Security in wireless communication systems
First Claim
1. A computer-implemented method in an access point having a dual-mode antenna for preventing unauthorized messages in a wireless communication network, the method comprising:
- receiving authorization information from a network controller that identifies devices that are authorized on the network;
servicing authorized devices that are connected to the access point;
responsive to not servicing authorized devices, switching dynamically to scan for unauthorized devices participating in peer-to-peer communications distinct from the network, comprising;
listening to headers of frames including listening to a transmission of a header of a specific frame that comprises a header and a payload with a first portion of the dual-mode antenna, andcomparing identification information in the header to the authorization information received; and
breaking a payload of the specific fame by disrupting the transmission responsive to determining from the header that the specific frame is associated with an unauthorized device with a second portion of the dual-mode antenna,wherein breaking the payload comprises inserting a noise spike into the payload to change a checksum value of the frame such that the frame payload no longer matches the checksum value.
5 Assignments
0 Petitions
Accused Products
Abstract
Wireless security is enforced at L1, in addition to or in lieu of other layers. AP'"'"'s can switch dynamically from serving to scanning. Scanners listen for authorized frame headers. Scanners either receive, or allow authorized frames to be received, at their destination. Scanners kill unauthorized frames while they are still transmitting; scanners continue listening for and killing unauthorized frame headers until frame ending time demands their return to serving, multiplying their effectiveness. AP'"'"'s include dual-mode multi-frequency omni-directional antennae, used to prevent third parties from snooping messages received at those AP'"'"'s.
-
Citations
19 Claims
-
1. A computer-implemented method in an access point having a dual-mode antenna for preventing unauthorized messages in a wireless communication network, the method comprising:
-
receiving authorization information from a network controller that identifies devices that are authorized on the network; servicing authorized devices that are connected to the access point; responsive to not servicing authorized devices, switching dynamically to scan for unauthorized devices participating in peer-to-peer communications distinct from the network, comprising; listening to headers of frames including listening to a transmission of a header of a specific frame that comprises a header and a payload with a first portion of the dual-mode antenna, and comparing identification information in the header to the authorization information received; and breaking a payload of the specific fame by disrupting the transmission responsive to determining from the header that the specific frame is associated with an unauthorized device with a second portion of the dual-mode antenna, wherein breaking the payload comprises inserting a noise spike into the payload to change a checksum value of the frame such that the frame payload no longer matches the checksum value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable medium storing source code that, when executed by a processor, performs a method in an access point for preventing unauthorized messages in a wireless communication network, the method comprising:
-
receiving authorization information from a network controller that identifies devices that are authorized on the network; servicing authorized devices that are connected to the access point; responsive to not servicing authorized devices, switching dynamically to scan for unauthorized devices participating in peer-to-peer communications distinct from the network, comprising; listening to headers of frames including listening to a transmission of a header of a specific frame that comprises a header and a payload with a first portion of the dual-mode antenna, and comparing identification information in the header to the authorization information received; and breaking a payload of the specific fame by disrupting the transmission responsive to determining from the header that the specific frame is associated with an unauthorized device with a second portion of the dual-mode antenna, wherein breaking the payload comprises inserting a noise spike into the payload to change a checksum value of the frame such that the frame payload no longer matches the checksum value. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-implemented method in an access point for preventing unauthorized messages in a wireless communications network, the method comprising:
-
servicing authorized devices that are connected to the access point; receiving authorization information from a network controller that identifies devices that are authorized on the wireless communications network; detecting a second access point having a radio signal range within an interference zone for which the access point also has a radio signal range and also in communication with the network controller; not servicing authorized devices for a period of time during which the second access point servicing authorized devices within the interference zone; during the period of time, switching dynamically to scanning for unauthorized devices by listening to headers of frames that each comprise a header and a payload; breaking the payload responsive to determining from the header that a frame is associated with an unauthorized device, wherein breaking the payload comprises inserting a noise spike into the payload to change a checksum value of the frame such that the frame payload no longer matches the checksum value; and switching to return servicing authorized devices after the period of time.
-
Specification