Proximity based dual authentication for a wireless network

US 9,590,982 B2
Filed: 01/28/2014
Issued: 03/07/2017
Est. Priority Date: 10/17/2013
Status: Active Grant

First Claim

Patent Images

1. A system for accessing a network wirelessly, comprising:

a wireless device;

a first wireless network node comprising a wireless local area network that is allowed to access the network, the first wireless network node generating a first wireless signal having a first signal range extending outside of an area for which the first wireless signal is intended to cover resulting in security problems with unwanted wireless devices accessing the first wireless network;

a second wireless network node comprising a wireless personal area network generating a second wireless signal having a second signal range, the second signal range is less than the first signal range;

a first wireless interface configured to receive an authentication to access the first wireless network node from the wireless device via the first wireless signal having the first signal range;

a first authentication of the wireless device using a processor of the first wireless local area network that determines whether the wireless device is authorized to access the network and, in response to determining that the wireless device is authorized to access the network, a proximity of the wireless device is obtained to determine whether the wireless device is in a location that is in a desired range of the first wireless signal of the first wireless network node; and

a second authentication of the wireless device using the second wireless personal area network validates a location of the wireless device by determining whether the wireless device is within the second signal range of the second wireless signal, the second authentication using the second signal range to confirm said determined proximity of the wireless device to the first wireless signal of the wireless local area network;

wherein when the wireless device is within the second signal range of the second wireless signal of the second wireless personal area network, a proximity validation key is generated and transmitted from the second wireless personal area to the wireless device identifying that the wireless device resides within the second signal range, the proximity validation key being transmitted from the wireless device to the wireless local area network to determine whether the proximity validation is valid for accessing the network through the wireless local area network; and

upon a determination that the proximity validation key is valid, the wireless local area network allows the wireless device to access the network upon receipt of indication that the proximity validation key is valid; and

whereby combination of the first authentication over the first wireless local area network and the second authentication over the second wireless personal area network reduces security issues for the wireless local area network, and avoids the need to limit range and strength of the first signal range of said wireless local area network.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of accessing a network wirelessly is described. In the method an authentication is provided to access the network from a wireless device to a first network node via a first wireless signal having a first range. A proximity validation is provided to access the network through the first network node. The proximity validation is provided to the first network node when the wireless device is within a second range of a second wireless signal of a second network node. The second range is less than the first range. The method further provides for accessing the network when both the authentication and the proximity validation are valid.

20 Citations

View as Search Results

20 Claims

1. A system for accessing a network wirelessly, comprising:
- a wireless device;
  
  a first wireless network node comprising a wireless local area network that is allowed to access the network, the first wireless network node generating a first wireless signal having a first signal range extending outside of an area for which the first wireless signal is intended to cover resulting in security problems with unwanted wireless devices accessing the first wireless network;
  
  a second wireless network node comprising a wireless personal area network generating a second wireless signal having a second signal range, the second signal range is less than the first signal range;
  
  a first wireless interface configured to receive an authentication to access the first wireless network node from the wireless device via the first wireless signal having the first signal range;
  
  a first authentication of the wireless device using a processor of the first wireless local area network that determines whether the wireless device is authorized to access the network and, in response to determining that the wireless device is authorized to access the network, a proximity of the wireless device is obtained to determine whether the wireless device is in a location that is in a desired range of the first wireless signal of the first wireless network node; and
  
  a second authentication of the wireless device using the second wireless personal area network validates a location of the wireless device by determining whether the wireless device is within the second signal range of the second wireless signal, the second authentication using the second signal range to confirm said determined proximity of the wireless device to the first wireless signal of the wireless local area network;
  
  wherein when the wireless device is within the second signal range of the second wireless signal of the second wireless personal area network, a proximity validation key is generated and transmitted from the second wireless personal area to the wireless device identifying that the wireless device resides within the second signal range, the proximity validation key being transmitted from the wireless device to the wireless local area network to determine whether the proximity validation is valid for accessing the network through the wireless local area network; and
  
  upon a determination that the proximity validation key is valid, the wireless local area network allows the wireless device to access the network upon receipt of indication that the proximity validation key is valid; and
  
  whereby combination of the first authentication over the first wireless local area network and the second authentication over the second wireless personal area network reduces security issues for the wireless local area network, and avoids the need to limit range and strength of the first signal range of said wireless local area network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the second network node is further configured to send to the wireless device an address of a recommended first network node for accessing the network through the proximity validation when the wireless device is within the second range of the second wireless signal.
  - 3. The system of claim 2, wherein the first network node address provided by the second network node is determined based on one or more of distance between the wireless device and the first node, signal strength of the first network node, and usage of the first network node.
  - 4. The system of claim 1, wherein the first network node is obfuscated from the wireless device until the proximity of the wireless device is validated by the second network node.
  - 5. The system of claim 1, wherein the second network node is configured within the first network node.
  - 6. The system of claim 1, wherein the first wireless signal is a wireless local area network signal.
  - 7. The system of claim 1, wherein the second wireless signal is a wireless personal area network signal.

8. A computer program product for accessing a network wirelessly, the computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code executable by a first network node to cause the first network node to:
- receive from a wireless device an authentication to access a wireless local area network from the wireless device via a first wireless signal having a first signal range that extends outside of an area for which the first wireless signal is intended to cover resulting in security problems with unwanted wireless devices accessing the wireless local area network;
  
  receive from a wireless personal area network a second wireless signal having a second signal range that is less than the first signal range;
  
  determine in a first authentication whether the wireless device is authorized to access the network in response to the authentication to access the network received from the wireless device via the first wireless signal having the first signal range;
  
  receive confirmation that the wireless device is authorized to access the network;
  
  determine a proximity of the wireless device to determine whether the wireless device is in a location that is in a desired range of the first wireless signal of the first signal range of the wireless local area network;
  
  validate in a second authentication a location of the wireless personal area network todetermine whether the wireless device is within the second signal range of the second wireless signal, the second authentication using the second signal range to confirm said determined proximity of the wireless device to the first wireless signal of the wireless local area network;
  
  receive confirmation that the wireless device is within the second signal range of the second wireless signal of the wireless personal area network;
  
  request a proximity validation key from the wireless personal area network to the wireless device identifying that the wireless device resides within the second signal range, the proximity validation key being transmitted from the wireless device to the wireless local area network to determine whether the proximity validation is valid for accessing the network through the wireless local area network;
  
  receive the proximity validation key indicating that the wireless device is within the second signal range of the second wireless signal, wherein the second signal range is less than the first range; and
  
  enable the wireless device to access the network upon an indication that the proximity validation is valid,whereby combination of the first authentication over the first wireless local area network and the second authentication over the second wireless personal area network reduces security issues to the network while avoiding the need to limit range of and diminish strength of the first signal range.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The computer program product of claim 8, wherein the program code is further configured to cause the first network node to obfuscate the first network node from the wireless device until the proximity of the device is validated by the second network node.
  - 10. The computer program product of claim 8, wherein the first network node includes memory and a processor, with a first set of instructions stored in the memory and executed by the processor.
  - 11. The computer program product of claim 8, wherein the first network node includes one or more encryption/decryption modules for wireless signal interfaces and network encryption operations.
  - 12. The computer program product of claim 8, wherein the first network node includes a network wireless interface that provides a wireless connection to a wireless network, and the second wireless signal couples the first network node to said wireless network.
  - 13. The computer program product of claim 8, wherein credentials or another authentication from the wireless device are used to determine whether the wireless device is within the location of the second network node.
  - 14. The computer program product of claim 8, wherein the proximity validation is a validation key indicating that the user and the wireless device are within the second range.
  - 15. The computer program product of claim 8, wherein credentials or another authentication from the wireless device are used to determine whether the wireless device is within the location of the second network node.
  - 16. The computer program product of claim 8, wherein when the wireless device is determined to be within the second range, the first and second network nodes communicating to each other via the first wireless signal.
  - 17. The computer program product of claim 8, wherein when the wireless device is determined to be within the second range, the first and second network nodes communicating to each other via the second wireless signal.
  - 18. The computer program product of claim 8, wherein when the wireless device is determined to be within the second range, the first and second network nodes communicating to each other via both the first and second wireless signals.

19. A system for accessing a network wirelessly, comprising:
- a wireless device;
  
  a wireless local area network that is allowed to access the network, the wireless local area network generating a first wireless signal having a first signal range extending outside of an area for which the first wireless signal is intended to cover resulting in security problems with unwanted wireless devices accessing the first wireless network;
  
  a wireless personal area network generating a second wireless signal having a second signal range, the second signal range is less than the first signal range;
  
  a first authentication of the system identifying that the wireless device is authorized to access the network and, in response thereto, obtaining a proximity of the wireless device to determine whether the wireless device is in a location that is in a desired range of the first wireless signal of the wireless local area network; and
  
  a second authentication of the system using the second wireless personal area network to validate a location of the wireless device by determining whether the wireless device is within the second signal range of the second wireless signal, the second authentication using the second signal range to confirm said determined proximity of the wireless device to the first wireless signal of the wireless local area network;
  
  when the wireless device is within the second signal range of the second wireless signal of the second wireless personal area network, a proximity validation key is generated and transmitted from the second wireless personal area network to the wireless device identifying that the wireless device resides within the second signal range;
  
  the proximity validation key and credentials being transmitted from the wireless device to the wireless local area network to determine based on the credentials whether the proximity validation is valid for accessing the network through the wireless local area network; and
  
  upon a determination that the proximity validation key is valid, the wireless local area network allows the wireless device to access the network upon receipt of indication that the proximity validation key is valid; and
  
  whereby combination of the first authentication over the first wireless local area network and the second authentication over the second wireless personal area network reduces security issues to the network while avoiding the need to limit range of and diminish strength of the first signal range.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the wireless personal area network determines whether to validate the proximity of the wireless device by requesting a second credential from the wireless device as an added layer of security to validate proximity of the wireless device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Globalfoundries US Incorporated (GlobalFoundries, Inc.)
Original Assignee
GlobalFoundries, Inc.
Inventors
Brewer, Derek R., Langford, Kerry M., Wilhelm, Robert D.
Primary Examiner(s)
Jeudy, Josnel

Application Number

US14/166,078
Publication Number

US 20150113620A1
Time in Patent Office

1,134 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04W 12/06   Authentication

H04W 12/63   Location-dependent; Proximi...

Proximity based dual authentication for a wireless network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Proximity based dual authentication for a wireless network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links