公开(公告)号：US09264895B2

公开(公告)日：2016-02-16

申请号：US13964236

申请日：2013-08-12

Applicant: Cisco Technology, Inc.

Inventor： Mark Krischer ,  Nancy Cam-Winget ,  Sheausong Yang ,  Ajit Sanzgiri ,  Timothy Olson ,  Pauline Shuen

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/12 ,  H04W12/10 ,  H04L12/24 ,  H04W88/08 ,  H04W84/12

CPC classification number: H04W12/04 ,  H04L41/00 ,  H04L63/062 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L63/126 ,  H04L63/1408 ,  H04W12/10 ,  H04W12/12 ,  H04W84/12 ,  H04W88/08

Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.