[go: up one dir, main page]

WO2019166880A1 - Wireless lan monitoring using an access point - Google Patents

Wireless lan monitoring using an access point Download PDF

Info

Publication number
WO2019166880A1
WO2019166880A1 PCT/IB2019/000284 IB2019000284W WO2019166880A1 WO 2019166880 A1 WO2019166880 A1 WO 2019166880A1 IB 2019000284 W IB2019000284 W IB 2019000284W WO 2019166880 A1 WO2019166880 A1 WO 2019166880A1
Authority
WO
WIPO (PCT)
Prior art keywords
wireless
local area
gateway
user
area network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2019/000284
Other languages
French (fr)
Inventor
Kevin Fitzpatrick
Keith KREAGER
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
InterDigital CE Patent Holdings SAS
Original Assignee
InterDigital CE Patent Holdings SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by InterDigital CE Patent Holdings SAS filed Critical InterDigital CE Patent Holdings SAS
Publication of WO2019166880A1 publication Critical patent/WO2019166880A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services

Definitions

  • the present principles relate to a monitoring function of access points, specifically, they relate to a system to detect wireless device entry into a wireless local area network (WLAN) coverage area.
  • WLAN wireless local area network
  • broadband data gateways are commonly available as sophisticated routers / access points between wide area networks (WAN) and local area network (LAN) networks at the edge of the home network
  • WAN wide area networks
  • LAN local area network
  • a gateway could provide a user with information concerning the usage of home network resources.
  • information is not readily available to a user of the home gateway.
  • WLAN wireless local area network
  • One problem to be solved is how to provide a user, who may be absent from the premises with knowledge of wireless devices that have entered the WLAN controlled by the gateway.
  • Such a need also exists for access points for non-home access point use as well, such as business, government, or other private or non-private uses.
  • a method to monitor a wireless local area network of an access point includes receiving an instruction to monitor information concerning wireless devices that enter a coverage area of a wireless local area network. A determination is made if the information concerning any one of the wireless devices includes a received signal strength indication greater than a first threshold. A notification is provided based on the determination. A minimum received signal strength indication may be set as the first threshold by a user.
  • the method may include providing a report containing information concerning the wireless devices that entered the coverage area of the wireless local area network.
  • the report may include one or more of a media access control address, a time of entry and exit, a duration, a received signal strength indicator, and a number of access attempts of any wireless device that entered the coverage area of the wireless local area network of the access point.
  • the method may further include receiving an instruction to stop monitoring information concerning wireless devices that enter the coverage area.
  • a computer-readable storage medium has instructions, which when executed by a computer, cause the computer to carry out the method.
  • an apparatus includes an interface to a wireless local area network, and a processor in communication with the interface to the wireless local area network.
  • the processor may be configured to receive an instruction to monitor information concerning wireless devices that enter a coverage area of the wireless local area network.
  • the processor may be configured to determine if the information concerning any one of the wireless devices includes a received signal strength indication greater than a first threshold.
  • the processor may be further configured to provide a notification based on the determination.
  • the processor may be configured to receive an instruction to detect a wireless device that has a minimum received signal strength indication which may be set by a user.
  • the apparatus may be any one of a gateway, a modem, a laptop, a personal computer, a mobile phone, and a tablet. Any of the devices listed may be configured as an access point that performs the functions described herein.
  • the processor of the apparatus determines if a received signal strength indication is greater than a first threshold by comparing the received signal strength of a wireless device to a first threshold that may be established by a user of the wireless local area network.
  • the processor provides the notification, based on the determination, to a mobile device on a cellular network.
  • the processor may provide the notification to the mobile device on the cellular network via an internet protocol network interface that accesses the cellular network.
  • the processor of the apparatus may be further configured to provide a report that includes information concerning the wireless devices that entered the coverage area of the wireless local area network.
  • the report may include one or more of a media access control address, a time of entry and exit, a duration, a received signal strength indicator, and a number of access attempts of any wireless device that entered the wireless local area network of the apparatus.
  • the processor may be further configured to receive an instruction to stop monitoring information concerning wireless devices that enter the coverage area.
  • the processor may provide a report indicating parameters of the entry and exit of the coverage area of the WLAN of wireless devices regardless of whether the wireless devices are registered with the WLAN or not.
  • Figure 1 is a depiction of an environment in which aspects of the disclosure may operate
  • FIG. 2 is a mode diagram of a gateway having aspects of the disclosure
  • Figures 3 depicts an example flow diagram for a gateway type device having aspects of the disclosure.
  • FIG. 4 is a block diagram having aspects of the disclosure. DETAILED DISCUSSION OF THE EMBODIMENTS
  • the configuration disclosed herein is useful for data collection while a user is away from the premises. However, the configuration may also be used for data collection while the user is present at the premises of the gateway. Although a gateway is often referred to in the description herein, the configuration is useful for any access point having availability to a WLAN.
  • WiFiTM represents a technology for wireless local area networking with devices based on the IEEE 802.11 standards.
  • WiFiTM is a trademark of the Wi-Fi Alliance, which restricts the use of the term Wi-Fi Certified to products that successfully complete interoperability certification testing.
  • Devices that can use Wi-FiTM technology include personal computers, video-game consoles, phones and tablets, digital cameras, smart TVs, digital audio players and modem printers.
  • Wi-FiTM compatible devices can connect to the Internet via a WEAN and a wireless access point.
  • Wi-FiTM most commonly uses the 2.4 gigahertz UHF and 5.0 Gigahertz SHF ISM radio bands.
  • eavesdropping is more vulnerable to attack (called eavesdropping) than wired networks.
  • wireless local area network is used to describe the operational environment of interest.
  • a WEAN is a home WEAN where a WiFiTM compatible system is utilized.
  • WiFiTM wireless local area network
  • a home data gateway typically contains an access point / router with WEAN capability and can be configured according to aspects of the innovation to log information related to wireless devices that come within range of the home data gateway regardless of association with the home data gateway’s WLAN networks. This can be useful to identify client devices that may not be part of a home’s trusted list of client devices. As such, this can be used to identify an unknown user within the residential perimeter.
  • Typical gateway devices installed in a home for WAN access (either via DOCSIS technology or DSL for instance) support additional local network interfaces, such as Wi-Fi networks.
  • This technology contains features that allow for the identification of client devices in range of the WLAN network. Specific interest would be related to wireless devices, such as mobile wireless devices that are not expected to operate within the home gateway’s WLAN perimeter. This can be accomplished while the gateway user is present or while the user is away from the home wireless network.
  • the capability to initialize, enable/disable home monitoring and receive reports from the gateway is available via a Web-based graphical user interface (GUI) or a mobile application on a smartphone, tablet, or similar mobile device.
  • GUI graphical user interface
  • the Web-based GUI or mobile application interface via either the WAN or LAN interfaces to the data gateway.
  • the Web based GUI or mobile application is known as the mobile monitoring application.
  • the innovation transforms a physical entry or exit of a mobile device into and/or out of a WLAN coverage area into a representation and a characterization of the physical entry or exit.
  • the transformation of the physical entry or exit is a report, or logging, or notification of the physical entry or exit for practical use by a user who wishes to monitor entry and exit events in the WLAN.
  • FIG. 1 depicts an environment 100 in which the principles of the disclosure may operate.
  • a device such as a gateway 120, wirelessly connects to mobile devices, such as mobile devices 140, 160, and 170 via antennas 121 and 123.
  • mobile device could be a tablet, remote control, personal digital assistant (PDA), a laptop computer, a smart phone, and the like.
  • the wireless local area network (WLAN) created by the gateway 120 has a coverage area 132 defined by the complementary RF capabilities of the gateway and the WLAN devices. Coverage area 132 is shown as a dashed line.
  • wireless devices 160 and 170 are within the WLAN coverage area.
  • Wireless device 180 is outside of the wireless coverage area and cannot adequately access the WLAN resources.
  • the gateway 120 can detect the presence of wireless devices 160 and 170 via RF signals emitted from wireless antennas 165 and 175 respectively having emission via links 122 and 124 respectively. However, gateway 120 cannot detect the presence of wireless device 180 because it is shown to be outside of the WLAN coverage area 132. However, if the mobile device 180 were to move within the coverage area 132, then the gateway 120 could detect the presence of the wireless device 180 via emissions from antenna 185 and RF link 126 (shown as dashed link).
  • a reduced coverage area 130 for the WLAN may be defined by the user. This reduced coverage area reflects a minimum received signal strength indicator (RSSI) threshold coverage area and is further discussed below.
  • RSSI received signal strength indicator
  • a personal computer 125 connected via a local area network connection l25a.
  • the personal computer 125 can act as a display to permit a user to configure the gateway / access point 120 as well as to configure and program aspects of the disclosed innovation.
  • a graphical user interface is used to control and monitor the system described herein. Alerts and reports may be hosted by the personal computer 125 as well as other device of the WLAN and user.
  • the gateway 120 has a network interface to internet protocol (IP) network 110 for access to Internet resources external to the WLAN 130. Also shown is the interconnection of the IP network 115 to a cellular network interface 115, base station 117, and cell tower 190. This cellular interface is used in one aspect of the invention to allow the gateway 120 to communicate with a mobile device 140 via cellular RF link 195 and mobile device antenna 145. The mobile device 140 may also have privileges to communicate with the WLAN 130 of gateway 120 via WLAN link 128.
  • gateway 120 is labeled as a gateway, device 120 may also be a home or business device that has access point capability. Such an access point capable device may include, but not be limited to, a gateway, a modem, a laptop, a personal computer, a mobile phone, a tablet, and the like where the device 120 acts as an access point.
  • FIG. 2 depicts a mode diagram or sequence overview of the disclosure to identify operational aspects of the current innovation. Three sequences are indicated; an initialization phase, a monitoring phase, and a reporting phase. In the initialization phase, blocks 205 and 210 are relevant.
  • the initialization phase of specific interest in the current innovation is the monitoring and logging of unique client device identifiers.
  • the media access control (MAC) addresses are unique per wireless device and are an effective way of categorizing devices.
  • MAC addresses are unique per wireless device and are an effective way of categorizing devices.
  • a list of known MAC addresses can be established 205. This is generated from the MAC address list of all associated devices to the service set identifiers (SSIDs) of the home data gateway.
  • SSIDs service set identifiers
  • RSSI received signal strength indicator
  • WiFiTM Wireless Fidelity
  • RSSI is the relative received signal strength in a wireless environment, such as in a gateway’s WLAN.
  • RSSI is an indication of the power level being received by the receive radio after the antenna and possible cable loss. Therefore, the higher the RSSI number, the stronger the signal.
  • an RSSI value is represented in a negative form (e.g. -100), the closer the value is to 0, the stronger the received signal has been.
  • the home user would use the mobile monitoring application on their mobile device and walk around the perimeter of the household.
  • RSSI values would be collected at the home data gateway when the home user actively enables RSSI data collection on the mobile monitoring application. These RSSI samples would occur as needed to properly characterize the RSSI threshold for the perimeter of the residence where the gateway controls the WLAN. Once the lowest RSSI value is identified from the samples for the residence, this value can now be set as the RSSI threshold. The user can determine this threshold.
  • This RSSI threshold is known as the minimum household RSSI threshold. It is set by the user as a value that can be used as a user setting of the perimeter of the WLAN.
  • a user selects an RSSI value that is stronger than measured at the very edge of the WLAN, then the user chooses to set a strong level threshold that is an indication of a mobile device that is well within the WLAN coverage area. In contrast, if the user selects a RSSI value that represents an edge value of the WLAN, then the user chooses to set a weaker threshold value that is an indication of a mobile device that just barely entered the far edges of the WLAN coverage area.
  • the user can enable the home data gateway to be configured to allow for identification 215 of wireless devices that enter the coverage area of the WLAN.
  • This mode is enabled via the mobile monitoring application and this operating mode is known as monitor mode.
  • monitor mode For the purpose of identification only, when monitor mode is not enabled, the gateway is in a normal mode; that is, without the benefit of the current innovation.
  • the wireless network interface may be configured for promiscuous mode to allow for identification of wireless devices.
  • Wireless devices such as mobile WiFiTM devices, send out periodic probe requests.
  • the home data gateway is in promiscuous mode, it will perform a packet capture of the wireless device.
  • Promiscuous mode has the advantage of surveying all wireless devices, including Wi-FiTM devices regardless of whether the wireless device is a registered client device of the WLAN or has any association with the access point of the gateway. Specifically, if the wireless device has its wireless transceiver enabled, but even if it is not paired to the WLAN access point, then while in promiscuous mode, the home data gateway can perform wireless transmission packet captures of wireless device probe requests.
  • Promiscuous mode is the only time that an access point can capture all wireless packets. Typically, in normal operating mode, packets with destination MAC addresses that are not directed at the gateway are discarded. When in promiscuous mode, all packets regardless of destination MAC address can be analyzed by the gateway.
  • the home data gateway can be configured to be in a monitor mode with the intention of listening and recording 220 for all wireless devices that come within range of the WLAN network interface of the gateway. Since the list of trusted devices for a given residence is known, any MAC address that is not part of the trusted devices list is categorized as an untrusted device that has entered the WLAN coverage area.
  • an RSSI perimeter is established as described above in the initialization sequence 210.
  • the RSSI perimeter is generated to ensure that the wireless device that is detected within the WLAN is within reasonable proximity to the data gateway and to prevent false alarms.
  • the RSSI scale ranges from about -90 dBm to -25 dBm. While RSSI does not correlate directly to range, it can be used as a rough approximation to at least eliminate those wireless devices that statistically are unlikely to be within the home data gateway household perimeter. As described above, this RSSI value is known as the minimum RSSI household threshold. When in monitor mode, an untrusted wireless device is logged for future reporting if it exceeds the minimum RSSI household threshold. Logging includes the wireless device MAC address, the time the wireless probe was performed and the RSSI value measured.
  • the gateway When the gateway is in monitor mode and an untrusted device that is not part of the trusted device list comes into range that exceeds the minimum RSSI household threshold that wireless device MAC is logged (recorded) along with the time and the RSSI. This event can also trigger an alarm condition.
  • one or two reporting mechanisms are available. In a first reporting mechanism, a notification of the detection of a wireless device into the WLAN is communicated to a user device. This mechanism will send an immediate message to the mobile monitoring application of the gateway while in monitoring mode to indicate a wireless alarm condition occurred. This message includes the MAC address, the time and the RSSI. This first notification or detection condition can be reported to the user, from the gateway.
  • This communication can occur during the monitor mode where a notification is sent to a user’s mobile device, such as cellular phone 140 of Figure 1.
  • a notification is sent to a user’s mobile device, such as cellular phone 140 of Figure 1.
  • the user is alerted or notified via a monitoring GUI on the mobile device 140.
  • the notification can include the MAC address of the wireless device that has entered the WLAN and exceeded the minimum RSSI household threshold as well as the time of the event.
  • a duration of the event is detected and recorded so that the user can be notified when the wireless device leaves the WLAN and the RSSI of the wireless device that entered the WLAN falls below the minimum RSSI household threshold.
  • a user can disable the monitoring mode 225 of the present disclosure and enter a more robust reporting mode as depicted in Figure 2.
  • This disablement or exit of monitor mode 225 can occur via use of a GUI of a mobile device of the user or via a GUI of another interface device of the gateway, such as personal computer 125. This event allows the gateway to return to normal operations (not a monitor operating as in the current innovation). Event 225 may be considered optional.
  • a more robust reporting 230 of the wireless contacts detected during the previous monitor mode and the respective MAC address and RSSI measurements is processed and provided to the user after the exit event of 225 or after a user requests a full reporting.
  • the reporting can be provided to a user device, such as a mobile device or to the gateway user interface, such as personal computer 125.
  • This reporting is a summary report of all wireless alarm conditions. This report includes all the MAC addresses, times, durations, and RSSI values for each wireless alarm condition that occurred during monitoring mode. It is available via the mobile monitoring application and is available during“normal mode” of the gateway and after a monitoring mode session has ended.
  • FIG. 3 is a flow diagram of a method 300 that may be typical of a use of the disclosed innovation.
  • Method 300 is performed by a special purpose machine according principles of the disclosure.
  • the method starts at step 305 by obtaining a list of trusted client devices of the WLAN.
  • Trusted client devices are devices that have a registered authentication relationship to the gateway 120 controlling the WLAN 130.
  • Step 310 utilizes a user input to establish a perimeter of the WLAN for wireless signal detection purposes. This is the establishment of a minimum received signal strength indicator (RSSI) threshold.
  • RSSI received signal strength indicator
  • a user can establish a perimeter baseline 130 that is smaller than the full coverage area 132 that is possible with the WLAN. This smaller coverage area 130 is characterized with a minimum received signal strength indicator (RSSI) threshold that can be established by the user walking around the perimeter of the household. RSSI values of the mobile device held by the user would be collected at the home data gateway. These RSSI samples would occur as needed to properly characterize the RSSI threshold for the user-established perimeter 130 of the WLAN.
  • RSSI received signal strength indicator
  • RSSI received signal strength indicator
  • RSSI minimum received signal strength indicator
  • steps 305 and 310 need not be performed again unless a change to either the trusted devices or a minimum received signal strength indicator (RSSI) threshold is desired by the user.
  • RSSI received signal strength indicator
  • the gateway enters promiscuous mode based on a received instruction to begin monitoring and recording of wireless device entry into the WLAN that the gateway controls as an access point.
  • the gateway starts to detect media access control (MAC) addresses of any wireless device that enters the WLAN that the gateway controls.
  • MAC media access control
  • the gateway also detects the time of entry, the time of exit, and any WLAN access attempts, successful or not, that are made by the detected wireless device.
  • recording of wireless device detection includes all wireless contacts within the area of WLAN coverage. In another embodiment, to reduce the amount of data recorded, only untrusted device contacts are recorded.
  • the minimum received signal strength indicator (RSSI) threshold can be set via user interaction with the gateway and GUI on a mobile device or a GUI of a display device connected to the gateway.
  • the method 300 moves to step 330.
  • the detection event is recorded, and the user is notified of the presence of a wireless device that exceeded the RSSI minimum threshold.
  • the notification can take one or all of several forms.
  • the notification can be sent to a display device, such as display 125 connected to a local area network of the gateway. This may be accomplished and is useful if a user is available to see the notification on the GUI presented by the display device.
  • the notification is sent to a mobile device of the user.
  • the mobile device may be a cellular phone, such as mobile device 140 of Figure 1.
  • the gateway sends notification data through IP network 110 and through cell network interface 115.
  • the cell network interface then engages base station 117 and cell tower 190 to communicate on a cellular network to mobile device 140.
  • the mobile device 140 has the GUI that is compatible with the monitoring system of the gateway and is able to alert the user to the wireless device detection in the WLAN. This notification path is useful if the user is in a remote location compared to the location of the WLAN. By not using the WLAN network and frequencies, a notification to the user can be made without alerting the newly detected mobile device that its presence is known by the gateway and the user.
  • step 330 After a notification is provided that a wireless device has been detected entering the WLAN having an RSSI that exceeds the minimum received signal strength indicator threshold in step 330, then the method 300 continues to step 320 to continuing monitoring the WLAN for mobile devices.
  • a notification or alert can also be optionally provided to a user when the detected mobile device leaves the WLAN. This is detected by the intruding mobile device having a RSSI that falls below the minimum received signal strength indicator threshold.
  • step 325 if the RSSI of a mobile device that enters the network falls below the minimum received signal strength indicator threshold, or if no mobile device is detected, then the monitoring can continue to step 320 as before without the recording or notification actions of 330.
  • Step 335 determines if a report was requested. If a report was requested, step 335 moves the method to step 332 where an interim report is generated and sent to the user. During the reporting, promiscuous monitoring continues and step 332 moves to step 320. If an interim report request is not detected at step 335, the method moves to step 337. At step 337, a test is performed to detect if the user has requested an exit from promiscuous mode. [0039] If no request from the user is received, then the method proceeds from step 337 to step 320 to continue detecting wireless device entries into the WLAN area 130.
  • step 337 if the gateway receives an instruction to stop monitoring and recording information concerning wireless devices that enter a WLAN coverage area of the gateway, then the gateway would exit the monitoring mode and return to the normal mode of operation of the gateway without the active monitoring and recording provided by the current innovation. Then, step 340 could be entered in which a report of the monitoring and recording of wireless device entry is created.
  • the report provided by step 340 or at step 332 can be sent to any device having a GUI compatible with the current innovation that can be in communication with the gateway.
  • a report of WLAN wireless device detections can be sent to the display device 125 of Figure 1 or any of the registered or known devices of the WLAN, such as wireless device 160 or 170 if they are registered devices of the WLAN.
  • the wireless device of the user 140 can receive the report via the cellular link, or a registered WLAN link. Any delivery method of the report can be selected via the GUI presented to the user that is available on a display or wireless device of the user’s choice.
  • the report generated at step 340 can include the MAC address of the detected wireless devices that entered the WLAN during the monitor mode time period. The time of entry and exit of any wireless device, duration of stay, the MAC address, and any successful or unsuccessful access attempts are available for the report.
  • Figure 4 is an example embodiment of an apparatus to perform the method of Figure 3.
  • the apparatus of Figure 4 can be either a special-purpose machine, or part of a larger machine that performs other tasks.
  • the apparatus of Figure 4 can be an access point or a access point in a home gateway that support a wireless local area network.
  • Such a machine can be a gateway, a modem, a laptop, a personal computer, a mobile phone, a tablet, and the like that is configured to act as an access point.
  • the description can follow that of a home or business gateway, but other devices, such as those listed above, are also possible as is well understood by those of skill in the art.
  • the apparatus 120 of Figure 4 includes a transmitter/receiver interface 402 providing connectivity to IP network 110.
  • the interface 402 connects to the bus interface 404 which allows access to the internal bus 424.
  • bus 424 Other non-bus implementations are also possible as is well known to those of skill in the art.
  • a storage device 406 which can be used for any general storage such as retrieved or requested data and network management data, parameters, and programs.
  • Storage device 406 may also serve as disk or solid-state storage for the information collected during the monitoring mode. Such information can include the RSSI measurement of a wireless device that enters the WLAN of the apparatus, the MAC address, the time of entry and exit and other parameters needed to conduct the method of Figure 3.
  • Main program or utility and other programs are under the control of controller/processor 408.
  • This controller/processor 408 may be a single processor or a multiplicity of processors performing the tasks of sensor data acquisition, user interface control, and resource management. Controller/processor 408 can perform the method described in Figure 3.
  • Control memory 410 can supply program instruction and configuration control for controller/processor 408.
  • the status indicators are a user interface 418 and allows a user, system owner, or system manager to see a status of the gateway apparatus 120. Such indicators may include a display, LEDs, printer interface, or data logging interface.
  • An input/output (I/O) interface 416 allows the gateway 120 to connect to a personal computer or other device that can be used to configure and control the gateway functionality.
  • the I/O interface 416 may be a hardline interface, such as an Ethernet interface (local area network) or may operationally be substituted with an RF interface so that the gateway 120 can communicate with a PC 125.
  • a remote terminal such as PC 125 may also be optionally connected to a WLAN 130.
  • Other interfaces that are possible via I/O interface 416 are an interactive interface which may include the use of a display device, keyboard, mouse, light pen, and the like.
  • Gateway 120 has a wireless network interface 412 which allows access to and from wireless devices.
  • the wireless devices may be those that are known and registered to the WLAN of the apparatus 120 or unknown and unregister devices which enter the WLAN of the apparatus 120.
  • Such an interface 412 includes all elements to control a wireless network, including the use of wireless network protocols such as IEEE 802.XX and the like.
  • the wireless network interface includes a wireless receiver to receive wireless device probe information and a wireless transmitter to transmit notification information, such as to a mobile device 140 for display to a user via either an ad-hoc network or via a WiFiTM network.
  • the wireless receiver / transmitter 412 also contains a detector the measure the received signal strength indication of a wireless device that enters the WLAN of the apparatus. Such RSSI measurements are available to the controller/processor 408 for logging and analysis purposes.
  • the controller/processor 408 of the gateway 120 of Figure 4 is configured to provide processing services for the steps of the method of Figure 3.
  • the controller processor can provide instruction control to monitor and control the gateway via network interface 402, the EO interface 416 and 418 status indicators and display, and the wireless network interface 412.
  • the implementation of the concepts and principles applied in the disclosed innovation require the tangible application of hardware and or software that are adapted from components that can interface to a wireless local area network of an access point.
  • the present innovation adapts hardware and software in a manner that advances the technology of monitoring a WLAN.
  • inventive principles when applied to the functional adaptations of apparatus described herein result in a novel improvement over the existing art of monitoring WLANs by a gateway and provide benefit to a user of the WLAN by providing information that can be used to assess the security of the WLAN especially when the user is unable to monitor the WLAN by being near monitoring equipment.
  • a user who is absent from the WLAN can get near real-time notifications of wireless device intrusions and can later get a report of detailed wireless device activity within the WLAN that would otherwise be unobservable to the user.
  • implementations described herein may be implemented in, for example, a method or process, an apparatus, or a combination of hardware and software. Even if only discussed in the context of a single form of implementation (for example, discussed only as a method), the implementation of features discussed may also be implemented in other forms. For example, implementation can be accomplished via a hardware apparatus, hardware and software apparatus. An apparatus may be implemented in, for example, appropriate hardware, software, and firmware. The methods may be implemented in, for example, an apparatus such as, for example, a processor, which refers to any processing device, including, for example, a computer, a microprocessor, an integrated circuit, or a programmable logic device.
  • the methods may be implemented by instructions being performed by a processor, and such instructions may be stored on a processor or computer-readable media such as, for example, an integrated circuit, a software carrier or other storage device such as, for example, a hard disk, a compact diskette (“CD” or“DVD”), a random-access memory (“RAM”), a read-only memory (“ROM”) or any other magnetic, optical, or solid-state media.
  • the instructions may form an application program tangibly embodied on a computer-readable medium such as any of the media listed above or known to those of skill in the art.
  • the instructions thus stored are useful to execute elements of hardware and software to perform the steps of the method described herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method to detect and record information concerning wireless devices that enter the coverage area of a wireless local area network includes receiving an instruction to enter a monitoring mode of an access point. The monitoring mode detects and records entries of wireless devices into the coverage area of the wireless local area network generated by the access point. A notification can be provided to a mobile device on a cellular network when a wireless device has entered the wireless local area network and has a received signal strength indicator that exceeds a threshold set by a user of the access point.

Description

WIRELESS LAN MONITORING USING AN ACCESS POINT
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] This application claims the benefit of US provisional patent application No. 66/636,360 filed 28 February 2018 which is incorporated by reference herein in the entirety for all purposes.
FIELD
[0002] The present principles relate to a monitoring function of access points, specifically, they relate to a system to detect wireless device entry into a wireless local area network (WLAN) coverage area.
BACKGROUND
[0003] As broadband data gateways are commonly available as sophisticated routers / access points between wide area networks (WAN) and local area network (LAN) networks at the edge of the home network, such gateways are ideal devices for accumulation of useful data related to home activities. Specifically, if properly configured, a gateway could provide a user with information concerning the usage of home network resources. To date, such information is not readily available to a user of the home gateway. For example, there is no easily accessible way to provide a home gateway user with information concerning wireless devices that can attempt to enter the wireless local area network (WLAN) that the gateway provides. One problem to be solved is how to provide a user, who may be absent from the premises with knowledge of wireless devices that have entered the WLAN controlled by the gateway. Such a need also exists for access points for non-home access point use as well, such as business, government, or other private or non-private uses.
SUMMARY
[0004] This summary is provided to introduce a selection of concepts in a simplified form as a prelude to the more detailed description that is presented later. Embodiments of the method outlined below may include one or more of the following features, alone or in any combination. In one embodiment, a method to monitor a wireless local area network of an access point includes receiving an instruction to monitor information concerning wireless devices that enter a coverage area of a wireless local area network. A determination is made if the information concerning any one of the wireless devices includes a received signal strength indication greater than a first threshold. A notification is provided based on the determination. A minimum received signal strength indication may be set as the first threshold by a user. The method may be performed by any one of a gateway, a modem, a laptop, a personal computer, a mobile phone, and a tablet. Any of the devices may be configured as an access point that can perform the method. Determining if any one of the wireless devices exceeds the threshold may include comparing the received signal strength of a wireless device to a first threshold that is established by a user of the wireless local area network. Providing a notification based on the determination may include providing the notification to a mobile device on a cellular network. In one embodiment, the notification to the mobile device may occur via an internet protocol network interface that accesses the cellular network.
[0005] The method may include providing a report containing information concerning the wireless devices that entered the coverage area of the wireless local area network. The report may include one or more of a media access control address, a time of entry and exit, a duration, a received signal strength indicator, and a number of access attempts of any wireless device that entered the coverage area of the wireless local area network of the access point. The method may further include receiving an instruction to stop monitoring information concerning wireless devices that enter the coverage area. In one embodiment, a computer-readable storage medium has instructions, which when executed by a computer, cause the computer to carry out the method.
[0006] Embodiments of the apparatus outlined below may include one or more of the following features, alone or in any combination. In one embodiment, an apparatus includes an interface to a wireless local area network, and a processor in communication with the interface to the wireless local area network. The processor may be configured to receive an instruction to monitor information concerning wireless devices that enter a coverage area of the wireless local area network. The processor may be configured to determine if the information concerning any one of the wireless devices includes a received signal strength indication greater than a first threshold. The processor may be further configured to provide a notification based on the determination. The processor may be configured to receive an instruction to detect a wireless device that has a minimum received signal strength indication which may be set by a user. The apparatus may be any one of a gateway, a modem, a laptop, a personal computer, a mobile phone, and a tablet. Any of the devices listed may be configured as an access point that performs the functions described herein. The processor of the apparatus determines if a received signal strength indication is greater than a first threshold by comparing the received signal strength of a wireless device to a first threshold that may be established by a user of the wireless local area network. The processor provides the notification, based on the determination, to a mobile device on a cellular network. In one embodiment, the processor may provide the notification to the mobile device on the cellular network via an internet protocol network interface that accesses the cellular network.
[0007] In one embodiment, the processor of the apparatus may be further configured to provide a report that includes information concerning the wireless devices that entered the coverage area of the wireless local area network. The report may include one or more of a media access control address, a time of entry and exit, a duration, a received signal strength indicator, and a number of access attempts of any wireless device that entered the wireless local area network of the apparatus. The processor may be further configured to receive an instruction to stop monitoring information concerning wireless devices that enter the coverage area. The processor may provide a report indicating parameters of the entry and exit of the coverage area of the WLAN of wireless devices regardless of whether the wireless devices are registered with the WLAN or not.
[0008] Additional features and advantages will be made apparent from the following detailed description of illustrative embodiments which proceeds with reference to the accompanying figures. The drawings are for purposes of illustrating the concepts of the disclosure and is not necessarily the only possible configuration for illustrating the disclosure. Features of the various drawings may be combined unless otherwise stated.
BRIEF DESCRIPTION OF THE DRAWINGS
[0009] The foregoing summary, as well as the following detailed description of illustrative embodiments, is better understood when read in conjunction with the accompanying drawings, which are included by way of example, and not by way of limitation with regard to the present principles. In the drawings, like numbers represent similar elements.
[0010] Figure 1 is a depiction of an environment in which aspects of the disclosure may operate;
Figure 2 is a mode diagram of a gateway having aspects of the disclosure;
Figures 3 depicts an example flow diagram for a gateway type device having aspects of the disclosure; and
Figure 4 is a block diagram having aspects of the disclosure. DETAILED DISCUSSION OF THE EMBODIMENTS
[0011] In the following description of various illustrative embodiments, reference is made to the accompanying drawings, which form a part thereof, and in which is shown, by way of illustration, how various embodiments may be practiced. It is to be understood that other embodiments may be utilized, and structural and functional modification may be made without departing from the scope of the present principles.
[0012] The configuration disclosed herein is useful for data collection while a user is away from the premises. However, the configuration may also be used for data collection while the user is present at the premises of the gateway. Although a gateway is often referred to in the description herein, the configuration is useful for any access point having availability to a WLAN.
[0013] Leveraging off the capabilities of a data gateway, a home monitoring application is used to identify if an unknown user is within proximity of the household. One capability of a gateway is the use of a wireless network such as that described by the term WiFi™. The term WiFi™ represents a technology for wireless local area networking with devices based on the IEEE 802.11 standards. WiFi™ is a trademark of the Wi-Fi Alliance, which restricts the use of the term Wi-Fi Certified to products that successfully complete interoperability certification testing. Devices that can use Wi-Fi™ technology include personal computers, video-game consoles, phones and tablets, digital cameras, smart TVs, digital audio players and modem printers. Wi-Fi™ compatible devices can connect to the Internet via a WEAN and a wireless access point. Wi-Fi™ most commonly uses the 2.4 gigahertz UHF and 5.0 Gigahertz SHF ISM radio bands. Anyone within range with a wireless modem can attempt to access the network; because of this, Wi-Fi™ is more vulnerable to attack (called eavesdropping) than wired networks.
[0014] In the current disclosure the term wireless local area network (WEAN) is used to describe the operational environment of interest. One example of a WEAN is a home WEAN where a WiFi™ compatible system is utilized. However, other wireless system, both public and private are contemplated to be within the scope of the innovative concepts presented. In an aspect of the innovation, a home WEAN monitoring concept leverages off available information from wireless devices, such as WiFi™ devices. A home data gateway typically contains an access point / router with WEAN capability and can be configured according to aspects of the innovation to log information related to wireless devices that come within range of the home data gateway regardless of association with the home data gateway’s WLAN networks. This can be useful to identify client devices that may not be part of a home’s trusted list of client devices. As such, this can be used to identify an unknown user within the residential perimeter.
[0015] Typical gateway devices installed in a home for WAN access (either via DOCSIS technology or DSL for instance) support additional local network interfaces, such as Wi-Fi networks. This technology contains features that allow for the identification of client devices in range of the WLAN network. Specific interest would be related to wireless devices, such as mobile wireless devices that are not expected to operate within the home gateway’s WLAN perimeter. This can be accomplished while the gateway user is present or while the user is away from the home wireless network.
[0016] In one aspect of the innovation, the capability to initialize, enable/disable home monitoring and receive reports from the gateway is available via a Web-based graphical user interface (GUI) or a mobile application on a smartphone, tablet, or similar mobile device. The Web-based GUI or mobile application interface via either the WAN or LAN interfaces to the data gateway. The Web based GUI or mobile application is known as the mobile monitoring application. The innovation transforms a physical entry or exit of a mobile device into and/or out of a WLAN coverage area into a representation and a characterization of the physical entry or exit. In one embodiment, the transformation of the physical entry or exit is a report, or logging, or notification of the physical entry or exit for practical use by a user who wishes to monitor entry and exit events in the WLAN.
[0017] Figure 1 depicts an environment 100 in which the principles of the disclosure may operate. In one environment, a device, such as a gateway 120, wirelessly connects to mobile devices, such as mobile devices 140, 160, and 170 via antennas 121 and 123. Such mobile device could be a tablet, remote control, personal digital assistant (PDA), a laptop computer, a smart phone, and the like. The wireless local area network (WLAN) created by the gateway 120 has a coverage area 132 defined by the complementary RF capabilities of the gateway and the WLAN devices. Coverage area 132 is shown as a dashed line. Thus, wireless devices 160 and 170 are within the WLAN coverage area. Wireless device 180 is outside of the wireless coverage area and cannot adequately access the WLAN resources. Likewise, the gateway 120 can detect the presence of wireless devices 160 and 170 via RF signals emitted from wireless antennas 165 and 175 respectively having emission via links 122 and 124 respectively. However, gateway 120 cannot detect the presence of wireless device 180 because it is shown to be outside of the WLAN coverage area 132. However, if the mobile device 180 were to move within the coverage area 132, then the gateway 120 could detect the presence of the wireless device 180 via emissions from antenna 185 and RF link 126 (shown as dashed link). In one aspect of the innovation, a reduced coverage area 130 for the WLAN may be defined by the user. This reduced coverage area reflects a minimum received signal strength indicator (RSSI) threshold coverage area and is further discussed below.
[0018] Also present in the WLAN area controlled by the gateway / access point 120 is a personal computer 125 connected via a local area network connection l25a. The personal computer 125 can act as a display to permit a user to configure the gateway / access point 120 as well as to configure and program aspects of the disclosed innovation. In one aspect of the innovation, a graphical user interface (GUI) is used to control and monitor the system described herein. Alerts and reports may be hosted by the personal computer 125 as well as other device of the WLAN and user.
[0019] In the example environment of Figure 1, the gateway 120 has a network interface to internet protocol (IP) network 110 for access to Internet resources external to the WLAN 130. Also shown is the interconnection of the IP network 115 to a cellular network interface 115, base station 117, and cell tower 190. This cellular interface is used in one aspect of the invention to allow the gateway 120 to communicate with a mobile device 140 via cellular RF link 195 and mobile device antenna 145. The mobile device 140 may also have privileges to communicate with the WLAN 130 of gateway 120 via WLAN link 128. Although gateway 120 is labeled as a gateway, device 120 may also be a home or business device that has access point capability. Such an access point capable device may include, but not be limited to, a gateway, a modem, a laptop, a personal computer, a mobile phone, a tablet, and the like where the device 120 acts as an access point.
[0020] Figure 2 depicts a mode diagram or sequence overview of the disclosure to identify operational aspects of the current innovation. Three sequences are indicated; an initialization phase, a monitoring phase, and a reporting phase. In the initialization phase, blocks 205 and 210 are relevant. During initialization, of specific interest in the current innovation is the monitoring and logging of unique client device identifiers. In the case of a WiFi™ compatible WLAN, the media access control (MAC) addresses are unique per wireless device and are an effective way of categorizing devices. In order for the logging of devices to be meaningful, a list of known MAC addresses can be established 205. This is generated from the MAC address list of all associated devices to the service set identifiers (SSIDs) of the home data gateway. This list is known as the trusted devices of the gateway. All client device MAC addresses that are not part of this list are categorized as untrusted devices because they are not known or not registered with the WLAN of the gateway. [0021] Further, to provide a rough metric for the range of the client device from the data gateway, a minimum received signal strength indicator (RSSI) threshold is established 210. In a WiFi™ compatible system, RSSI is the relative received signal strength in a wireless environment, such as in a gateway’s WLAN. RSSI is an indication of the power level being received by the receive radio after the antenna and possible cable loss. Therefore, the higher the RSSI number, the stronger the signal. Thus, when an RSSI value is represented in a negative form (e.g. -100), the closer the value is to 0, the stronger the received signal has been.
[0022] As a preliminary step before using the home monitoring service of the present disclosure, the home user would use the mobile monitoring application on their mobile device and walk around the perimeter of the household. RSSI values would be collected at the home data gateway when the home user actively enables RSSI data collection on the mobile monitoring application. These RSSI samples would occur as needed to properly characterize the RSSI threshold for the perimeter of the residence where the gateway controls the WLAN. Once the lowest RSSI value is identified from the samples for the residence, this value can now be set as the RSSI threshold. The user can determine this threshold. This RSSI threshold is known as the minimum household RSSI threshold. It is set by the user as a value that can be used as a user setting of the perimeter of the WLAN. If a user selects an RSSI value that is stronger than measured at the very edge of the WLAN, then the user chooses to set a strong level threshold that is an indication of a mobile device that is well within the WLAN coverage area. In contrast, if the user selects a RSSI value that represents an edge value of the WLAN, then the user chooses to set a weaker threshold value that is an indication of a mobile device that just barely entered the far edges of the WLAN coverage area.
[0023] In the monitoring phase of operation of Figure 2, the user can enable the home data gateway to be configured to allow for identification 215 of wireless devices that enter the coverage area of the WLAN. This mode is enabled via the mobile monitoring application and this operating mode is known as monitor mode. For the purpose of identification only, when monitor mode is not enabled, the gateway is in a normal mode; that is, without the benefit of the current innovation.
[0024] For the home data gateway, the wireless network interface may be configured for promiscuous mode to allow for identification of wireless devices. Wireless devices, such as mobile WiFi™ devices, send out periodic probe requests. During the wireless probe request, because the home data gateway is in promiscuous mode, it will perform a packet capture of the wireless device. Promiscuous mode has the advantage of surveying all wireless devices, including Wi-Fi™ devices regardless of whether the wireless device is a registered client device of the WLAN or has any association with the access point of the gateway. Specifically, if the wireless device has its wireless transceiver enabled, but even if it is not paired to the WLAN access point, then while in promiscuous mode, the home data gateway can perform wireless transmission packet captures of wireless device probe requests. Promiscuous mode is the only time that an access point can capture all wireless packets. Typically, in normal operating mode, packets with destination MAC addresses that are not directed at the gateway are discarded. When in promiscuous mode, all packets regardless of destination MAC address can be analyzed by the gateway.
[0025] As noted previously, there is specific interest in monitoring and logging unique wireless device identifiers. Given this capability to log MAC addresses of wireless devices, the home data gateway can be configured to be in a monitor mode with the intention of listening and recording 220 for all wireless devices that come within range of the WLAN network interface of the gateway. Since the list of trusted devices for a given residence is known, any MAC address that is not part of the trusted devices list is categorized as an untrusted device that has entered the WLAN coverage area.
[0026] Further, to provide additional capabilities for intelligent device monitoring, an RSSI perimeter is established as described above in the initialization sequence 210. The RSSI perimeter is generated to ensure that the wireless device that is detected within the WLAN is within reasonable proximity to the data gateway and to prevent false alarms. The RSSI scale ranges from about -90 dBm to -25 dBm. While RSSI does not correlate directly to range, it can be used as a rough approximation to at least eliminate those wireless devices that statistically are unlikely to be within the home data gateway household perimeter. As described above, this RSSI value is known as the minimum RSSI household threshold. When in monitor mode, an untrusted wireless device is logged for future reporting if it exceeds the minimum RSSI household threshold. Logging includes the wireless device MAC address, the time the wireless probe was performed and the RSSI value measured.
[0027] When the gateway is in monitor mode and an untrusted device that is not part of the trusted device list comes into range that exceeds the minimum RSSI household threshold that wireless device MAC is logged (recorded) along with the time and the RSSI. This event can also trigger an alarm condition. Based on configuration settings in the mobile monitoring application, one or two reporting mechanisms are available. In a first reporting mechanism, a notification of the detection of a wireless device into the WLAN is communicated to a user device. This mechanism will send an immediate message to the mobile monitoring application of the gateway while in monitoring mode to indicate a wireless alarm condition occurred. This message includes the MAC address, the time and the RSSI. This first notification or detection condition can be reported to the user, from the gateway. This communication can occur during the monitor mode where a notification is sent to a user’s mobile device, such as cellular phone 140 of Figure 1. In this instance, the user is alerted or notified via a monitoring GUI on the mobile device 140. The notification can include the MAC address of the wireless device that has entered the WLAN and exceeded the minimum RSSI household threshold as well as the time of the event. In another feature, a duration of the event is detected and recorded so that the user can be notified when the wireless device leaves the WLAN and the RSSI of the wireless device that entered the WLAN falls below the minimum RSSI household threshold.
[0028] In another sequence, a user can disable the monitoring mode 225 of the present disclosure and enter a more robust reporting mode as depicted in Figure 2. This disablement or exit of monitor mode 225 can occur via use of a GUI of a mobile device of the user or via a GUI of another interface device of the gateway, such as personal computer 125. This event allows the gateway to return to normal operations (not a monitor operating as in the current innovation). Event 225 may be considered optional.
[0029] A more robust reporting 230 of the wireless contacts detected during the previous monitor mode and the respective MAC address and RSSI measurements is processed and provided to the user after the exit event of 225 or after a user requests a full reporting. After a request for a report and processing, the reporting can be provided to a user device, such as a mobile device or to the gateway user interface, such as personal computer 125. This reporting is a summary report of all wireless alarm conditions. This report includes all the MAC addresses, times, durations, and RSSI values for each wireless alarm condition that occurred during monitoring mode. It is available via the mobile monitoring application and is available during“normal mode” of the gateway and after a monitoring mode session has ended.
[0030] Figure 3 is a flow diagram of a method 300 that may be typical of a use of the disclosed innovation. Method 300 is performed by a special purpose machine according principles of the disclosure. The method starts at step 305 by obtaining a list of trusted client devices of the WLAN. Trusted client devices are devices that have a registered authentication relationship to the gateway 120 controlling the WLAN 130.
[0031] Step 310 utilizes a user input to establish a perimeter of the WLAN for wireless signal detection purposes. This is the establishment of a minimum received signal strength indicator (RSSI) threshold. As described with respect to the initialization event of 210 of Ligure 2, a user can establish a perimeter baseline 130 that is smaller than the full coverage area 132 that is possible with the WLAN. This smaller coverage area 130 is characterized with a minimum received signal strength indicator (RSSI) threshold that can be established by the user walking around the perimeter of the household. RSSI values of the mobile device held by the user would be collected at the home data gateway. These RSSI samples would occur as needed to properly characterize the RSSI threshold for the user-established perimeter 130 of the WLAN. Once the lowest RSSI value is identified from the samples for the residence, this value can now be set as the RSSI threshold. The user can adjust the threshold as needed to be more or less sensitive. A lower threshold would detect wireless devices on the edge of the WLAN perimeter and a higher value of threshold would detect wireless devices that are closer to the gateway that controls the WLAN. As an alternative, the home monitoring application can establish a minimum received signal strength indicator (RSSI) threshold by setting the minimum received signal strength indicator (RSSI) threshold to be the lowest value of RSSI from a wireless device that has historically been detected by the gateway of the WLAN.
[0032] Once established, steps 305 and 310 need not be performed again unless a change to either the trusted devices or a minimum received signal strength indicator (RSSI) threshold is desired by the user. Thus, steps 315 through 340 represent the majority operative steps of the current innovation.
[0033] At step 315 the gateway enters promiscuous mode based on a received instruction to begin monitoring and recording of wireless device entry into the WLAN that the gateway controls as an access point. After receiving the instruction, at step 320, the gateway starts to detect media access control (MAC) addresses of any wireless device that enters the WLAN that the gateway controls. Along with the detection of a MAC address for the wireless device that enters the WLAN, the gateway also detects the time of entry, the time of exit, and any WLAN access attempts, successful or not, that are made by the detected wireless device. In one embodiment, recording of wireless device detection includes all wireless contacts within the area of WLAN coverage. In another embodiment, to reduce the amount of data recorded, only untrusted device contacts are recorded.
[0034] At step 325, a determination is made if a wireless device that entered the WLAN has a RSSI that exceeds the minimum received signal strength indication (RSSI) threshold that is set by a user via a user interface as described hereinabove. This is performed by comparing the RSSI of the newly detected wireless device in the WLAN to the minimum received signal strength indicator threshold. As described above, the minimum received signal strength indicator (RSSI) threshold can be set via user interaction with the gateway and GUI on a mobile device or a GUI of a display device connected to the gateway. At step 325, if the RSSI of the detected wireless device is greater than the minimum RSSI threshold, then the method 300 moves to step 330.
[0035] At step 330, the detection event is recorded, and the user is notified of the presence of a wireless device that exceeded the RSSI minimum threshold. The notification can take one or all of several forms. The notification can be sent to a display device, such as display 125 connected to a local area network of the gateway. This may be accomplished and is useful if a user is available to see the notification on the GUI presented by the display device. In another form, the notification is sent to a mobile device of the user. The mobile device may be a cellular phone, such as mobile device 140 of Figure 1. In this event, the gateway sends notification data through IP network 110 and through cell network interface 115. The cell network interface then engages base station 117 and cell tower 190 to communicate on a cellular network to mobile device 140. The mobile device 140 has the GUI that is compatible with the monitoring system of the gateway and is able to alert the user to the wireless device detection in the WLAN. This notification path is useful if the user is in a remote location compared to the location of the WLAN. By not using the WLAN network and frequencies, a notification to the user can be made without alerting the newly detected mobile device that its presence is known by the gateway and the user.
[0036] After a notification is provided that a wireless device has been detected entering the WLAN having an RSSI that exceeds the minimum received signal strength indicator threshold in step 330, then the method 300 continues to step 320 to continuing monitoring the WLAN for mobile devices. At steps 320 and 330, a notification or alert can also be optionally provided to a user when the detected mobile device leaves the WLAN. This is detected by the intruding mobile device having a RSSI that falls below the minimum received signal strength indicator threshold.
[0037] Returning to step 325, if the RSSI of a mobile device that enters the network falls below the minimum received signal strength indicator threshold, or if no mobile device is detected, then the monitoring can continue to step 320 as before without the recording or notification actions of 330.
[0038] At any time in the promiscuous mode, the user can request an interim report. Step 335 determines if a report was requested. If a report was requested, step 335 moves the method to step 332 where an interim report is generated and sent to the user. During the reporting, promiscuous monitoring continues and step 332 moves to step 320. If an interim report request is not detected at step 335, the method moves to step 337. At step 337, a test is performed to detect if the user has requested an exit from promiscuous mode. [0039] If no request from the user is received, then the method proceeds from step 337 to step 320 to continue detecting wireless device entries into the WLAN area 130. At step 337, if the gateway receives an instruction to stop monitoring and recording information concerning wireless devices that enter a WLAN coverage area of the gateway, then the gateway would exit the monitoring mode and return to the normal mode of operation of the gateway without the active monitoring and recording provided by the current innovation. Then, step 340 could be entered in which a report of the monitoring and recording of wireless device entry is created.
[0040] The report provided by step 340 or at step 332 can be sent to any device having a GUI compatible with the current innovation that can be in communication with the gateway. For example, a report of WLAN wireless device detections can be sent to the display device 125 of Figure 1 or any of the registered or known devices of the WLAN, such as wireless device 160 or 170 if they are registered devices of the WLAN. Also, the wireless device of the user 140 can receive the report via the cellular link, or a registered WLAN link. Any delivery method of the report can be selected via the GUI presented to the user that is available on a display or wireless device of the user’s choice.
[0041] The report generated at step 340 can include the MAC address of the detected wireless devices that entered the WLAN during the monitor mode time period. The time of entry and exit of any wireless device, duration of stay, the MAC address, and any successful or unsuccessful access attempts are available for the report.
[0042] Figure 4 is an example embodiment of an apparatus to perform the method of Figure 3. The apparatus of Figure 4 can be either a special-purpose machine, or part of a larger machine that performs other tasks. For example, the apparatus of Figure 4 can be an access point or a access point in a home gateway that support a wireless local area network. Such a machine can be a gateway, a modem, a laptop, a personal computer, a mobile phone, a tablet, and the like that is configured to act as an access point. Here, for simplicity, the description can follow that of a home or business gateway, but other devices, such as those listed above, are also possible as is well understood by those of skill in the art.
[0043] The apparatus 120 of Figure 4 includes a transmitter/receiver interface 402 providing connectivity to IP network 110. The interface 402 connects to the bus interface 404 which allows access to the internal bus 424. Other non-bus implementations are also possible as is well known to those of skill in the art. Present on bus 424 are a storage device 406 which can be used for any general storage such as retrieved or requested data and network management data, parameters, and programs. Storage device 406 may also serve as disk or solid-state storage for the information collected during the monitoring mode. Such information can include the RSSI measurement of a wireless device that enters the WLAN of the apparatus, the MAC address, the time of entry and exit and other parameters needed to conduct the method of Figure 3. Main program or utility and other programs are under the control of controller/processor 408.
[0044] This controller/processor 408 may be a single processor or a multiplicity of processors performing the tasks of sensor data acquisition, user interface control, and resource management. Controller/processor 408 can perform the method described in Figure 3. Control memory 410 can supply program instruction and configuration control for controller/processor 408. The status indicators are a user interface 418 and allows a user, system owner, or system manager to see a status of the gateway apparatus 120. Such indicators may include a display, LEDs, printer interface, or data logging interface. An input/output (I/O) interface 416 allows the gateway 120 to connect to a personal computer or other device that can be used to configure and control the gateway functionality. The I/O interface 416 may be a hardline interface, such as an Ethernet interface (local area network) or may operationally be substituted with an RF interface so that the gateway 120 can communicate with a PC 125. Alternately, a remote terminal, such as PC 125 may also be optionally connected to a WLAN 130. Other interfaces that are possible via I/O interface 416 are an interactive interface which may include the use of a display device, keyboard, mouse, light pen, and the like.
[0045] Gateway 120 has a wireless network interface 412 which allows access to and from wireless devices. The wireless devices may be those that are known and registered to the WLAN of the apparatus 120 or unknown and unregister devices which enter the WLAN of the apparatus 120. Such an interface 412 includes all elements to control a wireless network, including the use of wireless network protocols such as IEEE 802.XX and the like. The wireless network interface includes a wireless receiver to receive wireless device probe information and a wireless transmitter to transmit notification information, such as to a mobile device 140 for display to a user via either an ad-hoc network or via a WiFi™ network. The wireless receiver / transmitter 412 also contains a detector the measure the received signal strength indication of a wireless device that enters the WLAN of the apparatus. Such RSSI measurements are available to the controller/processor 408 for logging and analysis purposes.
[0046] The controller/processor 408 of the gateway 120 of Figure 4 is configured to provide processing services for the steps of the method of Figure 3. For example, the controller processor can provide instruction control to monitor and control the gateway via network interface 402, the EO interface 416 and 418 status indicators and display, and the wireless network interface 412. [0047] It should be noted that the implementation of the concepts and principles applied in the disclosed innovation require the tangible application of hardware and or software that are adapted from components that can interface to a wireless local area network of an access point. As such, the present innovation adapts hardware and software in a manner that advances the technology of monitoring a WLAN. The inventive principles, when applied to the functional adaptations of apparatus described herein result in a novel improvement over the existing art of monitoring WLANs by a gateway and provide benefit to a user of the WLAN by providing information that can be used to assess the security of the WLAN especially when the user is unable to monitor the WLAN by being near monitoring equipment. By using the principles of the disclosed innovation, a user who is absent from the WLAN can get near real-time notifications of wireless device intrusions and can later get a report of detailed wireless device activity within the WLAN that would otherwise be unobservable to the user.
[0048] The implementations described herein may be implemented in, for example, a method or process, an apparatus, or a combination of hardware and software. Even if only discussed in the context of a single form of implementation (for example, discussed only as a method), the implementation of features discussed may also be implemented in other forms. For example, implementation can be accomplished via a hardware apparatus, hardware and software apparatus. An apparatus may be implemented in, for example, appropriate hardware, software, and firmware. The methods may be implemented in, for example, an apparatus such as, for example, a processor, which refers to any processing device, including, for example, a computer, a microprocessor, an integrated circuit, or a programmable logic device.
[0049] Additionally, the methods may be implemented by instructions being performed by a processor, and such instructions may be stored on a processor or computer-readable media such as, for example, an integrated circuit, a software carrier or other storage device such as, for example, a hard disk, a compact diskette (“CD” or“DVD”), a random-access memory (“RAM”), a read-only memory (“ROM”) or any other magnetic, optical, or solid-state media. The instructions may form an application program tangibly embodied on a computer-readable medium such as any of the media listed above or known to those of skill in the art. The instructions thus stored are useful to execute elements of hardware and software to perform the steps of the method described herein.

Claims

Claims:
1. A method performed by an access point, the method comprising:
receiving an instruction to monitor information concerning wireless devices that enter a coverage area of a wireless local area network;
determining if the information concerning any one of the wireless devices includes a received signal strength indication greater than a first threshold; and
providing a notification based on the determination.
2. The method of claim 1, wherein receiving an instruction to monitor information concerning wireless devices that enter the coverage area of a wireless local area network comprises receiving an instruction to detect a wireless device that has a minimum received signal strength indication that is set by a user.
3. The method of any of claims 1 to 2, wherein the method is performed by any one of a gateway, a modem, a laptop, a personal computer, a mobile phone, and a tablet.
4. The method of any of claims 1 to 3, wherein determining comprises comparing the received signal strength of a wireless device to a first threshold that is established by a user of the wireless local area network.
5. The method of any of claims 1 to 4, wherein providing a notification based on the determination comprises providing notification to a mobile device on a cellular network.
6. The method of claim 5, wherein providing a notification based on the determination comprises providing notification to the mobile device via an internet protocol network interface that accesses the cellular network.
7. The method of any of claims 1 to 6, further comprising providing a report comprising information concerning the wireless devices that entered the coverage area of the wireless local area network.
8. The method of claim 7, wherein providing a report comprising the information concerning the wireless devices that entered the coverage area of the wireless area network comprises providing a report comprising one or more of a media access control address, a time of entry and exit, a duration, a received signal strength indicator, and a number of access attempts of any wireless device that entered the coverage area of the wireless local area network of the access point.
9. The method of any of claims 1 to 8, further comprising receiving an instruction to stop monitoring information concerning wireless devices that enter the coverage area.
10. A computer-readable storage medium comprising instructions which when executed by a computer cause the computer to carry out the method of any of claims 1 to 9.
11. An apparatus comprising:
an interface to a wireless local area network;
a processor in communication with the interface to the wireless local area network, the processor configured to:
receive an instruction to monitor information concerning wireless devices that enter a coverage area of the wireless local area network;
determine if the information concerning any one of the wireless devices includes a received signal strength indication greater than a first threshold; and
provide a notification based on the determination.
12. The apparatus of claim 11, wherein the processor is configured to receive an instruction to detect a wireless device that has a minimum received signal strength indication that is set by a user.
13. The apparatus of any of claims 11 to 12, wherein the apparatus is any one of a gateway, a modem, a laptop, a personal computer, a mobile phone, and a tablet.
14. The apparatus of any of claims 11 to 13, wherein the processor determines a received signal strength indication greater than a first threshold by comparing the received signal strength of a wireless device to a first threshold that is established by a user of the wireless local area network.
15. The apparatus of any of claims 11 to 14, wherein the processor provides the notification, based on the determination, to a mobile device on a cellular network.
16. The apparatus of claim 15, wherein the processor provides the notification to the mobile device on the cellular network via an internet protocol network interface that accesses the cellular network.
17. The apparatus of any of claims 11 to 16, wherein the processor is further configured to provide a report comprising information concerning the wireless devices that entered the coverage area of the wireless local area network.
18. The apparatus of claim 17, wherein the report comprises one or more of a media access control address, a time of entry and exit, a duration, a received signal strength indicator, and a number of access attempts of any wireless device that entered the wireless local area network of the apparatus.
19. The apparatus of any of claims 11 to 18, wherein the processor is further configured to receive an instruction to stop monitoring information concerning wireless devices that enter the coverage area.
PCT/IB2019/000284 2018-02-28 2019-02-28 Wireless lan monitoring using an access point Ceased WO2019166880A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201862636360P 2018-02-28 2018-02-28
US62/636,360 2018-02-28

Publications (1)

Publication Number Publication Date
WO2019166880A1 true WO2019166880A1 (en) 2019-09-06

Family

ID=66429420

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2019/000284 Ceased WO2019166880A1 (en) 2018-02-28 2019-02-28 Wireless lan monitoring using an access point

Country Status (1)

Country Link
WO (1) WO2019166880A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112469058A (en) * 2020-11-30 2021-03-09 张丽 System and method for managing multiple terminal access points in wireless local area network

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2068525A2 (en) * 2007-11-06 2009-06-10 Airtight Networks, Inc. Method and system for providing wireless vulnerability management for local area computer networks
CN105894703A (en) * 2016-05-11 2016-08-24 大博(武汉)科技有限公司 Intelligent monitoring method, device and system based on WiFi

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2068525A2 (en) * 2007-11-06 2009-06-10 Airtight Networks, Inc. Method and system for providing wireless vulnerability management for local area computer networks
CN105894703A (en) * 2016-05-11 2016-08-24 大博(武汉)科技有限公司 Intelligent monitoring method, device and system based on WiFi

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ARUBA: "Aruba Central User Guide", 1 February 2017 (2017-02-01), pages 1 - 190, XP055593282, Retrieved from the Internet <URL:https://community.arubanetworks.com/aruba/attachments/aruba/SoftwareUserReferenceGuides/82/1/aruba%20central%20user%20guide.pdf> [retrieved on 20190603] *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112469058A (en) * 2020-11-30 2021-03-09 张丽 System and method for managing multiple terminal access points in wireless local area network

Similar Documents

Publication Publication Date Title
US10440595B2 (en) Wireless local area network coverage hole detection using mobile communication devices
US7110756B2 (en) Automated real-time site survey in a shared frequency band environment
US9565085B2 (en) Automatically diagnosing and resolving wireless network connectivity issues in electronic devices
KR101453521B1 (en) Wireless access point apparatus and method for detecting unauthorized wireless lan node
US7460837B2 (en) User interface and time-shifted presentation of data in a system that monitors activity in a shared radio frequency band
EP1641183B1 (en) Collaboratively locating disconnected clients and rogue access points in a wireless network
US8180346B2 (en) Measurement request report extensions for media independent handover
US20100246416A1 (en) Systems and methods for remote testing of wireless lan access points
KR101333173B1 (en) Method and system for wireless network management
US20080109879A1 (en) Automated sniffer apparatus and method for monitoring computer systems for unauthorized access
CN106134117A (en) The detection of undelegated Wireless Telecom Equipment
EP2815611A1 (en) Proximity indication using out-of-band links
JP4733488B2 (en) A method for cooperatively finding disconnected clients and rogue access points in a wireless network
WO2004051868A2 (en) Server and multiple sensor system for monitoring activity in a shared radio frequency band
US11064391B2 (en) Remote channel selection
WO2019166880A1 (en) Wireless lan monitoring using an access point
TWI873469B (en) Automatic switching method for intrusion detection function and wireless detection system capable of automatically switching intrusion detection function
EP2815612A1 (en) Out-of-band scanning for femto access point detection
WO2020002994A1 (en) Method for orientation sensor use in a gateway

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19722179

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19722179

Country of ref document: EP

Kind code of ref document: A1