Abstract: A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer.

Abstract: Some embodiments of the invention are directed to increasing security and lowering risk of attack in connecting automatically to networks by enabling client devices to verify the identity of the networks by, for example, confirming the identity of networks and network components such as wireless access points. In some embodiments, a client device may maintain a data store of characteristics of a network—including, for example, characteristics of a wireless access point or other portion of the network and/or characteristics of a connection previously established with the wireless access point and/or network. Stored characteristics may include characteristics other than those minimally necessary to identify a wireless access point and/or wireless network.

Abstract: Methods and systems which identify and interact with network interfaces based on the network to which they provide access. A computing device operating in accordance with one or more of the principles described herein may examine available network interfaces and identify the network to which the network interfaces provide access, and perform networking tasks on interfaces based on the network identified. For example, a user may instruct a computing device to connect to a specified network, and the computing device will select a particular network interface by which to connect from the one or more available network interfaces that are able to connect to that network. Alternatively, a user may manage policies (e.g., security, connection, and application policies) based on the network to which a network interface provides access and thereby manage a network regardless of which of multiple network interfaces is used to access the network.

Abstract: A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer.

Abstract: A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer.

Abstract: Methods and systems which identify and interact with network interfaces based on the network to which they provide access. A computing device operating in accordance with one or more of the principles described herein may examine available network interfaces and identify the network to which the network interfaces provide access, and perform networking tasks on interfaces based on the network identified. For example, a user may instruct a computing device to connect to a specified network, and the computing device will select a particular network interface by which to connect from the one or more available network interfaces that are able to connect to that network. Alternatively, a user may manage policies (e.g., security, connection, and application policies) based on the network to which a network interface provides access and thereby manage a network regardless of which of multiple network interfaces is used to access the network.

Abstract: Methods and systems which identify and interact with network interfaces based on the network to which they provide access. A computing device operating in accordance with one or more of the principles described herein may examine available network interfaces and identify the network to which the network interfaces provide access, and perform networking tasks on interfaces based on the network identified. For example, a user may instruct a computing device to connect to a specified network, and the computing device will select a particular network interface by which to connect from the one or more available network interfaces that are able to connect to that network. Alternatively, a user may manage policies (e.g., security, connection, and application policies) based on the network to which a network interface provides access and thereby manage a network regardless of which of multiple network interfaces is used to access the network.

Abstract: A client computer that supports different behaviors when connected to a private network behind a network firewall than when outside the network firewall and connected indirectly through an access device. The client computer is configured to attempt communication with a device on the network. Based on the response, the client computer can determine that it is behind the network firewall, and therefore can operate with less restrictive security or settings for other parameters appropriate for when the client is directly connected to the network. Alternatively, the client computer may determine that it is indirectly connected to the network through the Internet or other outside network, and therefore, because it is outside the private network firewall, should operate with more restrictive security or settings of other parameters more appropriate for use in that network location.

Abstract: Described is a technology by which network connectivity information may be communicated via a single notifications area (e.g., system tray) icon, including by representing different images of the icon to display different types/states of connectivity and different types of media connections. For example, the icon may indicate whether Internet connectivity is present, and whether the connection is wired or wireless. The icon may regularly transition between at least two images to communicate different variables, e.g., types of connectivity and/or different types of media connections. The icon may be interactive to provide a tooltip, flyout and/or context menu related to the network state, and the icon may change in response to the networking state change event, e.g., be updated when a different capability connection is detected, when a different interface is detected, and/or when a wireless network with a different signal quality is detected.

Abstract: Methods and systems which identify and interact with network interfaces based on the network to which they provide access. A computing device operating in accordance with one or more of the principles described herein may examine available network interfaces and identify the network to which the network interfaces provide access, and perform networking tasks on interfaces based on the network identified. For example, a user may instruct a computing device to connect to a specified network, and the computing device will select a particular network interface by which to connect from the one or more available network interfaces that are able to connect to that network. Alternatively, a user may manage policies (e.g., security, connection, and application policies) based on the network to which a network interface provides access and thereby manage a network regardless of which of multiple network interfaces is used to access the network.

Abstract: Discovery of a network to which a device is in communication and classifying the network is disclosed. The network may be classified as a network already known or a new network signature may be created where the network signature is made up of a network id, a link id and a hop id.

Abstract: Some embodiments of the invention are directed to increasing security and lowering risk of attack in connecting automatically to networks by enabling client devices to verify the identity of the networks by, for example, confirming the identity of networks and network components such as wireless access points. In some embodiments, a client device may maintain a data store of characteristics of a network—including, for example, characteristics of a wireless access point or other portion of the network and/or characteristics of a connection previously established with the wireless access point and/or network. Stored characteristics may include characteristics other than those minimally necessary to identify a wireless access point and/or wireless network.

Abstract: A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer.

Abstract: Discovery of a network to which a device is in communication and classifying the network is disclosed. The network may be classified as a network already known or a new network signature may be created where the network signature is made up of a network id, a link id and a hop id.

Abstract: Discovery of a network to which a device is in communication and classifying the network is disclosed. The network may be classified as a network already known or a new network signature may be created where the network signature is made up of a network id, a link id and a hop id.

Abstract: Described is a technology by which network connectivity information may be communicated via a single notifications area (e.g., system tray) icon, including by representing different images of the icon to display different types/states of connectivity and different types of media connections. For example, the icon may indicate whether Internet connectivity is present, and whether the connection is wired or wireless. The icon may regularly transition between at least two images to communicate different variables, e.g., types of connectivity and/or different types of media connections. The icon may be interactive to provide a tooltip, flyout and/or context menu related to the network state, and the icon may change in response to the networking state change event, e.g., be updated when a different capability connection is detected, when a different interface is detected, and/or when a wireless network with a different signal quality is detected.