Wireless local area network access points, end-point communication devices, and computer program products that generate security alerts based on characteristics of interfering signals and/or connection messages
First Claim
1. A wireless local area network access point comprising:
- a transceiver that is configured to communicate messages with an end-point communication device through a wireless air interface in a defined frequency band;
a controller that is configured to receive through the transceiver a connection request message containing a password from the end-point communication device, to authenticate the received password, and to respond to the authentication by transmitting through the transceiver to the end-point communication device an encryption key as a connection response message;
a security unit that is configured to measure a first time between receipt of the connection request message and a subsequent onset of at least one interfering signal having at least a threshold magnitude in the defined frequency band, wherein the security unit is configured to measure a second time between transmission of the connection response message and receipt of the connection response message, and to generate a security alert based on one of the first and second measured times being less than a threshold time, and wherein the security unit is configured to generate a security alert based on detecting at least one disassociation message received from another device that contains an identifier associated with the wireless local area network access point and therefore incorrectly appears to have originated from the wireless local area network access point; and
an interface that is configured to be communicatively connected to the Internet through a broadband modem, wherein the security unit is further configured to communicate information relating to the security alert through the interface to a network management center.
1 Assignment
0 Petitions
Accused Products
Abstract
A wireless local area network access point (WAP) includes a transceiver, a controller, and a security unit. The transceiver communicates messages with an end-point communication device through a wireless air interface in a defined frequency band. The controller receives through the transceiver a connection request message containing a password from the end-point communication device, authenticates the received password, and responds to the authentication by transmitting through the transceiver to the end-point communication device an encryption key as a connection response message. The security unit generates a security alert based on measured characteristics of one or more received connection request messages and/or based on measured characteristics of interfering signals in the defined frequency band.
28 Citations
10 Claims
-
1. A wireless local area network access point comprising:
-
a transceiver that is configured to communicate messages with an end-point communication device through a wireless air interface in a defined frequency band; a controller that is configured to receive through the transceiver a connection request message containing a password from the end-point communication device, to authenticate the received password, and to respond to the authentication by transmitting through the transceiver to the end-point communication device an encryption key as a connection response message; a security unit that is configured to measure a first time between receipt of the connection request message and a subsequent onset of at least one interfering signal having at least a threshold magnitude in the defined frequency band, wherein the security unit is configured to measure a second time between transmission of the connection response message and receipt of the connection response message, and to generate a security alert based on one of the first and second measured times being less than a threshold time, and wherein the security unit is configured to generate a security alert based on detecting at least one disassociation message received from another device that contains an identifier associated with the wireless local area network access point and therefore incorrectly appears to have originated from the wireless local area network access point; and an interface that is configured to be communicatively connected to the Internet through a broadband modem, wherein the security unit is further configured to communicate information relating to the security alert through the interface to a network management center. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An end-point communication device comprising:
-
a transceiver that is configured to communicate messages with a wireless local area network access point through a wireless air interface in a defined frequency band; a controller that is configured to transmit through the transceiver to the wireless local area network access point a connection request message containing a password, to receive a connection response message through the transceiver from the wireless local area network access point that contains an encryption key, and to configure a communication network with the wireless local area network access point in response to the connection response message, the controller is further configured to transmit the connection request message in response to a pushbutton mode activated by a user selection on a user interface of the end-point communication device; and a security unit that is configured to measure a time between transmission of the connection request message and a subsequent receipt of the connection response message which is expected to have been generated by a subsequent delayed user initiation of a pushbutton mode by a user selection on a user interface of the wireless local area network access point which initiates transmission of the connection response message from the wireless local area network access point, and to generate a security alert based on the measured time being less than a threshold time, and wherein the security unit is configured to measure a first time between transmission of the connection request message and a subsequent onset of at least one interfering signal having at least a threshold magnitude in the defined frequency band, and that is configured to measure a second time between transmission of the connection response message and subsequent receipt of the connection response message, and to generate the security alert based on one of the first and second measured times being less than a threshold time. - View Dependent Claims (7, 8, 9, 10)
-
Specification