System and method for securing networks

US 8,225,379 B2
Filed: 07/06/2004
Issued: 07/17/2012
Est. Priority Date: 07/11/2003
Status: Active Grant

First Claim

Patent Images

1. A method for securing a network, comprising:

identifying one or more information sources;

using said one or more information sources to identify one or more authorized devices on a first network;

determining that a particular one of the identified authorized devices is bridging the first network and a second network, the second network comprising an adhoc wireless network established between the particular one of the identified authorized devices and a second wirelessly-enabled device; and

identifying the second wirelessly-enabled device communicating via the second network with the particular one of the identified devices; and

determining whether the second wirelessly-enabled device communicating via the second network with the particular one of the identified devices is authorized to be on the first network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing a network including providing one or more information sources, identifying one or more devices on the network using the information sources and determining whether identified devices are authorized.

241 Citations

47 Claims

1. A method for securing a network, comprising:
- identifying one or more information sources;
  
  using said one or more information sources to identify one or more authorized devices on a first network;
  
  determining that a particular one of the identified authorized devices is bridging the first network and a second network, the second network comprising an adhoc wireless network established between the particular one of the identified authorized devices and a second wirelessly-enabled device; and
  
  identifying the second wirelessly-enabled device communicating via the second network with the particular one of the identified devices; and
  
  determining whether the second wirelessly-enabled device communicating via the second network with the particular one of the identified devices is authorized to be on the first network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method for securing a network of claim 1, further comprising determining whether the particular one of the identified devices complies with a predetermined policy.
  - 3. The method for securing a network of claim 1, further comprising determining a location of one or more of said identified devices.
  - 4. The method for securing a network of claim 1, wherein one or more of said information sources are wire line sensors.
  - 5. The method for securing a network of claim 1, wherein one or more of said information sources are wireless sensors.
  - 6. The method for securing a network of claim 1, wherein one or more of said information sources are location aware wireless sensors.
  - 7. The method for securing a network of claim 1, wherein a wireless unit intent algorithm is used to correlate information from said information sources.
  - 8. The method for securing a network of claim 1, wherein a realm bridged detection algorithm is used to correlate information from said information sources.
  - 9. The method for securing a network of claim 1, wherein radio frequency informatics are used to collect and analyze information.
  - 10. The method for securing a network of claim 1, wherein network informatics are used to collect and analyze information.
  - 11. The method for securing a network of claim 1, wherein the first and second devices each comprise wirelessly enabled laptops.
  - 12. The method for securing a network of claim 1, wherein the first network comprises an authorized wire network and the second network comprises an unauthorized, adhoc wireless network.
  - 13. The method for securing a network of claim 1, wherein determining that the particular one of the identified authorized devices is bridging the first network and a second network comprises:
    - correlating a packet transmitted by the second device on the second network with packet detected on the first network.

14. A system for securing a network, comprising:
- a detecting unit for detecting one or more information sources;
  
  an identifying unit for identifying one or more authorized devices on a first network, using said one or more information sources;
  
  a bridge-detecting unit for determining that a particular one of the identified authorized devices is bridging the first network and a second network, the second network comprising an adhoc wireless network established between the particular one of the identified authorized devices and a second wirelessly-enabled device;
  
  the identifying unit further operable to identify the second wirelessly-enabled device communicating via the second network with the particular one of the identified devices; and
  
  an authorization-determining unit for determining whether a second wirelessly-enabled device communicating via the second network with the particular one of the identified devices is authorized to be on the first network.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The system for securing a network of claim 14, further comprising a policy-determining unit for determining whether the particular one of the identified devices complies with a predetermined policy.
  - 16. The system for securing a network of claim 14, further comprising a location-determining unit for determining a location of one or more of said identified devices.
  - 17. The system for securing a network of claim 14, wherein one or more of said information sources are wire line sensors.
  - 18. The system for securing a network of claim 14, wherein one or more of said information sources are wireless sensors.
  - 19. The system for securing a network of claim 14, wherein one or more of said information sources are location aware wireless sensors.
  - 20. The system for securing a network of claim 14, wherein a wireless unit intent algorithm is used to correlate information from said information sources.
  - 21. The system for securing a network of claim 14, wherein a realm bridged detection algorithm is used to correlate information from said information sources.
  - 22. The system for securing a network of claim 14, wherein radio frequency informatics are used to collect and analyze information.
  - 23. The system for securing a network of claim 14, wherein network informatics are used to collect and analyze information.

24. A computer system comprising:
- a processor; and
  
  a program storage device readable by the computer system, embodying computer executable code for securing a network, the program storage device comprising;
  
  code for identifying one or more information sources;
  
  code for identifying one or more authorized devices on a first network using said one or more information sources;
  
  code for determining that a particular one of the identified authorized devices is bridging the first network and a second network, the second network comprising an adhoc wireless network established between the particular one of the identified authorized devices and a second wirelessly-enabled device;
  
  code for identifying the second wirelessly-enabled device communicating via the second network with the particular one of the identified devices; and
  
  code for determining whether the second wirelessly-enabled device communicating via the second network with the particular one of the identified devices is authorized to be on the first network.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 25. The computer system for securing a network of claim 24, further comprising code for determining whether the particular one of the identified devices complies with a predetermined policy.
  - 26. The computer system for securing a network of claim 24, further comprising code for determining a location of one or more of said identified devices.
  - 27. The computer system for securing a network of claim 24, wherein one or more of said information sources are wire line sensors.
  - 28. The computer system for securing a network of claim 24, wherein one or more of said information sources are wireless sensors.
  - 29. The computer system for securing a network of claim 24, wherein one or more of said information sources are location aware wireless sensors.
  - 30. The computer system for securing a network of claim 24 wherein a wireless unit intent algorithm is used to correlate information from said information sources.
  - 31. The computer system for securing a network of claim 24 wherein a realm bridged detection algorithm is used to correlate information from said information sources.
  - 32. The computer system for securing a network of claim 24, wherein radio frequency informatics are used to collect and analyze information.
  - 33. The computer system for securing a network of claim 24, wherein network informatics are used to collect and analyze information.

34. A computer recording medium including computer executable code for securing a network, comprising:
- code for identifying one or more information sources;
  
  code for identifying one or more authorized devices on a first network, using said one or more information sources;
  
  code for determining that a particular one of the identified authorized devices is bridging the first network and a second network, the second network comprising an adhoc wireless network established between the particular one of the identified authorized devices and a second wirelessly-enabled device; and
  
  code for identifying the second wirelessly-enabled device communicating via the second network with the particular one of the identified devices; and
  
  code for determining whether the second wirelessly-enabled device communicating via the second network with identified devices are authorized to be on the first network.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 35. The computer recording medium of claim 34, further comprising determining whether the particular one of the identified devices complies with a predetermined policy.
  - 36. The computer recording medium of claim 34, further comprising determining a location of one or more of said identified devices.
  - 37. The computer recording medium of claim 34, wherein one or more of said information sources are wire line sensors.
  - 38. The computer recording medium of claim 34, wherein one or more of said information sources are wireless sensors.
  - 39. The computer recording medium of claim 34, wherein one or more of said information sources are location aware wireless sensors.
  - 40. The computer recording medium of claim 34, wherein a wireless unit intent algorithm is used to correlate information from said information sources.
  - 41. The computer recording medium of claim 34, wherein a realm bridged detection algorithm is used to correlate information from said information sources.
  - 42. The computer recording medium of claim 34, wherein radio frequency informatics are used to collect and analyze information.
  - 43. The computer recording medium of claim 34, wherein network informatics are used to collect and analyze information.

44. A method for securing a network, comprising:
- identifying one or more information sources;
  
  using said one or more information sources to identify one or more authorized user computers on a wireline network;
  
  determining that a particular one of the identified authorized user computer is wirelessly enabled and bridging the wireline network and a wireless network, the wireless network comprising an unauthorized adhoc wireless network established between the particular one of the identified user computers and a wirelessly-enabled laptop computer; and
  
  identifying the wirelessly-enabled laptop computer communicating via the wireless network with the particular one of the identified authorized user computers; and
  
  determining that the wirelessly-enabled laptop computer communicating via the unauthorized adhoc wireless network with the particular one of the authorized user computers is not authorized to be on the wireline network.

45. A system for securing a network, comprising:
- a detecting unit for detecting one or more information sources;
  
  an identifying unit for identifying one or more authorized user computers on a wireline network;
  
  a bridge-detecting unit for determining that a particular one of the identified authorized user computer is wirelessly enabled and bridging the wireline network and a wireless network, the wireless network comprising an unauthorized adhoc wireless network established between the particular one of the identified user computers and a wirelessly-enabled laptop computer;
  
  the identifying unit further operable to identify the wirelessly-enabled laptop computer communicating via the wireless network with the particular one of the identified authorized user computers; and
  
  an authorization-determining unit for that the wirelessly-enabled laptop computer communicating via the unauthorized adhoc wireless network with the particular one of the authorized user computers is not authorized to be on the wireline network.

46. A computer system comprising:
- a processor; and
  
  a program storage device readable by the computer system, embodying computer executable code for securing a network, the program storage device comprising;
  
  code for identifying one or more information sources;
  
  code for using said one or more information sources to identify one or more authorized user computers on a wireline network;
  
  code for determining that a particular one of the identified authorized user computer is wirelessly enabled and bridging the wireline network and a wireless network, the wireless network comprising an unauthorized adhoc wireless network established between the particular one of the identified user computers and a wirelessly-enabled laptop computer;
  
  code for identifying the wirelessly-enabled laptop computer communicating via the wireless network with the particular one of the identified authorized user computers; and
  
  code for determining that the wirelessly-enabled laptop computer communicating via the unauthorized adhoc wireless network with the particular one of the authorized user computers is not authorized to be on the wireline network.

47. A computer recording medium including computer executable code for securing a network, comprising:
- code for identifying one or more information sources;
  
  code for using said one or more information sources to identify one or more authorized user computers on a wireline network;
  
  code for determining that a particular one of the identified authorized user computer is wirelessly enabled and bridging the wireline network and a wireless network, the wireless network comprising an unauthorized adhoc wireless network established between the particular one of the identified user computers and a wirelessly-enabled laptop computer; and
  
  code for identifying the wirelessly-enabled laptop computer communicating via the wireless network with the particular one of the identified authorized user computers; and
  
  code for determining that the wirelessly-enabled laptop computer communicating via the unauthorized adhoc wireless network with the particular one of the authorized user computers is not authorized to be on the wireline network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
van de Groenendaal, Johan
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US10/885,551
Publication Number

US 20050172153A1
Time in Patent Office

2,933 Days
Field of Search

726/5
US Class Current

726/5
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/122   Counter-measures against at...

H04W 4/00   Services specially adapted ...

System and method for securing networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

241 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

241 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links