System, method and device for secure wireless communication
First Claim
Patent Images
1. A method comprising:
- determining by a first communication device a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by the first communication device for establishing secured data transactions between the first communication device and one of multiple available access points over a communication network;
selecting by the first communication device a particular access point from among the multiple available access points for establishing a connection between the first communication device and the particular access point based on said security class, said particular access point selected satisfies a security policy of said security class; and
validating an authentication server associated with said one of the multiple available access points in response to said one of the multiple available access points is determined to satisfy said security policy;
wherein said determining comprises analyzing beacons from the access points to determine available encryption algorithms and authentication methods available from the access points,wherein said selecting said one of the multiple available access points comprises determining whether one or more security-related characteristics of a second communication device satisfy said security policy corresponding to said security class, andwherein said validating said authentication server comprises comparing between received identification details of said authentication server and stored server details.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a method, apparatus and system for selecting a wireless communication device for establishing a connection. The method according to some exemplary embodiments of the invention may include selecting a communication device for establishing a connection by determining whether one or more security-related characteristics of the communication device satisfy a security policy corresponding to a selected security class. Other embodiments are described and claimed.
19 Citations
17 Claims
-
1. A method comprising:
-
determining by a first communication device a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by the first communication device for establishing secured data transactions between the first communication device and one of multiple available access points over a communication network; selecting by the first communication device a particular access point from among the multiple available access points for establishing a connection between the first communication device and the particular access point based on said security class, said particular access point selected satisfies a security policy of said security class; and validating an authentication server associated with said one of the multiple available access points in response to said one of the multiple available access points is determined to satisfy said security policy; wherein said determining comprises analyzing beacons from the access points to determine available encryption algorithms and authentication methods available from the access points, wherein said selecting said one of the multiple available access points comprises determining whether one or more security-related characteristics of a second communication device satisfy said security policy corresponding to said security class, and wherein said validating said authentication server comprises comparing between received identification details of said authentication server and stored server details. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising:
-
a processor; and a memory storing computer executable instructions that when executed by the processor, causing the processor to implement; a security-class software module for determining a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by the apparatus for establishing secured data transactions between the apparatus and one of multiple available access points over a communication network; a selector software module for selecting a particular one of the multiple available access points for establishing a connection between the apparatus and the selected particular one of the multiple available access points based on said security class, the selector software module for selecting the particular one of the available access points by determining whether one or more security-related characteristics of said selected particular available access point satisfy a security policy corresponding to said security class; and an authentication software module for validating an authentication server associated with the particular one of the available access points in response to said one of the available access points is determined to satisfy said security policy, said authentication software module to compare between received identification details of said authentication server and stored server details; wherein said determining comprises analyzing beacons from the access points to determine available encryption algorithms and authentication methods available from the access points, and wherein said particular access point selected satisfies said security policy of said security class. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A wireless communication device comprising:
-
an omni-directional antenna able to receive signals from one or more other wireless communication devices; a processor; and a memory storing computer executable instructions that when executed by the processor, causing the processor to implement; a security-class software module for determining a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by the wireless communication device for establishing secured data transactions between the wireless communication device and one of multiple available access points over a communication network; and a selector software module for selecting a particular one of the available access points for establishing a connection between the wireless communication device and the selected particular one of the available access points based on said security class, the selector software module for selecting the particular access point by determining whether one or more security-related characteristics of the particular access point satisfy said security policy corresponding to said security class; and an authentication software module for validating an authentication server associated with the particular one of the available access points in response to said one of the available access points is determined to satisfy said security policy, the authentication software module to compare between received identification details of said authentication server and stored server details; wherein said determining comprises analyzing beacons from the access points to determine available encryption algorithms and authentication methods available from the access points, and wherein said particular access point selected satisfies said security policy of said security. - View Dependent Claims (13)
-
-
14. A wireless communication system comprising:
-
a wireless communication device comprising a memory storing computer executable instructions that when executed by the wireless communication device, causing the wireless communication device to implement; a security class software module for determining a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by a first communication device for establishing secured data transactions between the wireless communication device and one of multiple available access points over a communication network; and a selector software module for selecting a particular access point from among the multiple available access points for establishing a connection between the wireless communication device and the selected particular access points based on said determined security class, said selector software module for selecting the particular access point by determining whether one or more security-related characteristics of the particular access point satisfy said security policy corresponding to said determined security class; an authentication software module for validating an authentication server associated with the particular one of the available access points in response to said one of the available access points is determined to satisfy said security policy, the authentication software module to compare between received identification details of said authentication server and stored server details; wherein said determining comprises analyzing beacons from the multiple access points to determine available encryption algorithms and authentication methods available from the access points, and wherein said particular access point selected satisfies a security policy of said security class. - View Dependent Claims (15)
-
-
16. An article comprising a non-transitory computer readable storage medium having stored thereon instructions that, when executed within a first communication device, result in:
-
determining a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by the first communication device for establishing secured data transactions between the first communication device and one of multiple available access points over a communication network; selecting a particular one of the multiple available access points as a second communication device based on said security class; validating an authentication server associated with said one of said multiple available access points in response to said one of multiple available access points is determined to satisfy a security policy of said security class; and connecting to the selected particular one of the multiple available access points;
wherein said determining comprises analyzing beacons from the access points to determine available encryption algorithms and authentication methods available from the access points,wherein said particular access point selected satisfies the security policy of said security class, wherein selecting the second communication device comprises determining whether one or more security-related characteristics of said second communication device satisfy said security policy corresponding to said security class, and wherein said validating said authentication server comprises comparing between received identification details of said authentication server and stored server details. - View Dependent Claims (17)
-
Specification