Validating presence of a communication device using a wireless local area network

US 9,198,034 B2
Filed: 06/28/2013
Issued: 11/24/2015
Est. Priority Date: 06/28/2013
Status: Active Grant

First Claim

Patent Images

1. A method for validating presence of a device in a confined area using a wireless local area network (WLAN) operable in the confined area, the method comprising:

sending, by the device to a server, a first handshake message including a first key generated by the device over a connection in a second network that is a wireless wide area network;

generating, by the server, a random second key to be returned to the device in a second handshake message over the second network connection in response to receiving the first handshake message;

sending a WLAN probe request that has been modified to include the second key back to the server via the WLAN; and

validating whether the device is present within the confined area by the server by determining whether the second key generated by the server is the same as the second key returned to the server in the modified WLAN probe request by the device;

whereaftertaking an action by the server in response to the validating step.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for validating presence of a communication device in a confined area using a wireless local area network (WLAN) includes sending a first handshake message including a generated first key over a second network connection different from the WLAN connection by a device. A next step includes generating a second key to be returned to the device in a second handshake message over the same connection. A next step includes sending a WLAN probe request that has been modified to include the second key via the WLAN. A next step includes validating whether the device is present within the confined area using a second communication network; whereafter allowing communication access over the second network using both the first and second keys if the device is validated as being present within the confined area, and taking appropriate action if the device is not validated as being present within the confined area.

15 Citations

17 Claims

1. A method for validating presence of a device in a confined area using a wireless local area network (WLAN) operable in the confined area, the method comprising:
- sending, by the device to a server, a first handshake message including a first key generated by the device over a connection in a second network that is a wireless wide area network;
  
  generating, by the server, a random second key to be returned to the device in a second handshake message over the second network connection in response to receiving the first handshake message;
  
  sending a WLAN probe request that has been modified to include the second key back to the server via the WLAN; and
  
  validating whether the device is present within the confined area by the server by determining whether the second key generated by the server is the same as the second key returned to the server in the modified WLAN probe request by the device;
  
  whereaftertaking an action by the server in response to the validating step.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein taking an action includes:
    - allowing communication access to the server over the second network using both the first and second keys if the device is validated as being present within the confined area, anddisallowing communication access to the server over the second network if the device is not validated as being present within the confined area.

3. A system for validating presence of a device in a confined area using a wireless local area network (WLAN) operable in the confined area, the system comprising:
- the device operable to send a first handshake message including a first key generated by the device over a connection in a second network that is a wireless wide area network; and
  
  a server operable to receive, from the device over the second network, the first handshake message, and in response generate a random second key to be returned to the device in a second handshake message over the second network connection, whereinthe device is further operable to send a WLAN probe request that has been modified to include the second key back to the server via an access point of the WLAN, whereinthe server further operable to validate whether the device is present within the confined area using the second key received from the access point by determining whether the second key generated by the server is the same as the second key returned to the server in the modified WLAN probe request by the device, and take an action in response to the validation of the device.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 4. The system of claim 3, whereinif the device is validated as being present within the confined area, the device is then allowed communication access to the server over the second network using both the first and second keys, andif the device is not validated as being present within the confined area, the device is disallowed communication access to the server.
  - 5. The system of claim 3, further comprising:
    - a plurality of identification devices configured to be disposed at mapped locations within the confined area and operable to periodically broadcast or respond to interrogation requests with unique identity information; and
      
      whereinthe device is further operable to read identity information from identification devices in proximity to the device and operable to include identity information in the first handshake message; and
      
      whereinthe server is further operable to receive identity information along with the second key in the modified probe request, validate whether the device is present within the confined area using the second key and the identity information, and deliver a WLAN probe response modified with a validation status back to the device via the access point.
  - 6. The system of claim 5, wherein the server validates using a determination as to whether the second key, originally generated by the server for the same identity over the second network connection, is the same as the second key that was received from the device via the access point over the WLAN.
  - 7. The system of claim 6, wherein the determination includes a further determination as to whether the identity received along with the second key from the device over the WLAN is genuinely that of the identification device that it claims to represent.
  - 8. The system of claim 7, wherein the further determination uses a heuristics approach that determines a number of messaging retries by the device, wherein the number of retries must be less than a fixed number of retries.
  - 9. The system of claim 7, wherein the further determination uses a heuristics approach to compare battery status of the identification device with last known battery status, wherein battery status can only be lower or equal to the last known battery status of the same identification device.
  - 10. The system of claim 6, wherein the determination includes a further determination as to whether the identification device is in the coverage area of the access point.
  - 11. The system of claim 3, wherein the second key has an expiration time, wherein the server will not accept any communication for the expired key and request the device to reinitiate presence validation.
  - 12. The system of claim 5, wherein, upon validation, the device is allowed to send messages to the server over the second network, wherein the messages include the first and second keys and the identity of the identification device.
  - 13. The system of claim 12, wherein the server respond to each message with either a success, failure, or deny message.
  - 14. The system of claim 13, wherein the server erases the first and second keys when it sends a failure or deny message.
  - 15. The system of claim 3, wherein the messaging over the second network uses a secure connection.
  - 16. The system of claim 3, wherein a WLAN interface of the device, if it is disabled, is enabled to send the modified WLAN probe request and receive the modified WLAN probe response, and otherwise the WLAN interface is restored.

17. A system for validating presence of a device in a confined area using a wireless local area network (WLAN) operable in the confined area, the system comprising:
- a plurality of identification tags configured to be disposed at mapped locations within the confined area and operable to periodically broadcast or respond to interrogation requests with unique identity information;
  
  a device operable to read identity information broadcast from identification tags in proximity to the device and send a first handshake message including a first key generated by the device and a tag identity over a packet cellular network; and
  
  a server operable to receive, from the device over the cellular network, the first handshake message, and in response generate a random second key to be returned to the device along with the tag identity in a second handshake message over the same cellular network connection, whereinthe device is further operable to send a WLAN probe request that has been modified to include the second key and the tag identity back to the server via an access point of the WLAN that forwards the second key and the tag identity to the server, whereinthe server further operable to validate whether the device is present within the confined area using the second key and the tag identity received from the access point by determining whether the second key generated by the server is the same as the second key returned to the server in the modified WLAN probe request by the device and whether the tag identity in the first handshake message and the tag identity from the WLAN probe request are the same, and deliver a WLAN probe response modified with a validation status back to the device via the access point;
  
  whereinif the device is validated as being present within the confined area, the device is then allowed access to send location update messages to the server over the cellular network using the first and second keys and the tag identity, andif the device is not validated as being present within the confined area, the device is disallowed communication access to send messages to the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Symbol Technologies, LLC (Zebra Technologies Corporation)
Inventors
Sinha, Rahul, Balla, Ramesh
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Ko, Sithu

Application Number

US13/929,891
Publication Number

US 20150003433A1
Time in Patent Office

879 Days
Field of Search

370/338
US Class Current

1/1
CPC Class Codes

H04L 63/107   wherein the security polici...

H04L 63/18   using different networks or...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/10   Integrity

H04W 12/63   Location-dependent; Proximi...

H04W 4/023   using mutual or relative lo...

H04W 64/003   locating network equipment

H04W 84/12   WLAN [Wireless Local Area N...

Validating presence of a communication device using a wireless local area network

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Validating presence of a communication device using a wireless local area network

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links