Methods and apparatus for providing security to a computerized device

US 8,122,136 B2
Filed: 12/18/2002
Issued: 02/21/2012
Est. Priority Date: 12/18/2002
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

detecting, in a computerized device, a network identification information for the computerized device, where the computerized device receives the network identification information in a wireless local area network transmission from a network identification information source associated with a first network to which the computerized device is to establish a secure wireless data connection;

comparing the detected network identification information with at least one address entry stored in an initiation information table on the computerized device, the at least one address entry having been stored in the initiation information table prior to detecting the network identification information and indicating that the first network requires a secure data connection;

in response to detecting a correspondence between the network identification information and the at least one address entry in the initiation information table, detecting a profile entry, the profile entry being mapped to secure connection instructions for establishing the secure wireless data connection between the computerized device and the first network, retrieving the secure connection instructions indicated by the profile entry, and establishing the secure wireless data connection between the computerized device and the first network; and

in response to detecting a secure connection stop function within the profile entry, where the secure connection stop function is a discontinue command that prevents the computerized device from establishing an unnecessary secure wireless data connection with the first network, selectively establishing a non-secure data connection between the computerized device and the first network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When establishing a communications channel to a wireless network, through a wireless connection, a computerized device receives an Internet protocol (IP) address from a Dynamic Host Configuration Protocol (DHCP) server associated with the wireless network. The computerized device is configured with a table or list of IP addresses associated with wireless networks requiring a VPN or secure connection. The computerized device compares the IP address received from the DHCP server with the IP address entries of the table stored by the computerized device. If the computerized device detects a correspondence between the IP address received from the DHCP server and an IP address entry within the table, the computerized device automatically initiates a secure or VPN connection with the wireless network associated with the DHCP server. The computerized device therefore actively establishes a secure connection with the wireless network, prior to user login and without user intervention, based upon the computerized device being a client of the wireless network.

Citations

18 Claims

1. A method, comprising:
- detecting, in a computerized device, a network identification information for the computerized device, where the computerized device receives the network identification information in a wireless local area network transmission from a network identification information source associated with a first network to which the computerized device is to establish a secure wireless data connection;
  
  comparing the detected network identification information with at least one address entry stored in an initiation information table on the computerized device, the at least one address entry having been stored in the initiation information table prior to detecting the network identification information and indicating that the first network requires a secure data connection;
  
  in response to detecting a correspondence between the network identification information and the at least one address entry in the initiation information table, detecting a profile entry, the profile entry being mapped to secure connection instructions for establishing the secure wireless data connection between the computerized device and the first network, retrieving the secure connection instructions indicated by the profile entry, and establishing the secure wireless data connection between the computerized device and the first network; and
  
  in response to detecting a secure connection stop function within the profile entry, where the secure connection stop function is a discontinue command that prevents the computerized device from establishing an unnecessary secure wireless data connection with the first network, selectively establishing a non-secure data connection between the computerized device and the first network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, comprising:
    - monitoring for network identification information; and
      
      in response to detecting network identification information while monitoring, performing the comparing and establishing.
  - 3. The method of claim 1, comprising:
    - receiving updated network identification information for the computerized device from a network identification information source associated with a second network;
      
      comparing the updated network identification information with at least one address entry, the at least one address entry indicating a corresponding second network requiring a secure data connection and corresponding to the updated network identification information; and
      
      in response to detecting a correspondence between the updated network identification information and the at least one address entry, establishing a secure data connection with the second network.
  - 4. The method of claim 1, comprising, providing a user login access to the computerized device in response to establishing a secure data connection with the first network.
  - 5. The method of claim 1, where establishing a non-secure data connection with the first network comprises preventing establishment of a data connection with the first network in response to detecting the secure connection stop function.
  - 6. The method of claim 1 comprising establishing a non-secure data connection with the first network in response to detecting no correspondence between the network identification information and the at least one address entry.
  - 7. The method of claim 1 comprising preventing establishment of a data connection with the first network in response to detecting no correspondence between the network identification information and the at least one address entry.

8. In a client computer, a method for establishing a data connection to an onsite, wireless local area network comprising the steps of:
- detecting address information for the client computer, the address information transmitted from a Dynamic Host Configuration Protocol server associated with the wireless local area network;
  
  comparing the detected address information with at least one address entry stored in an initiation information table on the client computer, the at least one address entry having been stored in the initiation information table prior to detecting the network identification information indicating the corresponding wireless local area network requiring a secure data connection and corresponding to the address information;
  
  in response to detecting a correspondence between the network identification information and the at least one address entry in the initiation information table, detecting a profile entry, the profile entry being mapped to secure connection instructions for establishing the secure data connection between the client computer and the wireless local area network, retrieving the secure connection instructions indicated by the profile entry and performing an autoinitiation procedure to establish the secure data connection with the wireless local area network; and
  
  in response to detecting a secure connection stop function within the profile entry, where the secure connection stop function is a discontinue command that prevents the client computer from establishing an unnecessary secure connection with the wireless local area network, selectively performing the autoinitiation procedure to establish a non-secure data connection with the wireless local area network.

9. A computerized device comprising:
- at least one communications interface;
  
  a controller; and
  
  an interconnection mechanism coupling the at least one communications interface and the controller;
  
  wherein the controller is configured to;
  
  detect, in the computerized device, network identification information for the computerized device, the network identification information transmitted from a network identification information source associated with a first network through the at least one communications interface;
  
  compare the detected network identification information with at least one address entry stored on the computerized device in an initiation information table, the at least one address entry having been stored in the initiation information table prior to detecting the network identification information and indicating the corresponding first network requires a secure data connection;
  
  in response to detecting a correspondence between the network identification information and the at least one address entry in the initiation information table, detect a profile entry, the profile entry being mapped to secure connection instructions for establishing the secure data connection with the first network, retrieve the secure connection instructions indicated by the profile entry, and establish the secure data connection with the first network; and
  
  in response to detecting a secure connection stop function within the profile entry, where the secure connection stop function is a discontinue command that prevents the computerized device from establishing an unnecessary secure connection with the first network, selectively establish a non-secure data connection with the first network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computerized device of claim 9 wherein the computerized device is further configured to:
    - monitor for network identification information; and
      
      in response to detecting network identification information while monitoring, perform the steps of comparing and establishing.
  - 11. The computerized device of claim 9 wherein the computerized device is further configured to:
    - receive updated network identification information for the computerized device from a network identification information source associated with a second network through the at least one communications interface;
      
      compare the updated network identification information with at least one address entry, the at least one address entry indicating a corresponding second network requiring a secure data connection; and
      
      in response to detecting a correspondence between the updated network identification information and the at least one address entry, establish a secure data connection with the second network through the at least one communications interface.
  - 12. The computerized device of claim 9 wherein the computerized device is further configured to, in response to establishing a secure data connection with the first network, provide the user login access to the computerized device.
  - 13. The computerized device of claim 9 wherein the computerized device, when comparing, is further configured to prevent establishment of a data connection with the first network in response to detecting the secure connection stop function.
  - 14. The computerized device of claim 9 wherein the computerized device is configured to, when establishing a secure data connection with the first network, establish a secure wireless data connection to the first network through the at least one communications interface.
  - 15. The computerized device of claim 9 wherein, in response to detecting no correspondence between the network identification information and the at least one address entry, the computerized device is further configured to establish a non-secure data connection with the first network.
  - 16. The computerized device of claim 9 wherein, in response to detecting no correspondence between the network identification information and the at least one address entry, the computerized device is further configured to prevent establishment of a data connection with the first network.

17. A computerized device comprising:
- at least one communications interface;
  
  a controller; and
  
  an interconnection mechanism coupling the at least one communications interface and the controller;
  
  wherein the controller is configured to;
  
  detect address information for the computerized device, the address information transmitted from a Dynamic Host Configuration Protocol server associated with a wireless network;
  
  compare the detected address information with at least one address entry stored in an initiation information table on the computerized device table prior to detecting the address information, the at least one address entry indicating the corresponding wireless network requiring a secure data connection and corresponding to the address information;
  
  in response to detecting a correspondence between network identification information and the at least one address entry in the initiation information table, detect a profile entry, the profile entry being mapped to secure connection instructions for establishing the secure data connection with the wireless network, retrieve the secure connection instructions indicated by the profile entry, and perform an autoinitiation procedure to establish the secure data connection with the wireless network; and
  
  in response to detecting a secure connection stop function within the profile entry, where the secure connection stop function is a discontinue command that prevents the computerized device from establishing an unnecessary secure connection with the wireless network, selectively performing the autoinitiation procedure to establish a non-secure data connection with the wireless network.

18. A computer program product having a non-transitory computer-readable medium including computer program logic encoded thereon that, when performed on a controller in a computerized device having a coupling to at least one communications interface provides a method for performing the operations of:
- detecting, in the computerized device, network identification information for the computerized device, the network identification information transmitted from a network identification information source associated with a first network through the at least one communications interface;
  
  comparing the detected network identification information with at least one address entry stored on the computerized device in an initiation information table, the at least one address entry having been stored in the initiation information table prior to detecting the network identification information and indicating the corresponding first network requiring a secure data connection and corresponding to the network identification information and detecting a secure connection stop function;
  
  in response to detecting a correspondence between the network identification information and the at least one address entry in the initiation information table, detecting a profile entry, the profile entry being mapped to secure connection instructions for establishing the secure data connection between the computerized device and the first network, retrieving the secure connection instructions indicated by the profile entry, and establishing the secure data connection with the first network; and
  
  in response to detecting a secure connection stop function within the profile entry, where the secure connection stop function is a discontinue command that prevents the computerized device from establishing an unnecessary secure wireless data connection with the first network, selectively establishing a non-secure data connection with the first network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bernier, Mark, Rochefort, Dany J., Volpe, Victor, Bolinger, Christopher R., Nassar, Nizar, Tardif, Marc
Primary Examiner(s)
Hamza, Faruk
Assistant Examiner(s)
Survillo, Oleg

Application Number

US10/323,276
Publication Number

US 20040120260A1
Time in Patent Office

3,352 Days
Field of Search

709/229, 709/245, 709/219, 709/227, 370/254, 370/331, 370/338, 370/392, 370/401, 455/432.2
US Class Current

709/229
CPC Class Codes

H04L 61/5014   using dynamic host configur...

H04L 63/0272   Virtual private networks

H04L 63/101   Access control lists [ACL]

H04L 63/104   Grouping of entities

H04L 63/20   for managing network securi...

H04L 67/30   Profiles

H04W 12/03   Protecting confidentiality,...

H04W 76/10   Connection setup

H04W 8/26   Network addressing or numbe...

H04W 84/12   WLAN [Wireless Local Area N...

Methods and apparatus for providing security to a computerized device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for providing security to a computerized device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links