Method and apparatus for security configuration and verification of wireless devices in a fixed/mobile convergence environment
First Claim
1. A network entity comprising:
- at least one hardware processor, wherein the at least one hardware processor is configured to;
send, via a first wireless network, a message configuring one or more event notifications on a mobile device as part of a registration process of the mobile device, where the first wireless network comprises a first wireless communications protocol, wherein the one or more event notifications comprise at least one of an application change, a link degradation, a discovery of a new network interface, or an occurrence of a reportable event;
monitor reachability of the mobile device on the first wireless network;
determine, in response to an event notification from the mobile device via the first wireless network, that the mobile device should transition to a second wireless network;
validate at least one of reachability of the mobile device or a token of the mobile device;
transmit, to the mobile device via the first wireless network, security configuration information for connection of the mobile device to the second wireless network, wherein the second wireless network comprises a second wireless communications protocol; and
monitor the mobile device to determine that the mobile device has transitioned to a new point of attachment in the second wireless network.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method is described that enables autonomic discovery of wireless network security mechanisms by mobile devices. Stateful monitoring of wireless devices facilitates identification of pending network connectivity loss, enabling a handoff server to proactively advertise new points of access and their associated security mechanisms to devices before connectivity is lost. As a result, devices may seamlessly transition between secure networks. Stateful monitoring of device reachability may be used together with device certificates and/or tokens to decrease the potential of MAC spoofing and further secure the network. Stateful monitoring of device connectivity status during network transitions facilitates the identification of rogue access points. The token or certificate on the device may be used to authenticate the device while transitioning between networks by a centralized entity, managing the initiation and the execution of the handover for the device.
-
Citations
20 Claims
-
1. A network entity comprising:
at least one hardware processor, wherein the at least one hardware processor is configured to; send, via a first wireless network, a message configuring one or more event notifications on a mobile device as part of a registration process of the mobile device, where the first wireless network comprises a first wireless communications protocol, wherein the one or more event notifications comprise at least one of an application change, a link degradation, a discovery of a new network interface, or an occurrence of a reportable event; monitor reachability of the mobile device on the first wireless network; determine, in response to an event notification from the mobile device via the first wireless network, that the mobile device should transition to a second wireless network; validate at least one of reachability of the mobile device or a token of the mobile device; transmit, to the mobile device via the first wireless network, security configuration information for connection of the mobile device to the second wireless network, wherein the second wireless network comprises a second wireless communications protocol; and monitor the mobile device to determine that the mobile device has transitioned to a new point of attachment in the second wireless network. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. An apparatus comprising:
-
a memory; and a processing element in communication with to the memory, wherein the processing element is configured to; receive, from a network entity via a first wireless network, a message configuring of one or more event notifications as part of a registration process with the network entity, where the first wireless network comprises a first wireless communications protocol, wherein the one or more event notifications comprise at least one of an application change, a link degradation, a discovery of a new wireless network interface, or an occurrence of a reportable event; generate instructions to transmit an event notification in response to an occurrence of at least one of the one or more event notifications; receive security configuration information for connection to a second wireless network, wherein the second wireless network comprises a second wireless communications protocol, wherein at least one of reachability of the apparatus or a token of the apparatus is validated by the first wireless network prior to receiving the security configuration information; and generate instructions to transition to a new point of attachment in the second wireless network. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer readable memory medium storing program instructions executable by a processor of an apparatus to:
-
receive, from a network entity via a first network, a configuration of one or more event notifications as part of a registration process with the network entity, where the first wireless network comprises a first wireless communications protocol, wherein the one or more event notifications comprise at least one of an application change, a link degradation, a discovery of a new wireless network interface, or an occurrence of a reportable event; generate instructions to transmit an event notification in response to an occurrence of at least one of the one or more event notifications; receive a security configuration information for connection to a second wireless network, wherein the second wireless network comprises a second wireless communications protocol, wherein at least one of reachability of the apparatus or a token of the apparatus is validated by the first wireless network prior to receiving the security configuration information; and generate instructions to transition to a new point of attachment in the second wireless network. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification