Spoofing detection

US 9,800,612 B2
Filed: 05/21/2015
Issued: 10/24/2017
Est. Priority Date: 04/03/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method to detect spoofing, the method comprising:

determining a first location of a wireless access device having an identifier at a first time;

determining a second location of the wireless access device at a second time;

comparing the first location and the second location to determine whether the first location and the second location are within a possible distance of one another for the wireless access device to travel between the first and second times; and

sending an alert in response to determining that the first location and the second location are outside of the possible distance.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods are described herein useful for detecting spoofing by wireless access devices. In some embodiments, spoofing can be detected based on locations for a wireless access device having an identifier at first and second times. The locations are compared to determine whether the wireless access device could access the particular network at the locations in the time period between the first and second times. In several embodiments, spoofing can be detected by tracking the activity of wireless access devices and identifying events that that are prohibited by one or more policy elements of the particular network.

174 Citations

13 Claims

1. A method to detect spoofing, the method comprising:
- determining a first location of a wireless access device having an identifier at a first time;
  
  determining a second location of the wireless access device at a second time;
  
  comparing the first location and the second location to determine whether the first location and the second location are within a possible distance of one another for the wireless access device to travel between the first and second times; and
  
  sending an alert in response to determining that the first location and the second location are outside of the possible distance.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising calculating the possible distance including tolerances.
  - 3. The method of claim 1 further comprising determining whether the wireless access device is mobile.
  - 4. The method of claim 1 further comprising determining whether the wireless access device is static.
  - 5. The method of claim 1 wherein determining the first and second locations comprises:
    - detecting the wireless access device using a plurality of nodes at known locations;
      
      determining a signal strength of the wireless access device with respect to individual ones of the plurality of nodes;
      
      determining a distance to the wireless access device from the individual ones of the plurality of nodes based on the signal strength to determine possible locations of the wireless access device; and
      
      estimating an area for the individual ones of the plurality of nodes corresponding to the possible locations of the wireless access device by detecting a band around the individual ones of the plurality of nodes within which the wireless access device could be located based on the determined distance from the individual ones of the plurality of nodes.

6. A method to detect spoofing with a collector device in connection with a plurality of nodes, the method comprising:
- receiving a first state of a wireless access device and a first communication device to which the wireless access device is communicating over a particular network at a first time at a particular node of the plurality of nodes;
  
  receiving or generating a first event for the wireless access device identifying the first state and the first communication device;
  
  receiving a second state of the wireless access device and a second communication device to which the wireless access device is communicating over the particular network at a second time at a particular node of the plurality of nodes;
  
  receiving or generating a second event for the wireless access device identifying the second state and the second communication device in response to determining that at least one of;
  
  the first state and the second state are different, andthe first communication device and the second communication device are different;
  
  checking the first and second events with the collector device for activities prohibited by one or more policy elements of the particular network, wherein the collector device is configured with the one or more policy elements; and
  
  sending an alert signal in response to determining that the first and second events identify an activity that is prohibited by the one or more policy elements.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6 wherein the one or more policy elements comprise one or more indicators that a wireless access device is a fixed wireless access device, a movable wireless access device, a moving wireless access device, an unknown wireless access device, or a spoofed wireless access device.
  - 8. The method of claim 6 further comprising receiving first and second location information for the wireless access device.
  - 9. The method of claim 8 wherein the receiving the first and second location information comprises receiving first and second access points of the wireless access device.
  - 10. The method of claim 6 wherein the wireless access device is operating in an ad hoc mode.
  - 11. The method of claim 6 wherein receiving the first and second states comprises receiving indication of one or more of:
    - a disconnected state, an authenticating state, an associating state, a reassociating state, a transmitting data state, a disassociating state, or a deauthenticating state.
  - 12. The method of claim 6 wherein receiving or generating the first and second events comprises the collector device generating the first and second events.
  - 13. The method of claim 6 wherein the first and second events are generated by the respective particular node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ozmo Licensing LLC
Original Assignee
OL Security LLC (Intellectual Ventures LLC)
Inventors
Harvey, Elaine, Walnock, Matthew
Primary Examiner(s)
Cumming, William D

Application Number

US14/718,982
Publication Number

US 20150334131A1
Time in Patent Office

887 Days
Field of Search

4554262, 4554561, 4554563, 4555521, 4555531, 370331
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/107   wherein the security polici...

H04L 63/1483   service impersonation, e.g....

H04L 63/20   for managing network securi...

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 64/00   Locating users or terminals...

H04W 84/18   Self-organising networks, e...

Spoofing detection

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

174 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Spoofing detection

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

174 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links