Wireless access point detection

US 8,655,312 B2
Filed: 08/12/2011
Issued: 02/18/2014
Est. Priority Date: 08/12/2011
Status: Active Grant

First Claim

Patent Images

1. A method of operating a reputation system for detecting a suspect wireless access point in a communication network including a plurality of wireless access points providing access services to client devices, the method, performed by the reputation system, comprising:

collecting identity information associated with the wireless access points from a multiplicity of client devices;

maintaining the collected identity information as sets of identity information, each set of identity information associated with one of the wireless access points, wherein significant identity information in each set of identity information comprises portions of identity information in the set that can be used to identify the wireless access point associated with said set of identity information;

receiving identity information associated with a trusted wireless access point;

updating the set of identity information associated with the trusted wireless access point, by;

determining the indication of trust of the trusted wireless access point to be trusted if a portion of the received identity information differs from the corresponding portion of significant identity information of the trusted wireless access point and subsequent received identity information associated with the trusted wireless access point matches the received identity information for a first period of time such that the set of identity information is considered stable;

determining the indication of trust of the trusted wireless access point to be untrusted or unknown when subsequently received identity information associated with the trusted wireless access point is substantially different to the corresponding significant identity information for a second period of time such that the set of identity information is considered unstable; and

updating the set of identity information associated with the trusted wireless access point with the received identity information;

receiving a reputation request from a client device, the request including identity information of an available wireless access point;

comparing the received identity information of the reputation request with the-sets of identity information to determine an indication of trust of the available wireless access point; and

transmitting the indication of trust of the available wireless access point to the client device for use in determining whether to connect to the available wireless access point.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to aspects of the present invention there are provided methods and apparatus for detecting a suspect wireless access point in a communication network including a plurality of wireless access points providing access services to client devices. Identity information associated with the wireless access points is collected from a multiplicity of client devices. A reputation request is received from a client device, the request including identity information of an available wireless access point. The received identity information is compared with the collected identity information for determining an indication of trust of the available wireless access point. The indication of trust of the available wireless access point is transmitted to the client device. The wireless access points may include a cellular wireless access point or base station, wireless access point, a Wi-Fi access point, or a femto-cell access point.

Citations

35 Claims

1. A method of operating a reputation system for detecting a suspect wireless access point in a communication network including a plurality of wireless access points providing access services to client devices, the method, performed by the reputation system, comprising:
- collecting identity information associated with the wireless access points from a multiplicity of client devices;
  
  maintaining the collected identity information as sets of identity information, each set of identity information associated with one of the wireless access points, wherein significant identity information in each set of identity information comprises portions of identity information in the set that can be used to identify the wireless access point associated with said set of identity information;
  
  receiving identity information associated with a trusted wireless access point;
  
  updating the set of identity information associated with the trusted wireless access point, by;
  
  determining the indication of trust of the trusted wireless access point to be trusted if a portion of the received identity information differs from the corresponding portion of significant identity information of the trusted wireless access point and subsequent received identity information associated with the trusted wireless access point matches the received identity information for a first period of time such that the set of identity information is considered stable;
  
  determining the indication of trust of the trusted wireless access point to be untrusted or unknown when subsequently received identity information associated with the trusted wireless access point is substantially different to the corresponding significant identity information for a second period of time such that the set of identity information is considered unstable; and
  
  updating the set of identity information associated with the trusted wireless access point with the received identity information;
  
  receiving a reputation request from a client device, the request including identity information of an available wireless access point;
  
  comparing the received identity information of the reputation request with the-sets of identity information to determine an indication of trust of the available wireless access point; and
  
  transmitting the indication of trust of the available wireless access point to the client device for use in determining whether to connect to the available wireless access point.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. A method according to claim 1, wherein the portion of the received identity information that differ from the significant identity information associated with the trusted wireless access point includes at least one of a public address of the wireless access point, a hardware identifier or address of the wireless access point, an identifier of the wireless access point.
  - 3. A method according to claim 1, further comprising heuristically determining an indication of trust associated with each set of identity information.
  - 4. A method according to claim 3, wherein the step of comparing further comprises comparing the received identity information with the sets of identity information associated with each wireless access point, and determining the indication of trust of the available wireless access point from the indication of trust of a corresponding set of identity information.
  - 5. A method according to claim 1, further comprising maintaining a record of trusted identity information, wherein trusted information is added to the record when the identity information is determined to be stable over a first period of time, wherein the step of comparing further includes comparing the received identity information with the identity information stored in said record to determine the indication of trust.
  - 6. A method according to claim 5, wherein maintaining the record of trusted identity information includes removing a portion of the trusted information from the record when the identity information associated with the portion of trusted information is determined to be unstable over a second period of time, the second period of time being shorter than the first period of time.
  - 7. A method according to claim 5, further comprising determining the indication of trust of the available wireless access point to be trusted when the received identity information substantially matches the trusted information stored in the record.
  - 8. A method according to claim 5, further comprising determining the indication of trust of the available wireless access point to be untrusted or unknown when significant identity information associated with the received identity information is substantially different to the corresponding significant identity information associated with the trusted information stored in the record.
  - 9. A method according to claim 8, wherein the significant identity information includes at least one of a public address of the wireless access point, a hardware identifier or address of the wireless access point, an identifier of the wireless access point.
  - 10. A method according to claim 9, wherein the public address is a public internet protocol (IP) address or cell identifier, the hardware identifier or address is a MAC address, and/or the identifier is a service set identifier (SSID) or a base station identifier.
  - 11. A method according to claim 2, wherein the public address is a public internet protocol (IP) address or cell identifier, the hardware identifier or address is a MAC address, and/or the identifier is a service set identifier (SSID) or a base station identifier.
  - 12. A method according to claim 1, further comprising receiving a report from one of the client devices when said one of the client devices detects malicious behaviour of the available wireless access point, the report indicating the available wireless access point to be untrusted and determining the indication of trust of the available wireless access point to be untrusted.
  - 13. A method according to claim 12, further comprising transmitting the indication of trust of the available wireless access point to the client devices associated with the available wireless access point.
  - 14. A method according to claim 13, comprising receiving a report from one of the client devices when said one of the client devices detects malicious behaviour of the available wireless access point, the report indicating the available wireless access point to be untrusted and determining the indication of trust of the available wireless access point to be untrusted, wherein maintaining the record of trusted identity information includes removing the portion of the trusted information associated with the identity information of the available wireless access point from the record.
  - 15. A method according to claim 1, wherein the identity information associated with each of the wireless access points include at least one wireless access point parameter in the group of:
    - a public address of the wireless access point;
      
      a hardware identifier or address of the wireless access point;
      
      an identifier of the wireless access point;
      
      a cell identifier;
      
      a base station identity code;
      
      a communication network operator identity;
      
      an internal interne protocol (IP) address or address range of the wireless access point;
      
      a public IP address of the wireless access point;
      
      a connection type for the public IP address of the wireless access point;
      
      the wireless access point type;
      
      a service set identifier (SSID) of the wireless access point;
      
      the client device'"'"'s physical location;
      
      a wireless signal strength of the wireless access point;
      
      a wireless network type of the wireless access point;
      
      the security settings of the wireless access point;
      
      data representative of the ability to send reputation requests over the wireless access point;
      
      data representative of the ability to correctly resolve domain name server queries over the wireless access point;
      
      frequencies and channels used by the wireless access point; and
      
      information or data representative of the identity or signature of the wireless access point.
  - 16. A method according to claim 1, wherein the wireless access points include at least one in the group of a cellular wireless access point, a base station wireless access point, a Wi-Fi access point, and any other wireless access point used for connecting the client device to the communication network.
  - 17. A method according to claim 1, further comprising receiving one or more of the reputation requests over a second communication network different to the communication network including the wireless access points.
  - 18. A method according to claim 1, further comprising updating the collected identity information with the received identity information associated with the available wireless access point.
  - 19. A method according to claim 1, further comprising receiving the reputation request from the client device via at least one of:
    - the available wireless access point over a public communication network;
      
      the available wireless access point using domain name server tunneling;
      
      a second communication network using short messaging service; and
      
      the second communication network using a 2G/3G/4G or beyond data connection.
  - 20. A non-transitory computer readable medium including computer program instructions stored thereon, which when executed on one or more processors of a server or reputation system, performs the method steps of claim 1.

21. A method for a client device to detect a suspect wireless access point in a communication network, the method comprising:
- detecting an available wireless access point for providing access services to the client device, wherein the available wireless access point has a reputation that is unknown to the client device;
  
  transmitting a reputation request, the reputation request including identity information associated with the available wireless access point;
  
  receiving, in response to the reputation request, from the reputation system an indication of trust associated with the available wireless access point the client device is connecting with, connecting with the available wireless access point when the indication of trust indicates the available wireless access point to be trusted; and
  
  detecting another available wireless access point when the indication of trust indicates the available wireless access point as suspect or untrusted; and
  
  wherein the reputation system is configured for maintaining a record of available wireless access points and indications of trust for the available wireless access points, updating the record based on transmitting reputation requests associated with the available wireless access points and on the received indications of trust of the available wireless access points; and
  
  wherein the record comprises collected identity information as sets of identity information, each set of identity information associated with one of the wireless access points, wherein significant identity information in each set of identity information comprises portions of identity information in the set that can be used to identify the wireless access point associated with said set of identity information; and
  
  wherein the indication of trust of available wireless access points are considered to be trusted if a portion of the received identity information differs from the corresponding portion of significant identity information of the trusted wireless access point and subsequent received identity information associated with the trusted wireless access point matches the received identity information for a first period of time such that the set of identity information is considered stable; and
  
  wherein the indication of trust of available wireless access points are considered to be untrusted or unknown when subsequently received identity information associated with the trusted wireless access point is substantially different to the corresponding significant identity information for a second period of time such that the set of identity information is considered unstable.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. A method according to claim 21, further comprising transmitting the reputation request to the reputation system via at least one of:
    - the available wireless access point over a public communication network;
      
      the available wireless access point using domain name server tunneling;
      
      a second communication network using short messaging service; and
      
      the second communication network using a 2G/3G/4G or beyond data connection.
  - 23. A method according to claim 21, further comprising the step of detecting a malicious attack on the client device when connected to the available wireless access point and, in response, transmitting to the reputation system further information reporting the available wireless access point to be suspect or untrusted.
  - 24. A method according to claim 21, further comprising receiving indication of trust information from the reputation system indicating the available wireless access point is suspect or untrusted, and in response, notifying the user of the client device the available wireless access point is suspect or untrusted, or disconnecting from the available wireless access point.
  - 25. A method according to claim 21, wherein the identity information of the available wireless access point includes at least one wireless access point parameter in the group of:
    - a public address of the wireless access point;
      
      a hardware identifier or address of the wireless access point;
      
      an identifier of the wireless access point;
      
      a cell identifier;
      
      a base station identity code;
      
      a communication network operator identity;
      
      an internal interne protocol (IP) address or address range of the wireless access point;
      
      a public IP address of the wireless access point;
      
      a connection type for the public IP address of the wireless access point;
      
      the wireless access point type;
      
      a service set identifier (SSID) of the wireless access point;
      
      the client device'"'"'s physical location;
      
      a wireless signal strength of the wireless access point;
      
      a wireless network type of the wireless access point;
      
      the security settings of the wireless access point;
      
      data representative of the ability to send reputation requests over the wireless access point;
      
      data representative of the ability to correctly resolve domain name server queries over the wireless access point;
      
      frequencies and channels used by the wireless access point; and
      
      information or data representative of the identity or signature of the wireless access point.
  - 26. A method according to claim 21, wherein the wireless access points include at least one in the group of a cellular wireless access point, a base station wireless access point, a Wi-Fi access point, and any other wireless access point used for connecting the client device to the communication network.
  - 27. A non-transitory computer readable medium including computer program instructions stored thereon, which when executed on one or more processors of a client device, performs the method steps of claim 21.

28. A server for use in detecting a suspect wireless access point in a communication network including a plurality of wireless access points providing access services to client devices, the server comprising:
- a receiver, a transmitter, a memory unit, and processing logic, the processing logic being connected to the receiver, to the transmitter, and to the memory unit wherein;
  
  the receiver and processing logic are configured for;
  
  collecting identity information associated with the wireless access points from a multiplicity of client devices;
  
  maintaining the collected identity information as sets of identity information, each set of identity information associated with one of the wireless access points, wherein significant identity information in each set of identity information comprises portions of identity information in the set that can be used to identify the wireless access point associated with said set of identity information;
  
  receiving identity information associated with a trusted wireless access point;
  
  updating the set of identity information associated with the trusted wireless access point, by;
  
  determining the indication of trust of the trusted wireless access point to be trusted if a portion of the received identity information differs from the corresponding portion of significant identity information of the trusted wireless access point and subsequent received identity information associated with the trusted wireless access point matches the received identity information for a first period of time such that the set of identity information is considered stable;
  
  determining the indication of trust of the trusted wireless access point to be untrusted or unknown when subsequently received identity information associated with the trusted wireless access point is substantially different to the corresponding significant identity information for a second period of time such that the set of identity information is considered unstable; and
  
  updating the set of identity information associated with the trusted wireless access point with the received identity information;
  
  the receiver is further configured to receive a reputation request from a client device, the request including identity information of an available wireless access point;
  
  the processing logic includes comparing logic for comparing the received identity information of the reputation request with the sets of identity information, and determining logic for determining an indication of trust of the available wireless access point based on the comparison; and
  
  the transmitter is configured to transmit the indication of trust of the available wireless access point to the client device for use in determining whether to connect to the available wireless access point.
- View Dependent Claims (29, 30, 31, 32)
- - 29. A server according to claim 28, wherein the wireless access points include at least one in the group of a cellular wireless access point, a base station wireless access point, a Wi-Fi access point, and any other wireless access point used for connecting the client device to the communication network.
  - 30. A server according to claim 28, further comprising receiving the reputation request from the client device via at least one of:
    - the available wireless access point over a public communication network;
      
      the available wireless access point using domain name server tunneling;
      
      a second communication network using short messaging service; and
      
      the second communication network using a 2G/3G/4G or beyond data connection.
  - 31. A reputation system for use in detecting a suspect wireless access point in a communication network including a plurality of wireless access points providing access services to client devices, the reputation system comprising at least one server according to claim 28, in communication with a database for storing and processing the collected identity information for use in determining an indication of trust associated with each of the wireless access points.
  - 32. A reputation system according to claim 31, wherein the wireless access points include at least one in the group of a cellular wireless access point, a base station wireless access point, a Wi-Fi access point, and a wireless access point.

33. A client device for use in detecting a suspect wireless access point in a communication network including a plurality of wireless access points providing access services to client devices, the client device comprising:
- a receiver, a transmitter, a memory unit, and processing logic, the processing logic being connected to the receiver, to the transmitter, and to the memory unit wherein;
  
  the receiver and processing logic are configured for detecting an available wireless access point providing access services to the client device;
  
  the transmitter is configured to transmit to a reputation system a reputation request when the client device connects to the available wireless access point, the reputation request including identity information associated with the available wireless access point;
  
  the receiver is further configured to receive from the reputation system, in response to the reputation request, an indication of trust associated with the available wireless access point the client device is connecting with;
  
  the processor logic is configured to;
  
  connect with the available wireless access point or maintain a connection with the available wireless access point when the indication of trust indicates the available wireless access point to be trusted; and
  
  disconnect from the available wireless access point and/or detecting another available wireless access point when the indication of trust indicates the available wireless access point as suspect or untrusted; and
  
  wherein the reputation system is configured for maintaining a record of available wireless access points and indications of trust for the available wireless access points, updating the record based on transmitting reputation requests associated with the available wireless access points and on the received indications of trust of the available wireless access points; and
  
  wherein the record comprises collected identity information as sets of identity information, each set of identity information associated with one of the wireless access points, wherein significant identity information in each set of identity information comprises portions of identity information in the set that can be used to identify the wireless access point associated with said set of identity information; and
  
  wherein the indication of trust of available wireless access points are considered to be trusted if a portion of the received identity information differs from the corresponding portion of significant identity information of the trusted wireless access point and subsequent received identity information associated with the trusted wireless access point matches the received identity information for a first period of time such that the set of identity information is considered stable; and
  
  wherein the indication of trust of available wireless access points are considered to be untrusted or unknown when subsequently received identity information associated with the trusted wireless access point is substantially different to the corresponding significant identity information for a second period of time such that the set of identity information is considered unstable.
- View Dependent Claims (34, 35)
- - 34. A client device according to claim 33, wherein the wireless access points include at least one in the group of a cellular wireless access point, a base station wireless access point, a Wi-Fi access point, and any other wireless access point used for connecting the client device to the communication network.
  - 35. A client device according to claim 33, wherein the transmitter is further configured to transmit the reputation request to the reputation system via at least one of:
    - the available wireless access point over a public communication network;
      
      the available wireless access point using domain name server tunneling;
      
      a second communication network using short messaging service; and
      
      the second communication network using a 2G/3G/4G or beyond data connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Withsecure Corporation
Original Assignee
F-Secure Corporation (F-Secure Oyj)
Inventors
Niemal, Jarno, Sthlberg, Mika
Primary Examiner(s)
Patel, Mahendra
Assistant Examiner(s)
MAPA, MICHAEL Y

Application Number

US13/136,848
Publication Number

US 20130040603A1
Time in Patent Office

921 Days
Field of Search

455410-411, 455/525, 455/422.1, 455/426.1, 455448-449, 726/22, 726 1- 21, 726 27- 30, 713/168, 370/328, 370/338
US Class Current

455/410
CPC Class Codes

H04L 63/126   the source of the received ...

H04L 63/14   for detecting or protecting...

H04W 12/104   Location integrity, e.g. se...

H04W 12/108   Source integrity

H04W 12/122   Counter-measures against at...

H04W 88/08   Access point devices

Wireless access point detection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless access point detection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links