公开(公告)号：US08533832B2

公开(公告)日：2013-09-10

申请号：US13455474

申请日：2012-04-25

申请人： Nancy Cam Winget ,  Mark Krischer ,  Sheausong Yang ,  Ajit Sanzgiri ,  Timothy Olson ,  Pauline Shuen

发明人： Nancy Cam Winget ,  Mark Krischer ,  Sheausong Yang ,  Ajit Sanzgiri ,  Timothy Olson ,  Pauline Shuen

IPC分类号： H04L29/06

CPC分类号： H04W12/04 ,  H04L41/00 ,  H04L63/062 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L63/126 ,  H04L63/1408 ,  H04W12/10 ,  H04W12/12 ,  H04W84/12 ,  H04W88/08

摘要： A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

公开(公告)号：US20090235077A1

公开(公告)日：2009-09-17

申请号：US12430375

申请日：2009-04-27

申请人： Nancy Cam Winget ,  Mark Krischer ,  Sheausong Yang ,  Ajit Sanzgiri ,  Timothy Olson ,  Pauline Shuen

发明人： Nancy Cam Winget ,  Mark Krischer ,  Sheausong Yang ,  Ajit Sanzgiri ,  Timothy Olson ,  Pauline Shuen

IPC分类号： H04L9/32 ,  G06F21/20 ,  H04W4/00

CPC分类号： H04W12/04 ,  H04L41/00 ,  H04L63/062 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L63/126 ,  H04L63/1408 ,  H04W12/10 ,  H04W12/12 ,  H04W84/12 ,  H04W88/08

摘要： A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

摘要翻译： 基于检测的无线网络防御。 基础设施的元件，例如接入点或仅扫描接入点，通过检测欺骗性帧（例如从流氓接入点）来检测入侵者。 接入点包括诸如消息完整性检查之类的签名，以及其管理帧的方式使得相邻接入点能够验证管理帧，并且检测被欺骗的帧。 当相邻接入点接收到管理帧时，获取发送帧的接入点的密钥，并使用密钥验证管理帧。

公开(公告)号：US20050141498A1

公开(公告)日：2005-06-30

申请号：US11029987

申请日：2005-01-05

申请人： Nancy Cam Winget ,  Mark Krischer ,  Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Sheausong Yang

发明人： Nancy Cam Winget ,  Mark Krischer ,  Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Sheausong Yang

IPC分类号： H04L12/24 ,  H04L12/28 ,  H04L12/56 ,  H04L29/06

CPC分类号： H04W12/04 ,  H04L41/00 ,  H04L63/062 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L63/126 ,  H04L63/1408 ,  H04W12/10 ,  H04W12/12 ,  H04W84/12 ,  H04W88/08

摘要： A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

摘要翻译： 基于检测的无线网络防御。 基础设施的元件，例如接入点或仅扫描接入点，通过检测欺骗性帧（例如来自恶意访问点）来检测入侵者。 接入点包括诸如消息完整性检查之类的签名，以及其管理帧的方式使得邻近接入点能够验证管理帧，并且检测被欺骗的帧。 当相邻接入点接收到管理帧时，获取发送帧的接入点的密钥，并使用密钥验证管理帧。

公开(公告)号：US07558960B2

公开(公告)日：2009-07-07

申请号：US11029987

申请日：2005-01-05

申请人： Nancy Cam Winget ,  Mark Krishcer ,  Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Sheausong Yang

发明人： Nancy Cam Winget ,  Mark Krishcer ,  Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Sheausong Yang

IPC分类号： H04L9/00

CPC分类号： H04W12/04 ,  H04L41/00 ,  H04L63/062 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L63/126 ,  H04L63/1408 ,  H04W12/10 ,  H04W12/12 ,  H04W84/12 ,  H04W88/08

摘要： A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

摘要翻译： 基于检测的无线网络防御。 基础设施的元件，例如接入点或仅扫描接入点，通过检测欺骗性帧（例如从流氓接入点）来检测入侵者。 接入点包括诸如消息完整性检查之类的签名，以及其管理帧的方式使得相邻接入点能够验证管理帧，并且检测被欺骗的帧。 当相邻接入点接收到管理帧时，获取发送帧的接入点的密钥，并使用密钥验证管理帧。

公开(公告)号：US08191144B2

公开(公告)日：2012-05-29

申请号：US12430375

申请日：2009-04-27

申请人： Nancy Cam Winget ,  Mark Krishcer ,  Sheausong Yang ,  Ajit Sanzgiri ,  Timothy Olson ,  Pauline Shuen

发明人： Nancy Cam Winget ,  Mark Krishcer ,  Sheausong Yang ,  Ajit Sanzgiri ,  Timothy Olson ,  Pauline Shuen

IPC分类号： H04L29/06

CPC分类号： H04W12/04 ,  H04L41/00 ,  H04L63/062 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L63/126 ,  H04L63/1408 ,  H04W12/10 ,  H04W12/12 ,  H04W84/12 ,  H04W88/08

摘要： A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

摘要翻译： 基于检测的无线网络防御。 基础设施的元件，例如接入点或仅扫描接入点，通过检测欺骗性帧（例如从流氓接入点）来检测入侵者。 接入点包括诸如消息完整性检查之类的签名，以及其管理帧的方式使得相邻接入点能够验证管理帧，并且检测被欺骗的帧。 当相邻接入点接收到管理帧时，获取发送帧的接入点的密钥，并使用密钥验证管理帧。

公开(公告)号：US20060200862A1

公开(公告)日：2006-09-07

申请号：US11073317

申请日：2005-03-03

申请人： Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Nancy Winget ,  Pejman Roshan

发明人： Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Nancy Winget ,  Pejman Roshan

IPC分类号： G06F12/14

CPC分类号： H04W12/12 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/1466 ,  H04W48/08 ,  H04W48/16 ,  H04W88/08

摘要： Methods and apparatus are disclosed for locating and disabling the switch port of a rogue wireless access point. In one embodiment, a network management device is configured to detect the presence of a rogue access point on a managed wireless network. Once detected, the management device may then instruct a special client, such as a scanning AP, to associate with the rogue access point and send a discovery packet through the rogue access point to network management device. The network management device upon receiving the discovery packet may thereby determine that the rogue access point is connected to a network managed by said network device. The network device may then utilize information contained in the discovery packet to locate the switch port to which the rogue access point is connected, and ultimately disable the switch port to which the rogue access point is connected.

摘要翻译： 公开了用于定位和禁用流氓无线接入点的交换机端口的方法和装置。 在一个实施例中，网络管理设备被配置为检测被管理无线网络上的恶意接入点的存在。 一旦检测到，管理设备然后可以指示诸如扫描AP的特殊客户端与流氓接入点关联，并通过流氓接入点将发现分组发送到网络管理设备。 因此，网络管理装置在接收到发现分组时可以确定恶意接入点连接到由所述网络设备管理的网络。 然后，网络设备可以利用包含在发现分组中的信息来定位与恶意接入点连接的交换机端口，并且最终禁用与恶意接入点连接的交换机端口。

公开(公告)号：US07370362B2

公开(公告)日：2008-05-06

申请号：US11073317

申请日：2005-03-03

申请人： Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Nancy Winget ,  Pejman Roshan

发明人： Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Nancy Winget ,  Pejman Roshan

IPC分类号： G06F11/00 ,  G06F12/16

CPC分类号： H04W12/12 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/1466 ,  H04W48/08 ,  H04W48/16 ,  H04W88/08

摘要： Methods and apparatus are disclosed for locating and disabling the switch port of a rogue wireless access point. In one embodiment, a network management device is configured to detect the presence of a rogue access point on a managed wireless network. Once detected, the management device may then instruct a special client, such as a scanning AP, to associate with the rogue access point and send a discovery packet through the rogue access point to network management device. The network management device upon receiving the discovery packet may thereby determine that the rogue access point is connected to a network managed by said network device. The network device may then utilize information contained in the discovery packet to locate the switch port to which the rogue access point is connected, and ultimately disable the switch port to which the rogue access point is connected.

摘要翻译： 公开了用于定位和禁用流氓无线接入点的交换机端口的方法和装置。 在一个实施例中，网络管理设备被配置为检测被管理无线网络上的恶意接入点的存在。 一旦检测到，管理设备然后可以指示诸如扫描AP的特殊客户端与流氓接入点关联，并通过流氓接入点将发现分组发送到网络管理设备。 因此，网络管理装置在接收到发现分组时可以确定恶意接入点连接到由所述网络设备管理的网络。 然后，网络设备可以利用包含在发现分组中的信息来定位与恶意接入点连接的交换机端口，并且最终禁用与恶意接入点连接的交换机端口。

公开(公告)号：US20060114863A1

公开(公告)日：2006-06-01

申请号：US11000629

申请日：2004-12-01

申请人： Ajit Sanzgiri ,  Robert Meier ,  Bhawani Sapkota ,  Nancy Cam Winget

发明人： Ajit Sanzgiri ,  Robert Meier ,  Bhawani Sapkota ,  Nancy Cam Winget

IPC分类号： H04Q7/24

CPC分类号： H04W12/12 ,  H04L63/1466

摘要： A method for protecting a wireless network against spoofed MAC address attacks. A database is used for storing MAC address and user identity bindings. When a new request to access the network is received, the MAC address and user identity of the request is compared to the stored MAC address and user identity bindings. If a new request has an existing MAC address, but not the corresponding user identity, then the request will be denied. The bindings database contains the MAC Address, User identity bindings for wireless nodes and/or, for wired nodes. The MAC address, User identity bindings contained in the bindings database may be automatically learned or statically configured.

摘要翻译： 一种用于保护无线网络免遭欺骗的MAC地址攻击的方法。 数据库用于存储MAC地址和用户身份绑定。 当接收到访问网络的新请求时，请求的MAC地址和用户身份与存储的MAC地址和用户身份绑定进行比较。 如果新的请求具有现有的MAC地址，而不是相应的用户身份，则该请求将被拒绝。 绑定数据库包含MAC地址，无线节点和/或有线节点的用户身份绑定。 包含在绑定数据库中的MAC地址，用户身份绑定可以自动学习或静态配置。

公开(公告)号：US08909380B2

公开(公告)日：2014-12-09

申请号：US13751059

申请日：2013-01-26

申请人： Jonathan Golding ,  Ajit Sanzgiri

发明人： Jonathan Golding ,  Ajit Sanzgiri

IPC分类号： G05B13/00 ,  G05B15/00 ,  H05B37/02 ,  H05B37/00

CPC分类号： H05B37/02 ,  H05B37/00 ,  H05B37/0227 ,  H05B37/0254 ,  Y02B20/48

摘要： Methods, systems and apparatuses for controlling and managing a plurality of luminaires are disclosed. One method includes sensing, by a sensor of each of the plurality of luminaires, light received by the sensor, communicating, by a device, with the plurality of luminaires by a device through light pulses, commissioning and calibrating, by the device, the plurality of luminaires using the communication, and placing, by the device, at least one of the plurality of luminaires on a floor plan through the communication with light pulses, wherein the at least one of the plurality of luminaires identifies itself over a network.

摘要翻译： 公开了用于控制和管理多个灯具的方法，系统和装置。 一种方法包括通过多个灯具中的每一个的传感器感测由传感器接收的光，通过装置通过装置通过装置与装置通过装置与多个照明器通信，多个照明装置通过装置调试和校准多个 使用该通信的灯具，以及通过与光脉冲的通信，将所述多个照明器中的至少一个照明装置放置在平面图上，其中所述多个照明器中的至少一个通过网络识别自身。

公开(公告)号：US20130134886A1

公开(公告)日：2013-05-30

申请号：US13751059

申请日：2013-01-26

申请人： Jonathan Golding ,  Ajit Sanzgiri

发明人： Jonathan Golding ,  Ajit Sanzgiri

IPC分类号： H05B37/02

CPC分类号： H05B37/02 ,  H05B37/00 ,  H05B37/0227 ,  H05B37/0254 ,  Y02B20/48

摘要： Methods, systems and apparatuses for controlling and managing a plurality of luminaires are disclosed. One method includes sensing, by a sensor of each of the plurality of luminaires, light received by the sensor, communicating, by a device, with the plurality of luminaires by a device through light pulses, commissioning and calibrating, by the device, the plurality of luminaires using the communication, and placing, by the device, at least one of the plurality of luminaires on a floor plan through the communication with light pulses, wherein the at least one of the plurality of luminaires identifies itself over a network.

摘要翻译： 公开了用于控制和管理多个灯具的方法，系统和装置。 一种方法包括通过多个灯具中的每一个的传感器感测由传感器接收的光，通过装置通过装置通过装置与装置通过装置与多个照明器通信，多个照明装置通过装置调试和校准多个 使用该通信的灯具，以及通过与光脉冲的通信，将所述多个照明器中的至少一个照明装置放置在平面图上，其中所述多个照明器中的至少一个通过网络识别自身。