virtual private network number, a time and date of the unauthorized access, a signal strength of the beacon, a time and date of subsequent transmissions by the unauthorized access point, a source and a destination of each of the subsequent transmissions and a signal strength of each of the subsequent transmissions.
  - 19. The method according to claim 16, further comprising:
    - determining a location of the unauthorized access point; and
      
      transmitting the location to the computing arrangement.

20. An arrangement, comprising:
- a communications means for providing at least one mobile unit with access to a communication network, wherein the communication arrangement detects a beacon transmitted by an unverified access point in the communications network, the beacon including corresponding identification information of the unverified access point; and
  
  a processing means for verifying the identification information with a preexisting database, the preexisting database including identification information for a plurality of access points authorized to access the communications network, wherein when the verification of the identification information fails, the unverified access point is an unauthorized access point, the processing means sets conditions for allowing the unauthorized access point to access the communications network,wherein the verifying comprises comparing a portion of a MAC (medium access controller) address representing a manufacturer identification included in the detected beacon to authorized manufacturer information in the preexisting database and comparing a SSID (service set identification) included in the detected beacon to authorized SSID information in the preexisting database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Symbol Technologies, Inc. (Zebra Technologies Corporation)
Inventors
Ballai, Philip N.
Primary Examiner(s)
ZEWDU, MELESS NMN

Application Number

US11/416,761
Publication Number

US 20060193258A1
Time in Patent Office

1,406 Days
Field of Search

4554561-4566, 455410-411, 455/550.1, 455/556.1, 455/556.2, 455457-458, 455/461, 455/515, 455/524, 455/561, 455557-558, 455/41.2, 455/67.11, 455/67.13, 455/404.2, 455423-425, 455/432.1, 455/432.3, 455/433, 455/435.1, 455/436, 455/440, 455/450, 455/456.5, 455/464, 455/466, 455/500, 455/509, 455513-514, 455/517, 726 1- 7, 726 27- 30, 370/310, 370/328, 370312-313, 370/310.2, 713/153, 713/155, 713182-185, 380247-250, 705/56, 705/64, 340/539.1, 340/539.13
US Class Current

455/411
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04W 12/122   Counter-measures against at...

H04W 24/04   Arrangements for maintainin...

H04W 4/02   Services making use of loca...

H04W 64/003   locating network equipment

H04W 88/08   Access point devices

System and method for detection of a rouge wireless access point in a wireless communication network

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for detection of a rouge wireless access point in a wireless communication network

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links