Method and system for classification of wireless devices in local area computer networks

US 7,710,933 B1
Filed: 03/10/2006
Issued: 05/04/2010
Est. Priority Date: 12/08/2005
Status: Active Grant

First Claim

Patent Images

1. A wireless security method comprising:

installing a security system within a selected geographic region, the security system comprising at least one sniffer device disposed within the selected geographic region, the selected geographic region comprising an authorized local area network;

detecting wireless transmissions within the selected geographic region using the at least one sniffer device;

determining identity of a radio interface present in the selected geographic region from the detected wireless transmissions, wherein information regarding coupling of the radio interface with an authorized communication device is not accessible to the security system;

identifying from the detected wireless transmissions a wireless connection between the radio interface and an authorized wireless access point, the authorized wireless access point being adapted to act as traffic transfer point between a wired portion and a wireless portion of the authorized local area network;

detecting the identity of the radio interface in traffic over the wired portion of the authorized local area network;

classifying the radio interface as being coupled with the authorized communication device based upon the identity of the radio interface being present both in the wireless transmissions and in the traffic over the wired portion;

providing for allowing the radio interface to communicate with the authorized wireless access point and for disallowing the radio interface from communicating with an external wireless access point, wherein the external wireless access point acts as traffic transfer point between a wired portion and a wireless portion of a neighborhood local area network, the neighborhood local area network being distinct from the authorized local area network.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for classifying radio interfaces in a wireless network. The method includes transferring an unknown MAC address associated with a radio interface of a communication device through a wireless medium and detecting the unknown MAC address on the wireless medium using a first sniffer device. The method also includes transferring information through an access point coupled to a wired medium utilizing the radio interface of the wireless communication device. The information includes the unknown MAC address. The method further includes detecting the unknown MAC address on the wired medium using a second sniffer device and classifying the radio interface as an authorized radio interface based upon detecting the unknown MAC address on the wireless medium and detecting the unknown MAC address on the wired medium.

Citations

22 Claims

1. A wireless security method comprising:
- installing a security system within a selected geographic region, the security system comprising at least one sniffer device disposed within the selected geographic region, the selected geographic region comprising an authorized local area network;
  
  detecting wireless transmissions within the selected geographic region using the at least one sniffer device;
  
  determining identity of a radio interface present in the selected geographic region from the detected wireless transmissions, wherein information regarding coupling of the radio interface with an authorized communication device is not accessible to the security system;
  
  identifying from the detected wireless transmissions a wireless connection between the radio interface and an authorized wireless access point, the authorized wireless access point being adapted to act as traffic transfer point between a wired portion and a wireless portion of the authorized local area network;
  
  detecting the identity of the radio interface in traffic over the wired portion of the authorized local area network;
  
  classifying the radio interface as being coupled with the authorized communication device based upon the identity of the radio interface being present both in the wireless transmissions and in the traffic over the wired portion;
  
  providing for allowing the radio interface to communicate with the authorized wireless access point and for disallowing the radio interface from communicating with an external wireless access point, wherein the external wireless access point acts as traffic transfer point between a wired portion and a wireless portion of a neighborhood local area network, the neighborhood local area network being distinct from the authorized local area network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein the radio interface comprises a wireless network interface card.
  - 3. The method of claim 1 wherein the authorized communication device comprises at least a laptop computer or at least a PDA.
  - 4. The method of claim 1 wherein the identity of the radio interface is a radio MAC address.
  - 5. The method of claim 4 wherein the wireless transmissions comprise at least one IEEE 802.11 type frame and the radio MAC address is included in the IEEE 802.11 type frame.
  - 6. The method of claim 1 wherein classifying the radio interface is free from manual interaction.
  - 7. The method of claim 1 wherein the information regarding the coupling of the radio interface with the authorized communication device being not accessible to the security system is characterized by the identity of the radio interface being absent from a list of authorized MAC addresses which is accessible to the security system.
  - 8. The method of claim 1 wherein the authorized wireless access point is adapted to perform an authentication process before allowing the radio interface to send data to the wired portion of the authorized local area network through the authorized wireless access point.
  - 9. The method of claim 8 wherein the authentication process comprises verifying identity of the authorized communication device.
  - 10. The method of claim 1 further comprising establishing that the authorized wireless access point does not use an open authentication process prior to the classifying.
  - 11. The method of claim 1 further comprising establishing that the authorized wireless access point does not use a WEP shared key authentication process prior to the classifying.
  - 12. The method of claim 1 further comprising establishing that the authorized wireless access point uses an 802.1x (EAP) authentication process prior to the classifying.

13. A wireless security method comprising:
- installing a security system within a selected geographic region, the security system comprising at least one sniffer device disposed within the selected geographic region, the selected geographic region comprising an authorized local area network;
  
  detecting wireless transmissions within the selected geographic region using the at least one sniffer device;
  
  determining identity of a radio interface present in the selected geographic region from the detected wireless transmissions;
  
  identifying from the detected wireless transmissions a wireless connection between the radio interface and an authorized wireless access point, the authorized wireless access point being adapted to act as traffic transfer point between a wired portion and a wireless portion of the authorized local area network;
  
  establishing that the identity of the radio interface in absent from traffic over the wired portion of the authorized local area network;
  
  classifying the radio interface as being not coupled with an authorized communication device based upon the identity of the radio interface being absent from the traffic over the wired portion;
  
  providing for disallowing the radio interface from communicating with the authorized wireless access point and for allowing the radio interface to communicate with an external wireless access point, wherein the external wireless access point acts as traffic transfer point between a wired portion and a wireless portion of a neighborhood local area network, the neighborhood local area network being distinct from the authorized local area network.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13 wherein the radio interface comprises a wireless network interface card.
  - 15. The method of claim 13 wherein the authorized communication device comprises at least a laptop computer or at least a PDA.
  - 16. The method of claim 13 wherein the identity of the radio interface is a radio MAC address.
  - 17. The method of claim 16 wherein the wireless transmissions comprise at least one IEEE 802.11 type frame and the radio MAC address is included in the IEEE 802.11 type frame.
  - 18. The method of claim 13 wherein classifying the radio interface is free from manual interaction.
  - 19. The method of claim 13 wherein the authorized wireless access point is adapted to perform an authentication process before allowing the radio interface to send data to the wired portion through the authorized wireless access point.
  - 20. The method of claim 13 wherein the authentication process comprises verifying identity of a communication device to which the radio interface is coupled.

21. A wireless security system comprising:
- at least one first interface for monitoring radio transmissions;
  
  at least one second interface for monitoring traffic in a wired network; and
  
  at least one computer readable medium coupled to the first interface and the second interface, the computer readable medium storing instructions executable by at least one processor to perform steps of;
  
  detecting wireless transmissions using the first interface;
  
  determining identity of a client radio interface present in the detected wireless transmissions, wherein information regarding coupling of the client radio interface with an authorized communication device is not accessible to the at least one processor;
  
  identifying from the detected wireless transmissions a wireless connection between the client radio interface and an authorized wireless access point, the authorized wireless access point being adapted to act as traffic transfer point between a wired portion and a wireless portion of an authorized local area network;
  
  detecting the identity of the client radio interface in traffic over the wired portion of the authorized local area network using the second interface;
  
  classifying the client radio interface as being coupled with the authorized communication device based upon the identity of the client radio interface being present both in the wireless transmissions and in the traffic over the wired portion; and
  
  providing for allowing the client radio interface to communicate with the authorized wireless access point and for disallowing the radio interface from communicating with an external wireless access point, wherein the external wireless access point acts as traffic transfer point between a wired portion and a wireless portion of a neighborhood local area network, the neighborhood local area network being distinct from the authorized local area network.

22. A wireless security system comprising:
- at least one first interface for monitoring radio transmissions;
  
  at least one second interface for monitoring traffic in a wired network; and
  
  at least one computer readable medium coupled to the first interface and the second interface, the computer readable medium storing instructions executable by at least one processor to perform steps of;
  
  detecting wireless transmissions using the first interface;
  
  determining identity of a client radio interface present in the detected wireless transmissions;
  
  identifying from the detected wireless transmissions a wireless connection between the client radio interface and an authorized wireless access point, the authorized wireless access point being adapted to act as traffic transfer point between a wired portion and a wireless portion of an authorized local area network;
  
  establishing using the second interface that the identity of the client radio interface is absent from traffic over the wired portion of the authorized local area network;
  
  classifying the client radio interface as not being coupled with an authorized communication device based upon the identity of the client radio interface being absent from the traffic over the wired portion; and
  
  providing for disallowing the client radio interface from communicating with the authorized wireless access point and for allowing the radio interface to communicate with an external wireless access point, wherein the external wireless access point acts as traffic transfer point between a wired portion and a wireless portion of a neighborhood local area network, the neighborhood local area network being distinct from the authorized local area network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arista Networks, Inc.
Original Assignee
Airtight Networks Incorporated (Arista Networks, Inc.)
Inventors
Sundaralingam, Sri Ganeshan, Patwardhan, Aniruddha
Primary Examiner(s)
Appiah; Charles N
Assistant Examiner(s)
Karikari; Kwasi

Application Number

US11/373,068
Time in Patent Office

1,516 Days
Field of Search

370/338, 370/328, 370/351, 713/182, 713/163, 455/411
US Class Current

370/338
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/162   at the data link layer

H04W 12/062   Pre-authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 48/02   Access restriction performe...

Method and system for classification of wireless devices in local area computer networks

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for classification of wireless devices in local area computer networks

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links