Method and apparatus for security configuration and verification of wireless devices in a fixed/mobile convergence environment
First Claim
1. A handoff server comprising:
- at least one network interface; and
at least one hardware processor coupled to the at least one network interface, wherein the at least one hardware processor is configured to;
register one or more event notifications with a mobile device via the at least one network interface, wherein the one or more event notifications comprise at least one of an application change, a link degradation, a discovery of a new network interface, and an occurrence of a reportable event;
pre-authenticate the mobile device by validating at least one of reachability of the mobile device and a token of the mobile device;
in response to an event notification from a mobile device, determine that the mobile device should transition to a new network and retrieve security configuration information from an information server via the at least one network interface, wherein the information server stores network and related security configuration information for a plurality of networks;
selectively forward, based on said retrieving, connectivity information and security configuration information for a selected access point of a selected network to the mobile device for connection of the mobile device to the access point of the selected network; and
authenticate the mobile device with the selected network by monitoring the mobile device to determine that the mobile device has connected to the selected access point within a selected amount of time and validating the token of the mobile device.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method is described that enables autonomic discovery of wireless network security mechanisms by mobile devices. Stateful monitoring of wireless devices facilitates identification of pending network connectivity loss, enabling a handoff server to proactively advertise new points of access and their associated security mechanisms to devices before connectivity is lost. As a result, devices may seamlessly transition between secure networks. Stateful monitoring of device reachability may be used together with device certificates and/or tokens to decrease the potential of MAC spoofing and further secure the network. Stateful monitoring of device connectivity status during network transitions facilitates the identification of rogue access points. The token or certificate on the device may be used to authenticate the device while transitioning between networks by a centralized entity, managing the initiation and the execution of the handover for the device.
-
Citations
20 Claims
-
1. A handoff server comprising:
-
at least one network interface; and at least one hardware processor coupled to the at least one network interface, wherein the at least one hardware processor is configured to; register one or more event notifications with a mobile device via the at least one network interface, wherein the one or more event notifications comprise at least one of an application change, a link degradation, a discovery of a new network interface, and an occurrence of a reportable event; pre-authenticate the mobile device by validating at least one of reachability of the mobile device and a token of the mobile device; in response to an event notification from a mobile device, determine that the mobile device should transition to a new network and retrieve security configuration information from an information server via the at least one network interface, wherein the information server stores network and related security configuration information for a plurality of networks; selectively forward, based on said retrieving, connectivity information and security configuration information for a selected access point of a selected network to the mobile device for connection of the mobile device to the access point of the selected network; and authenticate the mobile device with the selected network by monitoring the mobile device to determine that the mobile device has connected to the selected access point within a selected amount of time and validating the token of the mobile device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for autonomously deploying security configuration information to a mobile device comprising:
by a handoff server, registering one or more event notifications with the mobile device, wherein the one or more event notifications comprise at least one of an application change, a link degradation, a discovery of a new network interface, and an occurrence of a reportable event; pre-authenticating a mobile device by validating at least one of reachability of the mobile device and a token of the mobile device; receiving notification of an event trigger from the mobile device; determining that the mobile device should transition to another network; retrieving, from an information server that stores network and related security configuration parameters, a point of access to a new network and security information associated with the new network; forwarding the selected point of access and related security information to the mobile device; and authenticating the mobile device with the selected network by monitoring the mobile device to determine that the mobile device has connected to the selected access point within a selected amount of time and validating the token of the mobile device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
Specification