IE85004B1 - Systems and methods for managing out-of-band device connection - Google Patents

Systems and methods for managing out-of-band device connection Download PDF

Info

Publication number
IE85004B1
IE85004B1 IE2006/0163A IE20060163A IE85004B1 IE 85004 B1 IE85004 B1 IE 85004B1 IE 2006/0163 A IE2006/0163 A IE 2006/0163A IE 20060163 A IE20060163 A IE 20060163A IE 85004 B1 IE85004 B1 IE 85004B1
Authority
IE
Ireland
Prior art keywords
wireless
wireless device
band
communication
profile
Prior art date
Application number
IE2006/0163A
Other versions
IE20060163A1 (en
Inventor
B Quinn Liam
B Pirzada Fahd
Original Assignee
Dell Products Lp
Filing date
Publication date
Priority claimed from US11/078,153 external-priority patent/US7386275B2/en
Application filed by Dell Products Lp filed Critical Dell Products Lp
Publication of IE20060163A1 publication Critical patent/IE20060163A1/en
Publication of IE85004B1 publication Critical patent/IE85004B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/04Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices

Abstract

ABSTRACT Systems and methods for managing connection of devices to a wireless network using out—of—band communications.

Description

PATENTS ACT, 1992 Systems and Methods for Managing Out—Of—Band Device Connection Dell Products LP SYSTEMS AND METHODS FOR MANAGING OUT-OF-BAND DEVICE CONNECTION This invention relates generally to wireless networks, and more particularly to device connection management in wireless networking environments.
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated.
The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. in addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate infonnation and may include one or more computer systems, data storage systems, and networking systems.
In electronic networking environments, a challenging and persistent problem for end-users is managing the connection of peripherals and devices to the network.
For wireless networks, one of the key challenges is association and connectivity of known and trusted peripheral devices and other networked information handling systems into a secure network model. The proliferation of wireless technologies such as wireless wide area networks (WWANs), wireless local area networks (WLANS) and wireless personal area networks (WPANS) that enable peripheral devices into a network (be it local, ad-hoc or infrastructure) drives complexity in terms of ease-of- use, configuration, management and security. Current wireless networking technology employs individual wireless device profiles (e.g., Windows (RTM) zero config, and other proprietary software configuration utilities) and WLAN authentication and security mechanisms (eg, 802.1 li).
Radio frequency identification (RFID) technology is currently employed in applications that vary from inventory management and traffic telematics (e. g., traffic toll tags) to security ID badges and pet tags, and supply chain management systems.
According to an aspect of the present invention there is provided a method of managing in-band connection of information handling systems configured as wireless devices. The method comprises at least one of using out-of-band wireless communication to manage in-band wireless connection of the wireless devices based at least in part on one or more wireless device profiles; or using out-of-band wireless communication to perform device configuration management; or using out-of-band wireless communicating to perform device profile configuration management; or any combination thereof. The method further comprises creating at least one wireless device profile by negotiating out-of~band authentication with at least one wireless device of the wireless device profile using in~band wireless communication and activating the at least one wireless device profile by authenticating the at least one wireless device using out-of-band wireless communication communicated from the at least one wireless device.
According to another aspect of the present invention there is provided a method of managing in-band wireless connection of information handling systems configured as wireless devices. The method comprises using out—of-band radio frequency identification (RFID) communication to authenticate at least one of the wireless devices for in-band wireless connection, creating at least one wireless device profile on the information handling system that contains the identity of a first wireless device by negotiating out-of-band authentication with the first wireless device of the wireless device profile using in-band wireless communication and activating the at least one wireless device profile by authenticating the at least one wireless device for in-band wireless connection using RF ID wireless communication communicated from the first wireless device to a second wireless device, and activating the first wireless device for in-band wireless connection with the second wireless device after the first wireless device is authenticated.
According to another aspect of the present invention there is provided a wireless networking connection management system, comprising a first information handling system configured to use out-of-band RFID communication to manage in- band wireless connection to one or more other information handling systems configured as secondary wireless devices. The first information handling system is configured as a profile manager, the profile manager being configured to create at least one secondary wireless device profile on the first information handling system that contains the identify of at least one secondary wireless device by negotiating out- of-band RFID authentication with the at least one secondary wireless device of the secondary wireless device profile using in-band wireless communication and to activate the at least one secondary wireless device profile by authenticating the at least one secondary wireless device for in-band wireless connection using out-of-band RF ID wireless communication communicated from the at least one secondary wireless device to the first information handling system, and activating the at least one secondary wireless device for in-band wireless connection with the first information handling system after the at least one secondary wireless device is authenticated.
The present invention thus uses out-of-band (e.g. RFID) communication to provide trusted (known) ID association.
Disclosed herein are systems and methods for managing connection of information handling systems as network devices to a wireless network using out-of- band communications, such as radio fi-equency identification (RFID) communications or other suitable communication medium. Using the disclosed systems and methods, out-of-band communications may be advantageously employed to manage (e.g., create, activate, etc.) and exchange wireless device profile information for network devices. Using out-of-band wireless device profile management, the disclosed systems and methods may be implemented to provide a variety of out-of-band device management capabilities including, but not limited to, out-of-band device status management and proximity based authentication and security for wireless networks.
For example, in one exemplary embodiment the disclosed systems and methods may be employed to define a set of knovm and trusted peripherals and networked devices in a wireless LAN (WLAN) environment, such as a home, small office/home office (SOHO), or small-medium business (SMB) environment The disclosed systems and methods may be implemented in one embodiment to provide a dual layer security for a wireless networking environment. For example, a wireless network may be configured with one security layer that includes a proxirnity—based out-of—band identification communication mechanism in combination with another security layer that includes a traditional in-band wireless security mechanism, e.g., traditional Wi-Fi Protected Access (WPA) mechanism, Wired Equivalent Privacy (WEP) mechanism, 802.1 1i based security mechanism, etc.
In one exemplary embodiment, MAC addresses may be used as unique device identification information (identifier or identification tag), and out-of-band identification communication used as a vehicle for the secure delivery this identification information coupled with the associated mechanism for integration into wireless LANS/PANs.
In one embodiment of the disclosed systems and methods, proximity-based out~of-band identification communications may be provided, for example, using short range radio frequency (RF) transmissions or other suitable short range transmission media. For example, a proximity—based out-of-band identification communication mechanism may be implemented in one embodiment using RFID tag and reader modules that have relatively low power and data rate. Such a proximity-based out-of- band identification communication methodology may be implemented to address spoofing concerns by employing out-of-band transmission devices (e.g., RFID tags) that do not transmit unless they are in the proximity of a complementary out-of-band receiver device (e.g., RF ID reader). Security may be further enhanced by not storing vital information (e.g., SSID and security keys) on the out-of-band communication equipment.
In one exemplary embodiment, RFID modules be integrated in information handling system platforms ranging from notebook computers and PDAs to WLAN Access Points and printers. In this regard, RFID modules may be employed across a wide variety of information handling platform sizes and types due to their relatively low cost and relatively small size. Furthermore, RFID systems may be employed to provide wireless device profile management (creation, activation etc.), unique proximity based authentication and security mechanisms for WLANS, and/or to provide the ability to perform out-of-band device status management.
One or more features may be implemented, alone or in combination, using the disclosed systems and methods as needed or desired to fit the characteristics of a given application. These features include, but are not limited to, use of out-of-band (e.g., RFID) labels that are passive and that may be actively scanned, use of individual RFID enabled devices that are each unique and identifiable, and asset tracking of network devices (in/out of network). Additional features include, but are not limited to, implementation of wireless device status management capability using out-of-band (e.g., RFID) communications. Examples of such out-of-band device status management capabilities include, but are not limited to, device configuration management (e.g., management of unique attributes and parameters of a device, such as revision control, Interrupt types/level, eIc.), device profile configuration management (e. g., creation and management of usage profiles by pairing or grouping various secondary wireless devices; activation/deactivation of certain usage profiles; implementing one or more policies for adding/deleting devices to profiles, etc.), authentication and association of secondary wireless devices, combinations of such capabilities as well as any other form of management capability relative to the status of one or more devices within a wireless networking environment.
In the practice of various embodiments of the disclosed methods and systems, unique device ID parameters and features may be employed, and/or support may be provided for legacy hardware without out-of-band (e.g., RFID) technology (e.g., including the ability to create and manage special profiles for devices that do not support mechanisms for out-of-band communications; addition of legacy hardware to regular usage profiles; the activation of legacy hardware linked to the activation of another out-of-band enabled device in the same profile, etc). Furthermore, “True” central configuration may be provided for varied wireless devices supporting 802.112/b/g/n, Bluetooth (RTM), UWB, Cellular, Zigbee, WiMAX etc. (e.g., the ability to maintain authentication and association information for various network interfaces in a single profile; the ability to manage connections to various network interfaces using a common user interface, etc.).
Advantages that may be realized, alone or in combination, using various embodiments of the disclosed systems and methods include, but are not limited to, enhanced ease of use (EOU) provided by wireless device profiles, enhanced security provided through proximity based authentication, and easier network troubleshooting due to out-of-band device status management.
In one respect, disclosed herein is a method of managing in~band connection of information handling systems configured as wireless devices, the method including at least one of: using out-of-band wireless communication to manage in-band wireless connection of the wireless devices based at least in pan on one or more wireless device profiles; or using out-of-band wireless communication to perform device configuration management; or using out-of-band wireless communication to perform device profile configuration management; or any combination thereof.
In another respect, disclosed herein is a method of managing in-band wireless connection of information handling systems configured as wireless devices, the method including using radio frequency identification (RFID) communication to authenticate at least one of the wireless devices for in-band wireless connection.
In another respect, disclosed herein is a wireless networking connection management system, including a first information handling system configured to use RFID communication to manage in-band wireless connection to one or more other information handling systems configured as secondary wireless devices.
The present invention will be described, by way of example, with reference to the accompanying drawings, in which: Figure 1 is a simplified block diagram of a wireless networking environment according to one exemplary embodiment of the disclosed systems and methods; Figure 2 is a simplified block diagram of a profile manager and two wireless networking environments according to one exemplary embodiment of the disclosed systems and methods; Figure 3 illustrates profile creation methodology according to one exemplary embodiment of the disclosed systems and methods; and Figure 4 illustrates profile activation methodology according to one exemplary embodiment of the disclosed systems and methods.
Figure 1 is a block diagram of a wireless networking environment 100 according to one exemplary embodiment of the disclosed systems and methods in which the disclosed systems and methods may be implemented to manage connection with information handling systems configured as secondary wireless devices (e.g., authenticate secondary wireless devices and make in-band connections to the same).
As shown, wireless networking environment 100 includes a number of exemplary secondary wireless devices that may be encountered by a user of a wireless network that is operating an information handling system configured as a wireless profile manager 130. In this regard, the illustrated exemplary secondary wireless devices represent devices that may be encountered by a profile manager 130 within a particular physical location (e.g., home, office, etc).
The disclosed systems and methods may be implemented to manage connection with secondary wireless devices (e.g., authenticate secondary wireless devices and make in-band connections to the same) that may be encountered by profile manager 130 as it moves between networking environments at different physical locations (e.g., moves from office to home, home to office, etc). In this regard, Figure 2 shows a block diagram of one exemplary embodiment where profile manager 130 may move between a home networking environment 210 and an office networking environment 220. As illustrated, a set of secondary wireless devices exists in office networking environment 220 that is different from the set of secondary wireless devices existing in home networking environment 210.
In the embodiment of Figure 1, wireless profile manager 130 is illustrated as a portable infonnation handling system in the form of a notebook computer. Secondary wireless devices include wireless monitor 102, wireless keyboard 104, wireless mouse 106, wireless printer 108, wireless local area network access point 110, wireless file server 112, wireless media center personal computer 114, wireless television 116, wireless personal data assistant 118, wireless wide area network device 120, a ncighbor’s wireless printer 122, and a neighbor’s wireless local area network access point 124. In one embodiment, such secondary wireless devices represent wireless devices that may be encountered in a single physical location, such as home.
In the practice of the disclosed systems and methods, a networking environment may be defined by in-band wireless (WLAN, WPAN, WWAN, WMAN) communication capability between profile manager/s and secondary wireless devices.
In this regard, in-band wireless systems and device communication may be any wireless communication medium having frequency and protocol suitable for communicating network data (e.g., network computing data shared between WLAN network nodes) and/or control signals (e.g., data entry control signals from mouse, keyboard, etc.) between a given secondary wireless device and profile manager 130.
Examples of such wireless media include, but are not limited to, wireless metropolitan area network (WMAN) media for applications such as Intemet broadband access (e.g., WiMax 802.l6d, WiMax 802.l6e, WiMax 802.20), WWAN media for applications such as Internet broadband access (e. g., GSM/GPRS, EDGE, W-CDMA, HSDPA, cdma2000, lxEV-D0), lxEV—DV), WLAN media for applications such as mobile Ethernet and networking (e.g., 802.113, 802.1 lb, 302.1] g, 802.1 In), WPAN media for applications such as peripheral cable replacement (e.g., Bluetooth (RTM) 1.1, Bluetooth (RTM) 1.2, Bluetooth (RTM) EDR, Bluethooth (RTM) 2.0, 802.l5.3a UWB, 802.15.3a UWB-NG, 802.15.4), etc.
In the exemplary embodiment of Figure l, networking environment 100 is defined by in-band wireless systems and device communication capability between profile manager 103 and secondary wireless devices of Figure I. For example, wireless LCD monitor 102 may be capable of communicating with profile manager 130 via short range ultra wide band (UWB) communications. Keyboard 104, mouse 106 and PDA 118 may be capable of communicating with profile manager 130 via 2.4 GHz Bluetooth (RTM) wireless protocol. WLAN access point 110, media center PC , file server 112, printer 108, television 116, neighbor’s WLAN access point 124 and neighbor’s printer 122 may be capable of communicating with profile manager 130 via 2.4 GHz 802.11 a/b/g protocol. Wireless wide area network device 120 may be capable of communicating with profile manager 130 via cellular (e.g., GSM, CDMA) or 2.4 GHz Bluetooth (RTM) protocol. In one exemplary embodiment, a profile manager 103 may be configured with integrated interfaces to 802.11a/b/g/n, Bluetooth (RTM) and GSM/GPRS networks. In a further exemplary embodiment, a profile manage 103 may be further configured with integration of other network interfaces such as UWB and 802.1ln, etc.
As shown, each of the secondary wireless devices illustrated in Figure 1 is provided with a respective out-of-band wireless transmitter 152 capable of transmitting an out-of~band wireless signal, and profile manager 130 is provided with a corresponding out—of-band wireless receiver 154 that is configured to receive out-of- band wireless signals transmitted by each of out-of-band wireless transmitters 152.
Out—of-band wireless transmitters 152 may be temporarily or permanently attached, physically coupled or otherwise associated in close proximity to a corresponding secondary wireless device, and in one embodiment may be integrated or embedded within a secondary wireless device. Similarly, an out-of-band wireless receiver 154 may be temporarily or permanently attached, physically coupled or otherwise associated with a corresponding profile manager, and in one embodiment may be integrated or embedded within a profile manager device. In this regard, out-of-band devices 152 may interface with the processing circuitry of corresponding secondary wireless devices and out—of-band devices 154 may interface with the processing circuitry of corresponding host profile managers through various serial or parallel data interfaces which may include, but are not limited to, USB, PCI, PCI Express etc. or any other proprietary signaling/handshaking/communication protocol. In one exemplary embodiment, an out-of-band device 154 may be configured to interface with the processing circuitry of a profile manager 130, while at the same time out-of- band devices 152 are not configured to interface with the processing circuitry of their corresponding secondary wireless devices.
In the practice of the disclosed systems and methods, an out-of-band signal may be any signal/s suitable for communicating information regarding one or more characteristics (e. g., unique identification (ID) information/identifier, system configuration, system capability, interrupt settings, firmware revision, manufacturer, status, ink level in printer, chipset, memory size, etc.) of secondary wireless devices to profile manager 130, and that is not in the same communication band as the in-band wireless systems and device communications transmitted between profile manager and the secondary wireless devices.
Examples of suitable out-of-band signal types for use with current WMAN, WWAN, WLAN and WPAN in-band wireless communications include, but are not limited to, radio frequency identification (RFID) communications, IR based communications or any other short range communication protocol suited for reliable delivery of relatively small segments of data (less than 1 Kbytes), etc. In one embodiment, out—of-band signals may be selected for use that are of relatively short communication range relative to the in—band wireless operating distance between a wireless profile manager and a corresponding secondary wireless device, meaning that the operable communication distance of the out-of—band signal is shorter than the operable communication distance of the in-band wireless systems and device communications between the wireless profile manager and the secondary wireless device. For example, in one exemplary embodiment, the disclosed systems and methods may be implemented using an out-of-band signal having an operable communication range between secondary device transmitter and profile manager receiver that is less than or equal to about 10 feet (3.0m). This is in comparison to a range of greater than or equal to about 100 feet (30.5m) for in—band wireless communication between a profile manager and a secondary device when using 802.1la.
In a further exemplary embodiment, use of a relatively short transmission range out-of-band signal may be implemented to allow proximity-based connection management (e.g., management of security and authentication procedures) between a profile manager and one or more secondary wireless devices, meaning that a new connection between a profile manager and a secondary wireless device is only allowed (e.g., authenticated) when the profile manager and the secondary wireless device are in a close proximity to each other dictated by the operating transmission range of the out-of-band signal. It is also possible that an out-of-band wireless transmitter may be configured with a variable out-of-band signal transmission range, e.g., to allow a user to customize the proximity required for connection management as needed or desired to fit requirements of a given networking environmenfls.
Still referring to Figure l, out-of-band wireless transmitters 152 may be configured in one exemplaryembodiment as RFID tags, and out-of-band wireless receiver 154 may be configured as a RFID reader that is configured to communicate with the RFID tags associated with the secondary wireless devices. In this regard, any combination of RFID tags and complementary RFID reader devices may be employed that is suitable for communicating information between secondary wireless devices and a profile manager to implement one or more of the connection management features described herein. Examples of suitable RFID tag devices include passive RFID tag devices (e.g., RFID devices that are powered by, or that reflect energy transmitted by, a corresponding RFID reader), and active RFID tag devices (e.g., RFID devices that are internally and continuously powered), it being understood that selection of type of RFID system may be made as needed or desired based on the characteristics of a particular networking environment application.
Examples of suitable RFID systems include, but are not limited to, RFID tags and complementary RFID readers based on the ISO 14443 standard (allowing data rates of 106 kbps). These RFID systems allow implementations having dynamic encryption capability and configurable memory architecture for added security and flexibility. Also suitable are RFID systems compatible with the ISO 15693 standard (allowing data rates of 26.46 kbps). In Europe, the RFID readers are regulated by the ETSI 302-208 standard. Specific examples of suitable RFID systems include, but are not limited to, RFID tags and complementary RFID readers available from Texas Instruments (T I), Applied Wireless Identification (AWID), SAMSys Technologies, Sokymat, ST Microelectronics, etc. Further information on RFID systems may be found, for example, in United States Patent No. 6,294,997 and United States Patent No. 6,724,309. -13..
Examples of connection management capabilities that may be implemented when RFID devices that are employed as out-of-band wireless transmitter/s and complementary out-of-band RFID receiver/s in the embodiment of Figure 1 include, but are not limited to, active and passive connection management configurations. In one exemplary embodiment of an active connection management configuration, a RFID reader device 154 associated with a profile manager 130 may be configured to interrogate a RFID tag 152 for specific information regarding one or more characteristics of the associated secondary wireless device (e.g., unique identification (ID) information/identifier, system configuration, system capability, interrupt settings, firmware revision, manufacturer, status, ink level in printer, chipset, memory size, etc.) stored on the particular RFID tag 152, to change and program the RFID tag 152 (e.g., RFID tag 152 on WLAN AP 110 may be reprogrammed using an AP configuration management utility to show new system configuration/capability, etc. ), and/or to obtain active status and management infonnation for the secondary wireless device (e.g., RFID tag 152 on WLAN AP 110 may contain information about the number of associated client STAs, QoS service policies or the ability of the Wireless Access Point 152 to poll other RFID devices in the vicinity, etc.) associated with the RFID tag 152. In one exemplary embodiment of a passive connection management configuration, each RFID tag 152 associated with a secondary wireless device may be configured as a read-only tag that has information regarding one or more characteristics of the associated secondary wireless device programmed into the tag 152.
In either active or passive connection management embodiment, the RFID tags 152 may be ‘actively’ read or scanned by RFID reader 154 associated with profile manager 130 to obtain one or more characteristics of the associated secondary wireless device (e.g., device identification information, system configurations, etc.).
As will be described further herein, a database management system may be implemented in one exemplary embodiment on profile manager 130 to use information obtained from RFID tags 152 (configured for active or passive connection management) by RFID reader 154 to authenticate and validate the required peripheral devices to a trusted network environment. In another embodiment, the RFID tag 152 on a given secondary wireless device may have additional ftmctionality to act as an RF ID reader and poll other RFID tags 152 and/or 154 in the vicinity of the given device. This capability may be implemented, for example, to allow a given secondary wireless device to maintain real-time information about other secondary wireless devices, and/or to feed this information back to a profile manager 130 using out-of-band communications.
In the implementation of the disclosed systems and methods, a given wireless device may be identified using any form of identification information that is suitable for identifying or otherwise distinguishing the given wireless device from other wireless devices using out-of-band communications. In one exemplary embodiment, MAC addresses may be used as unique device identification information (identifier or identification tag). Other examples of suitable identification information include, but are not limited to, bar codes, vendor specific IDs for products, IDs that conform to a certain industry standard, etc. As previously mentioned, other types of information concerning the characteristics of a given wireless device may also be transmitted via out-of-band communication, e.g. device configuration information, device capability information, etc.
Figure 3 illustrates profile creation methodology 300 that may be implemented according to one exemplary embodiment of the disclosed systems and methods, e. g. by profile manager 130 of Figures 1. and 2. In this regard, profile creation methodology may be implemented as software (e.g., executing on a notebook computer), as firmware (e. executing on a router) or in any other suitable manner for managing access to a given profile manager device.
Referring now to methodology 300 as it may be applied to the exemplary network environment embodiment of Figure 1, one or more available secondary wireless devices are identified by profile manager 130 in step 302 using in-band wireless communications, and a given available secondary wireless device within network environment 100 is manually chosen (e.g., by mouse or keyboard input) or automatically chosen for authentication. In step 304, profile manager 103 polls the chosen available secondary wireless device using in-band wireless communication to detennine if this secondary device is out-of-band capable. If the in-band response -15.. from the chosen secondary wireless device indicates that it is out—of-band capable, then methodology 300 proceeds to step 306, where out-of-band authentication is negotiated. In step 306, the chosen secondary wireless device communicates identification information (e.g., MAC address of the chosen secondary wireless device or other suitable identifier) to profile manager 130 using in-band communications. The chosen secondary wireless device and its associated identification information (and/or other information concerning one or more characteristics of the chosen secondary wireless device) may then be added as authentication information to an existing profile in step 308, or to a newly-created profile in step 310, e.g., as may be specified by user (e.g., manual or automatic policy).
However, if the in—band response (or lack thereof) from the chosen secondary wireless device indicates it is not out-of-band capable, then the profile creation methodology proceeds to step 305 where a user (e.g., manual or automatic policy) may be given the opportunity to choose whether or not the chosen secondary wireless device should he nonetheless added to a new or existing profile and an activation policy set for this added device. If the chosen secondary wireless device is not selected for addition, then methodology 300 returns to step 302 and waits for another secondary device to be chosen for authentication. However, if the chosen secondary wireless device is selected for addition, then the device is added to a new or existing profile as may be selected by a user (e. g., manual or automatic policy).
With regard to profile creation methodology 300 of Figure 3 for a given profile manager device, it will be understood that one or more profiles may be created by choosing and negotiating any combination of secondary wireless devices for a given profile as may be needed or desired to fit the characteristics of one or more network environments to which the profile manager device may be exposed. Table 1 shows an entertainment wireless device profile that may be created by choosing available entertainment wireless devices present within network environment 100.
Table 1 — Entertainment Profile Chosen Secondary Wireless Devices WLAN Access Point 110 Media Center PC 1 14 TV 116 (Microsoft (RTM) Media Center Extender Device, etc.) Table 2 shows an office wireless device profile that may be created by choosing available home office wireless devices present within network environment 100.
Table 2 — Office Profile Chosen Secondary Wireless Devices WLAN Access Pointl 10 File Server 112 Wireless Printer 108 Keyboard/Mouse 104, 106 Monitor 102 PDA 118 Table 3 shows a mobility wireless device profile that may be created by choosing available mobile wireless devices present within network environment 100.
Table 3 - Mobility Profile Chosen Secondary Wireless Devices WWAN Device 120 PDA l 18 Figure 4 illustrates profile activation methodology 400 that may be implemented according to one exemplary embodiment of the disclosed systems and methods, e. g. by profile manager 130 of Figures 1 and 2. Like profile creation methodology 300, profile activation methodology 400 may be implemented as software (e.g., executing on a notebook computer), as firmware (e.g.,.. executing on a router) or in any other suitable manner for managing access to a given profile manager device.
Referring now to methodology 400 as it may be applied to the exemplary network environment embodiment of Figure 1, a given profile (represented as “Profile X” in Figure 4) stored in profile manager 130 may be manually chosen (e.g., by mouse or keyboard input) or automatically chosen in step 402 for activation. For example, Profile X may be one of the previously created profiles of Tables 1, 2 or 3 described above. If the chosen profile X does not include any inactive devices in step 403, then methodology 400 exits in step 401. However, if profile X includes one or more inactive devices, then methodology 400 proceeds to step 404, where secondary wireless devices of Profile X are then polled using out-of~band wireless communications (e.g., RFID polling transmission from RFID reader 154 of profile manager 130). In response to the polling transmission of step 404, each of those polled secondary wireless devices of Profile X that are within proximity of the out-of- band polling transmission then transmit authentication information to the profile manager 130 using out-of-band wireless communication (e.g., RFID transmission from RFID tag 152 associated the given polled secondary wireless device). As previously described, such authentication information may be information concerning one or more characteristics of the given polled secondary wireless device, and in one exemplary embodiment may be unique identification (ID) information/identifier such as MAC address of the given secondary wireless device.
When a given secondary wireless device within Profile X responds to the polling of step 404 with the correct out-of-band authentication information, it is authenticated by profile manager 130 in step 406. However, if a given secondary wireless device within Profile X responds incorrectly (or fails to respond correctly) to the polling of step 404, it is not authenticated in step 406. Upon failure to authenticate, a time delay (e.g., about 10 seconds or any other suitable delay time selected by a user) may be implemented in step 408 prior to repeating step 403 and, if necessary, re—polling the given secondary wireless device that failed to respond in step 404. Re-polling using step 404 may continue as necessary until all the secondary wireless devices of activated Profile X have correctly responded, until at least one of the secondary wireless devices of activated Profile X have correctly responded, and/or repolling attempts may be limited (e.g., limited to a specified number of poll attempts, limited by time limit for re-polling, etc.).
After one or more secondary wireless devices of Profile X are authenticated in step 406, a given secondary wireless device may be activated in step 410. Activation may be performed manually (e.g., by mouse or keyboard input) or may be performed automatically following successful authentication in step 406. Upon activation of a given secondary wireless device in step 410, in-band wireless communication is now allowed between profile manager 130 and the given secondary wireless device. As illustrated, Profile X may be configured in step 412 to allow activation of more than one secondary wireless device following authentication of secondary wireless devices in step 406, in which case step 410 may be repeated as necessary for multiple secondary wireless devices. Alternatively, Profile X may be configured in step 412 to not allow activation of additional secondary wireless devices following activation of a given secondary wireless device in step 410. In this case, methodology 400 may return to delay step 408, followed by repeating of step 403.
Without successful out-of-band authentication in step 406 and activation in step 410, no in-band wireless communication is allowed between a given secondary wireless device and profile manager 130. Thus, referring to the networking environment 100 of Figure 1, no in-band wireless communication is permitted between profile manager 130 and neighbor’s wireless printer 122 and neighbor’s wireless access point 124, even if devices 122 and 124 are within in-band wireless communication range and are capable of communicating with profile manager 130 via in-band wireless communication. In this regard, in-band communication is only allowed between profile manager 130 and authenticated secondary wireless device/s of a chosen profile.
Even if devices 122 and 124 of Figure 1 were capable of out-of-band communication, they could not be authenticated unless they were within out-of-band wireless communication proximity (e. g., close proximity), and capable of transmitting the correct authentication information via out out-of-band wireless communication to profile manager 130. By limiting out-of-band communication proximity in one exemplary embodiment to a distance that does not extend beyond the boundaries of a physical location of interest (e.g., room, house or office building), enhanced security from unauthorized access (e.g., from neighboring wireless devices outside the physical location of interest) may be advantageously provided by requiring both close proximity and transmittal of correct authentication information. Security may be further enhanced in one exemplary embodiment by configuring a profile manager with an out—of-band wireless receiver 154 (e.g., RFID reader) that is further capable of short range or close proximity out-of-band wireless transmission for purposes of writing security information (e.g., security code) to out-of-band wireless transmitter 152, and by requiring that this security information be transmitted back from wireless transmitter 152 to Wireless receiver 154 via out-of-band wireless communications prior to successful authentication in step 406. However this embodiment may be flexibly configured to allow a user to program the profiles so that other devices in the profile are able to perform in-band communication even if out-of-band communication is not established.
Similarly, without successful out-of-band authentication in step 406 and activation in step 410, no in-band wireless communication is allowed between secondary wireless devices of other profiles that are not included in the currently selected Profile X. Thus, referring to the networking environment 100 of Figure 1, no in-band wireless communication is permitted between profile manager 130 and secondary wireless devices 114, 116 and 120 when the Ofiice Profile of Table 2 is selected, even if devices 114, 116 and 120 are within in-band wireless communication range and are capable of communicating with profile manager 130 via in-band wireless communication. By so managing profiles, it is possible to select those secondary wireless devices with which in-band communications are desired even when multiple secondary wireless devices of the same type are available within the same networking environment, e.g., closest wireless keyboard 104 and mouse 106.
It will be understood that the methodology of Figmes 3 and 4 is exemplary only and that additional, fewer, and/or alternative steps may be employed to create and/or activate profiles in any manner suitable for accomplishing one or more of the features disclosed herein.
The wireless profile manager 130 illusnated in Figures 1 and 2 is illustrated as a portable information handling system in the form of a notebook computer.
However, it will be understood that a wireless profile manager may be any other type of infonnation handling system or device (e.g., personal computer, PDA, etc.) that is suitable for managing wireless connection profiles in a manner described elsewhere herein. Furthermore, it will be understood that although the disclosed systems and methods are described herein in relation to a single portable wireless profile manager operated by a human user, that other embodiments are possible. For example, more than one profile manager may be present and operating within a wireless networking environment at a single physical location, e.g., two or more different profile managers operated by the same or different users. In addition, it also possible that a profile manager may be operated by a non-human user, e.g., automated or robotic industrial equipment, automated or robotic office equipment, automated or robotic home equipment, automated or robotic laboratory equipment, etc. It is also possible that a profile manager may be a stationary (non-portable) device that encounters portable secondary wireless devices that move in or out of a networking environment, and/or portable or stationary devices that are only periodically activated within a networking environment.
It will also be understood that the portable and stationary (non-portable) secondary wireless devices illustrated in Figures 1 and 2 are exemplary only. In this regard, a secondary wireless device may be any other type of portable and/or stationary information handling system or wireless device (e.g., computer peripheral, etc.) that is suitable for interfacing with a profile manager in a manner as described elsewhere herein. Examples of such devices include, but are not limited to, industrial equipment, office equipment, laboratory equipment, video equipment including cameras, home equipment, etc. As described above, a secondary wireless device may be a portable device that moves in or out of a networking enviromnent of a given portable or stationary profile manager, or may be stationary devices that are periodically placed within a networking environment of a given portable profile manager that moves in and out of proximity with the secondary wireless device, or may be stationary or portable devices that are periodically placed within a networking environment of a given portable profile manager due to periodic activation of the secondary wireless device and/or profile manager, etc. It is also possible that both a secondary wireless device and profile manager may be stationary devices, or that a secondary wireless device within a networking environment of a first profile manager may be itself a second profile manager, e.g., second profile manager having its own networking environment.
For purposes of this disclosure, an information handling system may include any instrurnentality or aggregate of instrumentalities operable to compute, classify, process, transmit, receive, retrieve, originate, switch, store, display, manifest, detect, record, reproduce, handle, or utilize any form of information, intelligence, or data for business, scientific, control, entertainment, or other purposes. For example, an information handling system may be a personal computer, a PDA, a consumer electronic device, a network storage device, or any other suitable device and may vary in size, shape, performance, functionality, and price. The information handling system may include memory, one or more processing resources such as a central processing unit (CPU) or hardware or software control logic. Additional components of the information handling system may include one or more storage devices, one or more communications ports for communicating with external devices as well as various input and output (U0) devices, such as a keyboard, a mouse, and a video display. The information handling system may also include one or more buses operable to transmit communications between the vaxious hardware components.
While the invention may be adaptable to various modifications and alternative forms, specific embodiments have been shown by way of example and described herein. However, it should be understood that the invention is not intended to be limited to the particular forms disclosed. Rather, the invention is to cover all modifications, equivalents, and alternatives falling within the scope of the invention as defined by the appended claims. Moreover, the different aspects of the disclosed systems and methods may be utilized in various combinations and/or independently.
Thus the invention is not limited to only those combinations shown herein, but rather may include other combinations.

Claims (18)

1. A method of managing in-band connection of information handling systems configured as wireless devices, comprising at least one of: using out-of-band wireless communication to manage in-band wireless connection of the wireless devices based at least in part on one or more wireless device profiles; or using out-of-band wireless communication to perform device configuration management; or using out-of-band wireless communication to perform device profile configuration management; or any combination thereof; the method further comprising: creating at least one wireless device profile by negotiating out-of-band authentication with at least one wireless device of the wireless device profile using in-band wireless communication; and activating the at least one wireless device profile by authenticating the at least one wireless device using out—of—band wireless communication communicated fiom the at least one wireless device.
2. The method of claim 1, wherein the out—of-band wireless communication comprises radio frequency identification (RFID) communication.
3. The method of claims 1 or 2, further comprising providing authentication for in-band wireless connection of the wireless devices based on proximity of the wireless devices by only activating at least one wireless device for in-band wireless connection when the at least one wireless device is authenticated using out-of-band wireless communication communicated from the at least one wireless device; and wherein the out-of-band wireless communication has a communication range that is shorter than a communication range of the in-band wireless communication.
4. The method of any one of the preceding claims, further comprising controlling in-band wireless connection between the wireless devices using an in-band wireless security mechanism.
5. The method of any one of the preceding claims, further comprising using an infonnation handling system to manage in-band wireless connection of the wireless devices using out-of-band wireless communication.
6. A method of managing in-band wireless connection of infonnation handling systems configured as wireless devices, comprising using out-of-band radio frequency identification (RF ID) communication to authenticate at least one of the wireless devices for in-band wireless connection; creating at least one wireless device profile on the information handling system that contains the identity of a first wireless device by negotiating out-of-band authentication with the first wireless device of the wireless device profile using in-band wireless communication; and activating the at least one wireless device profile by authenticating the at least one wireless device for in-band wireless connection using out—of-band RFID wireless communication communicated from the first wireless device to a second wireless device, and activating the first wireless device for in-band wireless connection with the second wireless device after the first wireless device is authenticated.
7. The method of claim 6, wherein said negotiating out-of-band authentication is negotiating RFID out-of-band authentication.
8. The method of claims 6 or 7, further comprising: wherein the RFID communication comprises RFID communication between an RFID tag associated with the first wireless device and an RFID reader associated with the second wireless device; and wherein the RFID communication has a communication range that is shorter than a communication range of the in-band wireless communication.
9. The method of claim 8, further comprising controlling in-band wireless connection between the first wireless device and the second wireless device using an in-band wireless security mechanism.
10. The method of any of claims 6 to 9, wherein the first wireless device is authenticated by communicating identification information from the at least one first wireless device to the second wireless device using the RFID communication, the identification information identifying the first wireless device; and matching the identification information to corresponding identification information contained in the at least one wireless device profile on the second wireless device.
11. The method of any of claims 6 to 10, further comprising: creating two or more wireless device profiles on the infomiation handling system, a second one of the wireless device profiles containing the identity of a third wireless device; choosing the second one of the wireless device profiles on the second wireless device for activation; and activating the second wireless profile on the second wireless device by 5 authenticating at least one respective wireless device of the second wireless profile using RF ID wireless communication communicated from the at least one respective wireless device of the second wireless profile to the second wireless device; and 10 activating the at least one respective wireless device of the second wireless profile for in-band wireless connection with the second wireless device after the at least one respective wireless device of the record wireless profile authenticated. 15
12. A wireless networking connection management system, comprising a first information handling system configured to use out-of-band RFID communication to manage in-band wireless connection to one or more other information handling systems configured as secondary wireless devices; 20 wherein the first infonnation handling system is configured as a profile manager, the profile manager being configured to: create at least one secondary wireless device profile on the first information 25 handling system that contains the identity of at least one secondary wireless device by negotiating out-of-band RFID authentication with the at least one secondary wireless device of the secondary wireless device profile using in-band wireless communication; and 30 activate the at least one secondary wireless device profile by authenticating the at least one secondary wireless device for in-band-wireless connection using out-of-band RFID wireless communication communicated from the at least one secondary wireless device to the first information handling system, and activating the at least one secondary wireless device for in-band wireless connection with the first information handling system after the at least one secondary wireless device is authenticated.
13. The system of claim 12: wherein the RFID communication comprises RFID communication between an RF ID tag associated with the at least one secondary wireless device and an RF ID reader associated with the first information handling system; and wherein the RFID communication has a communication range that is shorter than a communication range of the in-band wireless communication.
14. between the at least one secondary wireless device and the first information handling The system of claims 12 or 13 , wherein the in-band wireless connection system is controlled using an in-band wireless security mechanism.
15. handling system is configured to authenticate the at least one secondary wireless The system of any of claims 12, 13 or 14, wherein the first information device by: receiving identification infonnation communicated from the at least one secondary wireless device to the first information handling system using the RF ID communication, the identification information identifying the at least one secondary wireless device; and matching the identification information commmiicated from the at least one secondary wireless device to corresponding identification information contained in the at least one secondary wireless device profile on the first information handling system.
16. The system of any of claims 12 to l5, wherein the first information handling system is further configured to: allow creation of two or more secondary wireless device profiles on the first information handling system, a first one of the two or more secondary wireless device profiles corresponding to the at least one secondary wireless device profile, and a second one of the two or more secondary wireless device profiles containing the identity of a second secondary wireless device that is different from the at least one secondary wireless device; allow the second one of the two or more secondary wireless device profiles on the first infonnation handling system to be chosen for activation; and activate the second one of the two or more wireless profiles on the first information handling system by authenticating at least one respective secondary wireless device within the second one of the two or more wireless profiles using RPID wireless communication communicated from said at least one respective secondary wireless device to the first infonnation handling system, and activating the at least one respective secondary wireless device for in-band wireless connection with the first information handling system after the at least one respective secondary wireless device is authenticated.
17. A method of managing in-band connection of information handling systems, the method being substantially as described with respect to any of the accompanying drawings.
18. A wireless connection managing system substantially as shown in or as described with respect to any of the accompanying drawings.
IE2006/0163A 2006-03-03 Systems and methods for managing out-of-band device connection IE85004B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
USUNITEDSTATESOFAMERICA11/03/20051
US11/078,153 US7386275B2 (en) 2005-03-11 2005-03-11 Systems and methods for managing out-of-band device connection

Publications (2)

Publication Number Publication Date
IE20060163A1 IE20060163A1 (en) 2006-09-20
IE85004B1 true IE85004B1 (en) 2008-10-15

Family

ID=

Similar Documents

Publication Publication Date Title
US7386275B2 (en) Systems and methods for managing out-of-band device connection
US8542834B1 (en) System and method for securely pairing a wireless peripheral to a host
CN100448208C (en) System and method for concurring WLAN and WPAN wireless modes from a single device
US8254992B1 (en) Wireless docking system and pairing protocol for multiple dock environments
EP2198652B1 (en) Rfid based network admission control
US7786861B2 (en) Detecting theft and disabling stolen equipment
CN101884178B (en) Method and system for communication in near field communication network
US20070046432A1 (en) Local processing of received RFID tag responses
CN105391891A (en) Method of setting wireless connection via near field communication function and image forming apparatus for performing the method
CN101366259A (en) Automatic configuration of devices upon introduction into a networked environment
US20080068130A1 (en) Methods and apparatus for location-dependent disabling of mobile devices
CN101247610A (en) Method, equipment and system for managing multi-short distance wireless technical communication
WO2006000868A3 (en) System and method for selecting of versions for snmp communication
US20080136621A1 (en) Methods and apparatus for wlan management using rf tags
JP2005537710A (en) Personal area network
US9094773B2 (en) System and method for enabling wireless connectivity of a device
TW201503655A (en) User terminal authentication method of access point apparatus
CN103517272A (en) Wireless network user authentication system and wireless network connection method thereof
KR101081535B1 (en) Method and Devices Transmitting Data for Bluetooth Mobile Phone by RFID
IE85004B1 (en) Systems and methods for managing out-of-band device connection
US20080068136A1 (en) Methods and apparatus for autoconfiguration of RFID readers
KR101487349B1 (en) Terminal Authentication Method in Wireless Access Point and Wireless LAN System using the same
US20090160611A1 (en) Enhanced Communication Via RFID Interrogator
US7672947B2 (en) Asset attachment device
US20090121831A1 (en) Dynamic reprogramming of an intelligent controller utillizing a smart card