Prior art

To identify the most relevant prior art for US Patent 7224678, we will examine the patent citations listed on the patent's Google Patents page. These are the documents cited by the examiner or applicant during the patent's prosecution. The focus will be on documents that most directly disclose the inventive concepts of US7224678, particularly its independent claims related to wireless network intrusion detection using MAC layer anomalies.

The most strikingly relevant prior art identified from the patent citations is WO0137532A2, due to its identical inventor, assignee, and abstract content, coupled with an earlier publication date.

1. WO0137532A2 - Wireless network having intrusion detection and related methods

• Full Citation: WO0137532A2 (Billhartz, Thomas Jay; Harris Corp.)

• Publication/Filing Date:

  • Publication Date: 2001-05-25
  • Filing Date: 2000-11-15

• Brief Description: This international patent application describes a wireless network system and method for detecting intrusions. It features a policing station that monitors transmissions among stations to detect various anomalies at the Media Access Control (MAC) layer. Specifically, it discloses detecting Frame Check Sequence (FCS) errors from a MAC address, failed attempts to authenticate MAC addresses, illegal Network Allocation Vector (NAV) values in RTS/CTS packets, and contention-free mode operation outside of a Contention-Free Period (CFP) (or contention mode operation during a CFP). Upon detection of these anomalies, an intrusion alert is generated.

• Potential Anticipation (35 U.S.C. § 102): This document appears to directly anticipate all independent claims of US7224678 (Claims 1, 12, 22, 30, 36, 42, 51, 59, 65, 69). The abstract of WO0137532A2 contains language virtually identical to the abstract and summary of US7224678, explicitly disclosing the core elements of each independent claim:

  • Claim 1 (System - FCS Errors): "monitoring transmissions among the plurality of stations to detect frame check sequence (FCS) errors from a MAC address, and generating an intrusion alert based upon detecting a number of FCS errors for the MAC address exceeding a threshold."
  • Claim 12 (System - Failed Authentications): "detect intrusions by monitoring transmissions among the plurality of stations to detect failed attempts to authenticate MAC addresses, and generating an intrusion alert based upon detecting a number of failed attempts to authenticate a MAC address."
  • Claim 22 (System - Illegal NAV Values): "detect intrusions by monitoring RTS and CTS packets sent between the plurality of stations to detect an illegal NAV value therein and generate an intrusion alert based thereon."
  • Claim 30 (System - Contention-Free Mode outside CFP): "detect intrusions by monitoring transmissions among the plurality of stations to detect contention-free mode operation outside of a CFP."
  • Claim 36 (System - Contention Mode during CFP): "(or vice versa) and generate an intrusion alert based thereon," covering contention mode during CFP.
  • Claims 42, 51, 59, 65, 69 (Method Claims): The method aspects corresponding to the system claims are implicitly and directly described by the detection and alert generation steps outlined for each anomaly.

  Since WO0137532A2 was published on 2001-05-25, which is prior to the filing date of US7224678 (2002-08-12), and US7224678 does not claim priority back to WO0137532A2, this document constitutes strong prior art.

2. US6526053B1 - Method and system for managing wireless local area network security

• Full Citation: US6526053B1 (Ramaswamy et al.)
• Publication/Filing Date:
  • Publication Date: 2003-02-25
  • Filing Date: 1999-08-30
• Brief Description: This patent describes a system and method for managing wireless local area network (WLAN) security using a centralized security server (CSS). The CSS queries wireless access points (APs) for client event logs and configuration information, storing it in a database. It analyzes these logs to identify abnormal events, such as unauthorized MAC addresses, multiple clients using the same MAC address, or clients roaming outside authorized areas. Upon detection, an alert is generated, and actions like client de-authentication or disconnection may be taken.
• Potential Anticipation (35 U.S.C. § 102): This patent is highly relevant, particularly for claims related to MAC address monitoring:
  • Claim 12 (System - Failed Authentications) & Claim 51 (Method - Failed Authentications): The abstract's mention of identifying "unauthorized MAC addresses" and taking actions like "de-authenticating or disconnecting the client" suggests a detection of unauthorized or failed MAC address authentications, closely aligning with these claims.
  • Related to FIG. 10 / Method Block 202 (Collisions of same MAC address): The explicit disclosure of detecting "multiple clients using the same MAC address" directly anticipates the concept of detecting collisions of a same MAC address, which is a specific intrusion detection feature described in detail in the specification of US7224678 (e.g., FIG. 10 and related description). While this specific feature is not an independent claim, it's a key disclosed embodiment.

3. IEEE 802.11 Standard, 1999 Edition

• Full Citation: "IEEE Standards for Information Technology—Telecommunications and Information Systems—Local and Metropolitan Area Network—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications," 1999 Edition.
• Publication/Filing Date: 1999.
• Brief Description: This is a foundational industry standard defining the protocols for wireless local area networks. It specifies various MAC layer elements, including frame check sequences (FCS), MAC addresses, Request To Send (RTS)/Clear To Send (CTS) packets, Network Allocation Vectors (NAV), contention and contention-free periods (CFP), and the Wired Equivalent Privacy (WEP) algorithm. US7224678 incorporates this standard by reference.
• Potential Anticipation (35 U.S.C. § 102): The IEEE 802.11 standard itself does not directly anticipate the intrusion detection methods claimed in US7224678. Instead, it provides the technical framework and defines the mechanisms (e.g., FCS, NAV, contention modes) that US7224678's invention monitors for anomalies to detect intrusions. The background of US7224678 explicitly states that "While the WEP algorithm does provide some measure of network security, it does not detect or report potential intrusions into the network." Therefore, while essential background, it would not anticipate the novel intrusion detection logic under 35 U.S.C. § 102, but rather would be crucial for a 35 U.S.C. § 103 (obviousness) analysis.