Background

[0001 ] Devices such as computers, handheld devices, or other types of devices can communicate over wired or wireless networks. Wireless networks can include a wireless local area network (WLAN), which includes wireless access points (APs) to which devices are able to wirelessly connect. Other types of wireless networks include cellular networks that comprise wireless access network nodes to which devices are able to wirelessly connect.

Summary

[0002] Accordingly there is provided a wireless device, a method, a non- transitory machine-readable storage medium and a computer program as detailed in the claims that follow.

Brief Description Of The Drawings

[0003] Some implementations of the present disclosure are described with respect to the following figures.

[0004] Fig. 1 is a block diagram of an example arrangement that includes a wireless device and wireless networks, according to some implementations.

[0005] Fig. 2 is a block diagram of components in a wireless device according to some implementations. [0006] Figs. 3 and 4 are flow diagrams of example processes according to various implementations.

Detailed Description

[0007] In a wireless local area network (WLAN), a wireless device may communicate with one or multiple wireless access points (APs). A wireless AP (or more simply, an AP) can refer to a communication device to which a wireless device can establish a wireless connection to communicate with other endpoint devices. WLANs can include wireless networks that operate according to the Institute of Electrical and Electronic Engineers (IEEE) 802.1 1 or Wi-Fi Alliance Specifications. In other examples, WLANs can operate according to other protocols. More generally, techniques or mechanisms according to some implementations of the present disclosure can be used with other types of wireless networks, such as cellular networks or other wireless networks. In a cellular network, an AP can refer to a wireless access network node, such as a base station or enhanced node B (eNodeB) in a cellular network that operates according to the Long-Term Evolution (LTE) standards as provided by the Third Generation Partnership Project (3GPP). The LTE standards are also referred to as the Evolved Universal Terrestrial Radio Access (E-UTRA) standards.

[0008] Examples of wireless devices include computers (e.g., tablet computers, notebook computers, desktop computers, etc.), handheld devices (e.g. smart phones, personal digital assistants, etc.), wearable devices (smart watches, electronic eyeglasses, head-worn devices, etc.), game appliances, health monitors, vehicles (or equipment in vehicles), or other types of endpoint or user devices that are able to communicate wirelessly. More generally, a wireless device can refer to an electronic device that is able to communicate wirelessly.

[0009] A wireless device can perform discovery activities to identify available services or devices of wireless networks. Identifying available services or devices of wireless networks can include identifying information relating to the services or devices. Examples of information relating to devices of wireless networks can include any or some combination of the following: information about the wireless networks, information about APs, information about operators of APs, information about endpoint or user devices in the wireless networks, and so forth. Examples of information about services offered by wireless networks can include any or some combination of the following: information of specific service providers accessible through an AP, information about a cellular network accessible through an AP, information about capabilities of an AP, information about an authentication type used to perform authentication, information about an Internet Protocol (IP) address version or type that can be allocated, information about metrics of a connection between an AP and an external network (e.g., the Internet), information about communication protocols and ports of an AP, and so forth.

[0010] In the ensuing discussion, reference is made to performing discovery activities for services or devices of WLANs. However, techniques or mechanisms according to some implementations can be applied to discovery activities relating to other types of wireless networks.

[001 1 ] In some examples, a discovery activity of a wireless device includes scanning for WLANs, where the scanning can include active scanning or passive scanning. Active scanning can refer to a wireless device sending a scan command, such as in the form of a Probe Request to locate an AP of a WLAN. Passive scanning can refer to a wireless device listening to advertisements from an AP, such as in the form of a Probe Response or Beacon, without the wireless device first sending any scan commands. [0012] In other examples, other types of discovery activities can be performed. Such other discovery activities can involve sending queries according to other protocols, such as a Generic Advertisement Service (GAS) query, an Access Network Query Protocol (ANQP) request, a Wi-Fi Direct protocol, a Neighbor Awareness Networking (NAN) query, a Fast Initial Link Setup (FILS) query, or other queries, together with the receiving of the corresponding responses in response to the queries.

[0013] In some examples, GAS is a protocol provided by IEEE 802.1 1 , and provides over-the-air transportation for frames of higher-layer advertisements between WLAN stations (STAs) (such as the wireless device) or between a server in an external network and a WLAN station. The purpose of GAS is to enable a station to send a GAS query to identify the availability of information related to network services or devices of a wireless network, while the station is in a pre-associated or unassociated state. GAS defines a generic container to advertise network services information over an IEEE 802.1 1 network. [0014] In further examples, the wireless device is able to send an ANQP request, which is a form of query, to an AP of a wireless network. In response to the ANQP request, the AP can send to the wireless device information elements that describe the services or devices available at the wireless network. The wireless device can use ANQP to obtain such information without having to associate with the wireless network, e.g., while the wireless device is in a pre-associated or unassociated state.

[0015] Another type of discovery activity can relate to discovery performed according to Wi-Fi Direct, which provides a mechanism for a peer-to-peer (P2P) network built on top of an IEEE 802.1 1 WLAN protocols. Wi-Fi Direct is also referred to as "Wi-Fi P2P," which is specified by standards provided by the Wi-Fi Alliance. An arrangement of wireless devices that are able to communicate according to Wi-Fi Direct includes a P2P Group Owner (GO) and P2P client devices. In terms of behavior at Layers 1 to 3, the GO operates as an AP, while the client devices operate as non-AP STAs. The differences between Wi-Fi Direct operations and regular IEEE 802.1 1/Wi-Fi operations include discovery and group formation procedures. Once a Wi-Fi Direct group is formed and operating, the operation of the Wi-Fi Direct group is similar to operation according to IEEE 802.1 1 in which a traditional fixed AP is used.

[0016] NAN relates to a network that can be established among wireless devices that are in close proximity. A NAN query can be sent by the wireless device to discover other NAN devices or services of a wireless network.

[0017] An FILS query can be sent by the wireless device to establish a wireless connection with a wireless network within a relatively short time duration, e.g., 100 milliseconds. FILS allows for discovery by the wireless device of an AP of a wireless network to allow for establishment of a wireless link.

[0018] Discovery activities performed by a wireless device can cause certain information relating to the wireless device to be exposed. Such information can correspond to Personally Identifying Information (PI I) or Personal Correlated

Information (PCI) since information about the device is information about the user of the device. For example, location information of the wireless device can be exposed, since the detection of messages transmitted by the wireless device during discovery activities can allow for an entity that is monitoring a WLAN to determine the approximate location of the wireless device. Such an entity can be an electronic device of a passive attacker that wishes to determine wireless devices within the vicinity of the attacker.

[0019] Another issue associated with discovery activities of a wireless device is that certain third party applications that may run on the wireless device may attempt to initiate discovery activities of the wireless device to collect information or Pll relating to the wireless device, such as the location of a wireless device. The third party application may then attempt to send such location information back to a developer of the third party application, an advertisement network affiliated with the application, or some other entity that is external of the wireless device.

[0020] In addition to the possibility of exposing information of a wireless device due to discovery activities, it is noted that discovery activities can also cause increased power consumption at the wireless device that can deplete a battery of the wireless device.

[0021 ] In accordance with some implementations of the present disclosure, a mechanism can be added to a wireless device to monitor discovery activities that may be initiated by an application executing in the wireless device. An application can refer generally to any program including machine-readable instructions that can be loaded in the wireless device. For example, a user may download an application to the wireless device. Alternatively, the wireless device can be pre-loaded with an application. [0022] Fig. 1 is a block diagram of an example arrangement that includes a wireless device 102 and multiple WLANs 104-1 and 104-2. The WLAN 104-1 includes an AP 106-1 , and the WLAN 104-2 includes an AP 106-2. Although just one AP is shown as being part of each WLAN, it is noted that in other examples, multiple APs can be included in a WLAN. Moreover, even though just two WLANs are depicted in Fig. 1 , it is noted that in other examples, more than two WLANs or just one WLAN may be in the communication range of the wireless device 102.

[0023] The wireless device 102 includes a number of applications 108 that can execute in the wireless device 102. One or more of these applications 108 can perform discovery activities to identify services or devices of WLANs that are within the communication range of the wireless device 102, such as the WLANs 104-1 and 104-2. The discovery activities can cause discovery messages 107 to be

communicated between the wireless device 102 and one or more of the APs 106-1 and 106-2 in the WLANs 104-1 and 104-2, respectively. A discovery message can refer to any message that is communicated between the wireless device 102 and a WLAN (or other type of wireless network) as part of a discovery activity, where the discovery message can include a request sent by the wireless device 102, or a response sent by the wireless device 102 in response to a request from a WLAN (or other type of wireless network. The discovery message can refer to an entire message or an information element within a message.

[0024] As noted above, a passive attacker device 1 10 can be present in a communication range of at least one of the WLANs 104-1 and 104-2, such as the passive attacker device 1 10 that is in the communication range of the WLAN 104-2. Note that the passive attacker device 1 10 may or may not be associated with the WLAN 104-2. The passive attacker device 1 10 is able to operate on a channel of the WLAN 104-2, such that the passive attacker device 1 10 is able to receive communications of other devices on the channel. The passive attacker device 1 10 can monitor the wireless communication medium between the wireless device 102 and the WLAN 104-2, and can detect discovery messages that are exchanged between the wireless device 102 and the WLAN 104-2.

[0025] In other examples, a particular application 108 may collect information of the wireless device 102 based on discovery activities initiated by the particular application 108, so that the particular application 108 can communicate the information (such as the location of the wireless device 102, Pll, PCI, or other information) to a remote entity, such as the developer of the particular application 108 or some other entity.

[0026] In accordance with some implementations of the present disclosure, a discovery monitoring engine 1 12 can be provided in the wireless device 102 to monitor discovery activities of the wireless device 102. The discovery monitoring engine 1 12 can be implemented with a hardware processing circuit, or as a combination of machine-readable instructions executable on the hardware

processing circuit.

[0027] The discovery monitoring engine 1 12 can provide, to a target entity, a notification containing information relating to the monitored discovery activities. The target entity can be an entity that resides in the wireless device 102, or an entity that is external of the wireless device. For example, the target entity can include a user interface to present the notification (where the user interface is displayed in a display of the wireless device 102), an operating system in the wireless device 102, a designated application in the wireless device 102, an application programming interface (API), or any other entity in the wireless device 102. Sending a notification to the API can cause the notification to be sent or forwarded to another entity, whether inside the wireless device 102 or external of the wireless device 102.

[0028] An external target entity can include a mobile device management (MDM) service that is used for administering wireless devices. For example, an MDM service can be used to ensure that users of wireless devices stay productive and are not breaching corporate policies. An MDM service can also perform configuration of wireless devices. In other examples, the discovery monitoring engine 1 12 is able to send a notification containing information relating to monitored discovery activities to another type of external entity, such as a remote server.

[0029] The wireless device 102 includes a wireless interface 1 14 to communicate wirelessly with other devices, such as the APs 106-1 and 106-2. The wireless interface 1 14 can include a wireless transceiver, such as a radio frequency (RF) transceiver, to transmit and receive wireless signals. Although not shown, the wireless device 102 can also include protocol layers to allow the wireless device 102 to communicate according to respective protocols over a wireless link through the wireless interface 1 14.

[0030] Fig. 2 is a block diagram of an example wireless device 102 according to further implementations. The wireless device 102 includes a driver 202 for the wireless interface 1 14. The driver 202, which can be implemented as machine- readable instructions, is an interface between programs in the wireless device 102 and the hardware of the wireless interface 1 14. In accordance with some

implementations of the present disclosure, the driver 202 includes logging logic 204 that can be used to log information 206 of discovery activities performed by the wireless device 102. The logged information 206 of discovery activities can be stored in the wireless device 102, such as in a storage medium 208 in the wireless device 102.

[0031 ] Logged information of a discovery activity can include any one or more of the following: information of a discovery message (such as a discovery query or discovery response) that was transmitted by the wireless device 102, as part of the discovery activity, a time of the discovery activity, such as the start time and/or the completion time of a discovery activity, a location of the discovery activity, a channel list (which lists one or more channels of a wireless link used in the discovery activity), a network address, such as a Medium Access Control (MAC) address or Internet Protocol (IP) address, information identifying the type of discovery activity (e.g., active scan, passive scan, GAS discovery, ANQP discovery, Wi-Fi Direct discovery, NAN discovery, FILS discovery, etc.), and so forth.

[0032] In some examples, the logged information of a discovery activity can also include information identifying the application 108 that initiated the discovery activity. The information identifying the application 108 can include a name of the application 108, or any other information that can be used to derive an identity of the application 108. The information identifying the application 108 that initiated the discovery activity can be used to determine whether an application that is not authorized or that should not be initiating discovery activities is causing such discovery activities to occur.

[0033] The wireless device 102 can also include a discovery application programming interface (API) 210, which includes routines that can be invoked by an application 108 to perform a discovery activity through the wireless interface 1 14. For example, the application 108 can invoke a routine in the discovery API 210 to transmit a discovery message (such as a discovery request) through the driver 202 and the wireless interface 1 14 and then receive any corresponding replies.

[0034] Discovery messages passed through the driver 202 are logged by the logging logic 204 of the driver 202 to provide the logged information 206 of discovery activities.

[0035] The wireless device 102 can also include a monitoring application 212 and a monitoring API 214. The monitoring application 212 and the monitoring API 214 can be part of the discovery monitoring engine 1 12 of Fig. 1 . The monitoring API 214 includes routines that can be invoked by the monitoring application 212 to subscribe to events of the driver 202, including events relating to discovery activities. For example, the monitoring application 212 can use the monitoring API 214 to subscribe to events relating to logged discovery activities, so that the driver 202 can send the information of logged discovery activities to the monitoring application 212. [0036] The wireless device 102 further includes a processor 216 (or multiple processors). Machine-readable instructions are executable on the processor(s) 216, including machine-readable instructions of the monitoring application 212, the monitoring API 214, the driver 202, the application 108, and the discovery API 210. A processor can include a microprocessor, a core of a multi-core microprocessor, a microcontroller, a programmable integrated circuit, a programmable gate array, or another hardware processing circuit.

[0037] Fig. 3 is a flow diagram of an example process that can be performed by the wireless device 102, in accordance with some implementations. The process includes logging (at 302) infornnation of discovery activities perfornned by the wireless device to identify services or devices of wireless networks. In some examples, the logging can be performed by the driver 202 of Fig. 2. The discovery activities that can be monitored can include one type of discovery activities (e.g., active scans by the wireless device 102) or multiple different types of discovery activities (e.g., active scans, passive scans, GAS discovery, ANQP discovery, Wi-Fi Direct discovery, NAN discovery, FILS discovery, etc.).

[0038] The process further includes determining (at 304) whether the logged discovery activities cause violation of at least one rule or policy. Note that in some examples, the terms "rule" and "policy" are used interchangeably. In other examples, a policy can include one or more rules. The at least one rule can include one or more of the following: a threshold relating to a number or rate of discovery activities, a threshold relating to power consumption, a threshold relating to a battery level, a rule relating to whether or not specific applications are allowed to initiate discovery activities, or any combination of the foregoing.

[0039] Thus, for example, a violation of the at least one rule is indicated in response to detecting that the number of discovery activities (e.g., number of discovery messages sent by the wireless device 102) exceeds the discovery activity threshold. As another example, a violation of the at least one rule is indicated in response to detecting that power consumption of the wireless device 102 that may be caused by discovery activities exceeds the power consumption threshold. As a further example, a violation of the at least one rule is indicated in response to detecting that a level of the battery in the wireless device 102 has fallen below the battery level threshold. As yet a further example, a violation of the at least one rule is indicated in response to detecting that an application that triggered a discovery activity should not have done so (e.g., the application is identified as one which does not normally trigger a discovery activity by the wireless device 102).

[0040] In response to determining that the logged discovery activities cause violation of the at least one rule, the process further includes providing (at 306), to a target entity, a notification of the logged information of the discovery activities. As discussed above, the target entity can be located in the wireless device 102, or can be external of the wireless device 102.

[0041 ] Tasks 304 and 306 can be performed by the monitoring application 212 in some examples. [0042] In some examples, the logged information of discovery activities can be filtered by a third party application (an application in the wireless device 102 that has triggered discovery activities) or by monitoring service (e.g., an MDM service). The filtering can cause only logged information of discovery activities for a specific third party application (of multiple third party applications) or for a specific monitoring service (of multiple monitoring services) to be analyzed for rule violation and potential notification.

[0043] In examples where there are multiple target entities that may be interested in receiving notifications of logged discovery activities, then respective different monitoring policies can be specified for the multiple target entities. For example, there can be multiple MDM services, or one or more MDM services and one or more internal target entities in the wireless device 102. Each of the different monitoring policies can include respective rule(s) governing whether there is a violation caused by the monitored discovery activities.

[0044] Fig. 4 is a flow diagram of an example process according to further implementations. The process of Fig. 4 includes filtering (at 402) information of discovery activities performed by the wireless device 102 to remove personal identifying information to produce filtered discovery information (which can include a subset of the information of the discovery activities). The filtering can be applied by the logging logic 204 (Fig. 2), or alternatively, the filtering can be applied by the monitoring application 212 (Fig. 2), in some examples.

[0045] An example of the personal identifying information that is filtered (deleted, scrambled, encrypted, or otherwise rendered un-decipherable or inaccessible) is a personal service set identifier (SSID). In other examples, personal identifying information such as a network address (e.g., MAC address or IP address) or a username can be filtered. More generally, "personal identifying information" can refer to any information that can be used to derive an identity of the wireless device 102 or the user of the wireless device 102. [0046] The process includes logging or providing notification (at 404) of the filtered discovery information. In examples where the filtering is applied by the logging logic 204, then the logged information 206 (Fig. 2) of discovery activities includes the filtered discovery information. Since the logged information 206 includes the filtered discovery information, the notification that is sent to a target entity would also include the filtered discovery information. In other examples, the logged information 206 of discovery activities is not filtered, but instead, the monitoring application 212 can perform the filtering such that the notification that is provided to a target entity includes the filtered discovery information.

[0047] In further examples, filtering of personal identifying information can involve scrambling a network address, such as a MAC address or IP address. The scrambling involves translating network addresses in messages of the discovery activities to translated network addresses. The translating can be performed by the logging logic 204 (Fig. 2) or the monitoring application 212 (Fig. 2), in some examples. The translating can be performed by using an address translation table, which translates between real network addresses and translated network addresses.

[0048] In such examples, the logging performed by the logging logic 204 can involve logging of the translated network addresses rather than the real network addresses, or the notification provided to the target entity includes the translated network addresses but not the real network addresses. [0049] A storage medium (e.g., storage medium 208 in Fig. 2) for storing machine-readable instructions can include one or multiple different forms of memory including semiconductor memory devices such as dynamic or static random access memories (DRAMs or SRAMs), erasable and programmable read-only memories (EPROMs), electrically erasable and programmable read-only memories (EEPROMs) and flash memories; magnetic disks such as fixed, floppy and

removable disks; other magnetic media including tape; optical media such as compact disks (CDs) or digital video disks (DVDs); or other types of storage devices. Note that the instructions discussed above can be provided on one computer- readable or machine-readable storage medium, or alternatively, can be provided on multiple computer-readable or machine-readable storage media distributed in a large system having possibly plural nodes. Such computer-readable or machine-readable storage medium or media is (are) considered to be part of an article (or article of manufacture). An article or article of manufacture can refer to any manufactured single component or multiple components. The storage medium or media can be located either in the machine running the machine-readable instructions, or located at a remote site from which machine-readable instructions can be downloaded over a network for execution.

[0050] In the foregoing description, numerous details are set forth to provide an understanding of the subject disclosed herein. However, implementations may be practiced without some of these details. Other implementations may include modifications and variations from the details discussed above. It is intended that the appended claims cover such modifications and variations.