Senior Fitness - Exercise and Nutrition for Aging Men and Women
FREE Article Feed for your website.
Home Ownership Magazine
Party Planning Information
Article Marketing Resources
Bio-Medical Research Article Database
Informative Articles on Life, Love and Happiness
Tutorials on Business to Writing
Famous Quotes from Famous People
Song Lyric Information
New US Patent Information
Comprehensive List of Content by Category
Online Auctions and Shopping Related Articles
Article Search
Most Recent Articles
Title: Delay locked loop with improved jitter and clock delay compensating method thereof
Patent Number: 7,436,230 Issued on 10/14/2008 to Kim

Title: Methods and apparatus for minimizing jitter in a clock synthesis circuit that uses feedback interpolation
Patent Number: 7,436,229 Issued on 10/14/2008 to Sidiropoulos,   et al.

Title: Variable-bandwidth loop filter methods and apparatus
Patent Number: 7,436,228 Issued on 10/14/2008 to Hoang,   et al.

Title: Dual loop architecture useful for a programmable clock source and clock multiplier applications
Patent Number: 7,436,227 Issued on 10/14/2008 to Thomsen,   et al.

Title: Power-up detection circuit that operates stably regardless of variations in process, voltage, and temperature, and semiconductor device thereof
Patent Number: 7,436,226 Issued on 10/14/2008 to Kim

Title: Semiconductor device having output transistor and current control circuit
Patent Number: 7,436,225 Issued on 10/14/2008 to Arashima,   et al.

Title: Low variation voltage output differential for differential drivers
Patent Number: 7,436,224 Issued on 10/14/2008 to Wang,   et al.

Title: Technique for improving negative potential immunity of an integrated circuit
Patent Number: 7,436,223 Issued on 10/14/2008 to Gose,   et al.

Title: Circuit and method for trimming integrated circuits
Patent Number: 7,436,222 Issued on 10/14/2008 to Shyr,   et al.

Title: Methods and apparatus for ultra-low leakage analog storage
Patent Number: 7,436,221 Issued on 10/14/2008 to O'Halloran,   et al.

Title: Partially gated mux-latch keeper
Patent Number: 7,436,220 Issued on 10/14/2008 to Anshumali,   et al.

Title: Level shifter circuit
Patent Number: 7,436,219 Issued on 10/14/2008 to Chen,   et al.

Title: Magnetic AND/NOR circuit
Patent Number: 7,436,218 Issued on 10/14/2008 to Agan,   et al.

Title: Methods and apparatus for serially connected devices
Patent Number: 7,436,217 Issued on 10/14/2008 to Lewko

Title: Method and apparatus for a direct current (DC) coupled input buffer
Patent Number: 7,436,216 Issued on 10/14/2008 to Brunn,   et al.

Title: Transmitter
Patent Number: 7,436,215 Issued on 10/14/2008 to Drottar,   et al.

Title: Pseudo differential current mode receiver
Patent Number: 7,436,214 Issued on 10/14/2008 to Chang,   et al.

Title: Level shifter
Patent Number: 7,436,213 Issued on 10/14/2008 to Nojiri

Title: Interface circuit power reduction
Patent Number: 7,436,212 Issued on 10/14/2008 to Sakai,   et al.

Title: Transparent latch circuit
Patent Number: 7,436,211 Issued on 10/14/2008 to Ueda

Title: Next generation 8B10B architecture
Patent Number: 7,436,210 Issued on 10/14/2008 to Venkata,   et al.

Title: Nanoscale electronic latch
Patent Number: 7,436,209 Issued on 10/14/2008 to Snider,   et al.

Title: Carry circuit with power-save mode
Patent Number: 7,436,208 Issued on 10/14/2008 to Pham

Title: Integrated circuit device having at least one of a plurality of bond pads with a selectable plurality of input-output functionalities
Patent Number: 7,436,207 Issued on 10/14/2008 to Rogers,   et al.

Title: Semiconductor integrated circuit
Patent Number: 7,436,206 Issued on 10/14/2008 to Kurotsu

Title: Semiconductor device reducing power consumption in standby mode
Patent Number: 7,436,205 Issued on 10/14/2008 to Tada

Title: Apparatus and method for determining on die termination modes in memory device
Patent Number: 7,436,204 Issued on 10/14/2008 to Choi,   et al.

Title: On-chip transformer arrangement
Patent Number: 7,436,203 Issued on 10/14/2008 to Hidri,   et al.

Title: Method and apparatus for calibrating driver impedance
Patent Number: 7,436,202 Issued on 10/14/2008 to Lin,   et al.

Title: Architecture for reducing leakage component in semiconductor devices
Patent Number: 7,436,201 Issued on 10/14/2008 to Kumar

Title: Apparatus for testing a power supply
Patent Number: 7,436,200 Issued on 10/14/2008 to Jacobsen,   et al.

Title: Stack-type semiconductor package sockets and stack-type semiconductor package test systems
Patent Number: 7,436,199 Issued on 10/14/2008 to Kim

Title: Test pattern of semiconductor device and test method using the same
Patent Number: 7,436,198 Issued on 10/14/2008 to Lee

Title: Virtual test head for IC
Patent Number: 7,436,197 Issued on 10/14/2008 to Jacobson

Title: Method and apparatus for measuring die-level integrated circuit power variations
Patent Number: 7,436,196 Issued on 10/14/2008 to Athas,   et al.

Title: Test apparatus for semiconductor elements on a semiconductor wafer, and a test method using the test apparatus
Patent Number: 7,436,195 Issued on 10/14/2008 to Ruckenbauer

Title: Shielded probe with low contact resistance for testing a device under test
Patent Number: 7,436,194 Issued on 10/14/2008 to Gleason,   et al.

Title: Real-time load current detecting circuit for CPU
Patent Number: 7,436,189 Issued on 10/14/2008 to Pai,   et al.

Title: System and method for improving time domain processed sensor signals
Patent Number: 7,436,188 Issued on 10/14/2008 to Taenzer

Title: Highly integrated logging tool
Patent Number: 7,436,185 Issued on 10/14/2008 to Fredette,   et al.

Title: Well logging apparatus for obtaining azimuthally sensitive formation resistivity measurements
Patent Number: 7,436,184 Issued on 10/14/2008 to Moore

Title: Fast continuous moving bed magnetic resonance imaging with multiple stationary receive coils for sense reconstruction
Patent Number: 7,436,178 Issued on 10/14/2008 to Keupp,   et al.

Title: Magnetic resonance imaging using adaptive phase encoding gradient
Patent Number: 7,436,176 Issued on 10/14/2008 to Hertz,   et al.

Title: Rotation angle detector having detection heads disposed perpendicular to a rotor
Patent Number: 7,436,174 Issued on 10/14/2008 to Shiraga,   et al.

Title: Angular speed detecting device using dual angular position signals to reduce noise
Patent Number: 7,436,172 Issued on 10/14/2008 to Matsumoto,   et al.

Title: Mechanical stress characterization in semiconductor device
Patent Number: 7,436,169 Issued on 10/14/2008 to Chan,   et al.

Title: Direct digital synthesizer producing a signal representing an amplitude of a sine wave
Patent Number: 7,436,166 Issued on 10/14/2008 to Solbrig

Title: Device for measuring very short current pulses
Patent Number: 7,436,165 Issued on 10/14/2008 to Ouvrier-Buffet,   et al.

Title: DC-DC converter
Patent Number: 7,436,163 Issued on 10/14/2008 to Katoh

Title: Buck converter having improved transient response to load step down
Patent Number: 7,436,162 Issued on 10/14/2008 to Walters

Title: Half bridge adaptive dead time circuit and method
Patent Number: 7,436,160 Issued on 10/14/2008 to Rusu,   et al.

Title: Compound power supply
Patent Number: 7,436,159 Issued on 10/14/2008 to Wochele

Title: Solid acid catalyst, production method thereof, and method for hydrodesulfurizing and isomerizing light hydrocarbon oil using the same
Patent Number: 6,737,380 Issued on 05/18/2004 to Watanabe,   et al.

Title: Motor starting switch
Patent Number: 6,737,599 Issued on 05/18/2004 to Lewis

Title: EDM apparatus and method incorporating combined electro-erosion and mechanical sawing features
Patent Number: 6,737,602 Issued on 05/18/2004 to Stelter

Title: Integrated switch bank
Patent Number: 6,737,596 Issued on 05/18/2004 to Hein

Title: High-speed programmable read-only memory (PROM) devices
Patent Number: 6,861,714 Issued on 03/01/2005 to Lee,   et al.

Title: Electrical box assembly
Patent Number: 6,737,576 Issued on 05/18/2004 to Dinh

Title: Detectable cable tape
Patent Number: 6,737,574 Issued on 05/18/2004 to Sylvia,   et al.

Title: Molding device inserts
Patent Number: 7,192,266 Issued on 03/20/2007 to Gallant,   et al.

Title: Method for reproducing digital information and digital information recording or reproducing device
Patent Number: 7,194,588 Issued on 03/20/2007 to Yoshida,   et al.

Title: Needle protection device for use with a vial
Patent Number: 6,951,551 Issued on 10/04/2005 to Hudon

Title: Child resistant lighter
Patent Number: 6,764,299 Issued on 07/20/2004 to Adams,   et al.

Title: Electrically conductive timing belt
Patent Number: 6,770,004 Issued on 08/03/2004 to Lofgren,   et al.

Title: Method and system for closed loop power control in wireless systems
Patent Number: 6,944,470 Issued on 09/13/2005 to Qian,   et al.

Title: Internet-based database report writer and customer data management system
Patent Number: 7,152,200 Issued on 12/19/2006 to Albert,   et al.

Title: Method and device for heating preform
Patent Number: 6,906,290 Issued on 06/14/2005 to Miyazawa,   et al.

Title: Method and system for on-line monitoring of bearing insulation in an electrical generator
Patent Number: 6,799,125 Issued on 09/28/2004 to Lau,   et al.

Title: Method for optimizing energy in a vehicle/train with multiple drive units
Patent Number: 6,799,096 Issued on 09/28/2004 to Franke,   et al.

Title: Method and system for monitoring tire pressure in vehicles equipped with anti-lock braking systems
Patent Number: 6,799,129 Issued on 09/28/2004 to Schmidt,   et al.

Title: Calibration of a loss of signal detection system
Patent Number: 6,799,131 Issued on 09/28/2004 to Steiner,   et al.

Title: Appliance supply distribution, dispensing and use system method
Patent Number: 6,799,085 Issued on 09/28/2004 to Crisp, III

Title: Identification system for mobile transceivers
Patent Number: 6,799,051 Issued on 09/28/2004 to Fattouche

Title: Measurement system for sampling a signal and evaluating data representing the signal
Patent Number: 6,799,128 Issued on 09/28/2004 to Duff,   et al.

Title: Unified systems and methods for controlling use and operation of a family of different treatment devices
Patent Number: 6,783,523 Issued on 08/31/2004 to Qin,   et al.

Wireless LAN intrusion detection based on location Number:7,426,383 from the United States Patent and Trademark Office (PTO) owispatent

Home    Author Login    Submit Article    Article Search    Add Your Link    Edit Your Link    Contact Us    Advertising    Disclaimer

   

 
Web LinkGrinder.com

Top Breaking News
     Greek, Cypriot Leaders Resume Unification Talks in Nicosia by Nathan Morley
     Indonesia Tobacco Sales Grow, Raising Health Fears
     South Korea Allows Top Defector to Travel Overseas by VOA News

Title: Wireless LAN intrusion detection based on location

Abstract: A intrusion detection method is disclosed for use in a wireless local area data communications system, wherein mobile units communicate with access points, and wherein the system is arranged to locate transmitters using signals transmitted by the transmitters. A database relating authorized transmitters to location is maintained. Selected signals are detected at the access points and location data corresponding to the selected signals for use in locating a source of the signals is recorded. The source location is determined using the location data, and the source location is compared to a corresponding location in the database. An alarm is signaled if the source location is inconsistent with the corresponding database location.

Patent Number: 7,426,383 Issued on 09/16/2008 to Wang,   et al.

Inventors: Wang; Huayan Amy (Hauppague, NY), Goren; Dave (Smithtown, NY), Sharony; Jacob (Dix Hills, NY), Willins; Bruce (East Northport, NY)
Assignee: Symbol Technologies, Inc. (Holtsville, NY)
Appl. No.: 10/744,026
Filed: December 22, 2003

Current U.S. Class: 455/411 ; 455/410
Current International Class: H04M 1/66 (20060101)
Field of Search: 455/410,411

References Cited [Referenced By]
U.S. Patent Documents
2003/0195814 October 2003 Striemer
Primary Examiner: Parthasarathy; Pramila
Attorney, Agent or Firm: Fay Kaplun & Marcin, LLP
Claims


We claim:

1. In a wireless local area data communications system, wherein mobile units communicate with access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, a method for detecting unauthorized signals, comprising: maintaining a database relating authorized transmitters to location; detecting selected signals at said access points and recording location data corresponding to said signals for use in locating a source of said signals; locating said source using said location data; comparing said source location to a corresponding location in said database; and signaling an alarm if said source location is inconsistent with said corresponding database location.

2. A method as specified in claim 1 wherein said selected signal is a signal transmitted by a mobile unit and wherein said source location is compared to a location for said mobile unit in said database.

3. A method as specified in claim 2 wherein said selected signal is an association request signal.

4. A method as specified in claim 2 wherein said signal is an Extensible Authentication Protocol over LAN ("EAPoL") signal.

5. A method as specified in claim 1, wherein additional locating devices are used to detect said selected signals to improve the accuracy of the locating of said source.

6. A method as specified in claim 1 wherein said selected signal is a signal type transmitted by an access point, and wherein said source location is compared to a location for said access point.

7. A method as specified in claim 6 wherein said selected signal is a management/control signal.

8. A method as specified in claim 6 wherein said signal is a beacon signal.

9. A method as specified in claim 6 wherein said signal is a de-authorization or de-authentication signal.

10. A method as specified in claim 6 wherein said signal is a disassociation signal.

11. A method as specified in claim 6 wherein said signal is an Extensible Authentication Protocol over LAN ("EAPoL") signal.

12. In a wireless local area data communications system, wherein mobile units communicate with access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, a method for detecting unauthorized signals, comprising: maintaining a database relating authorized transmitters to location, said database further comprising MAC information; detecting selected signals at said access points and recording location data corresponding to said signals for use in locating a source of said signals; locating said source using said location data; comparing said source location to a corresponding location in said database; extracting a MAC address from said source location; comparing said MAC address with MAC information in said database; and signaling an alarm if analysis of said source location and said MAC address suggest possible unauthorized network access.

13. A method as specified in claim 12 wherein said analysis indicates that said MAC address is inconsistent with MAC information relating to substantially the same location.

14. A method as specified in claim 12 wherein said analysis indicates that said MAC address is located at more than one location.

15. In a wireless local area data communications system, wherein mobile units communicate with access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, a method for detecting unauthorized signals, comprising: maintaining a database relating to allowed locations; detecting selected signals at said access points and recording location data corresponding to said signals for use in locating a source of said signals; locating said source using said location data; comparing said source location to the allowed locations in said database; and signaling an alarm if said source location is not within said allowed locations.

16. A method as specified in claim 15, wherein said allowed locations correspond to locations which are authorized locations for mobile units.

17. A method as specified in claim 15, wherein said allowed locations correspond to locations which are physically feasible locations for mobile units.

18. A method as specified in claim 15, wherein said allowed locations correspond to locations which are unobstructed by structures.

19. A method as specified in claim 15, wherein additional locating devices are used to detect said selected signals to improve the accuracy of the locating of said source.

20. In a wireless local area data communications system, wherein mobile units communicate with a first and second access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, and further wherein said first and second access points are located substantially within proximity such that under normal conditions they detect signals transmitted by same said transmitters, a method for detecting unauthorized signals, comprising: detecting selected signals at said first access point and recording location data corresponding to said signals for use in locating a source of said signals; and signaling an alarm if said signals are not detected at said second access point.

21. In a wireless local area data communications system, wherein mobile units communicate with access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, a method for detecting unauthorized signals, comprising: maintaining a database comprising network data traffic information; detecting selected signals at said access points and recording location data corresponding to said signals for use in locating a source of said signals; locating said source using said location data; monitoring said selected signals to determine network data traffic characteristics at said source location; comparing said determined network data traffic characteristics to information in said database; and signaling an alarm if said determined network data traffic characteristics at said source location is inconsistent with information in said database.

22. In a wireless local area data communications system, wherein mobile units communicate with access points, and wherein said system is arranged to locate transmitters using signals transmitted by said transmitters, a method for detecting unauthorized signals, comprising: maintaining a database relating authorized transmitters to location; detecting selected signals by one or more mobile units and recording location data corresponding to said signals for use in locating a source of said signals; locating said source using. said location data; comparing said source location to a corresponding location in said database; and signaling an alarm if said source location is inconsistent with said corresponding database location.
Description


BACKGROUND OF INVENTION

The present invention relates to wireless local area networks, and particular to such networks as include arrangements for locating mobile units based on signals transmitted by the mobile units. In particular the invention relates to methods for detecting unauthorized access or attempted access to the wireless local area network.

The use of mobile data communications systems to perform location functions for locating mobile units is described in articles entitled Enhancements to the User Location and Tracking System, by Paramvir Bahl and Venkata N. Padmanabhan, and User Location and Tracking in an In-Building Radio Network, Microsoft Technical Report MSR-TR-99-12, dated February 1999, by the same authors, both published by Microsoft Research. As described therein signal strength of signals of the wireless data communications system, such as a system using the protocol of IEEE Standard 802.11, are used for locating mobile units within an area serviced by the system. Other techniques for locating mobile units using the wireless data communications systems or other location system are possible.

In co-pending application Ser. No. 09/528,697, filed Mar. 17, 2000, which is owned by the assignee of the present application and incorporated herein by reference, there is described a system which follows the protocol of IEEE Standard 802.11, but which uses a combination of RF Ports (also called "access ports") and Cell Controllers to perform the functions of Access Points of a classical 802.11 data communications system. Lower level MAC functions are performed by the RF Ports and higher level MAC functions, including association and roaming functions, are performed by the cell controller. The term "access point" as used herein is intended to include conventional access points, such as those which follow the protocol of IEEE Standard 802.11 and perform all MAC functions, as well as RF Ports operating with cell controllers, as described in the incorporated co-pending application.

It is an object of the present invention to provide a method for detecting unauthorized access or attempted access to such systems based on the location of a transmitter sending selected signals, which may be part of an attempt for unauthorized access.

SUMMARY OF THE INVENTION

In accordance with the invention there is provided a method for use in a wireless local area data communications system, wherein mobile units communicate with access points, and wherein the system is arranged to locate transmitters using signals transmitted by the transmitters. A database relating authorized transmitters to location is maintained. Selected signals are detected at the access points and location data corresponding to the selected signals for use in locating a source of the signals is recorded. The source is located using the location data, and the source location is compared to a corresponding location in the database. An alarm is signaled if the source location is inconsistent with the corresponding database location.

The selected signal may be a signal transmitted by a mobile unit and the source location is compared to a location for the mobile unit in the database. The selected signal may be an association request signal. Where the selected signal is a signal type transmitted by an access point, the source location is compared to a location for the access point. The selected signal may be a management/control signal, a beacon signal, a disassociation or a de-authentication signal.

For a better understanding of the present invention, together with other and further objects thereof, reference is made to the following description, taken in conjunction with the accompanying drawings, and its scope will be pointed out in the appended claims.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating a wireless local area network in which the method of the present invention may be practiced.

DESCRIPTION OF THE INVENTION

Referring to FIG. 1 there is shown a wireless local area network 10 having a server 12 connected over a wired network 14 to a plurality of access points 16. Network 10 may operate according to a standard protocol, such as IEEE Standard 802.11 to provide wireless network data communications between mobile units 18 and server 12. Mobile units 18 may be any IEEE 802.11 wireless station, and need not necessarily be movable or portable for purposes of the present invention. In addition, as described in the referenced Microsoft articles, System 10 additionally includes provisions for determining the location of mobile units, for example by their signal strength or other techniques, such as time of arrival. The method of the present invention may be carried out in server 12, or may be carried out in a dedicated intrusion server 22.

Server 10 has the capability to determine location of signal sources using signal characteristic data captured by access points 16 and provided as data to server 12 in association with received packets. Server 12 determines the location of the mobile unit that sent the packet using the signal characteristic data and stores the location in a database 21. While location determination functions usually are implemented to determine the location of mobile units 18, the location of which may change, there is no reason the signals from access points 16 cannot be received by other access points and provided with signal characteristics to server 12 for purposes of assuring that signals usually sent by an access point are in fact being sent by an access point and not being sent by an intruder device 20 which is seeking access to the system 10. Similarly, in another embodiment of a system according to the present invention, trusted mobile units or wireless stations of a type similar to mobile units 18 may be used to ascertain the location of access points.

In one intrusion scenario an intruder 20, known as the man-in-the-middle observes data communications between an access point 16 and an associated mobile unit 18. The intruder 20 thereafter replicates signals between the access point and the mobile unit 18, first sending a disassociation or de-authorization signal to the mobile unit 18, replicating the access point 16, and thereafter replicating the mobile unit 18 to communicate with the access point 16. This attack is facilitated by the fact that network management/control signals are not encrypted.

In accordance with the invention, selected signals received by access points 16 are subjected to location determination to determine if the signal originated from an authorized user of the system. Signals selected for this location determination would include, for example network management signals, including signals usually sent by an access point 16 such as beacon signals.

Some signals that may be subjected to location determination are authorization or association requests sent from a mobile unit 18. The location of origin for such signals can be compared to the last recorded location for the mobile unit 18 in the location database 21. If the mobile unit 18 is determined to be at a location that is an unlikely distance from its last determined location, as recorded in the database, an exception can be signaled to the system operator alerting the operator to a possible intrusion.

With respect to signals usually originated by access points 16, such as management/control signals, including beacon signals, de-authorization signals and disassociation signals, the other access points 16 in the system can record and pass the signal characteristic data to the server 12 so that the location of the signal source can be determined and compared to a known location for the access point identified in the signal. If the determined location is inconsistent with the known location, there may be an intrusion attempt, and an alert can be issued.

In another intrusion scenario, an intruder 20 may utilize spoofed EAPoL (Extensible Authentication Protocol, sent over IEEE 802 LANs) signals. These signals may include EAPoL-Start, EAPoL-Accept, EAPoL-Reject, and other EAPoL packets which may be used in authentication. In a similar manner as described above, a server 22 according to the present invention may compare the location of intruder 20 to authorized mobile units to a corresponding location in the database. An alarm can then is signaled if the intruder EAPoL signal source location is inconsistent with the corresponding database location.

In a different type of intrusion scenario, an intruder 20 may use spoofed MAC addresses. In one scenario, an intruder may utilize the same MAC address from different spatial locations. A system according to the present invention may be configured to read location information to determine the source, and may additionally extract the source MAC address. If a signal originates from a MAC address which is not new, but which is at a substantially different location from the most recent location of the same MAC address, it may be deduced that the intruder 20 is spoofing a legitimate MAC address, possibly to hijack a session. If such a situation is detected by comparing the location information and MAC addresses, the appropriate alarm may be generated. Likewise, an intruder 20 may use constantly changing MAC addresses from the same source. This scenario can be detected in a similar manner as that described above, by extracting the MAC address from the transmitted signal source, and then comparing the location information with other recent transmission locations. If a location is a substantial match to a location of recent transmission, but with a different MAC address, an alarm may be signaled.

Another exemplary embodiment of a system and method according to the present invention may be used to detect other intrusion scenarios. For example, an intruder 20 may utilize a directional antenna to evade real-time location-based security measures, such as those described above. In an exemplary scenario, a directional antenna utilized by intruder 20 might cause a signal to be received by only one or a limited number of access points 20, such that the location of intruder 20 may not be accurately determined. In an embodiment of the present invention, where such a situation is detected--i.e., a signal is received only by a limited number of access points located in a given vicinity--the signal may be flagged as suspicious. This determination may be made based on various data or the meeting of a given threshold, possibly after a predetermined number of transmissions from the source location, or if a certain number of receivers in the vicinity fail to receive the signal, etc. In any event, once flagged, the appropriate alarm may be triggered.

The present invention may also be used to identify network intruders based on source location of signal transmission. For example, in a secure facility, a database may be kept which includes information about the layout of the facility. This information may include, e.g., locations of outer boundaries of the facility. In the event that an intruder 20 attempts to access the network from outside a predetermined allowable boundary, e.g., the walls of the secure facility, an alarm may be signaled.

Similarly, location of the signal source may be used to identify suspicious transmission locations, e.g., from an area in the facility which is the interior of a wall or structure, or some other location from which it would be impossible for a mobile unit 18 to transmit. The detection of such conditions might be the result of unauthorized tampering and could suggest a possible intruder scenario. Likewise, location data for a moving mobile unit 18 may be recorded and analyzed to track suspicious movements, e.g., through a path which is otherwise obstructed by walls or other structures. Further still, a mobile unit 18 may be configured to move only along a predetermined, authorized path. An alarm may be signaled where mobile unit 18 deviates from such authorized path. Any of these described methods may be used to identify possible intruders within the scope of the present invention.

In another exemplary embodiment of the present invention, another criteria for detection of network intruders may be network traffic. The present invention may be used to monitor traffic conditions at particular times and/or locations, and any abnormal activity may be flagged. This abnormal activity may include higher than normal network traffic from a particular location, lower than normal network traffic, commands sent from unusual locations, or applications being executed by a mobile unit 18 from a particular location and which is not normally executed from that location.

In another exemplary embodiment of a system and method according to the present invention, additional dedicated locating devices may be added, in addition to or in lieu of access points 14, to increase the density of receivers for locating source signals, thus improving accuracy of the determined location. These devices may be 802.11 receiver-only devices, or some other type of device capable of receiving the transmitted source signals. The improved accuracy which such an arrangement could provide may be especially critical in certain intrusion detection scenarios--for example, to correctly detect signals transmitted from near the boundary of a predefined allowed mobile unit area (e.g., near a wall dividing the inside/outside of a secure mobile facility).

While the foregoing described exemplary embodiments may preferably be configured such that access points perform the required location detection functions (infrastructure-based), the present invention is not limited to such configurations. Other configurations, e,g, wherein a trusted mobile unit or other wireless station performs location detection functions (mobile-based), are also within the scope of the present invention.

While there have been described what are believed to be the preferred embodiments of the present invention, those skilled in the art will recognize that other and further changes and modifications may be made thereto without departing from the spirit of the invention, and it is intended to claim all such changes and modifications as fall within the true scope of the invention.

*


Free Web Sudoku Puzzles.
Solve with your browser.
9       3     6 2
  4     5 2 3    
3                
      5     4    
6 9   7   1   2 8
    4     8      
                6
    8 3 2     9  
7 6     8       4
What is it?



Add Your Site · Terms Of Service · Privacy Policy


DISCLAIMER
Linkgrinder is a free service that searches the Internet and indexes all files found so that you may search quickly and easily for shared files. These files are created and made available individually by users whose identity we are not aware of and who we have no control over. In essence we function like a search engine tool; these files ARE NOT STORED OR SERVED BY OUR NETWORK. We are not responsible for any materials obtained by using our service. We do not monitor any of the contents of these files. These files may contain viruses, illegal materials, materials inappropriate for minors, offensive files and the like. BY USING OUR SERVICE, YOU ASSUME FULL RESPONSIBILITY FOR DOWNLOADING THESE MATERIALS AND WILL INDEMNIFY US FOR ANY DAMAGES THAT MAY BE INCURRED.

For More Specific Information VIEW OUR TERMS OF SERVICE.

Thank you and Enjoy!