| CPC H04W 12/086 (2021.01) [H04L 63/0209 (2013.01); H04L 63/10 (2013.01); H04W 12/122 (2021.01); H04W 12/66 (2021.01); H04W 12/73 (2021.01); H04W 84/12 (2013.01); H04W 12/71 (2021.01)] | 9 Claims |
|
1. A method for securing accesses to a communication network, executed by a device for securing access comprising at least one wireless connection device of the type consisting of an access point to said network and a data-frame routing device, said network comprising a first sub-network referred to as a “trusted zone” and a second sub-network referred to as a “quarantine zone”, the routing device being configured so that a station connected to the network by association with the wireless connection device by means of a first sub-network identifier can access third-party devices connected in the trusted zone, and so that a station connected to the network by association with the wireless connection device by means of a second sub-network identifier cannot access third-party devices connected in the trusted zone and can access third-party devices connected in the quarantine zone, wherein the method comprises:
sending, by the wireless connection device, information frames comprising a network identifier common to the trusted zone and to the quarantine zone,
receiving, by the wireless connection device, a join request sent by a station, the request comprising the network identifier common to the trusted zone and to the quarantine zone,
determining, by an access controller of the device for securing access, a parameter that is: (1) representing accesses made in said network by the station sending the join request, and (2) a value representing compliance or non-compliance with security rules or security behaviour defined and satisfying a security level sought in the communication network, obtained by comparing accesses made by said station with standard accesses defined in accordance with a catalogue of accesses, the spatial or temporal distribution of which are judged to be illegal within the communication network with respect to said security rules or security behaviour defined and satisfying a security level sought in the communication network,
conditionally granting, by the access controller of the device for securing access, to the station sending the join request, an authorisation to access the trusted zone via the wireless connection device according to said parameter, and, in the case of refusal of access to the trusted zone, granting, to said station, authorisation to access the quarantine zone or to a third sub-network,
refusing authorisation to access the trusted zone and granting authorisation to access the quarantine zone to the station when the station first connects to the communication network, and
granting authorisation to access the trusted zone to the station and refusing authorisation to access the quarantine zone to the station when no access from said station to the communication network is identified as illegal after a predetermined period of time as from the station's first connection to the communication network.
|