Abstract: Methods and systems for use in a wireless client that includes one or more wireless network interfaces for communicating with at least one access point wherein the method enables the wireless client to validate the authenticity and integrity of received management frames. The method includes receiving a protected wireless network management frame from an access point verifying a message integrity check (MIC) appended to the protected wireless network management frame. One or more security policies are then conditionally applied based on a failure to verify the MIC.

Abstract: A method, apparatus, and software containing computer readable code to implement the method implemented in a first wireless device. The method includes, for a particular network identifier active in a wireless network, transmitting frames configured to advertise the infrastructure network of the particular network identifier. The transmitting of off-channel beacons is in a provided channel different than the channel in which the access point of the infrastructure wireless of the particular network identifier transmits beacon frames. The transmitting of off-channel beacons further is at a rate higher than the beacon rate frame at which the access point of the infrastructure wireless of the particular network identifier transmits beacon frames.

Abstract: In one embodiment, a method includes receiving security context information relevant to a connection between a wireless network infrastructure component and a wireless client, wherein the security context information comprises at least, an identification of the wireless client, and wherein the security context information identifies any security protocols associated with the connection; validating the connection based on the security context information; and transmitting the security context information to one or more detector wireless access points.

Abstract: Methods, apparatuses and systems directed to detecting address spoofing in wireless networks by, after receiving a wireless management frame, transmitting verification messages to determine whether a given wireless node (e.g., a wireless access point, or wireless client) has legitimately lost its connection state.

Abstract: A method, apparatus, and software containing computer readable code to implement the method implemented in a first wireless device. The method includes, for a particular network identifier active in a wireless network, transmitting frames configured to advertise the infrastructure network of the particular network identifier. The transmitting of off-channel beacons is in a provided channel different than the channel in which the access point of the infrastructure wireless of the particular network identifier transmits beacon frames. The transmitting of off-channel beacons further is at a rate higher than the beacon rate frame at which the access point of the infrastructure wireless of the particular network identifier transmits beacon frames.

Abstract: A system and method that allows a device to complete a single complete authentication sequence to a AAA server resulting in as many secure sessions required for the different applications or subsystems determined by the client's identity and the AAA server's policy. As the device is authenticated, it is determined where there are other sessions for the device. The sessions are established by generating unique new keying material that is passed to each session. This can be accomplished by (a) the authenticator or AAA server issuing the keys and distributing them to both the supplicant and applications (via their authenticators); or (b) authenticator or the AAA server mutually generating the session unique keys with the supplicant that are then distributed to the applications (via their authenticators).

Abstract: A system and method that supports disjoint authentication server farms and disjoint policy or authorization servers for multi-session establishment. The authentication server has global knowledge of authenticators for additional sessions for a supplicant and can split authentication requests as needed to different authentication servers. The split authentication and authorization requests can be aggregated should the other authentication and authorization servers have the capability to handle multiple requests. In the case of server farms, authentication and implied authorization requests can be split to facilitate load balancing.

Abstract: In a wireless local area network, a method for detecting the presence of an unauthorized device comprises: detecting the presence of neighboring devices from which management frames can be sent; saving a representation of each neighboring device present; receiving a management frame purporting to be from one of the detected device; determining that the received management frame was sent by an unauthorized device; and indicating the presence of the unauthorized device.

Abstract: A method of wirelessly transmitting or receiving a packet of information, and an apparatus to wirelessly transmit or receive a packet of information. In the case of transmitting, the method includes streaming a data element, including at least some of the contents of the packet, over a network link during transmit time. In the case of receiving, the method includes streaming a data element, including at least some of the contents of the received packet, over a network link during receive time. The transmitting or receiving is by a station of a wireless network and the streaming is to or from the station from or to a network device coupled to the station by the network link.

Abstract: A method of wirelessly transmitting or receiving a packet of information, and an apparatus to wirelessly transmit or receive a packet of information. In the case of transmitting, the method includes streaming a data element, including at least some of the contents of the packet, over a network link during transmit time, including encrypting the data element during the streaming in real time prior to the transfer over the network link. In the case of receiving, the method includes streaming a data element, including at least some of the contents of the received packet, over a network link during receive time, including decrypting the data element during the streaming in real time after to the transfer over the network link. The transmitting or receiving is by a station of a wireless network and the streaming is to or from the station from or to a network device coupled to the station by the network link.

Abstract: A method of wirelessly transmitting or receiving a packet of information, and an apparatus to wirelessly transmit or receive a packet of information. In the case of transmitting, the method includes streaming a data element, including at least some of the contents of the packet, over a network link during transmit time, including encrypting the data element during the streaming in real time prior to the transfer over the network link. In the case of receiving, the method includes streaming a data element, including at least some of the contents of the received packet, over a network link during receive time, including decrypting the data element during the streaming in real time after to the transfer over the network link. The transmitting or receiving is by a station of a wireless network and the streaming is to or from the station from or to a network device coupled to the station by the network link.

Abstract: A method of wirelessly transmitting or receiving a packet of information, and an apparatus to wirelessly transmit or receive a packet of information. In the case of transmitting, the method includes streaming a data element, including at least some of the contents of the packet, over a network link during transmit time. In the case of receiving, the method includes streaming a data element, including at least some of the contents of the received packet, over a network link during receive time. The transmitting or receiving is by a station of a wireless network and the streaming is to or from the station from or to a network device coupled to the station by the network link.

Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

Abstract: A method of wirelessly transmitting or receiving a packet of information, and an apparatus to wirelessly transmit or receive a packet of information. In the case of transmitting, the method includes streaming a data element, including at least some of the contents of the packet, over a network link during transmit time. In the case of receiving, the method includes streaming a data element, including at least some of the contents of the received packet, over a network link during receive time. The transmitting or receiving is by a station of a wireless network and the streaming is to or from the station from or to a network device coupled to the station by the network link.

Abstract: A method of wirelessly transmitting or receiving a packet of information, and an apparatus to wirelessly transmit or receive a packet of information. In the case of transmitting, the method includes streaming a data element, including at least some of the contents of the packet, over a network link during transmit time, including encrypting the data element during the streaming in real time prior to the transfer over the network link. In the case of receiving, the method includes streaming a data element, including at least some of the contents of the received packet, over a network link during receive time, including decrypting the data element during the streaming in real time after to the transfer over the network link. The transmitting or receiving is by a station of a wireless network and the streaming is to or from the station from or to a network device coupled to the station by the network link.

Abstract: A method and implementation is disclosed for secure communication between two or more parties. A secure tunnel is established between parties using an encryption algorithm. An authentication process is performed between parties over the secured tunnel. The provisioning of credentials is thereafter performed between parties.