| System and method for determining location of rogue wireless access point -> Monitor Keywords |
|
|
 
System and method for determining location of rogue wireless access pointRelated Patent Categories: Telecommunications, Radiotelephone System, Security Or Fraud PreventionSystem and method for determining location of rogue wireless access point description/claimsThe Patent Description & Claims data below is from USPTO Patent Application 20060194568, System and method for determining location of rogue wireless access point. Brief Patent Description - Full Patent Description - Patent Application Claims
PRIORITY CLAIM [0001] The present application is a continuation of a U.S. patent application Ser. No. 10/699,257 filed Oct. 31, 2003, entitled "System and Method for Determining Location of Rogue Wireless Access Point". The entire disclosure of the prior application, is considered as being part of the disclosure of the accompanying application and is hereby expressly incorporated by reference herein. BACKGROUND INFORMATION [0002] With the proliferation of wireless networks, many organizations (e.g., enterprises, universities, hospitals, etc.) have installed or are planning to install wireless networks in additional or, in alternative, to wired networks. Such wireless networks are believed to increase efficiency and productivity. However, one of disadvantages of wireless networks is security of such networks. Unlike wired networks, which are usually enclosed in secure and protected premisses of the organization, elements of wireless networks (e.g., wireless access points ["AP"]) may be scattered throughout the organization's premises. [0003] One major threat to wireless network security is a rogue AP. A rogue AP is an unauthorized AP that allows a third party to access the organization's network without a permission of the organization. For instance, a rogue AP may be installed with malicious intentions (e.g., to obtain access to the organization's data stored on the network). Another example of utilization of a rogue AP is a less threatening scenario: a member of the organization (e.g., an employee) may connect a rogue AP to the organization's network without a proper authorization. In other words, the employee may be authorized to use the organization's network, but the use of that particular AP may be unauthorized. This situation may occur, for example, if the employee decided to use his personal AP for more convenient access to the organization's network. If the AP is not properly configured to provide a secure access to authorized users, then unauthorized users using compatible hardware may also gain access to the network. This may be of particular concern when the AP covers a physical area outside of the organization's premises. Then, unauthorized users may access the network without physically entering the organization's premises. [0004] To address the threat of a rogue AP, the network administrator monitors the traffic on the network. Once a rogue AP is detected, however, the problem is to locate this rogue AP so that it can be removed. Finding the rogue AP may be a difficult task as the AP may be hidden anywhere in the organization's premises. For example, the rogue AP may be hidden under ceilings or behind walls. There is, therefore, a need for a system and method that determines a particular location of a rogue AP with great accuracy (e.g., within two feet) within the organization's premises. SUMMARY OF THE INVENTION [0005] Described are a method and system for determining a location of an unauthorized wireless access point ("AP") accessing a communication network. Upon notification of existence of the unauthorized AP, at least three authorized APs of the communication network initiate tracking a beacon of the unauthorized AP. [0006] A tracking data record is generated partially based on information obtained during the tracking of the tracking beacon. The tracking record may include a location of each of the authorized APs and at least one of (i) a first strength data corresponding to a strength of the tracking beacon as measured by each of the authorized APs and (ii) a first time data corresponding to a time period that it takes for the tracking beacon to arrive at each of the authorized APs. The location of the unauthorized AP is determined as a function of at least one of (i) the tracking record and (ii) a calibrating record. The calibrating record may include (a) at least one of a second strength data corresponding to a strength of a calibrating beacon as transmitted from a predetermined location within the communication network and received by each of the authorized APs and a second time data corresponding to a time period that it takes for the calibrating beacon to arrive from the predetermined location to each of the authorized AP, (b) the predetermined location and (c) the location of each of the authorized AP. BRIEF DESCRIPTION OF DRAWINGS [0007] FIG. 1 shows an exemplary embodiment of a system according to the present invention; and [0008] FIG. 2 shows an exemplary embodiment of a method according to the present invention. DETAILED DESCRIPTION [0009] FIG. 1 shows an exemplary embodiment of a wireless network and, in particular, a wireless local area network ("WLAN") 100 according to the present invention. The WLAN 100 may include a plurality of authorized access points ("AP"s) 10, 20 and 30. The WLAN 100 may also include a plurality of authorized mobile units MUs (e.g., MU 1-5) and at least one server (e.g., a server 70). The APs 10-30 may be connected directly to the server 70. The WLAN 100 includes a database 82 storing data regarding authorized devices, authorized users, locations of the WLAN's assets, etc. The database 82 may also include identification information about devices that are specifically prohibited from accessing the WLAN 100. [0010] The MU 1 accesses various assets of the WLAN 100 via the APs 10-30. Depending where the MU 1 is located at a particular time, the MU 1 may access the WLAN 100 via the closest AP. Every AP periodically transmits beacon signals which may be used to determine the closest AP. For example, the MU 1 may determine that the AP 20 is the closest AP. Therefore, the MU 1 establishes wireless communication with the WLAN 100 via the AP 20, rather than via the AP 10 or the AP 30. [0011] If the user of the MU 1 attempts to access the server 70, the MU 1 first waits for a communication channel to the AP 20 to be available. Once the communication channel is available, the MU 1 transmits an authentication message to the AP 20 requesting an access to the WLAN 100. The authentication message may contain user's identification data (e.g., login name and password). When the AP 20 receives the authentication message from the MU 1, it initiates an authentication process. The authentication process may include verification of the identification data received from the user against the data stored in the database 82. If the identification data is not verified, then the MU 1 is denied access to the WLAN 100. However, if the identification data is verified, then the AP 20 transmits a corresponding response authorizing the MU 1 to access the WLAN 100. Once the MU 1 receives authorization, the MU 1 may access the WLAN 100 via the AP 20. For example, the user of the MU 1 may then access the server 70. [0012] An unauthorized user may desire to obtain access to the WLAN 100, and in particular, to the server 70 utilizing an unauthorized, or rogue, AP 60. The rogue AP 60 may be configured to check its resident database before approving an access to the WLAN 100. The resident database of the AP 60, configured by the unauthorized user may contain, for example, a login name and/or password of the unauthorized user. Alternatively, the rogue AP 60 may be configured to approve an access without verifying the identification data from the authentication message. The rogue AP 60 may then provide access to the WLAN 100 by a rogue MU 6. [0013] The unauthorized user may use the MU 6 to access the server 70 via the rogue AP 60. The MU 6 transmits an authentication message to the rogue AP 60, which is configured by the unauthorized user to allow the MU 6 to access the WLAN 100. The unauthorized user may gain access to the server 70 by logging in in the same manner as the authorized user. [0014] FIG. 2 shows a method according to an exemplary embodiment of the present invention utilized to determine the location of the rogue AP 60 with great accuracy (e.g., within two feet). Such location, or a specific area within which the rough AP 60 may be located, may be determined in relationship to another know object or location (e.g., within a three feet radius of a printer in Mr. Smith's Alex's office; in a reception area--near a door, etc.). The method is described with reference to FIG. 1. Those skilled in the art will understand that other systems having varying configurations, for example, different numbers of APs, WLANs or MUs may be used to implement the exemplary method. [0015] In step 110, the rogue AP 60 is detected and identified as an unauthorized AP. A person skilled in the art will understand that the detection of the rogue AP 60 may be accomplished in a variety of ways. For example, the network administrator may monitor the traffic on the WLAN 100 using a sniffer program to detect any rogue APs. [0016] Another method of detecting the rogue AP 60 may involve beacon signals. These beacons are periodically transmitted by every AP. The beacon signal may contain information including a MAC address of the transmitting AP, a service set identification ("SSID"), supported data rates, etc. The MAC address is an identifier assigned by the manufacturer and hence it is utilized as a manufacturer identification of the AP. The SSID identifies a virtual local area network ("VLAN") that is served by a particular WLAN. The VLAN may encompass a single WLAN (e.g., WLAN 100) or a plurality of WLANs. Conversely, the WLAN 100 may serve a plurality of VLANs and a particular AP beacon, from an AP associated with the WLAN 100, contain a list of SSIDs. [0017] Based on the information stored in the beacon signals, a determination is made as to whether the beacon signal received is from an authorized or unauthorized AP. This may be determined based on two exemplary criteria. These criteria may be used alternatively or in conjunction to determine if the particular AP is unauthorized. Those skilled in the art would understand that there may be a plurality of other criteria used to make such determination. [0018] The first exemplary criteria is based upon a verification of the manufacturer identification of the MAC address of the transmitting AP. The data stored in the beacon signal is compared to the data stored on the database 82, which contains data of the authorized APs. [0019] The second exemplary criteria is based upon a verification using the SSID stored in the beacon signal against the authorized SSIDs stored in the database 82. If this criteria is utilized, the network administrator or another authorized user may generate a list of valid SSIDs. Therefore, if the rogue AP 60 is manufactured by an authorized manufacturer but the SSID in the beacon is invalid, then the presence of the rogue AP 60 is detected. Those skilled in the art will understand that the network administrator may also insert other codes into the beacons of the authorized APs that may be used to identify authorized/unauthorized APs. Continue reading about System and method for determining location of rogue wireless access point... Full patent description for System and method for determining location of rogue wireless access point Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this System and method for determining location of rogue wireless access point patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like System and method for determining location of rogue wireless access point or other areas of interest. ### Previous Patent Application: Symmetrically and asymmetrically stacked transistor grouping rf switch Next Patent Application: Information processing apparatus and method, information processing system, and transmission medium Industry Class: Telecommunications ### FreshPatents.com Support Thank you for viewing the System and method for determining location of rogue wireless access point patent info. IP-related news and info Results in 0.1028 seconds Other interesting Feshpatents.com categories: Qualcomm , Schering-Plough , Schlumberger , Seagate , Siemens , Texas Instruments , 174 |
 * Protect your Inventions * US Patent Office filing 
PATENT INFO |
|
