Location-enabled security services in wireless network

US 8,707,458 B2
Filed: 06/20/2005
Issued: 04/22/2014
Est. Priority Date: 07/07/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing location enabled security services in a wireless communications network, said method comprising the steps of:

receiving by said wireless communications network a network access request from a mobile network node requesting access to said wireless communications network, said wireless communications network having location-positioning capabilities, said requesting node comprising an electronic device capable of wireless communications in the wireless communications network providing to said wireless communications network information for determining the location of said requesting node;

calculating by said wireless communications network a quantitative security value for said requesting, said quantitative security value calculating step comprising;

using position information about said requesting node derived from signal measurements for said requesting node received by at least one existing authorised node in said wireless communications network,using a different form of position information for claimed position information of said requesting node received by said wireless communications network from said requesting node; and

comparing said claimed position information of said requesting node with an error ellipse on the position of the requesting node; and

denying by said wireless communications network access to said requesting node to said wireless communications network if said quantitative security value does not satisfy a specified threshold value for network security.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method (300), an apparatus (100), and a computer program product for providing location enabled security services in a wireless network are disclosed. In the method, a network access request from a node requesting access to the wireless network is received (304). A probability level for a position for the requesting node is calculated (310) using position information claimed by the requesting node and position information about the requesting node derived from signal measurements for the requesting node received by at least one existing authorized node in the wireless network. Access for the requesting node to the wireless network is denied (314) if the probability level does not satisfy a specified threshold condition for network security (312). Access for the requesting node to the wireless network is granted (318) if the probability level does satisfy the specified threshold condition (312).

29 Citations

View as Search Results

52 Claims

1. A method of providing location enabled security services in a wireless communications network, said method comprising the steps of:
- receiving by said wireless communications network a network access request from a mobile network node requesting access to said wireless communications network, said wireless communications network having location-positioning capabilities, said requesting node comprising an electronic device capable of wireless communications in the wireless communications network providing to said wireless communications network information for determining the location of said requesting node;
  
  calculating by said wireless communications network a quantitative security value for said requesting, said quantitative security value calculating step comprising;
  
  using position information about said requesting node derived from signal measurements for said requesting node received by at least one existing authorised node in said wireless communications network,using a different form of position information for claimed position information of said requesting node received by said wireless communications network from said requesting node; and
  
  comparing said claimed position information of said requesting node with an error ellipse on the position of the requesting node; and
  
  denying by said wireless communications network access to said requesting node to said wireless communications network if said quantitative security value does not satisfy a specified threshold value for network security.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 33, 34, 35, 36, 37)
- - 2. The method according to claim 1, further comprising the step of granting by said wireless communications network access for said requesting node to said wireless communications network if said quantitative security value does satisfy said specified threshold value.
  - 3. The method according to claim 1, wherein said position information claimed by said requesting node comprises Global Positioning System (GPS) information about said requesting node.
  - 4. The method according to claim 1, wherein said position information claimed by said requesting node comprises manually specified data for the node.
  - 5. The method according to claim 1, wherein said signal measurements comprise received signal strength (RSS) measurements, time of arrival (TOA) measurements, time-difference of arrival measurements (TDOA), or angle of arrival (AOA) measurements.
  - 6. The method according to claim 1, wherein said wireless communications network is an IEEE 802.11 wireless network, a local area network (LAN), the Internet, a mobile telephone system, a GSM mobile telephone system, PCS, a mesh network, an ad hoc network, a 3G mobile phone network, and a 2G mobile phone network.
  - 7. The method according to claim 1, wherein said specified threshold value for network security is a weighted value, where the weight w applied is dependent upon a location-based parameter where the requesting node is unable to be located.
  - 8. The method according to claim 1, wherein a node comprises an electronic device capable of wireless communications in the wireless communications network.
  - 9. The method according to claim 1, wherein said calculating step comprises sub-steps of:
    - maintaining a position history for said requesting node and each of one or more existing authorized nodes accessing said wireless communications network; and
      
      determining an updated position of said requesting node as the position information about said requesting node using said position information about said requesting node derived from said signal measurements for said requesting node received by said at least one existing authorised node in said wireless communications network and the position history for at least one of said requesting node and each such existing authorised node.
  - 10. The method according to claim 9, further comprising the step of using the updated position of said requesting node as the actual position of said requesting node.
  - 11. The method according to claim 9, wherein said determining step is carried out using a filter technique.
  - 12. The method according to claim 11, wherein said filter technique is a particle filter.
  - 13. The method according to claim 1, further comprising the step of measuring signals from said requesting node by said wireless communications network to provide said signal measurements about said requesting node, wherein the fingerprint means RSS values expected from each authorized node at each point in a physical space is a priori measured.
  - 14. The method according to claim 13, further comprising the step of comparing by said wireless communications network said signal measurements against a database of signal measurements based on a wireless device.
  - 15. The method according to claim 13, wherein position information about said requesting node is determined based on a difference of signal measurements for said requesting node.
  - 16. The method according to claim 13, wherein said measuring step is performed by at least two access points or authorised nodes.
  - 33. The method according to claim 1, wherein said wireless communications network comprises a stand-alone communications unit separate from an access point, or a node, or both, in the wireless communications network.
  - 34. The method according to claim 1, wherein said wireless communications network comprises an access point, or a node, or both, in the wireless communications network.
  - 35. The method according to claim 1, wherein said requesting node, or said authorised node, or both are GPS enabled.
  - 36. The method according to claim 1, further comprising the step of determining by the wireless communications network the radio position of said requesting node using said position information about said requesting node derived from said signal measurements.
  - 37. The method according to claim 1, wherein said wireless communications network comprises a positioning system.

17. A computer program product comprising a computer readable medium having recorded therein a computer program for providing location enabled security services in a wireless communications network, said computer program product comprising:
- computer program code means for receiving by said wireless communications network a network access request from a mobile network node requesting access to said wireless communications network, said wireless communications network having location-positioning capabilities, said requesting node comprising an electronic device capable of wireless communications in the wireless communications network and providing to said wireless communications network information for determining the location of said requesting node;
  
  computer program code means for calculating by said wireless communications network a quantitative security value for said requesting node, calculating said quantitative security value comprising;
  
  using position information about said requesting node derived from signal measurements for said requesting node received by at least one existing authorised node in said wireless communications network,using a different form of position information for claimed position information by said requesting node received by said wireless communications network from said requesting node; and
  
  comparing said claimed position information of said requesting node with an error ellipse on the position of the requesting node; and
  
  computer program code means for denying by said wireless communications network access to said wireless communications network if said quantitative security value does not satisfy a specified threshold value for network.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 38, 39, 40)
- - 18. The computer program product according to claim 17, further comprising computer program code means for granting access for said requesting node to said wireless communications network if said quantitative security value does satisfy said specified threshold value.
  - 19. The computer program product according to claim 17, wherein said position information claimed by said requesting node comprises Global Positioning System (GPS) information about said requesting node.
  - 20. The computer program product according to claim 17, wherein said position information claimed by said requesting node comprises manually specified data for the node.
  - 21. The computer program product according to claim 17, wherein said signal measurements comprise received signal strength (RSS) measurements, time of arrival (TOA) measurements, time-difference of arrival measurements (TDOA), or angle of arrival (AOA) measurements.
  - 22. The computer program product according to claim 17, wherein said wireless communications network is an IEEE 802.11 wireless network, a local area network (LAN), the Internet, a mobile telephone system, a GSM mobile telephone system, PCS, a mesh network, an ad hoc network, a 3G mobile phone network, and a 2G mobile phone network.
  - 23. The computer program product according to claim 17, wherein said specified threshold condition for network security is a weighted value, where the weight w applied is dependent upon a location-based parameter where the requesting node is unable to be located.
  - 24. The computer program product according to claim 17, wherein a node comprises an electronic device capable of wireless communications in the wireless communications network.
  - 25. The computer program product according to claim 17, wherein said computer program code means for calculating comprises:
    - computer program code means for maintaining a position history for said requesting node and each of one or more existing authorized nodes accessing said wireless communications network; and
      
      computer program code means for determining an updated position of said requesting node as the position information about said requesting node using said position information about said requesting node derived from said signal measurements for said requesting node received by said at least one existing authorised node in said wireless communications network and the position history for at least one of said requesting node and each such existing authorised node.
  - 26. The computer program product according to claim 25, wherein the updated position of said requesting node is used as the actual position of said requesting node.
  - 27. The computer program product according to claim 25, wherein said determining means uses a filter technique.
  - 28. The computer program product according to claim 27, wherein said filter technique is a particle filter.
  - 29. The computer program product according to claim 17, further comprising computer program code means for measuring signals from said requesting node by said wireless communications network to provide said signal measurements about said requesting node, wherein the fingerprint means RSS values expected from each authorized node at each point in a physical space is a priori measured.
  - 30. The computer program product according to claim 29, further comprising computer program code means for comparing by said wireless communications network said signal measurements against a database of signal measurements based on a wireless device.
  - 31. The computer program product according to claim 29, wherein position information about said requesting node is determined based on a difference of signal measurements for said requesting.
  - 32. The computer program product according to claim 29, wherein at least two access points are in said wireless communications network.
  - 38. The computer program product according to claim 17, wherein said requesting node, or said authorised node, or both are GPS enabled.
  - 39. The computer program product according to claim 17, further comprising computer program code means for determining by the wireless communications network the radio position of said requesting node using said position information about said requesting node derived from said signal measurements.
  - 40. The computer program product according to claim 17, wherein said position information about said requesting node derived from signal measurements comprises Global Positioning System (GPS) information about said requesting node.

41. A system comprising:
- an interface for coupling with a wireless communications network;
  
  memory for storing software; and
  
  a processing unit coupled to said interface and said memory for executing said software to provide location enabled security services in said wireless communications network, said memory and said processing unit executing said software implmenting a location engine module and a security permission module;
  
  said location engine module adapted to receive from at least one authorised node of said wireless communications network a network access request from a mobile network node requesting access to said wireless communications network, said wireless communications network having location-positioning capabilities, said authorised and requesting nodes each comprising an electronic device capable of wireless communications in the wireless communications network, said requesting node being adapted to provide to said wireless communications network information for determining the location of said requesting node;
  
  said location engine module adapted to calculate for said wireless communications network a quantitative security value for said requesting node, calculating said quantitative security value comprising;
  
  using position information about said requesting node derived from signal measurements for said requesting node received by at least one existing authorised node in said wireless communications network,using a different form of position information for claimed position information of said requesting node received by said wireless communications network from said requesting node; and
  
  comparing said claimed position information of said requesting node with an error ellipse on the position of the requesting node; and
  
  said security permission module adapted to deny by said wireless communications network access to said wireless communications network if said quantitative security value does not satisfy a specified threshold value for network security.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49)
- - 42. The system according to claim 41, wherein said interface is a wireless interface.
  - 43. The system according to claim 41, wherein said security permission module is adapted to grant access for said requesting node to said wireless communications network if said quantitative security value does satisfy said specified threshold value.
  - 44. The system according to claim 41, wherein said position information claimed by said requesting node comprises Global Positioning System (GPS) information about said requesting node.
  - 45. The system according to claim 41, wherein said signal measurements comprise received signal strength (RSS) measurements, time of arrival (TOA) measurements, time-difference of arrival measurements (TDOA), or angle of arrival (AOA) measurements.
  - 46. The system according to claim 41, comprising a positioning system to provide positioning information to said memory and said processing unit executing said software.
  - 47. The system according to claim 41, wherein said quantitative security value is calculated based on Cramer-Rao Bounds.
  - 48. The system according to claim 41, wherein said location engine module is adapted to determine by the wireless communications network the radio position of said requesting node using said position information about said requesting node derived from said signal measurements.
  - 49. The system according to claim 41, wherein the wireless communications network is selected from the group consisting of a local area network (LAN), the Internet, an IEEE 802.11 wireless network, a mobile telephone system, a GSM mobile telephone system, PCS, a mesh network, an ad hoc network, a 3G mobile phone network, and a 2G mobile phone network.

50. A method of providing location enabled security services in a wireless communications network, said method comprising the steps of:
- receiving by said wireless communications network a network access request from a mobile network node requesting access to said wireless communications network, said wireless communications network having location-positioning capabilities, said requesting node comprising an electronic device capable of wireless communications in the wireless communications network and providing to said wireless communications network information for determining the location of said requesting node;
  
  calculating by said wireless communications network a quantitative security value for said requesting node, said quantitative security value being calculated;
  
  using position information about said requesting node derived from signal measurements for said requesting node received by at least one existing authorised node in said wireless communications network,using a different form of position information for claimed position information of said requesting node received by said wireless communications network from said requesting node, andbased on Cramer-Rao Bounds; and
  
  denying by said wireless communications network access to said requesting node to said wireless communications network if said quantitative security value does not satisfy a specified threshold value for network security.

51. A computer program product comprising a non-transitory computer readable medium having recorded therein a computer program for providing location enabled security services in a wireless communications network, said computer program product comprising:
- computer program code means for receiving by said wireless communications network a network access request from a mobile network node requesting access to said wireless communications network, said wireless communications network having location-positioning capabilities, said requesting node comprising an electronic device capable of wireless communications in the wireless communications network and providing to said wireless communications network information for determining the location of said requesting node;
  
  computer program code means for calculating by said wireless communications network a quantitative security value for said requesting node, said quantitative security value calculated;
  
  using position information about said requesting node derived from signal measurements for said requesting node received by at least one existing authorised node in said wireless communications network,using a different form of position information for claimed position information by said requesting node received by said wireless communications network from said requesting node, andbased on Cramer-Rao Bounds; and
  
  computer program code means for denying by said wireless communications network access to said wireless communications network if said quantitative security value does not satisfy a specified threshold value for network security.

52. A system comprising:
- an interface for coupling with a wireless communications network;
  
  memory for storing software; and
  
  a processing unit coupled to said interface and said memory for executing said software to provide location enabled security services in said wireless communications network, said memory and said processing unit executing said software implementing a location engine module and a security permission module;
  
  said location engine module adapted to receive from at least one authorised node of said wireless communications network a network access request from a mobile network node requesting access to said wireless communications network, said wireless communications network having location-positioning capabilities, said authorised and requesting nodes each comprising an electronic device capable of wireless communications in the wireless communications network, said requesting node being adapted to provide to said wireless communications network information for determining the location of said requesting node;
  
  said location engine module adapted to calculate for said wireless communications network a quantitative security value for said requesting node, said quantitative security value calculated;
  
  using position information about said requesting node derived from signal measurements for said requesting node received by at least one existing authorised node in said wireless communications network,using a different form of position information for claimed position information of said requesting node received by said wireless communications network from said requesting node, andbased on Cramer-Rao Bounds; and
  
  said security permission module adapted to deny by said wireless communications network access to said wireless communications network if said quantitative security value does not satisfy a specified threshold value for network security.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nariste Networks Pty Ltd
Original Assignee
Nariste Networks Pty Ltd
Inventors
Malaney, Robert Anderson
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Anderson, Michael D

Application Number

US11/631,772
Publication Number

US 20080209521A1
Time in Patent Office

3,228 Days
Field of Search

726/26, 709/224, 702/150
US Class Current

726/30
CPC Class Codes

G06F 21/00   Security arrangements for p...

H04L 63/0492   by using a location-limited...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04W 12/00   Security arrangements; Auth...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/63   Location-dependent; Proximi...

H04W 12/67   Risk-dependent, e.g. select...

H04W 48/18   Selecting a network or a co...

H04W 64/00   Locating users or terminals...

Location-enabled security services in wireless network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Location-enabled security services in wireless network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links