Method and apparatus for security configuration and verification of wireless devices in a fixed/mobile convergence environment

US 9,867,044 B2
Filed: 04/14/2016
Issued: 01/09/2018
Est. Priority Date: 05/30/2007
Status: Active Grant

First Claim

Patent Images

1. A network entity comprising:

at least one hardware processor, wherein the at least one hardware processor is configured to;

send, via a first wireless network, a message configuring one or more event notifications on a mobile device as part of a registration process of the mobile device, where the first wireless network comprises a first wireless communications protocol, wherein the one or more event notifications comprise at least one of an application change, a link degradation, a discovery of a new network interface, or an occurrence of a reportable event;

monitor reachability of the mobile device on the first wireless network;

determine, in response to an event notification from the mobile device via the first wireless network, that the mobile device should transition to a second wireless network;

validate at least one of reachability of the mobile device or a token of the mobile device;

transmit, to the mobile device via the first wireless network, security configuration information for connection of the mobile device to the second wireless network, wherein the second wireless network comprises a second wireless communications protocol; and

monitor the mobile device to determine that the mobile device has transitioned to a new point of attachment in the second wireless network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is described that enables autonomic discovery of wireless network security mechanisms by mobile devices. Stateful monitoring of wireless devices facilitates identification of pending network connectivity loss, enabling a handoff server to proactively advertise new points of access and their associated security mechanisms to devices before connectivity is lost. As a result, devices may seamlessly transition between secure networks. Stateful monitoring of device reachability may be used together with device certificates and/or tokens to decrease the potential of MAC spoofing and further secure the network. Stateful monitoring of device connectivity status during network transitions facilitates the identification of rogue access points. The token or certificate on the device may be used to authenticate the device while transitioning between networks by a centralized entity, managing the initiation and the execution of the handover for the device.

Citations

20 Claims

1. A network entity comprising:
- at least one hardware processor, wherein the at least one hardware processor is configured to;
  
  send, via a first wireless network, a message configuring one or more event notifications on a mobile device as part of a registration process of the mobile device, where the first wireless network comprises a first wireless communications protocol, wherein the one or more event notifications comprise at least one of an application change, a link degradation, a discovery of a new network interface, or an occurrence of a reportable event;
  
  monitor reachability of the mobile device on the first wireless network;
  
  determine, in response to an event notification from the mobile device via the first wireless network, that the mobile device should transition to a second wireless network;
  
  validate at least one of reachability of the mobile device or a token of the mobile device;
  
  transmit, to the mobile device via the first wireless network, security configuration information for connection of the mobile device to the second wireless network, wherein the second wireless network comprises a second wireless communications protocol; and
  
  monitor the mobile device to determine that the mobile device has transitioned to a new point of attachment in the second wireless network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The network entity of claim 1,wherein the event notification is a notification of an occurrence of an event trigger, and wherein events associated with event triggers are defined by the network entity.
  - 3. The network entity of claim 1,wherein to monitor the mobile device, the at least one hardware processor is further configured to monitor an active state of the mobile device.
  - 4. The network entity of claim 1,wherein the network entity is configured as a proxy gateway for the mobile device using the security configuration information.
  - 5. The network entity of claim 1,wherein to monitor the mobile device, the at least one hardware processor is further configured to perform stateful monitoring of a reachability of the mobile device to identify potential MAC spoofing.
  - 6. The network entity of claim 1,wherein the at least one hardware processor is further configured to selectively forward connectivity information and security configuration information to the mobile device prior to the mobile device connecting to the new point of attachment.

7. An apparatus comprising:
- a memory; and
  
  a processing element in communication with to the memory, wherein the processing element is configured to;
  
  receive, from a network entity via a first wireless network, a message configuring of one or more event notifications as part of a registration process with the network entity, where the first wireless network comprises a first wireless communications protocol, wherein the one or more event notifications comprise at least one of an application change, a link degradation, a discovery of a new wireless network interface, or an occurrence of a reportable event;
  
  generate instructions to transmit an event notification in response to an occurrence of at least one of the one or more event notifications;
  
  receive security configuration information for connection to a second wireless network, wherein the second wireless network comprises a second wireless communications protocol, wherein at least one of reachability of the apparatus or a token of the apparatus is validated by the first wireless network prior to receiving the security configuration information; and
  
  generate instructions to transition to a new point of attachment in the second wireless network.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The apparatus of claim 7,wherein the network entity is configured to monitor reachability of the apparatus on the first wireless network.
  - 9. The apparatus of claim 7,wherein the network entity is configured to determine that the apparatus has transitioned to the new point of attachment in the second wireless network.
  - 10. The apparatus of claim 7,wherein the event notification is a notification of an occurrence of an event trigger, and wherein events associated with event triggers are defined by the network entity.
  - 11. The apparatus of claim 7,wherein the processing element is further configured to:
    - receive connectivity information and security configuration information from the network entity prior to transitioning to the new point of attachment.
  - 12. The apparatus of claim 7,wherein the processing element is further configured to:
    - implement a security mechanism associated with the security configuration information.
  - 13. The apparatus of claim 7,wherein the processing element is further configured to:
    - receive, from the network entity, connectivity information and security configuration information prior to the apparatus connecting to the new point of attachment.

14. A non-transitory computer readable memory medium storing program instructions executable by a processor of an apparatus to:
- receive, from a network entity via a first network, a configuration of one or more event notifications as part of a registration process with the network entity, where the first wireless network comprises a first wireless communications protocol, wherein the one or more event notifications comprise at least one of an application change, a link degradation, a discovery of a new wireless network interface, or an occurrence of a reportable event;
  
  generate instructions to transmit an event notification in response to an occurrence of at least one of the one or more event notifications;
  
  receive a security configuration information for connection to a second wireless network, wherein the second wireless network comprises a second wireless communications protocol, wherein at least one of reachability of the apparatus or a token of the apparatus is validated by the first wireless network prior to receiving the security configuration information; and
  
  generate instructions to transition to a new point of attachment in the second wireless network.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer readable memory medium of claim 14,wherein the network entity is configured to monitor reachability of the apparatus on the first wireless network.
  - 16. The non-transitory computer readable memory medium of claim 14,wherein the network entity is configured to determine that the apparatus has transitioned to the new point of attachment in the second wireless network.
  - 17. The non-transitory computer readable memory medium of claim 14,wherein the event notification is a notification of an occurrence of an event trigger, and wherein events associated with event triggers are defined by the network entity.
  - 18. The non-transitory computer readable memory medium of claim 14,wherein the program instructions are further executable to:
    - receive connectivity information and security configuration information from the network entity prior to transitioning to the new point of attachment.
  - 19. The non-transitory computer readable memory medium of claim 14,wherein the program instructions are further executable to:
    - implement a security mechanism associated with the security configuration information.
  - 20. The non-transitory computer readable memory medium of claim 14,wherein the program instructions are further executable to:
    - receive, from the network entity, connectivity information and security configuration information prior to the apparatus connecting to the new point of attachment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Achtari, Guyves, Plante, Denis, Bernier, Eric
Primary Examiner(s)
SCHMIDT, KARI L

Application Number

US15/098,463
Publication Number

US 20160234729A1
Time in Patent Office

635 Days
Field of Search
US Class Current
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 21/35   communicating wirelessly

H04L 63/0876   based on the identity of th...

H04L 63/164   at the network layer

H04L 63/20   for managing network securi...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/086   using security domains

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 36/0038   of security context informa...

Method and apparatus for security configuration and verification of wireless devices in a fixed/mobile convergence environment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for security configuration and verification of wireless devices in a fixed/mobile convergence environment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links