公开(公告)号：US07339914B2

公开(公告)日：2008-03-04

申请号：US10931585

申请日：2004-08-31

申请人： Pravin Bhagwat ,  Shantanu Gogate ,  David C. King

发明人： Pravin Bhagwat ,  Shantanu Gogate ,  David C. King

IPC分类号： H04Q7/00 ,  G06F11/00

CPC分类号： G06F21/55 ,  H04L43/00 ,  H04L63/1416 ,  H04L69/16 ,  H04L69/161 ,  H04L69/163 ,  H04W12/00 ,  H04W12/08 ,  H04W12/12

摘要： An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus has a portable housing, which may have a length no greater than 1 meter, a width no greater than 1 meter, and a height of no greater than 1 meter. A processing unit (e.g., CPU) is within the housing. One or more wireless network interface devices are within the housing and are coupled to the processing unit. The apparatus has an Ethernet (or like) network interface device within the housing and coupled to the processing unit. A network connector is coupled to the Ethernet network device. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of a wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from at least one authorized device or at least an other device. A code is directed to receiving at least identity information associated with the wireless activity from the detection process in a classification process. A code is directed to labeling the identity information into at least one of a plurality of categories in the classification process. Depending upon the embodiment, other codes may exist to carry out the functionality described herein.

摘要翻译： 提供了一种包括自动入侵检测过程的无线通信装置。 该装置具有便携式外壳，其长度不得大于1米，宽度不大于1米，高度不得大于1米。 处理单元（例如，CPU）在壳体内。 一个或多个无线网络接口设备在壳体内并且耦合到处理单元。 该设备在外壳内具有以太网（或类似的）网络接口设备并且耦合到处理单元。 网络连接器耦合到以太网网络设备。 一个或多个存储器耦合到处理单元。 代码被指示执行用于检测所选局部地理区域内的无线活动的过程。 根据具体实施例，无线活动是从至少一个授权设备或至少另一个设备导出的。 代码针对在分类过程中从检测过程接收与无线活动相关联的至少身份信息。 代码用于将标识信息标记为分类处理中的多个类别中的至少一个。 根据实施例，存在其他代码以执行本文所描述的功能。

公开(公告)号：US07216365B2

公开(公告)日：2007-05-08

申请号：US11123848

申请日：2005-05-06

申请人： Pravin Bhagwat ,  Shantanu Gogate ,  David C. King

发明人： Pravin Bhagwat ,  Shantanu Gogate ,  David C. King

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G06F15/18 ,  G08B23/00

CPC分类号： H04W12/12 ,  H04L43/00 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1466 ,  H04L63/1475 ,  H04L69/16 ,  H04L69/161 ,  H04L69/163 ,  H04W8/26 ,  H04W12/06 ,  H04W84/04 ,  H04W84/12

摘要： A method for protecting local area networks within a selected local geographic region (e.g. office, apartment, building, coffee shop, hot-spot etc.) from wireless attacks, using a wireless sniffer apparatus. The method includes placing one or more wireless sniffer apparatus spatially to provide substantial radio coverage over at least a portion of the selected local geographic region comprising one or more local area networks. Moreover the method includes coupling one or more of the wireless sniffer apparatus to one or more of the local area networks.

摘要翻译： 使用无线嗅探装置从无线攻击中保护选定的本地地理区域（例如办公室，公寓，建筑物，咖啡店，热点等）内的局域网的方法。 该方法包括在空间上放置一个或多个无线嗅探装置，以在包括一个或多个局域网的所选择的局部地理区域的至少一部分上提供实质的无线电覆盖。 此外，该方法包括将无线嗅探装置中的一个或多个耦合到一个或多个局域网。

公开(公告)号：US07154874B2

公开(公告)日：2006-12-26

申请号：US11281133

申请日：2005-11-14

申请人： Pravin Bhagwat ,  Hemant Chaskar ,  David C. King ,  Jai Rawat

发明人： Pravin Bhagwat ,  Hemant Chaskar ,  David C. King ,  Jai Rawat

IPC分类号： H04Q7/24

CPC分类号： H04W12/12 ,  H04K3/65 ,  H04K3/86 ,  H04K3/94 ,  H04K2203/18 ,  H04L29/12028 ,  H04L29/12367 ,  H04L41/28 ,  H04L61/103 ,  H04L61/2514 ,  H04L63/102 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1466 ,  H04W12/06 ,  H04W12/08

摘要： A method for monitoring a selected region of an airspace associated with local area networks of computing devices is provided. The method includes providing one or more segments of a legacy local area network to be protected in a selected geographic region. The legacy local area network is characterized by an unsecured airspace within the selected geographic region. The method includes determining a security policy associated with the one or more segments of the legacy local area network. The security policy at least characterizes a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored. Additionally, the method includes connecting one or more sniffer devices into the legacy local area network. The one or more sniffer devices are spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy. Moreover, the method includes coupling a security appliance to the legacy local area network. The method also includes determining if at least one of the sniffer devices is coupled to each of the one or more segments of the legacy local area network to be protected and determining if the one or more sniffer devices substantially covers the portion of the unsecured airspace to be secured. The method additionally includes monitoring wireless activity in the airspace using the one or more sniffer devices, and automatically classifying, using a classification process, a portion of information associated with the monitoring of the wireless activity to at least determine if the wireless activity communicates to at least one of the one or more segments to be protected. Further, the method includes detecting a violation of the security policy based upon at least the classifying of the portion of the information from the monitoring of the wireless activity, and automatically processing an action associated with the violation in accordance to the security policy for the one or more segments in the legacy local area network to be protected.

公开(公告)号：US20060058062A1

公开(公告)日：2006-03-16

申请号：US11055880

申请日：2005-02-11

申请人： Pravin Bhagwat ,  Hemant Chaskar ,  Gopinath Krishnamurthy

发明人： Pravin Bhagwat ,  Hemant Chaskar ,  Gopinath Krishnamurthy

IPC分类号： H04M1/00

CPC分类号： H04W12/12 ,  H04L63/1433

摘要： According to an embodiment of the present invention, security exposure analysis of wireless network within a selected local geographic area is provided. A computer model of the selected local geographic region comprising a layout is generated. Information regarding wireless network components is provided to the computer model. Using the computer model, signal intensity characteristics of at least one of the wireless network components are determined over at least a portion of the selected geographic region. Based at least on the signal intensity characteristics, security exposure information associated with the wireless network is determined. The security exposure information is graphically displayed on the computer screen in relation to the layout of the selected geographic region. The security exposure information includes sniffer detection and prevention coverage, access point vulnerability regions, and signal uncertainty and variability views.

公开(公告)号：US07002943B2

公开(公告)日：2006-02-21

申请号：US10966353

申请日：2004-10-15

申请人： Pravin Bhagwat ,  Hemant Chaskar ,  David C. King ,  Jai Rawat

发明人： Pravin Bhagwat ,  Hemant Chaskar ,  David C. King ,  Jai Rawat

IPC分类号： H04Q7/28

CPC分类号： H04W12/12 ,  H04K3/65 ,  H04K3/86 ,  H04K3/94 ,  H04K2203/18 ,  H04L29/12028 ,  H04L29/12367 ,  H04L41/28 ,  H04L61/103 ,  H04L61/2514 ,  H04L63/102 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1466 ,  H04W12/06 ,  H04W12/08

摘要： A method for monitoring a selected region of an airspace associated with local area networks of computing devices is provided. The method includes providing one or more segments of a legacy local area network to be protected in a selected geographic region. The legacy local area network is characterized by an unsecured airspace within the selected geographic region. The method includes determining a security policy associated with the one or more segments of the legacy local area network. The security policy at least characterizes a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored. Additionally, the method includes connecting one or more sniffer devices into the legacy local area network. The one or more sniffer devices are spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy.

摘要翻译： 提供了一种用于监视与计算设备的局域网相关联的空域的选定区域的方法。 该方法包括提供要在所选择的地理区域中保护的传统局域网的一个或多个段。 遗留的局域网的特征在于所选地理区域内的无安全空域。 该方法包括确定与传统局域网的一个或多个段相关联的安全策略。 安全策略至少表征了无担保空域中允许，拒绝或忽略的一种无线活动。 此外，该方法包括将一个或多个嗅探器设备连接到传统局域网中。 一个或多个嗅探装置被空间地布置在所选择的地理区域内，以使至少一部分无担保空域根据安全策略得到固定。

公开(公告)号：US20060002331A1

公开(公告)日：2006-01-05

申请号：US11123848

申请日：2005-05-06

申请人： Pravin Bhagwat ,  Shantanu Gogate ,  David King

发明人： Pravin Bhagwat ,  Shantanu Gogate ,  David King

IPC分类号： H04Q7/00

CPC分类号： H04W12/12 ,  H04L43/00 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1466 ,  H04L63/1475 ,  H04L69/16 ,  H04L69/161 ,  H04L69/163 ,  H04W8/26 ,  H04W12/06 ,  H04W84/04 ,  H04W84/12

摘要： A method for protecting local area networks within a selected local geographic region (e.g. office, apartment, building, coffee shop, hot-spot etc.) from wireless attacks, using a wireless sniffer apparatus. The method includes placing one or more wireless sniffer apparatus spatially to provide substantial radio coverage over at least a portion of the selected local geographic region comprising one or more local area networks. Moreover the method includes coupling one or more of the wireless sniffer apparatus to one or more of the local area networks.

摘要翻译： 使用无线嗅探装置从无线攻击中保护选定的本地地理区域（例如办公室，公寓，建筑物，咖啡店，热点等）内的局域网的方法。 该方法包括在空间上放置一个或多个无线嗅探装置，以在包括一个或多个局域网的所选择的局部地理区域的至少一部分上提供实质的无线电覆盖。 此外，该方法包括将无线嗅探装置中的一个或多个耦合到一个或多个局域网。

公开(公告)号：US20050259611A1

公开(公告)日：2005-11-24

申请号：US10931585

申请日：2004-08-31

申请人： Pravin Bhagwat ,  Shantanu Gogate ,  David King

发明人： Pravin Bhagwat ,  Shantanu Gogate ,  David King

IPC分类号： H04L12/28 ,  H04L29/06 ,  H04W12/12 ,  H04Q7/00

CPC分类号： G06F21/55 ,  H04L43/00 ,  H04L63/1416 ,  H04L69/16 ,  H04L69/161 ,  H04L69/163 ,  H04W12/00 ,  H04W12/08 ,  H04W12/12

摘要： An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus has a portable housing, which may have a length no greater than 1 meter, a width no greater than 1 meter, and a height of no greater than 1 meter. A processing unit (e.g., CPU) is within the housing. One or more wireless network interface devices are within the housing and are coupled to the processing unit. The apparatus has an Ethernet (or like) network interface device within the housing and coupled to the processing unit. A network connector is coupled to the Ethernet network device. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of a wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from at least one authorized device or at least an other device. A code is directed to receiving at least identity information associated with the wireless activity from the detection process in a classification process. A code is directed to labeling the identity information into at least one of a plurality of categories in the classification process. Depending upon the embodiment, other codes may exist to carry out the functionality described herein.

摘要翻译： 提供了一种包括自动入侵检测过程的无线通信装置。 该装置具有便携式外壳，其长度不得大于1米，宽度不大于1米，高度不得大于1米。 处理单元（例如，CPU）在壳体内。 一个或多个无线网络接口设备在壳体内并且耦合到处理单元。 该设备在外壳内具有以太网（或类似的）网络接口设备并且耦合到处理单元。 网络连接器耦合到以太网网络设备。 一个或多个存储器耦合到处理单元。 代码被指示执行用于检测所选局部地理区域内的无线活动的过程。 根据具体实施例，无线活动是从至少一个授权设备或至少另一个设备导出的。 代码针对在分类过程中从检测过程接收与无线活动相关联的至少身份信息。 代码用于将标识信息标记为分类处理中的多个类别中的至少一个。 根据实施例，存在其他代码以执行本文所描述的功能。

公开(公告)号：US20050128989A1

公开(公告)日：2005-06-16

申请号：US10966353

申请日：2004-10-15

申请人： Pravin Bhagwat ,  Hemant Chaskar ,  David King ,  Jai Rawat

发明人： Pravin Bhagwat ,  Hemant Chaskar ,  David King ,  Jai Rawat

IPC分类号： G01S20060101 ,  H04K3/00 ,  H04L9/00 ,  H04L12/24 ,  H04L12/26 ,  H04L12/28 ,  H04L12/56 ,  H04L29/06 ,  H04L29/12 ,  H04W12/06 ,  H04W12/08 ,  H04W12/12

CPC分类号： H04W12/12 ,  H04K3/65 ,  H04K3/86 ,  H04K3/94 ,  H04K2203/18 ,  H04L29/12028 ,  H04L29/12367 ,  H04L41/28 ,  H04L61/103 ,  H04L61/2514 ,  H04L63/102 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1466 ,  H04W12/06 ,  H04W12/08

摘要： A method for monitoring a selected region of an airspace associated with local area networks of computing devices is provided. The method includes providing one or more segments of a legacy local area network to be protected in a selected geographic region. The legacy local area network is characterized by an unsecured airspace within the selected geographic region. The method includes determining a security policy associated with the one or more segments of the legacy local area network. The security policy at least characterizes a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored. Additionally, the method includes connecting one or more sniffer devices into the legacy local area network. The one or more sniffer devices are spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy. Moreover, the method includes coupling a security appliance to the legacy local area network. The method also includes determining if at least one of the sniffer devices is coupled to each of the one or more segments of the legacy local area network to be protected and determining if the one or more sniffer devices substantially covers the portion of the unsecured airspace to be secured. The method additionally includes monitoring wireless activity in the airspace using the one or more sniffer devices, and automatically classifying, using a classification process, a portion of information associated with the monitoring of the wireless activity to at least determine if the wireless activity communicates to at least one of the one or more segments to be protected. Further, the method includes detecting a violation of the security policy based upon at least the classifying of the portion of the information from the monitoring of the wireless activity, and automatically processing an action associated with the violation in accordance to the security policy for the one or more segments in the legacy local area network to be protected.

公开(公告)号：US09003527B2

公开(公告)日：2015-04-07

申请号：US13533674

申请日：2012-06-26

申请人： Pravin Bhagwat ,  Shantanu Gogate ,  David C King

发明人： Pravin Bhagwat ,  Shantanu Gogate ,  David C King

IPC分类号： H04L29/06 ,  G06F21/55 ,  H04L12/26 ,  H04W12/08 ,  H04W12/12 ,  H04W12/00

CPC分类号： G06F21/55 ,  H04L43/00 ,  H04L63/1416 ,  H04L69/16 ,  H04L69/161 ,  H04L69/163 ,  H04W12/00 ,  H04W12/08 ,  H04W12/12

摘要： The wireless activity in a geographic area containing LAN connection ports is monitored using one or more sensor devices, called sniffers. By analyzing said wireless activity, one or more APs that are operating in said geographic area are identified. The active APs so identified are classified into three categories, namely “authorized” APs (those that are allowed by network administrator), “unauthorized” APs (those that are not allowed by the network administrator, but are still connected to the LAN of interest) and “external” APs (those that are not allowed by network administrator but are not connected to the LAN of interest, for example APs connected to the neighbor's LAN) by conducting one or more tests. The sniffers detect any wireless station attempting to connect to or communicating with the one or more identified unauthorized APs. Upon identifying unauthorized AP and/or intruding wireless station an indication is transferred to the prevention process.

摘要翻译： 使用一个或多个称为嗅探器的传感器设备来监视包含LAN连接端口的地理区域中的无线活动。 通过分析所述无线活动，识别在所述地理区域中操作的一个或多个AP。 如此识别的活动AP被分为三类，即“授权”的AP（网络管理员允许的），“未经授权的”AP（网络管理员不允许但仍然连接到感兴趣的LAN ）和“外部”AP（网络管理员不允许但不连接到感兴趣的LAN，例如连接到邻居的LAN的AP）的“外部”AP（通过进行一个或多个测试）。 嗅探器检测尝试连接到或与一个或多个所识别的非授权AP通信的任何无线站。 在识别未经授权的AP和/或入侵无线站时，将指示传送到预防过程。

公开(公告)号：US20130117851A1

公开(公告)日：2013-05-09

申请号：US13533674

申请日：2012-06-26

申请人： Pravin Bhagwat ,  Shantanu Gogate ,  David C. King

发明人： Pravin Bhagwat ,  Shantanu Gogate ,  David C. King

IPC分类号： H04W12/00

CPC分类号： G06F21/55 ,  H04L43/00 ,  H04L63/1416 ,  H04L69/16 ,  H04L69/161 ,  H04L69/163 ,  H04W12/00 ,  H04W12/08 ,  H04W12/12

摘要： The wireless activity in a geographic area containing LAN connection ports is monitored using one or more sensor devices, called sniffers. By analyzing said wireless activity, one or more APs that are operating in said geographic area are identified. The active APs so identified are classified into three categories, namely “authorized” APs (those that are allowed by network administrator), “unauthorized” APs (those that are not allowed by the network administrator, but are still connected to the LAN of interest) and “external” APs (those that are not allowed by network administrator but are not connected to the LAN of interest, for example APs connected to the neighbor's LAN) by conducting one or more tests. The sniffers detect any wireless station attempting to connect to or communicating with the one or more identified unauthorized APs. Upon identifying unauthorized AP and/or intruding wireless station an indication is transferred to the prevention process.

摘要翻译： 使用一个或多个称为嗅探器的传感器设备来监视包含LAN连接端口的地理区域中的无线活动。 通过分析所述无线活动，识别在所述地理区域中操作的一个或多个AP。 如此识别的活动AP被分为三类，即“授权”的AP（网络管理员允许的），“未经授权的”AP（网络管理员不允许但仍然连接到感兴趣的LAN ）和“外部”AP（网络管理员不允许但不连接到感兴趣的LAN，例如连接到邻居的LAN的AP）的“外部”AP（通过进行一个或多个测试）。 嗅探器检测尝试连接到或与一个或多个所识别的非授权AP通信的任何无线站。 在识别未经授权的AP和/或入侵无线站时，将指示传送到预防过程。