Method and system for protecting a wireless network

US 8,156,539 B1
Filed: 12/18/2002
Issued: 04/10/2012
Est. Priority Date: 12/18/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of limiting access to a wireless network, said method comprising:

a) forming a frame of reference by establishing a region delineated by at least three nodes configured to send and receive wireless signals to and from each other, comprising measuring distances between individual pairs of said at least three nodes, based on roundtrip times of said wireless signals to establish relative position information of said at least three nodes, and storing said relative position information in a memory location;

b) based on said stored relative position information establishing said frame of reference, automatically deriving virtual boundary walls for said wireless network approximating intersecting physical walls in a structure in which said wireless network is housed, including measuring distances between each of said at least three nodes and individual ones of at least three positions of a mobile node based on roundtrip times of signals sent and received between said at least three nodes and said mobile node, and storing coordinates f at least three intersecting planes, each plane defined by the measured distance between said at least three nodes and one of said at least three positions of the mobile node, said at least three intersecting planes corresponding to said virtual boundary walls;

c) in response to a wireless device seeking access, over an interface, to said wireless network, said at least three nodes sending ping signals to and receiving response signals from said wireless device over said interface to determine a location of said wireless device;

d) determining whether said wireless device is within said wireless network virtual boundary walls based on said determined location of said wireless device and said stored coordinates defining said intersecting planes corresponding to said virtual boundary walls by;

d1) determining a plurality of regions in which said device is possibly located based on distance to said at least three nodes determining from a time between said sending said ping signals and receiving said response signals in said c);

d2) determining a location for said wireless device by forming an intersection of said plurality of regions; and

e) automatically granting access to said wireless network if said wireless device is determined to be within said virtual boundary walls and whether said wireless device complies with a security protocol, and automatically denying access otherwise.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for protecting a wireless network by establishing virtual walls to confine wireless connection to devices located within a three-dimensional region. A network of wireless monitoring nodes is established at physical locations. The monitoring nodes are arranged in a frame of reference and determine locations of one another and of mobile nodes by conducting measurements of either roundtrip travel time of signals sent and received or of differences in the times of receiving a signal at different known locations. Initially mobile nodes are placed, sequentially, in a triangle at a boundary to be established as a virtual wall for confining communication within the wireless network. The mobile node locations are then stored. The position of a device requesting admission to the wireless network is similarly determined and, if within the established virtual walls, the device may be admitted to the network. Admission is otherwise denied.

Citations

19 Claims

1. A method of limiting access to a wireless network, said method comprising:
- a) forming a frame of reference by establishing a region delineated by at least three nodes configured to send and receive wireless signals to and from each other, comprising measuring distances between individual pairs of said at least three nodes, based on roundtrip times of said wireless signals to establish relative position information of said at least three nodes, and storing said relative position information in a memory location;
  
  b) based on said stored relative position information establishing said frame of reference, automatically deriving virtual boundary walls for said wireless network approximating intersecting physical walls in a structure in which said wireless network is housed, including measuring distances between each of said at least three nodes and individual ones of at least three positions of a mobile node based on roundtrip times of signals sent and received between said at least three nodes and said mobile node, and storing coordinates f at least three intersecting planes, each plane defined by the measured distance between said at least three nodes and one of said at least three positions of the mobile node, said at least three intersecting planes corresponding to said virtual boundary walls;
  
  c) in response to a wireless device seeking access, over an interface, to said wireless network, said at least three nodes sending ping signals to and receiving response signals from said wireless device over said interface to determine a location of said wireless device;
  
  d) determining whether said wireless device is within said wireless network virtual boundary walls based on said determined location of said wireless device and said stored coordinates defining said intersecting planes corresponding to said virtual boundary walls by;
  
  d1) determining a plurality of regions in which said device is possibly located based on distance to said at least three nodes determining from a time between said sending said ping signals and receiving said response signals in said c);
  
  d2) determining a location for said wireless device by forming an intersection of said plurality of regions; and
  
  e) automatically granting access to said wireless network if said wireless device is determined to be within said virtual boundary walls and whether said wireless device complies with a security protocol, and automatically denying access otherwise.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein said establishing a region further comprises subtracting out known delays from said roundtrip time of said wireless signals.
  - 3. The method of claim 1 wherein said known delays comprise hardware-related delays recognized by at least one of said at least three nodes.
  - 4. The method of claim 1 wherein said d) comprises determining a difference in arrival times of said response signal at each of said at least three nodes to determine a 3-space location of said wireless device with respect to said frame of reference.
  - 5. The method of claim 1 wherein said at least three positions comprise a triangle, said triangle determining one of said plurality of planes.
  - 6. The method of claim 1 wherein said determining whether said wireless device is within said virtual boundary walls comprises establishing coordinates of a location in space of said wireless device and comparing said coordinates of said location to said stored coordinates of said at least three intersecting planes.

7. A wireless network security system comprising:
- at least four monitoring nodes configured to receive signals;
  
  stored information defining a frame of reference including positions of said at least four monitoring nodes relative to each other;
  
  said at least four monitoring nodes together defining intersecting planes comprising virtual boundaries of a three-dimensional space; and
  
  an authentication device to respond to a wireless device seeking access to said wireless network, and to determine a location of said wireless device by measurements based on signals received by said at least four monitoring nodes from said wireless device, said authentication device compares the location of said wireless device to said stored information, and access to said wireless network is automatically granted when said location of said wireless device is determined by said authentication device to be within the virtual boundaries of said three-dimensional space defined by said intersecting planes and when said wireless device complies with a security protocol, and denied otherwise, wherein said authentication device is configured to determine a plurality of regions in which said wireless device is possibly located based in distances to said at least four nodes determined from a time between sending wireless signals to and receiving wireless response signals from said wireless device seeking access to said wireless network, and to determine a location for said wireless device by forming an intersection of said plurality of regions.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The wireless network security system of claim 7 wherein said stored information defining the frame of reference comprises distances between each of said at least four monitoring nodes.
  - 9. The wireless network security system of claim 7 wherein three of said monitoring nodes are disposed in a triangular arrangement in a common plane, and a fourth monitoring node is disposed in a different plane.
  - 10. The wireless network security system of claim 7 wherein at least one of said at least four monitoring nodes comprises a network server.
  - 11. The wireless network security system of claim 7 wherein coordinates of said at least four nodes are stored in a memory location in a network server.
  - 12. The wireless network security system of claim 7 wherein said at least four monitoring nodes are located at respective vertices of a tetrahedron.
  - 13. The wireless network security system of claim 7 wherein said at least four monitoring nodes are configured to send the wireless signals to and receive the wireless signals from said wireless device seeking access to said wireless network.
  - 14. The wireless network security system of claim 7 wherein said at least four monitoring nodes are configured to measure arrival times of signals received from a wireless device seeking access to said wireless network.
  - 15. The wireless network security system of claim 7 wherein said intersecting planes define virtual boundaries of a structure in which said wireless network is housed.

16. A method of controlling access to a wireless network, said method comprising:
- a) in response to a wireless device seeking access, over an interface, to said wireless network, sending ping signals from at least four nodes configured to send and receive wireless signals, said at least four nodes forming a frame of reference defined by stored relative positional information of said at least four nodes, and receiving response signals from said wireless device over said interface to determine a location of said wireless device on the basis of said stored relative positional information of said at least four nodes, wherein determining the location of said wireless device further comprises;
  
  determining a plurality of regions in which said wireless device is possibly located based on distances to said at least four nodes determined from a time between sending wireless signals to and receiving wireless response signals from said wireless device, anddetermining a location for said wireless device by forming an intersection of said plurality of regions;
  
  b) determining whether said wireless device is within boundaries of said wireless network based on said determined location of said wireless device and stored coordinates of intersecting planes defining virtual boundaries of a three-dimensional space in a structure in which said wireless network is housed; and
  
  c) automatically granting access to said wireless network when said wireless device is determined to be within said three-dimensional space and when said wireless device complies with a security protocol, and automatically denying access otherwise.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16 wherein there are four monitoring nodes, three of said monitoring nodes located in a common plane and a fourth monitoring node located in a different plane.
  - 18. The method of claim 17, said three monitoring nodes located in a triangular arrangement.
  - 19. The method of claim 16, said at least four monitoring nodes located at respective vertices of tetrahedron.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Monterey Research, LLC (Vector Capital Corporation)
Original Assignee
Cypress Semiconductor Corporation (Infineon Technologies AG)
Inventors
Nelson, Timothy E.
Primary Examiner(s)
Zia, Syed A.

Application Number

US10/325,204
Time in Patent Office

3,401 Days
Field of Search

455/456.1
US Class Current

726/2
CPC Class Codes

H04L 63/107   wherein the security polici...

H04W 12/086   using security domains

H04W 64/00   Locating users or terminals...

Method and system for protecting a wireless network

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting a wireless network

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links