Method and system for detecting characteristics of a wireless network

US 8,661,542 B2
Filed: 11/08/2011
Issued: 02/25/2014
Est. Priority Date: 04/03/2003
Status: Expired due to Term

First Claim

Patent Images

1. A network device comprising:

a processing device in communication with a memory, the processing device configured to execute instructions received from the memory to;

create a state transition table for one or more detected wireless access devices in a wireless network, the state transition table including;

a first entry that includes information identifying a first state of a communication session, via the wireless network, between the one or more detected wireless access devices and at least one device,the first state being associated with one or more respective identifiers of the one or more detected wireless access devices and a type of at least one packet identifying the one or more detected wireless access devices,observe a plurality of packets transmitted by the one or more detected wireless access devices,identify, based on observing the plurality of packets, a state change from the first state for at least one of the one or more detected wireless access devices in response to determining that types of the plurality of packets differ from the type of the at least one packet or in response to determining that the plurality of packets are associated with a source or a destination other than the at least one device, andreport the identified state change to another network device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Characteristics about one or more wireless access devices in a wireless network, whether known or unknown entities, can be determined using a system and method according to the present invention. An observation is made of the activity over a Wireless Area Network (WLAN). Based on this activity, changes in state of wireless access devices within the WLAN can be observed and monitored. These changes in state could be indicative of normal operation of the WLAN, or they may indicate the presence of an unauthorized user. In the latter case, an alert can be sent so that appropriate action may be taken. Additionally, ad hoc networks can be detected that may be connected to a wireless access point.

Citations

16 Claims

1. A network device comprising:
- a processing device in communication with a memory, the processing device configured to execute instructions received from the memory to;
  
  create a state transition table for one or more detected wireless access devices in a wireless network, the state transition table including;
  
  a first entry that includes information identifying a first state of a communication session, via the wireless network, between the one or more detected wireless access devices and at least one device,the first state being associated with one or more respective identifiers of the one or more detected wireless access devices and a type of at least one packet identifying the one or more detected wireless access devices,observe a plurality of packets transmitted by the one or more detected wireless access devices,identify, based on observing the plurality of packets, a state change from the first state for at least one of the one or more detected wireless access devices in response to determining that types of the plurality of packets differ from the type of the at least one packet or in response to determining that the plurality of packets are associated with a source or a destination other than the at least one device, andreport the identified state change to another network device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The network device of claim 1, wherein the processing device is further configured to:
    - determine whether the state change corresponds to a next state transition that is prescribed by a wireless network standard, the identified state change being reported to the other network device in response to determining that the next state transition is not prescribed by the wireless network standard.
  - 3. The network device of claim 2, wherein the processing device is further configured to:
    - determine, in response to determining that the next state transition is not prescribed by the wireless network standard, that a type of activity associated with the next state transition violates a network policy associated with the network device.
  - 4. The network device of claim 3, wherein the type of activity comprises at least one of:
    - a security violation,a communication with an intruder to the wireless network, oran anomalous behavior by the at least one of the one or more detected wireless access devices.
  - 5. The network device of claim 1, wherein the processing device is further configured to:
    - identify protocol information included in individual ones of the plurality of packets, anddetermine, based on the protocol information, whether one or more of the plurality of packets were transmitted over the wireless network or an ad hoc network that differs from the wireless network.
  - 6. The network device of claim 5, further comprising:
    - an omni-directional antenna to observe the plurality of packets.

7. A method comprising:
- creating a state transition table for one or more detected wireless access devices in a wireless network, the state transition table including;
  
  a first entry that includes information identifying a first state of a communication session, via the wireless network, between the one or more detected wireless access devices and at least one device,the first state being associated with one or more respective identifiers of the one or more detected wireless access devices and a type of at least one packet identifying the one or more detected wireless access devices,observing a plurality of packets transmitted by the one or more detected wireless access devices,identifying, based on observing the plurality of packets, a state change from the first state for at least one of the one or more detected wireless access devices in response to determining that types of the plurality of packets differ from the type of the at least one packet or in response to determining that the plurality of packets are associated with a source or a destination other than the at least one device, andreporting the identified state change to another network device.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 8. The computer-readable medium of claim 7, the operations further comprising determining, based on the plurality of diagnostic packets, a status of individual ones of the plurality of network devices.
  - 9. The non-transitory computer-readable medium of claim 7, wherein the operations further comprise determining, based on one of the plurality of diagnostic packets, a battery life of a battery included in one of the plurality of second network devices.
  - 10. The non-transitory computer-readable medium of claim 7, wherein the operations further comprise determining, based on one of the plurality of diagnostic packets, a temperature of a processor of one of the plurality of network devices.
  - 11. The method of claim 7, further comprising determining whether the state change corresponds to a next state transition that is prescribed by a wireless network standard, the identified state change being reported to the other network device in response to determining that the next state transition is not prescribed by the wireless network standard.
  - 12. The computer-readable medium of claim 11, wherein checking for violations of the policy elements set for the wireless network comprises determining whether a security violation has occurred.
  - 13. The computer-readable medium of claim 11, wherein determining whether the particular activity has occurred the operations further comprising checking for violations of the policy elements set for the wireless network in response to determining that the wireless network device is communicating via an ad hoc network that differs from the wireless network.
  - 14. The method of claim 11, further comprising determining, in response to determining that the next state transition is not prescribed by the wireless network standard, that a type of activity associated with the next state transition violates a network policy associated with the network device.
  - 15. The method of claim 14, wherein the type of activity comprises at least one of:
    - a security violation,a communication with an intruder to the wireless network, oran anomalous behavior by the at least one of the one or more detected wireless access devices.
  - 16. The method of claim 7, further comprising:
    - identifying protocol information included in individual ones of the plurality of packets, anddetermining, based on the protocol information, whether one or more of the plurality of packets were transmitted over the wireless network or an ad hoc network that differs from the wireless network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ozmo Licensing LLC
Original Assignee
Tekla PEHR LLC (Intellectual Ventures LLC)
Inventors
Harvey, Elaine, Walnock, Matthew
Primary Examiner(s)
LEWIS, LISA C

Application Number

US13/291,849
Publication Number

US 20120110635A1
Time in Patent Office

840 Days
Field of Search

726/23, 709/224
US Class Current

726/23
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04W 12/122   Counter-measures against at...

Method and system for detecting characteristics of a wireless network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for detecting characteristics of a wireless network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links