Using information in a digital certificate to authenticate a network of a wireless access point
First Claim
1. A method for authenticating a network of a wireless access point, the method comprising:
- obtaining, by one or more processors, a digital certificate of a server from the wireless access point in response to identifying the network of the wireless access point, the digital certificate comprising a public key for the network, the wireless access point sending and receiving the digital certificate between one or more processors and the server for the authenticating of the network;
determining, by one or more processors, whether a digital signature in the digital certificate is signed by a trusted certificate authority;
determining, by one or more processors, whether a domain name for the network in the digital certificate matches a service set identifier broadcast by the wireless access point;
determining, by one or more processors, whether the network is known to be trusted based on one of user input identifying the domain name for the network in the digital certificate as trusted and presence of the public key for the network in a database of public keys for networks that are known to be trusted;
establishing, by one or more processors, a session for a wireless connection to the wireless access point for communicating with the network through the wireless access point in response to a determination that the digital signature in the digital certificate is signed by the trusted certificate authority, a determination that the domain name for the network in the digital certificate matches the service set identifier broadcast by the wireless access point, and a determination that the network is known to be trusted; and
blocking, by one or more processors, communications with the network through the wireless access point in response to a determination that the digital signature in the digital certificate is not signed by the trusted certificate authority, a determination that the domain name for the network in the digital certificate does not match the service set identifier broadcast by the wireless access point, and a determination that the network is not known to be trusted.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for establishing a wireless connection. A digital certificate having a second name is obtained by a processor unit in response to receiving a selection of a network using a first name broadcast by a wireless access point. A determination is made by the processor unit as to whether the digital certificate is valid. A determination is made by the processor unit as to whether the second name in the digital certificate matches the first name broadcast by the wireless access point. The processor unit establishes the wireless connection to the wireless access point in response to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point.
22 Citations
17 Claims
-
1. A method for authenticating a network of a wireless access point, the method comprising:
-
obtaining, by one or more processors, a digital certificate of a server from the wireless access point in response to identifying the network of the wireless access point, the digital certificate comprising a public key for the network, the wireless access point sending and receiving the digital certificate between one or more processors and the server for the authenticating of the network; determining, by one or more processors, whether a digital signature in the digital certificate is signed by a trusted certificate authority; determining, by one or more processors, whether a domain name for the network in the digital certificate matches a service set identifier broadcast by the wireless access point; determining, by one or more processors, whether the network is known to be trusted based on one of user input identifying the domain name for the network in the digital certificate as trusted and presence of the public key for the network in a database of public keys for networks that are known to be trusted; establishing, by one or more processors, a session for a wireless connection to the wireless access point for communicating with the network through the wireless access point in response to a determination that the digital signature in the digital certificate is signed by the trusted certificate authority, a determination that the domain name for the network in the digital certificate matches the service set identifier broadcast by the wireless access point, and a determination that the network is known to be trusted; and blocking, by one or more processors, communications with the network through the wireless access point in response to a determination that the digital signature in the digital certificate is not signed by the trusted certificate authority, a determination that the domain name for the network in the digital certificate does not match the service set identifier broadcast by the wireless access point, and a determination that the network is not known to be trusted. - View Dependent Claims (2, 3, 4, 5, 6, 14, 15, 16, 17)
-
-
7. A data processing system for authenticating a network of a wireless access point, the data processing system comprising:
-
one or more processors, a computer-readable memory, a computer-readable storage device; first program code to obtain a digital certificate of a server from the wireless access point in response to identifying the network of the wireless access point, the digital certificate comprising a public key for the network, the wireless access point sending and receiving the digital certificate between the one or more processors and the server for the authenticating of the network; second program code to determine whether a digital signature in the digital certificate is signed by a trusted certificate authority; third program code to determine whether a domain name for the network in the digital certificate matches a service set identifier broadcast by the wireless access point; fourth program code to determine whether the network is known to be trusted based on one of user input identifying the domain name for the network in the digital certificate as trusted and presence of the public key for the network in a database of public keys for networks that are known to be trusted; fifth program code to establish a session for a wireless connection to the wireless access point for communicating with the network through the wireless access point in response to a determination that the digital signature in the digital certificate is signed by the trusted certificate authority, a determination that the domain name for the network in the digital certificate matches the service set identifier broadcast by the wireless access point, and a determination that the network is known to be trusted; and sixth program code to block communications with the network through the wireless access point in response to a determination that the digital signature in the digital certificate is not signed by the trusted certificate authority, a determination that the domain name for the network in the digital certificate does not match the service set identifier broadcast by the wireless access point, and a determination that the network is not known to be trusted, wherein the first program code, the second program code, the third program code, the fourth program code, the fifth program code, and the sixth program code are stored in the computer-readable storage device for execution by at least one of the one or more processors via the computer-readable memory. - View Dependent Claims (8, 9, 10)
-
-
11. A computer program product for authenticating a network of a wireless access point, the computer program product comprising:
-
a computer-readable storage device; program code, stored on the computer-readable storage device, for obtaining a digital certificate of a server from the wireless access point in response to identifying the network of the wireless access point, the digital certificate comprising a public key for the network; program code, stored on the computer-readable storage device, for determining whether a digital signature in the digital certificate is signed by a trusted certificate authority; program code, stored on the computer-readable storage device, for determining whether a domain name for the network in the digital certificate matches a service set identifier broadcast by the wireless access point; program code, stored on the computer-readable storage device, for determining whether the network is known to be trusted based on one of user input identifying the domain name for the network in the digital certificate as trusted and on presence of the public key for the network in a database of public keys for networks that are known to be trusted; program code, stored on the computer-readable storage device, responsive to a determination that the digital signature in the digital certificate is signed by the trusted certificate authority, a determination that the domain name for the network in the digital certificate matches the service set identifier broadcast by the wireless access point, and a determination that the network is known to be trusted, for establishing a session for a wireless connection to the wireless access point for communicating with the network through the wireless access point; and program code, stored on the computer-readable storage device, for blocking communications with the network through the wireless access point responsive to a determination that the digital signature in the digital certificate is not signed by the trusted certificate authority, a determination that the domain name for the network in the digital certificate does not match the service set identifier broadcast by the wireless access point, and a determination that the network is not known to be trusted. - View Dependent Claims (12, 13)
-
Specification