« PreviousContinue »
ENHANCED WIRELESS NETWORK
SECURITY USING GPS
This is a continuation of application Ser. No. 09/759,527, filedJan. 16,2001,nowissuedasU.S.Pat.No.7,058,358,the 5 disclosure thereof being incorporated herein by reference.
BACKGROUND OF THE INVENTION
1. Field of the Invention 10 This invention relates generally to wireless networks.
More particularly, it relates to improved security apparatus and techniques for wireless networks, particularly piconet type networks such as a BLUETOOTHTM conforming piconet network. 15
Conventional secured networks have been wired networks physically connecting a plurality of network devices. Such networks are conventionally secured with authorization of one or more passwords input by a user of a particular network 20 device.
A wired network connection affords a reasonable level of security in that the user must be inside a building to connect to the network. However, when expanding a network to include wireless connectivity, wireless connections to the network do not inherently have the same physical restrictions to access that wired connections do.
Piconet networks, or small, short range wireless networks, are being formed by more and more devices in many homes 3Q and offices. In particular, a popular piconet standard is commonly referred to as a BLUETOOTHTM piconet. Piconet technology in general, and BLUETOOTH technology in particular, provides peer-to-peer communications over short distances.
The wireless frequency of piconets may be 2.4 GHz as per BLUETOOTH standards, and/or typically have a 30 to 300 foot range. The piconet RF transmitter may operate in common frequencies which do not necessarily require a license from the regulating government authorities, e.g., the Federal 40 Communications Commission (FCC) in the United States. Alternatively, the wireless communication can be accomplished with infrared (IR) transmitters and receivers, but this is less preferable because of the directional and visual problems often associated with IR systems. 45
A plurality of piconet networks may be interconnected through a scatternet connection, in accordance with BLUETOOTH protocols. BLUETOOTH network technology may be utilized to implement a piconet wireless network connection (including scatternet). The BLUETOOTH standard for 50 piconet wireless networks is well known, and is available from many sources, e.g., from the web site www.bluetooth.com.
Short range wireless connections such as those offered by piconets in general, and BLUETOOTH conforming piconets 55 in particular, while having many advantages provided by wireless connectivity, also inherently have distinct disadvantages from wired connections. For instance, a person just outside the building, but still in range of the short range wireless network (e.g., 802.11, BLUETOOTH etc.) could 60 gain access to an internal wireless server from outside the building but still within the range of the short range wireless network.
FIG. 6 depicts an exemplary secured building 510 including a network of exemplary wireless devices 500, 502, with 65 connectivity access inadvertently provided to an unauthorized wireless device 504.
In particular, as shown in FIG. 6, an exemplary short range wireless network is established within the confines a building 510. In the given example, wireless connectivity is established between an entering wireless device, e.g., BLUETOOTH piconet device 502, or 802.11b compliant device, whereupon a password entered by a user of the entering wireless device 502 is authorized by a piconet security server 500. However, in the given example, an unauthorized wireless device 504 lurks outside the secured building, but within the short range of at least one wireless network device within the building, unbeknownst to the wireless network administrator. Unfortunately, while the unauthorized wireless device 504 may still be required to input a properly authorized password to allow access to resources on the wireless network, a first layer of security has already been breached by allowing the unauthorized wireless device 504 the ability to receive wireless transmissions in the short range wireless network.
In such a scenario, since connectivity access to the secured network may be obtained from a location outside of the secured building, the network security relies entirely on the password strategies for the particular network. However, this may be problematic in certain higher security applications because access may be gained external to the secured building using, e.g., stolen access codes.
Previous attempts to provide security to wired network devices included dial up access techniques using one or more passwords or even constantly changing passwords to prevent unauthorized access. However, dial up access techniques do not address specific challenges of wireless access to secure servers. Moreover, dial up security solutions in a wireless world would require all users inside the secured building to go through excessive security steps which simply add layers of password type strategies.
There is a need for an apparatus and technique which allows wireless devices, and in particular wireless BLUETOOTH piconet devices, to be implemented in secure environments allowing secure communications which prevent unauthorized communications within range of the piconet devices.
SUMMARY OF THE INVENTION
In accordance with the principles of the present invention, a wireless piconet device comprises a wireless piconet front end, and a GPS receiver in communication with the wireless piconet front end.
In accordance with another aspect of the present invention, a wireless piconet server comprises a wireless piconet front end. An earth coordinates authorization module determines authority of a received set of coordinates to gain access to a wireless network. Boundary coordinates correspond to a predetermined secured area for access to the wireless network.
A method of authorizing a wireless piconet network device to gain access to a wireless network in accordance with yet another aspect of the present invention comprises receiving a set of earth coordinates from the wireless piconet network device. The received set of earth coordinates are compared to predetermined boundaries of a secured area. If the received set of earth coordinates are within the predetermined boundaries of the secured area, the wireless piconet network device is authorized to gain access to the wireless network.
BRIEF DESCRIPTION OF THE DRAWINGS
Features and advantages of the present invention will become apparent to those skilled in the art from the following description with reference to the drawings, in which:
FIG. 1 depicts two piconet wireless network devices, one within a secured building permitted to have authorized access to the wireless network in the secured building, and another external to a secured building and not permitted to have authorized access to the wireless network in the secured 5 building, in accordance with the principles of the present invention.
FIG. 2 shows an exemplary piconet wireless network device including a BLUETOOTH piconet front end and Global Positioning System (GPS) receiver for providing location l o information for security authorization purposes, in accordance with the principles of the present invention.
FIG. 3 shows an exemplary wireless piconet security server capable of authorizing earth coordinates of another wireless network device and/or a password, in accordance with the 15 principles of the present invention.
FIG. 4 shows an exemplary process flow of authorization of a piconet wireless network device within defined absolute earth coordinates, in accordance with the principles of the present invention. 20
FIG. 5 shows another application of piconet wireless devices including GPS capability allowing exchange of certain data (e.g., business card data) when within a particularly defined region (e.g., conference room), in accordance with the principles of the present invention. 25
FIG. 6 depicts an exemplary secured building including a network of exemplary wireless devices, with connectivity access inadvertently provided to an unauthorized wireless device.
DETAILED DESCRIPTION OF ILLUSTRATIVE
The present invention relates to the automatic restriction of access to a wireless network (e.g., a wireless local area net- 35 work (LAN) such as a piconet network) by requiring a wireless network device to provide earth coordinates (e.g., GPS location information) as part of an establishment or maintenance of a connection to a wireless network, independent of a range of communication of any device in the wireless net- 40 work. Thus, in accordance with the principles of the present invention, a wireless piconet network device outside of predetermined earth coordinates of a secured area (e.g., a building, a room in a building, a desk in a room in a building, etc.) may be denied access to resources on the wireless network, 45 and/or required to provide additional authorization information so as to confirm authorized secured status of the entering wireless device.
FIG. 1 depicts two piconet wireless network devices, one within a secured building permitted to have authorized access 50 to the wireless network in the secured building, and another external to a secured building and not permitted to have authorized access to the wireless network in the secured building, in accordance with the principles of the present invention. 55
In particular, FIG. 1 shows the perimeter of a secured building 210, including a short range wireless (e.g., BLUETOOTH piconet) security server 200, and an authorized wireless piconet network device 100a. In accordance with the principles of the present invention, the authorized wireless 60 piconet network device 100a includes a Global Positioning Satellite (GPS) receiver 106a suitable for receiving information as a basis for determining earth coordinates of the relevant wireless piconet network device 100a.
The global positioning system (GPS) is a worldwide radio- 65 navigation system formed from a constellation of 24 satellites and their ground stations. GPS uses these "man-made stars"
as reference points to calculate positions accurate to a matter of meters. In fact, with advanced forms of GPS location measurements are achievable to better than one centimeter. In recent years, GPS receivers have been miniaturized to just a few integrated circuits and thus are becoming very economical. The GPS receivers 106a, 1066 shown in FIG. 1 are conventional. Information about GPS receivers is well known, and available, e.g., atwww.trimble.com/gps/howgps/ gpsfram2.htm, which in its entirety is explicitly incorporated herein by reference.
The GPS receiver 106a may be a separate module in communication with the piconet front end of the relevant wireless piconet network device 100a, or may be integrated within the wireless piconet network device 100a to reduce the chance of faking the coordinates.
In accordance with the principles of the present invention, the earth coordinates determined based on the GPS receiver 106a are forwarded to the piconet security server 200 or other network device to determine whether or not the earth coordinates forwarded by the wireless piconet network device 100a correspond to a secured area, e.g., to an area internal to the boundary defined by the four walls of the perimeter 210. Of course secured areas may include any shaped area, in both two- and three dimensions.
Also shown in FIG. 1 is an unauthorized wireless piconet network device 100a potentially attempting to communicate with devices in the wireless piconet network within the secured area defined internal to the perimeter 210. However, in accordance with the principles of the present invention, the unauthorized wireless piconet network device 1006 will determine either GPS coordinates which will not be within the secured areas coordinates stored in the piconet security server 200, or will be a network device which does not include a GPS receiver at all. In either case, authorization will be denied by devices within the wireless piconet network, and thus an additional level of security relating to physical location of the communicating wireless device will not have been breached, providing increased security protection.
The wireless piconet network device 100 may be virtually any device including a short range wireless front end (e.g., a BLUETOOTH piconet front end). For instance, the wireless piconet network device 100 may be, e.g., a computer, personal digital assistant (PDA), printer, scanner, cell phone, etc.
In accordance with the principles of the present invention, while a wireless piconet network device 100 attempts to gain access to a wireless network service (e.g., a BLUETOOTH compatible piconet printer, LAN access), the BLUETOOTH application in the wireless piconet network device 100 determines and then passes its earth coordinates (e.g., GPS location), typically accurate to a few meters (or even centimeters using Differential GPS), along with any other required authentication information to the wireless network, e.g., to the piconet security server 200. A suitable application in the relevant gatekeeper of the wireless network will determine whether or not the received GPS location is within a predefined secured, authorized access area. If the received GPS location is within the authorized access area, access is granted. If outside the authorized access area, access may be denied. Alternatively, if outside the authorized access area, further authentication information may be requested of the entering wireless piconet network device 100. Once authorized, a device may be permitted to wander outside the secured area, or not.
The authorized area may be defined in any suitable manner. For instance, it may be defined as internal to a particular perimeter 210 as shown in FIG. 1, or it may simply be a