Method and system for protecting a wireless network
First Claim
1. A method of limiting access to a wireless network, said method comprising:
- a) forming a frame of reference by establishing a region delineated by at least three nodes configured to send and receive wireless signals to and from each other, comprising measuring distances between individual pairs of said at least three nodes, based on roundtrip times of said wireless signals to establish relative position information of said at least three nodes, and storing said relative position information in a memory location;
b) based on said stored relative position information establishing said frame of reference, automatically deriving virtual boundary walls for said wireless network approximating intersecting physical walls in a structure in which said wireless network is housed, including measuring distances between each of said at least three nodes and individual ones of at least three positions of a mobile node based on roundtrip times of signals sent and received between said at least three nodes and said mobile node, and storing coordinates f at least three intersecting planes, each plane defined by the measured distance between said at least three nodes and one of said at least three positions of the mobile node, said at least three intersecting planes corresponding to said virtual boundary walls;
c) in response to a wireless device seeking access, over an interface, to said wireless network, said at least three nodes sending ping signals to and receiving response signals from said wireless device over said interface to determine a location of said wireless device;
d) determining whether said wireless device is within said wireless network virtual boundary walls based on said determined location of said wireless device and said stored coordinates defining said intersecting planes corresponding to said virtual boundary walls by;
d1) determining a plurality of regions in which said device is possibly located based on distance to said at least three nodes determining from a time between said sending said ping signals and receiving said response signals in said c);
d2) determining a location for said wireless device by forming an intersection of said plurality of regions; and
e) automatically granting access to said wireless network if said wireless device is determined to be within said virtual boundary walls and whether said wireless device complies with a security protocol, and automatically denying access otherwise.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and system for protecting a wireless network by establishing virtual walls to confine wireless connection to devices located within a three-dimensional region. A network of wireless monitoring nodes is established at physical locations. The monitoring nodes are arranged in a frame of reference and determine locations of one another and of mobile nodes by conducting measurements of either roundtrip travel time of signals sent and received or of differences in the times of receiving a signal at different known locations. Initially mobile nodes are placed, sequentially, in a triangle at a boundary to be established as a virtual wall for confining communication within the wireless network. The mobile node locations are then stored. The position of a device requesting admission to the wireless network is similarly determined and, if within the established virtual walls, the device may be admitted to the network. Admission is otherwise denied.
-
Citations
19 Claims
-
1. A method of limiting access to a wireless network, said method comprising:
-
a) forming a frame of reference by establishing a region delineated by at least three nodes configured to send and receive wireless signals to and from each other, comprising measuring distances between individual pairs of said at least three nodes, based on roundtrip times of said wireless signals to establish relative position information of said at least three nodes, and storing said relative position information in a memory location; b) based on said stored relative position information establishing said frame of reference, automatically deriving virtual boundary walls for said wireless network approximating intersecting physical walls in a structure in which said wireless network is housed, including measuring distances between each of said at least three nodes and individual ones of at least three positions of a mobile node based on roundtrip times of signals sent and received between said at least three nodes and said mobile node, and storing coordinates f at least three intersecting planes, each plane defined by the measured distance between said at least three nodes and one of said at least three positions of the mobile node, said at least three intersecting planes corresponding to said virtual boundary walls; c) in response to a wireless device seeking access, over an interface, to said wireless network, said at least three nodes sending ping signals to and receiving response signals from said wireless device over said interface to determine a location of said wireless device; d) determining whether said wireless device is within said wireless network virtual boundary walls based on said determined location of said wireless device and said stored coordinates defining said intersecting planes corresponding to said virtual boundary walls by; d1) determining a plurality of regions in which said device is possibly located based on distance to said at least three nodes determining from a time between said sending said ping signals and receiving said response signals in said c); d2) determining a location for said wireless device by forming an intersection of said plurality of regions; and e) automatically granting access to said wireless network if said wireless device is determined to be within said virtual boundary walls and whether said wireless device complies with a security protocol, and automatically denying access otherwise. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A wireless network security system comprising:
-
at least four monitoring nodes configured to receive signals; stored information defining a frame of reference including positions of said at least four monitoring nodes relative to each other; said at least four monitoring nodes together defining intersecting planes comprising virtual boundaries of a three-dimensional space; and an authentication device to respond to a wireless device seeking access to said wireless network, and to determine a location of said wireless device by measurements based on signals received by said at least four monitoring nodes from said wireless device, said authentication device compares the location of said wireless device to said stored information, and access to said wireless network is automatically granted when said location of said wireless device is determined by said authentication device to be within the virtual boundaries of said three-dimensional space defined by said intersecting planes and when said wireless device complies with a security protocol, and denied otherwise, wherein said authentication device is configured to determine a plurality of regions in which said wireless device is possibly located based in distances to said at least four nodes determined from a time between sending wireless signals to and receiving wireless response signals from said wireless device seeking access to said wireless network, and to determine a location for said wireless device by forming an intersection of said plurality of regions. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of controlling access to a wireless network, said method comprising:
-
a) in response to a wireless device seeking access, over an interface, to said wireless network, sending ping signals from at least four nodes configured to send and receive wireless signals, said at least four nodes forming a frame of reference defined by stored relative positional information of said at least four nodes, and receiving response signals from said wireless device over said interface to determine a location of said wireless device on the basis of said stored relative positional information of said at least four nodes, wherein determining the location of said wireless device further comprises; determining a plurality of regions in which said wireless device is possibly located based on distances to said at least four nodes determined from a time between sending wireless signals to and receiving wireless response signals from said wireless device, and determining a location for said wireless device by forming an intersection of said plurality of regions; b) determining whether said wireless device is within boundaries of said wireless network based on said determined location of said wireless device and stored coordinates of intersecting planes defining virtual boundaries of a three-dimensional space in a structure in which said wireless network is housed; and c) automatically granting access to said wireless network when said wireless device is determined to be within said three-dimensional space and when said wireless device complies with a security protocol, and automatically denying access otherwise. - View Dependent Claims (17, 18, 19)
-
Specification