| Sonstiges: |
- Nachgewiesen in: USPTO Patent Grants
- Sprachen: English
- Patent Number: 11595,429
- Publication Date: February 28, 2023
- Appl. No: 17/189743
- Application Filed: March 02, 2021
- Assignees: 802 Secure, Inc. (Pleasanton, CA, US)
- Claim: 1. A computer-implemented method for threat monitoring and vulnerability management on a project 25 (P25) network, the method comprising: receiving data from a plurality of sensors within the P25 network, the plurality of sensors being distributed to cover the P25 network and to listen in on communications within the P25 network; analyzing, in real-time, the received data based on historical data patterns associated with the P25 network to determine whether a security threat exists within the P25 network; and in response to determining that the security threat exists, alerting, in real-time, the security threat to a network controller to enable the network controller to take one or more corrective actions in response to the security threat to the P25 network.
- Claim: 2. The method of claim 1 , wherein analyzing the received data comprises: identifying data anomalies in the received data by comparing the received data with the historical data patterns, in response to the identified data anomalies in the received data, comparing the data anomalies with user preset thresholds, and in response to determining that some of the data anomalies exceeds at least one user preset threshold, determining that the security threat exists within the P25 network.
- Claim: 3. The method of claim 2 , further comprising: determining whether the security threat is use of a cloned radio that mimics an authorized connection within the P25 network, a jamming of radio frequency (RF) communication within the P25 network, or a jamming of a voice communication within the P25 network.
- Claim: 4. The method of claim 2 , wherein the user preset thresholds include a signal strength threshold, a signal interference threshold, and a noise threshold.
- Claim: 5. The method of claim 3 , wherein determining whether the security threat is the use of a cloned radio that mimics an authorized connection within the P25 network, the jamming of RF communication within the P25 network, or the jamming of a voice communication within the P25 network comprises: extracting a source subscriber unit identifier (SU ID) and a signal strength from the received data, determining whether the SU ID is valid, and determining whether the signal strength is below or above a signal strength threshold; comparing signal interference information from the received data with a signal interference threshold, and determining whether there is increased interference at a location within the P25 network covered by some of the sensors; or comparing noise information from the received data with a noise threshold, and determining whether the noise information exceeds the noise threshold.
- Claim: 6. The method of claim 1 , wherein the security threat is alerted to the network controller via a communication link different from the communication links used to receive the data from the plurality of sensors.
- Claim: 7. The method of claim 2 , further comprising: displaying information associated with the security threat when some of the received data crosses the at least one user preset threshold.
- Claim: 8. The method of claim 7 , wherein the displayed information includes received signal strength indication (RSSI) mapping, bit error rate (BER) mapping, system degradation trends, and P25 control channel validation.
- Claim: 9. The method of claim 1 , wherein the received data comprises network characteristics of the P25 network and activity information of one or more communication devices associated with the P25 network, the historical data patterns comprise activity information of one or more communication devices that meets expectation of the P25 network when the communication device(s) connect to the P25 network from one or more locations within the P25 network, received signal strength indication (RSSI) values of the one or more locations within the P25 network, problems identified and corrected within the P25 network, locations of the problems, corrective procedures of the problems, and degradation trends within the P25 network.
- Claim: 10. The method of claim 1 , further comprising: obtaining a location within the P25 network where the security threat occurs; and sending the location to the network controller.
- Claim: 11. A security threat monitoring and vulnerability management system for a project 25 (P25) network, the system comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations, the operations including: receiving data using a plurality of sensors within the P25 network, the plurality of sensors being distributed to cover the P25 network and to listen in on communications within the P25 network; analyzing, in real-time, the received data based on historical data patterns associated with the P25 network to determine whether a security threat exists within the P25 network; and in response to determining that the security threat exists, alerting, in real-time, the security threat to a network controller to enable the network controller to take one or more corrective actions in response to the determined security threat to the P25 network.
- Claim: 12. The system of claim 11 , wherein analyzing the received data comprises: identifying an anomaly in the received data by comparing the received data with the historical data patterns, in response to the identified anomaly in the received data, comparing the received data with user preset thresholds, and in response to determining that some of the received data exceeds at least one user preset threshold, determining that the security threat exists within the P25 network.
- Claim: 13. The system of claim 12 , wherein the operations further include: determining whether the security threat is use of a cloned radio that mimics an authorized connection within the P25 network, a jamming of radio frequency (RF) communication within the P25 network, or a jamming of a voice communication within the P25 network.
- Claim: 14. The system of claim 12 , wherein the user preset thresholds include a signal strength threshold, a signal interference threshold, and a noise threshold.
- Claim: 15. The system of claim 13 , wherein determining whether the security threat is the use of a cloned radio that mimics an authorized connection within the P25 network, the jamming of RF communication within the P25 network, or the jamming of a voice communication within the P25 network comprises: extracting a source subscriber unit identifier (SU ID) and a signal strength from the received data, determining whether the SU ID is valid, and determining whether the signal strength is below or above a signal strength threshold; comparing signal interference information from the received data with a signal interference threshold, and determining whether there is increased interference at a location within the P25 network covered by some of the sensors; or comparing noise information from the received data with a noise threshold, and determining whether the noise information exceeds the noise threshold.
- Claim: 16. The system of claim 11 , wherein the security threat is alerted to the network controller via a communication link different than communication links used to receive the data from the plurality of sensors.
- Claim: 17. The system of claim 12 , wherein the operations further include: displaying information associated with the security threat when some of the received data crosses the at least one user preset threshold.
- Claim: 18. The system of claim 17 , wherein the displayed information includes received signal strength indication (RSSI) mapping, bit error rate (BER) mapping, system degradation trends, and P25 control channel validation.
- Claim: 19. The system of claim 11 , wherein the received data comprises network characteristics of the P25 network and activity information of one or more communication devices associated with the P25 network, the historical data patterns comprise activity information of one or more communication devices that meets expectation of the P25 network when the communication device(s) connect to the P25 network from one or more locations within the P25 network, received signal strength indication (RSSI) values of the one or more locations within the P25 network, problems identified and corrected within the P25 network, locations of the problems, corrective procedures of the problems, and degradation trends within the P25 network.
- Claim: 20. The system of claim 11 , wherein the operations further include: obtaining a location within the P25 network where the security threat occurs; and sending the location to the network controller.
- Patent References Cited: 10169119 January 2019 Snyder ; 20030228857 December 2003 Maeki ; 20170374573 December 2017 Kleinbeck ; 20180211179 July 2018 Dzierwa
- Other References: Federal Partnership for Interoperable Communications (FPIC) Security Working Group et al., “Best Practices for Encryption in P25 Public Safety Land Mobile Radio Systems”, Sep. 2016, pp. 1-20. cited by applicant ; Public Safety Wireless Network (PSWN), “Digital Land Mobile Radio (DLMR) System Security Guidelines Recommendations”, Oct. 1998, 33 pp. total. cited by applicant ; Yeh, Hen-Geul et al., “Survey of Port Communication Equipment for Safety, Security, and Interoperability”, https://www.researchgate.net/publication/238094538, Oct. 29, 2014, pp. 1 23. cited by applicant
- Primary Examiner: Idowu, Olugbenga O
- Attorney, Agent or Firm: Womble Bond Dickinson (US) LLP
|
