History-based downgraded network identification
First Claim
1. A method for verifying authenticity of a network access point that identifies itself to a client computing device via an identifier, the method comprising:
- comparing at least one additional characteristic of network access point that identifies itself using the identifier to stored information that identifies at least one expected value for a corresponding characteristic of an authenticated network access point also identified by the identifier, wherein comparing the at least one additional characteristic of the network access point to the stored information that identifies the at least one expected value comprises determining whether at least one current security setting in use by the network access point reflects at least one expected security setting for the authenticated network access point, wherein the network access point provides access to a managed wireless network, the identifier for the network access point comprises a globally unique identifier (GUID) for the managed wireless network, and the at least one additional characteristic of the network access point comprises a result of an authentication attempt for the managed wireless network; and
connecting, by the client computing device, to the network access point in response to the at least one additional characteristic of the network access point matching the stored information that identifies the at least one expected value.
2 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments of the invention are directed to increasing security and lowering risk of attack in connecting automatically to networks by enabling client devices to verify the identity of the networks by, for example, confirming the identity of networks and network components such as wireless access points. In some embodiments, a client device may maintain a data store of characteristics of a network—including, for example, characteristics of a wireless access point or other portion of the network and/or characteristics of a connection previously established with the wireless access point and/or network. Stored characteristics may include characteristics other than those minimally necessary to identify a wireless access point and/or wireless network. The stored characteristics may be compared to known good characteristics of a network (including characteristics of a wireless access point or other portion of the wireless network) prior to connection to the network to determine whether the characteristics match.
-
Citations
20 Claims
-
1. A method for verifying authenticity of a network access point that identifies itself to a client computing device via an identifier, the method comprising:
-
comparing at least one additional characteristic of network access point that identifies itself using the identifier to stored information that identifies at least one expected value for a corresponding characteristic of an authenticated network access point also identified by the identifier, wherein comparing the at least one additional characteristic of the network access point to the stored information that identifies the at least one expected value comprises determining whether at least one current security setting in use by the network access point reflects at least one expected security setting for the authenticated network access point, wherein the network access point provides access to a managed wireless network, the identifier for the network access point comprises a globally unique identifier (GUID) for the managed wireless network, and the at least one additional characteristic of the network access point comprises a result of an authentication attempt for the managed wireless network; and connecting, by the client computing device, to the network access point in response to the at least one additional characteristic of the network access point matching the stored information that identifies the at least one expected value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for verifying authenticity of a network access point, the apparatus comprising:
-
at least one memory; and at least one hardware processor, wherein the at least one memory and the at least one hardware processor respectively store and execute instructions that; compare at least one characteristic of the network access point, other than an identifier used by the network access point, to stored information that identifies at least one expected value for a corresponding characteristic of an authenticated network access point that also uses the identifier, wherein the comparison of the at least one characteristic of the network access point to the stored information that identifies the at least one expected value includes a determination of whether at least one current security setting in use by the network access point matches at least one expected security setting for the authenticated network access point, wherein the network access point provides access to a managed wireless network, the identifier comprises a globally unique identifier (GUID) for the managed wireless network, and the at least one characteristic of the network access point comprises a result of an authentication attempt for the managed wireless network; and establish a connection with the network access point if the at least one characteristic of the network access point matches the stored information that identifies the at least one expected value. - View Dependent Claims (11, 12, 13)
-
-
14. A computer-readable memory having instructions stored therein for performing operations that verify authenticity of a network access point that identifies itself to a client computing device via an identifier, the operations comprising:
-
comparing at least one characteristic of the network access point, other than the identifier, to at least one stored expected value of a corresponding characteristic of an authenticated network access point also identified by the identifier, wherein comparing the at least one characteristic of the network access point to the at least one stored expected value comprises determining whether at least one current security setting in use by the network access point reflects at least one expected security setting for the authenticated network access point, wherein the network access point provides access to a managed wireless network, the identifier for the network access point comprises a globally unique identifier (GUID) for the managed wireless network, and the at least one characteristic of the network access point comprises a result of an authentication attempt for the managed wireless network; and connecting, by the client computing device, to the network access point in response to the at least one characteristic of the network access point reflecting the at least one stored expected value. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification