Address spoofing prevention

US 8,363,594 B2
Filed: 11/08/2006
Issued: 01/29/2013
Est. Priority Date: 11/08/2006
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a radio communication link in a radio communication network comprising a wireless local network and a secured network, at least a first wireless terminal and a second wireless terminal being part of the wireless local network, at least the first wireless terminal being capable of communicating with the secured network, the radio communication network implementing layered protocol functions comprising at least Layers 1, 2 and 3 functions, the wireless terminals being identifiable by their Layer 2 and 3 addresses, the secured network comprising a database, the database comprising address correspondence information between Layer 2 and 3 addresses of terminals, the method comprising the following steps in respect of the first wireless terminal establishing a radio communication link with the second wireless terminal:

the first wireless terminal authenticating itself with the secured network;

the first wireless terminal, by accessing the database and using the Layer 3 address of the second wireless terminal, obtaining the corresponding Layer 2 address of the second terminal from the address correspondence information in the database; and

establishing in the local network the radio communication link with the second wireless terminal by using the Layer 2 address.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method for securing a radio communication link establishment in a radio communication network comprising a local network and a secured network. The local network comprises at least a first terminal and a second terminal and at least the first terminal is capable of communicating with the secured network. The radio communication network implements layered protocol functions, comprising at least Layers 1, 2 and 3, the terminals being identifiable by their Layer 2 and 3 addresses. The secured network comprises a database comprising address correspondence information between Layer 2 and 3 addresses of terminals. In the method the first terminal authenticates itself with the secured network and then by using the Layer 3 address of the second terminal, obtaining the address correspondence information provided by the database and thereby determining the corresponding Layer 2 address of the second terminal. Then the first terminal establishes in the local network the radio communication link with the second terminal by using the Layer 2 address.

Citations

17 Claims

1. A method for establishing a radio communication link in a radio communication network comprising a wireless local network and a secured network, at least a first wireless terminal and a second wireless terminal being part of the wireless local network, at least the first wireless terminal being capable of communicating with the secured network, the radio communication network implementing layered protocol functions comprising at least Layers 1, 2 and 3 functions, the wireless terminals being identifiable by their Layer 2 and 3 addresses, the secured network comprising a database, the database comprising address correspondence information between Layer 2 and 3 addresses of terminals, the method comprising the following steps in respect of the first wireless terminal establishing a radio communication link with the second wireless terminal:
- the first wireless terminal authenticating itself with the secured network;
  
  the first wireless terminal, by accessing the database and using the Layer 3 address of the second wireless terminal, obtaining the corresponding Layer 2 address of the second terminal from the address correspondence information in the database; and
  
  establishing in the local network the radio communication link with the second wireless terminal by using the Layer 2 address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the Layer 2 address is the medium access control address of the second wireless terminal and the Layer 3 address is the internet protocol address of the second wireless terminal.
  - 3. The method according to claim 1, wherein the first terminal establishing in the local network radio communication link with the second wireless terminal is a direct mode radio communication session with the second wireless terminal.
  - 4. The method according to claim 1, wherein the first wireless terminal obtains the Layer 2 address of the second wireless terminal from the address correspondence information in the database via a multicast service.
  - 5. The method according to claim 4, wherein the multicast service is a Multimedia Broadcast Multicast Service.
  - 6. The method according to claim 1, wherein the radio communication network further comprises a dynamic host configuration protocol server and/or a domain name system server, the method further comprising the first wireless terminal obtaining the Layer 2 and 3 addresses of the dynamic host configuration protocol server and/or the domain name system server from the address correspondence information in the database.
  - 7. The method according to claim 6, further comprising the dynamic host configuration server updating the address correspondence information in the database after having allocated a Layer 3 address to a wireless terminal in the local network.
  - 8. The method according to claim 1, wherein the address correspondence information is transmitted to the first wireless terminal over a secured radio link of the secured network.
  - 9. A computer program product embodied in a non transitory computer readable storage medium comprising instructions for implementing the method steps according to claim 1 when loaded and run on a computer of the network.

10. A wireless mobile station arranged for establishing a secure radio communication link in a radio communication network comprising a wireless local network and a secured network, at least the wireless mobile station and a wireless terminal being part of the wireless local network, at least the wireless mobile station being capable of communicating with the secured network, the radio communication network implementing layered protocol functions comprising at least Layers 1, 2 and 3 functions, the wireless mobile station and the wireless terminal being identifiable by their Layer 2 and 3 addresses, the secured network comprising a database, the database comprising address correspondence information between Layer 2 and 3 addresses of wireless terminals, the wireless mobile station configured to:
- authenticate the wireless mobile station with the secured network;
  
  by accessing the database and by using the Layer 3 address of the wireless terminal, obtain the corresponding Layer 2 address of the wireless terminal from the address correspondence information in the database; and
  
  establish in the wireless local network a radio communication link with the wireless terminal by using the Layer 2 address.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The wireless mobile station according to claim 10, wherein the Layer 2 address is a medium access control address of the wireless terminal and the Layer 3 address is an internet protocol address of the wireless terminal.
  - 12. The wireless mobile station according to claim 10, wherein the local network radio communication link is established with the wireless terminal as a direct mode radio communication session with the wireless terminal.
  - 13. The wireless mobile station according to claim 10, wherein the wireless mobile station obtains the Layer 2 address of the wireless terminal from the address correspondence information in the database via a multicast service.
  - 14. The wireless mobile station according to claim 10, wherein the wireless mobile station obtains the Layer 2 address of the wireless terminal from the address correspondence information in the database via a Multimedia Broadcast Multicast Service.
  - 15. The wireless mobile station according to claim 10, wherein the radio communication network further comprises a dynamic host configuration protocol server and/or a domain name system server, and wherein the wireless mobile station obtains the Layer 2 and 3 addresses of the dynamic host configuration protocol server and/or the domain name system server from the address correspondence information in the database.
  - 16. The wireless mobile station according to claim 10, wherein the radio communication network further comprises a dynamic host configuration protocol server and/or a domain name system server, wherein the wireless mobile station obtains the Layer 2 and 3 addresses of the dynamic host configuration protocol server and/or the domain name system server from the address correspondence information in the database, and wherein the dynamic host configuration server is configure to update the address correspondence information in the database after having allocated a Layer 3 address to a wireless terminal in the local network.
  - 17. The wireless mobile station according to claim 10, wherein the address correspondence information is communicated to the mobile wireless station over a secured radio link of the secured network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Lescuyer, Pierre, Lucidarme, Thierry
Primary Examiner(s)
Ajibade Akonai, Olumide T
Assistant Examiner(s)
Zhang, Edward

Application Number

US11/594,404
Publication Number

US 20080107065A1
Time in Patent Office

2,274 Days
Field of Search

726/3, 726/4, 726/11, 726/12, 726/14, 726/21, 726/23, 455/41.2, 455/435.1, 455/435.2, 455/552.1, 455/553.1, 455/410
US Class Current

370/328
CPC Class Codes

H04L 63/1466   Active attacks involving in...

H04W 12/08   Access security

H04W 12/122   Counter-measures against at...

H04W 76/10   Connection setup

Address spoofing prevention

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Address spoofing prevention

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links