System, method and device for secure wireless communication

US 8,413,213 B2
Filed: 12/28/2004
Issued: 04/02/2013
Est. Priority Date: 12/28/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining by a first communication device a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by the first communication device for establishing secured data transactions between the first communication device and one of multiple available access points over a communication network;

selecting by the first communication device a particular access point from among the multiple available access points for establishing a connection between the first communication device and the particular access point based on said security class, said particular access point selected satisfies a security policy of said security class; and

validating an authentication server associated with said one of the multiple available access points in response to said one of the multiple available access points is determined to satisfy said security policy;

wherein said determining comprises analyzing beacons from the access points to determine available encryption algorithms and authentication methods available from the access points,wherein said selecting said one of the multiple available access points comprises determining whether one or more security-related characteristics of a second communication device satisfy said security policy corresponding to said security class, andwherein said validating said authentication server comprises comparing between received identification details of said authentication server and stored server details.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide a method, apparatus and system for selecting a wireless communication device for establishing a connection. The method according to some exemplary embodiments of the invention may include selecting a communication device for establishing a connection by determining whether one or more security-related characteristics of the communication device satisfy a security policy corresponding to a selected security class. Other embodiments are described and claimed.

19 Citations

View as Search Results

17 Claims

1. A method comprising:
- determining by a first communication device a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by the first communication device for establishing secured data transactions between the first communication device and one of multiple available access points over a communication network;
  
  selecting by the first communication device a particular access point from among the multiple available access points for establishing a connection between the first communication device and the particular access point based on said security class, said particular access point selected satisfies a security policy of said security class; and
  
  validating an authentication server associated with said one of the multiple available access points in response to said one of the multiple available access points is determined to satisfy said security policy;
  
  wherein said determining comprises analyzing beacons from the access points to determine available encryption algorithms and authentication methods available from the access points,wherein said selecting said one of the multiple available access points comprises determining whether one or more security-related characteristics of a second communication device satisfy said security policy corresponding to said security class, andwherein said validating said authentication server comprises comparing between received identification details of said authentication server and stored server details.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said determining whether said one or more security-related characteristics satisfy said security policy comprises determining whether an encryption algorithm implemented by said one of the multiple available access points satisfies said security policy.
  - 3. The method of claim 1, wherein said determining whether said one or more security-related characteristics satisfy said security policy comprises determining whether an authentication method implemented by said one of the multiple available access points satisfies said security policy.
  - 4. The method of claim 1, wherein said validating said authentication server comprises comparing between said received identification details and server details of a trusted server list.
  - 5. The method of claim 1, comprising updating said stored server details based on predetermined authorization criteria.
  - 6. The method of claim 1, wherein said selecting said one of the multiple available access points comprises selecting an access point considered for establishing communication.

7. An apparatus comprising:
- a processor; and
  
  a memory storing computer executable instructions that when executed by the processor, causing the processor to implement;
  
  a security-class software module for determining a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by the apparatus for establishing secured data transactions between the apparatus and one of multiple available access points over a communication network;
  
  a selector software module for selecting a particular one of the multiple available access points for establishing a connection between the apparatus and the selected particular one of the multiple available access points based on said security class, the selector software module for selecting the particular one of the available access points by determining whether one or more security-related characteristics of said selected particular available access point satisfy a security policy corresponding to said security class; and
  
  an authentication software module for validating an authentication server associated with the particular one of the available access points in response to said one of the available access points is determined to satisfy said security policy, said authentication software module to compare between received identification details of said authentication server and stored server details;
  
  wherein said determining comprises analyzing beacons from the access points to determine available encryption algorithms and authentication methods available from the access points, andwherein said particular access point selected satisfies said security policy of said security class.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The apparatus of claim 7, wherein said one or more security-related characteristics comprise one or more security-related characteristics selected from the group consisting of an encryption algorithm implemented by the particular one of the available access points, and an authentication method implemented by the particular one of the available access points.
  - 9. The apparatus of claim 8, comprising a beacon analyzer software module for determining said encryption algorithm by analyzing a beacon received from the particular one of the available access points.
  - 10. The apparatus of claim 7, wherein said stored server details comprise server details stored in a trusted server list.
  - 11. The apparatus of claim 7, wherein said authentication software module for updating said stored server details based on predetermined authorization criteria.

12. A wireless communication device comprising:
- an omni-directional antenna able to receive signals from one or more other wireless communication devices;
  
  a processor; and
  
  a memory storing computer executable instructions that when executed by the processor, causing the processor to implement;
  
  a security-class software module for determining a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by the wireless communication device for establishing secured data transactions between the wireless communication device and one of multiple available access points over a communication network; and
  
  a selector software module for selecting a particular one of the available access points for establishing a connection between the wireless communication device and the selected particular one of the available access points based on said security class, the selector software module for selecting the particular access point by determining whether one or more security-related characteristics of the particular access point satisfy said security policy corresponding to said security class; and
  
  an authentication software module for validating an authentication server associated with the particular one of the available access points in response to said one of the available access points is determined to satisfy said security policy, the authentication software module to compare between received identification details of said authentication server and stored server details;
  
  wherein said determining comprises analyzing beacons from the access points to determine available encryption algorithms and authentication methods available from the access points, andwherein said particular access point selected satisfies said security policy of said security.
- View Dependent Claims (13)
- - 13. The wireless communication device of claim 12, wherein said one or more security-related characteristics comprise one or more security-related characteristics selected from the group consisting of an encryption algorithm implemented by the particular access point, and an authentication method implemented by the particular access point.

14. A wireless communication system comprising:
- a wireless communication device comprising a memory storing computer executable instructions that when executed by the wireless communication device, causing the wireless communication device to implement;
  
  a security class software module for determining a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by a first communication device for establishing secured data transactions between the wireless communication device and one of multiple available access points over a communication network; and
  
  a selector software module for selecting a particular access point from among the multiple available access points for establishing a connection between the wireless communication device and the selected particular access points based on said determined security class, said selector software module for selecting the particular access point by determining whether one or more security-related characteristics of the particular access point satisfy said security policy corresponding to said determined security class;
  
  an authentication software module for validating an authentication server associated with the particular one of the available access points in response to said one of the available access points is determined to satisfy said security policy, the authentication software module to compare between received identification details of said authentication server and stored server details;
  
  wherein said determining comprises analyzing beacons from the multiple access points to determine available encryption algorithms and authentication methods available from the access points, andwherein said particular access point selected satisfies a security policy of said security class.
- View Dependent Claims (15)
- - 15. The system of claim 14, wherein said one or more security-related characteristics comprise one or more security-related characteristics selected from the group consisting of an encryption algorithm implemented by the particular access point, and an authentication method implemented by the particular access point.

16. An article comprising a non-transitory computer readable storage medium having stored thereon instructions that, when executed within a first communication device, result in:
- determining a security class from a set of security classes each security class based at least on a type of encryption algorithm or a type of authentication method implemented by the first communication device for establishing secured data transactions between the first communication device and one of multiple available access points over a communication network;
  
  selecting a particular one of the multiple available access points as a second communication device based on said security class;
  
  validating an authentication server associated with said one of said multiple available access points in response to said one of multiple available access points is determined to satisfy a security policy of said security class; and
  
  connecting to the selected particular one of the multiple available access points;
  
  wherein said determining comprises analyzing beacons from the access points to determine available encryption algorithms and authentication methods available from the access points,wherein said particular access point selected satisfies the security policy of said security class,wherein selecting the second communication device comprises determining whether one or more security-related characteristics of said second communication device satisfy said security policy corresponding to said security class, andwherein said validating said authentication server comprises comparing between received identification details of said authentication server and stored server details.
- View Dependent Claims (17)
- - 17. The article of claim 16, wherein the instructions resulting in determining whether said one or more security-related characteristics satisfy said security policy comprise instructions resulting in determining whether at least one of an encryption algorithm implemented by said second communication device and an authentication method implemented by said second communication device satisfies said security policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Glickman, Claudio
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Le, Canh

Application Number

US11/022,871
Publication Number

US 20060143693A1
Time in Patent Office

3,017 Days
Field of Search

726 1- 6, 726/14, 726/20, 713150-155, 713/160, 713/168, 380/255, 380/259, 380/270, 709223-225, 709227-229
US Class Current

726/3
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/105   Multiple levels of security

H04L 63/205   involving negotiation or de...

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 12/67   Risk-dependent, e.g. select...

H04W 84/12   WLAN [Wireless Local Area N...

System, method and device for secure wireless communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and device for secure wireless communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links