Address spoofing prevention

US 9,210,575 B2
Filed: 01/08/2013
Issued: 12/08/2015
Est. Priority Date: 11/08/2006
Status: Active Grant

First Claim

Patent Images

1. A method of a mobile unit establishing a secure wireless communication link in a wireless communication network, comprising:

accessing, by the mobile unit, a database of a secured network of the wireless communication network, wherein the database comprises address correspondence information between a data link layer address and a network layer address of one or more mobile units;

obtaining the data link layer address of at least one other mobile unit from the address correspondence information in the database via a multicast service; and

establishing a secure wireless communication link with the at least one other mobile unit using the data link layer address of the other mobile unit from the address correspondence information.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method for securing a radio communication link establishment in a radio communication network comprising a local network and a secured network. The local network comprises at least a first terminal and a second terminal and at least the first terminal is capable of communicating with the secured network. The radio communication network implements layered protocol functions, comprising at least Layers 1, 2 and 3, the terminals being identifiable by their Layer 2 and 3 addresses. The secured network comprises a database comprising address correspondence information between Layer 2 and 3 addresses of terminals. In the method the first terminal authenticates itself with the secured network and then by using the Layer 3 address of the second terminal, obtaining the address correspondence information provided by the database and thereby determining the corresponding Layer 2 address of the second terminal. Then the first terminal establishes in the local network the radio communication link with the second terminal by using the Layer 2 address.

Citations

17 Claims

1. A method of a mobile unit establishing a secure wireless communication link in a wireless communication network, comprising:
- accessing, by the mobile unit, a database of a secured network of the wireless communication network, wherein the database comprises address correspondence information between a data link layer address and a network layer address of one or more mobile units;
  
  obtaining the data link layer address of at least one other mobile unit from the address correspondence information in the database via a multicast service; and
  
  establishing a secure wireless communication link with the at least one other mobile unit using the data link layer address of the other mobile unit from the address correspondence information.
- View Dependent Claims (2, 3, 4, 6, 7, 8)
- - 2. The method claim 1, wherein the data link layer address is a medium access control address of the other mobile unit and the network layer address is an internet protocol address of the other mobile unit.
  - 3. The method of claim 1, wherein the mobile units are in a local network of the wireless communication network.
  - 4. The method claim 1, further comprising establishing a direct mode wireless communication session with a local network of the wireless communication network.
  - 6. The method of claim 1, wherein the wireless communication network further comprises obtaining a data link layer address and a network layer address of a dynamic host configuration protocol server and/or a domain name system server from the address correspondence information in the database.
  - 7. The method of claim 1, wherein the address correspondence information is communicated to at least one other mobile unit over a secured wireless link of the secured network.
  - 8. The method of claim 1, further comprising prior to accessing the database the mobile unit authenticating with the secured network.

5. The method of 1, wherein the multicast service comprises a Multimedia Broadcast Multicast Service.

9. A mobile unit, comprising:
- a processor configured to;
  
  access a database of a secured network of a wireless network, wherein the database comprises address correspondence information between a data link layer address and a network layer address of one or more mobile units;
  
  obtain the data link layer address of at least one other mobile unit from the address correspondence information in the database via a multicast service; and
  
  establish a secure wireless communication link with the at least one other mobile unit using the data link layer address of the other mobile unit from the address correspondence information.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The mobile unit of claim 9, wherein the data link layer address is a medium access control address of the other mobile unit and the network layer address is an internet protocol address of the other mobile unit.
  - 11. The mobile unit of claim 9, wherein the secure wireless communication link is established in a local network of the wireless communication network.
  - 12. The mobile unit of claim 9, wherein the processor is further configured to establish a direct mode wireless communication session with a local network of the wireless communication network.
  - 13. The mobile unit of claim 9, wherein the multicast service comprises a Multimedia Broadcast Multicast Service.
  - 14. The mobile unit of claim 9, wherein the processor is further configured to obtain a data link layer address and a network layer address of a dynamic host configuration protocol server and/or a domain name system server from the address correspondence information in the database.
  - 15. The mobile unit of claim 9, wherein the address correspondence information is communicated to at least one other mobile unit over a secured wireless link of the secured network.
  - 16. The mobile unit of claim 9, further comprising prior to accessing the database the processor is configured to authenticate the mobile unit with the secured network.

17. A non-transitory computer-readable memory medium storing program instructions, the program instructions executable by a mobile unit in a wireless communication network to cause the mobile unit to:
- access a database of a secured network of the wireless communication network, wherein the database comprises address correspondence information between a data link layer address and a network layer address of one or more mobile units;
  
  obtain the data link layer address of at least one other mobile unit from the address correspondence information in the database via a multicast service; and
  
  establish a secure wireless communication link with the at least one other mobile unit using the data link layer address of the other mobile unit from the address correspondence information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Lescuyer, Pierre, Lucidarme, Thierry
Primary Examiner(s)
Pham, Brenda H

Application Number

US13/736,706
Publication Number

US 20130128799A1
Time in Patent Office

1,064 Days
Field of Search

370/349, 370/310.2, 370/312, 370/328, 370/338, 370/395.31, 370/395.3
US Class Current

1/1
CPC Class Codes

H04L 63/1466   Active attacks involving in...

H04W 12/08   Access security

H04W 12/122   Counter-measures against at...

H04W 76/10   Connection setup

Address spoofing prevention

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Address spoofing prevention

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links