US20040078598A1 - Key management and control of wireless network access points at a central server - Google Patents
Key management and control of wireless network access points at a central server Download PDFInfo
- Publication number
- US20040078598A1 US20040078598A1 US10/430,804 US43080403A US2004078598A1 US 20040078598 A1 US20040078598 A1 US 20040078598A1 US 43080403 A US43080403 A US 43080403A US 2004078598 A1 US2004078598 A1 US 2004078598A1
- Authority
- US
- United States
- Prior art keywords
- access point
- wireless network
- access
- network
- ccc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/162—Implementing security features at a particular protocol layer at the data link layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/04—Large scale networks; Deep hierarchical networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/08—Access point devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W16/00—Network planning, e.g. coverage or traffic planning tools; Network deployment, e.g. resource partitioning or cells structures
- H04W16/14—Spectrum sharing arrangements between different networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
- H04W84/22—Self-organising networks, e.g. ad-hoc networks or sensor networks with access to wired networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/12—Access point controller devices
Definitions
- the present invention is generally related to wireless networks and more particularly to systems and methods for providing greater control over wireless networks than previously available.
- Wireless local area networks can be used in a variety of commercial, industrial and consumer applications, thereby permitting mobile and portable user computers and devices to efficiently transmit and receive data between a user computer or device and a remote system without requiring a wired connection therebetween.
- WLAN Wireless local area networks
- Many mobile and portable users, particularly in businesses, factories, universities and other professions can benefit tremendously both in terms of efficiency and productivity with the enhanced capabilities of a WLAN.
- a number of systems for implementing WLANs have been proposed and implemented.
- One class of systems is those conforming to, and/or interoperable with, one or more IEEE 802.11 standard.
- the IEEE 802.11 is a popular and well-known standard and comprises several extensions to date, with additional extensions likely.
- the extensions include 802.11a, 802.11b, etc. and it should be understood herein that general references to the 802.11 standard encompass the currently adopted extensions and extensions that follow.
- Wireless signals conforming to the IEEE 802.11 standard propagate in a 2.4-2.5 GHz ISM (industrial, scientific and medical) band, a 5 GHz band, infrared bands and others.
- ISM industrial, scientific and medical
- the ISM band in particular is currently available worldwide and generally permits unlicensed operation for spread spectrum systems.
- the 2,400-2,483.5 MHz band has been allocated, while for some other countries, such as Japan, another part of the 2.4-2.5 GHz ISM band has been assigned.
- Networks, protocols and standards are typically designed and specified according to a now standard seven-layer ISO/OSI network model. Within that model, the 802.11 standard generally focuses on the MAC (medium access control) layer and the PHY (physical) layer.
- 802.11-compliant communication occurs between stations. Some stations serve as access points between a wireless medium and a distribution system other than the wireless medium, while other stations only use the wireless medium to communicate 802.11 data.
- An example of a distribution system is a wired local area network (LAN), such as an Ethernet-protocol LAN, the Internet, or other network.
- the distribution system might even be another wireless system (which might be useful to support a number of nodes that can access the access point wirelessly, but not the wireless medium that is used as that access point's distribution system).
- the same wireless network might also serve as the distribution system (DS) using “wireless DS” transport.
- an access point is a station according to the 802.11 standard if it interacts with the wireless medium
- the term “station” is often informally used to refer to a network node that is not connected to a distribution system and the term “access point” is used to refer to a station/node that is connected to a distribution system, thus allowing a distinction between nodes that can access a distribution system outside the wireless medium and those that cannot. That convention is used hereinafter, unless otherwise indicated.
- Wireless networks with multiple stations but no access points are referred to as “adhoc” networks.
- an ad-hoc network allows for communication among stations accessible via a wireless medium, but not for communications beyond that ad-hoc network.
- a station located within a group or cell sends packets of data to the access point, which in turn forwards messages/packets/data to a destination such as a station within the same cell or, via the access point's distribution system, to a destination outside the wireless medium.
- the 802.11 standard generally supports several data signalling schemes: DSSS (direct sequence spread spectrum) with differential encoded BPSK and QPSK; FHSS (frequency hopping spread spectrum) with GFSK (Gaussian FSK); OFDM (orthogonal frequency division multiplexing, infrared with PPM (pulse position modulation) are several examples.
- DSSS, FHSS and infrared all provide bit rates of 1 Mbs (megabits per second) and 2 Mbs.
- the 802.11b extension provides for a high rate CCK (Complementary Code Keying) physical layer protocol, providing bit rates of 5.5 and 11 Mbs as well as the basic DSSS bit rates of 1 and 2 Mbs within the 2.4-2.5 GHz ISM band.
- the 802.1a extension provides for a high bit rate OFDM (Orthogonal Frequency Division Multiplexing) physical layer protocol providing bit rates in the range of 6 to 54 Mbs in the 5 GHz band.
- the 802.11g extension provides for 802.11a-like signalling, but in the 2.4-2.5 GHz band.
- the 802.11 basic medium access control (MAC) behavior allows interoperability between compatible physical layer protocols through the use of the CSMA/CA (carrier sense multiple access with a collision avoidance) protocol and a random back-off time following a busy medium condition.
- directed traffic can use an immediate positive acknowledgement (ACK frame) protocol, wherein a retransmission is scheduled by the sender if no positive acknowledgement is received.
- ACK frame immediate positive acknowledgement
- the 802.11 CSMA/CA protocol is designed to reduce the collision probability between multiple stations accessing the medium at the point in time where collisions are most likely occur. The highest probability of a collision occurs just after the medium becomes free, following a busy medium. This is because multiple stations would have been waiting for the medium to become available again.
- the 802.11 MAC defines special functional behavior for fragmentation of packets, medium reservation via RTS/CTS (request-to-send/clear-to-send) polling interaction, and point coordination (for time-bounded services).
- the IEEE 802.11 MAC also defines beacon frames, sent at a regular interval by an AP to allow STAs to monitor the presence of the AP.
- IEEE 802.11 also defines a set of management frames including probe request frames that are sent by a station and are followed by probe response frames sent by the AP. Probe request frames allow a station to actively scan whether there is an AP operating on a certain channel frequency, and for the AP to show to the station what parameter settings the AP is using.
- a client uses the wireless network by finding an AP, authenticating to that AP and associating with that AP. Normally, a client associates with one AP at a time, but where connection to one AP is lost, the client can associate with another AP (or reassociate with the same one after a connection is lost or closed).
- the AP's of a network can communicate over a distribution system (DS).
- DS distribution system
- One reason for communicating between AP's is where an AP has frames buffered for a client, but loses the client. That AP might discover that the client is now associated with a different AP and will forward the buffered frames to that new AP via the DS.
- the access points might also connect to a network outside of the 802.11 wireless network. In some cases, the DS is not distinct from that outside network. That outside network could be another wireless network, but a common configuration has the outside network being a local area network (LAN).
- LAN local area network
- a wireless LAN station When a wireless LAN station is powered on, it first looks for an access point. After it finds an access point, the wireless LAN station registers itself with the access point (authentication, association). The station can then synchronize with the access point and, thereafter, transmit and receive data frames to and from the access point.
- the client station is a portable or mobile computer with a wireless networking card installed therein. 802.11 management frames are used to set up these connections.
- wireless networks do not have well-defined boundaries.
- a company on one floor of a building might have a wireless network that can be reached by a computer on a different floor using a computer unrelated to the company that set up the wireless network. Consequently, it is easier to join into a wireless network, for authorized users as well as unauthorized users.
- a wireless network could be coupled to a wired network without oversight by the operators of the wired network.
- many access points have a standard interface and can be easily plugged into a standard wired network connector, thus opening up a previously secured wired network to wireless traffic.
- the wired network would then be open to users within radio range of the access point, even if they were not within the physical space controlled by the organization for which the wired network is being maintained.
- Another difficulty of wireless networks is that of not necessarily authorized users in the authorized space. For example, if a visitor with a wireless computer or wireless device is in a company building that is covered by the company's wireless network, that visitor might connect to the company network and have access equivalent to that of an employee, and that is generally undesirable.
- access points are used for monitoring radio spectrum traffic and interference thereof in a wireless network, managing control functions (access control, user management, radio management, tunnelling, etc.)
- a command and control center (CCC) is generally associated with the wireless network, wherein the CCC manages and controls the access points associated with the wireless network.
- Control frames MMPDUs, in the case of 802.11 networks
- the CCC might have a user interface, or could be largely automated.
- the CCC manages radio monitoring to generate a radio mapping of the wireless network and the radio environment thereof based on data received from the access points.
- a firewall is generally located between the CCC and a visitor gateway.
- the visitor gateway can communicate with a remote computer network (e.g., the Internet) and restrict access to the wireless network by a visiting user through or from the remote computer network.
- the CCC also can automatically route the visiting user to the visitor gateway when the visiting user attempts to access an access point associated with the wireless network.
- a plurality of clients can be generally associated with the wireless network such that the clients are separated into one or more client groups (defining a subnetwork of the network).
- Each client group possesses a shared key for accessing a predetermined telecommunications network through at least one interface partitioned from the access point and using broadcast frames and encryption, the CCC can arrange the network such that clients ignore broadcast packets for other than its subnetwork.
- FIG. 1 is a block diagram of a wireless network and components to support the network according to the present invention.
- FIG. 2 is a block diagram showing elements of FIG. 1 in greater detail.
- FIG. 3 illustrates several variations of communication paths between an access point and a command and control center (CCC).
- CCC command and control center
- FIG. 4 illustrates several data tables maintained by an access point according to aspects of the present invention.
- FIG. 5 illustrates an access point monitoring radio traffic under control of the CCC.
- FIG. 6 is a swim diagram illustrating interactions between two access points and the CCC for radio monitoring and mapping.
- FIG. 7 is a graphical representation of the results of a radio map, wherein several access points determine statistics of signals from objects in the wireless network space.
- FIG. 8 illustrates how radio map statistics could be used to at least approximately locate an access point at a physical location.
- FIG. 9 illustrates several data tables that might be maintained by a CCC to improve network connections and user experiences.
- FIG. 10 is a flowchart of a process for diagnosing user problems based on network history.
- FIG. 11 is a swim diagram illustrating interactions between a client, an access point and a CCC, where access is controlled centrally by the CCC.
- FIG. 12 illustrates tunnelling used in a wireless network.
- FIG. 13 illustrates broadcasting to subnetworks of a wireless network using encryption.
- the MAC layer provides access control functions such as addressing, access coordination, frame check sequence generation and checking for shared-medium PHYs in support of higher layers.
- the IEEE 802.11 specification is a wireless local area network (WLAN) standard that defines a set of specifications for physical layers (PHYs) and a medium access control (MAC) layer.
- the unit of communication at the MAC layer is the “frame”, comprising a plurality of bits transmitted through the physical layer.
- the term “frame” may refer to a group of data bits in a specific format, such as those defined by the 802;11 standard, including data frames and management frames.
- the 802.11 standards provide well-known approaches to wireless networking and will not be described in detail here. However, the 802.11-1999 standard, the 802.11a-1999 supplement to 802.11, the 802.11b-1999 supplement to 802.11 and the 802.11g draft 3.0 supplement to 802.11 are incorporated by reference herein for all purposes.
- the 802.11 standards generally address requirements of the PHY and MAC layers.
- the same protocols and standards are used at the LLC layer and above for 802.11 networks and other networks conforming to the 802 LAN standards, such as 802.2.
- 802 LAN standards these are typically referred to as “MAC addresses”.
- 802.11 standards these might be referred to as service set identifiers (“SSID”), BSSID, ESSID, etc.
- SSID service set identifier
- BSSID BSSID
- ESSID MAC address
- each device that operates on an 802.11 network or other 802 network that is a stored within it a MAC address assigned by its manufacturer in a manner that ensures that the stored MAC address is unique over all manufactured devices.
- Network devices typically use MAC addresses to create and update routing tables and network data structures and to determine whether a particular frame is directed at that device or where to direct a particular frame.
- the term “MAC address” can be utilized interchangeably with the term “link layer address”.
- data being communicated herein is assumed to be in the form of digital transmissions.
- data can take a number of forms, such as bits, values, elements, symbols, characters, terms, numbers or the like, and can be represented as electrical or magnetic signals, states of storage elements, or the like.
- physical signals can either be represented as analog electrical or magnetic signals, stored state, digital samples represented by numbers of predefined precision, a time sequence of such digital samples, or the like.
- the present invention should not be construed as being limited to any particular data form or representation, although it is generally understood that the data physically exists and is capable of being stored, transferred, combined, compared, and otherwise manipulated by physical processes. Further, manipulations performed are often referred to in terms that are commonly associated with mental operations performed by a human operator, even though the manipulations can only be practically performed as machine operations.
- Useful machines for performing operations of the present invention include data-processing systems, such as general-purpose digital computers, server-based devices, handheld devices, embedded devices, wireless and/or wireline networks, or other similar devices and systems thereof. In all cases, the distinction between the method of operations in operating a computer and the method of computation itself should be borne in mind.
- a number of elements might be implemented entirely in software, entirely in hardware of a combination thereof, wherein software comprises a plurality of instructions executable by a processor, computer, or other programmable object, to effect the function of the software.
- the present invention is not limited to any particular implementation, unless otherwise indicated.
- processes described as computing steps might be carried out by processing electrical or other (e.g., mechanical, chemical) physical signals to generate other desired physical signals, and can be implemented via one or more computing device, with the software instructions stored with the computing device or provided to the computing device as needed.
- computing and or data storage performed for the computing device outside of the computing device (such as server operations), but integrated such that the computing device uses the software as needed for its own purposes.
- modules of the present invention may be implemented as a program product (i.e., computer program product) composed of one or more modules.
- module generally refers to a software module, a hardware module, or a module using hardware and software components.
- a module can be implemented as a collection of routines and data structures that performs particular tasks or implements a particular abstract data type. Modules may include lists of constants, data types, variables, routines, etc. Modules need not be organized with data being distinct from routines, and various object models might be used to create and operate the modules.
- modules can be utilized separately or together to form a program product that can be implemented through signal-bearing media, including transmission media and recordable media.
- a module can be stored, for example, within a memory location of a server and processed via associated processors or microprocessors thereof. Such modules may also control and command functions associated with such a server or devices in communication with the server.
- radio management generally refers to activities that involve the identification of a network user, the type of network privileges associated with that network user, and the level of service that the user should be receiving.
- radio management generally refers to telecommunications activities taking place within a wireless network.
- radio management can include a determination of the access point (AP) communicating with a device having a particular MAC address, along with the type and location of the service being provided.
- AP access point
- the wireless network is an IEEE 802.11 network, but it should be clear that other networks and variations of IEEE 802.11 networks could be used instead.
- Each network device is referred as to a “station”.
- Stations that derive their connectivity solely through the wireless network are referred to herein as “clients” and stations that connect to networks outside of the wireless network and are usable to carry traffic from clients to such networks are referred to herein as “access points”.
- clients stations that connect to networks outside of the wireless network and are usable to carry traffic from clients to such networks.
- access points stations that connect to networks outside of the wireless network and are usable to carry traffic from clients to such networks.
- a client might have other techniques for communication outside the wireless network, but it is assumed that the client does not carry data for other device is in the wireless network.
- a cellular telephone that is enabled for communication over a wireless network might be described as a client even the now the cellular telephone is able to communicate through a telephone network independent of the wireless network.
- the term “outside network” is used herein to refer to communications channels other than the wireless network being described where the outside network might be the destination of some of the traffic of the wireless network.
- clients that communicate over a wireless network will communicate to an access point that carries the communication over the outside network.
- the outside network could itself be a wireless network.
- FIG. 1 is a diagram illustrating one embodiment of a wireless network 100 according to aspects of the present invention.
- FIG. 1 shows several variations, not by way of limitation, clients 102 , such as laptops 102 ( 1 ) and 102 ( 2 ), cellular telephone 102 ( 3 ), desktop computer 102 ( 4 ), embedded device 102 ( 5 ) and handheld computer 102 (M).
- clients 102 such as laptops 102 ( 1 ) and 102 ( 2 ), cellular telephone 102 ( 3 ), desktop computer 102 ( 4 ), embedded device 102 ( 5 ) and handheld computer 102 (M).
- each client is a portable or mobile computer or computing device.
- Clients 102 can communicate using various wireless methods, such as the infrared or radio-frequency methods defined by the 802.11 standard. Not all clients need to have user interfaces, as illustrated by embedded device 102 ( 5 ).
- Clients 102 communicate to outside networks via access points 104 .
- One such access point, 104 ( 3 ) includes an integrated network controller (NC) 106 , described in more detail below.
- Access points 104 interact with the wireless space and a distribution system (DS) 110 .
- Distribution system 110 is typically a wired system, but that need not be the case.
- Distribution system 110 is in turn coupled to a local area network (LAN) 112 , although other types of connections could be used. In some implementations, distribution system 110 is not necessarily distinct from LAN 112 .
- a network controller (NC) 114 is shown coupled to distributional system 110 and LAN 112 . If one of the access points 104 includes an integrated network controller 106 , it might assume the role of the network controller 114 , but in many these examples, it is assumed that a network controller distinct from the access points, is used.
- network controller 114 might include connections to external networks, such as a wide area network (WAN), the Internet, etc. and LAN 112 might be coupled to other networks, such as other LANs, WANs, the Internet, other wireless networks, etc.
- WAN wide area network
- LAN 112 might be coupled to other networks, such as other LANs, WANs, the Internet, other wireless networks, etc.
- the use of the network controller provides many benefits.
- One benefit is the ability to centrally control wireless network 100 , allowing for simpler access points.
- Such control might include monitoring the radio environment of wireless network 100 , controlling access by clients to access points and networks beyond the access points, integrating user management and radio management, and implementing a visitor gateway.
- a network controller might also be used to coordinate with access points to provide for multiple independent networks from one access point BSSID.
- a client communicates beyond the wireless network via an access point.
- the client associates with one access point (for a given network) and that access point conveys data from the client and also receives data on behalf of the client and transmits that data to the client.
- the client needs to authenticate itself to the access point (in some networks, anyone can connect).
- FIG. 2 illustrates one client 102 , one access point (AP) 104 , and one CCC 114 in greater detail. It should be understood that a typical wireless network would include a plurality of clients and a plurality of access points, and possibly also a plurality of CCCs.
- AP 104 comprises a processor 202 , program code 204 , data store 206 , a network interface to receive data from and said data to other network devices such as client 102 , an interface to communicate with CCC 114 , any interfaces as needed for other communications, such as communications with a distribution system (DS) and a local area network (LAN).
- DS distribution system
- LAN local area network
- Program code 204 is shown including a network state module 210 , a radio monitoring/mapping module 212 and a standard service set module 214 .
- Standard service set module 214 can perform the functions typically found in conventional access points, and as such, need not be described in detail here. Other modules might be present, but are not shown.
- Data store 206 is shown comprising several data objects, such as a clients table 220 , a radio stats table 222 , a broadcast keys table 224 , and other data objects not shown.
- CCC 114 is shown in comprising a control module 240 , a radio monitor/mapper module 242 , a diagnostic subsystem 244 , a link layer authenticator 246 , a network management module 248 , and a list of active/supported clients 250 .
- Other modules and data structures are present in CCC 114 but are not shown.
- CCC 114 can communicate with a distribution system, a LAN (such as a corporate network), a WAN, the Internet, or the like.
- CCC 114 can perform a number of functions, such as controlling access to the wireless network, managing radio mapping and otherwise monitoring, controlling, evaluating, reconfiguring, etc. the wireless network for optimal performance, security and user satisfaction. As illustrated in FIGS. 1 - 2 , clients interact with access points and access points interact with the CCC. Access points generally function as the points on the edge of wireless network 100 and CCC controls those access points. In a typical wireless network, there will be more access points than CCCs, so centralizing some functions traditionally performed by access points into the CCC allows for less expensive access points, simpler maintenance and oversight of the network, and a number of other benefits.
- FIG. 3 illustrates a number of variations for communication between an access point and a CCC.
- FIG. 3(A) shows communication via a distribution system (DS).
- the medium to which an access point connects just outside the wireless network in an 802.11 network is referred to as a distribution system and can have a variety of forms.
- FIG. 3(B) shows communication over a dedicated link, which might be a direct wire.
- FIG. 3(C) shows a variation wherein the access point and the CCC are integrated into a single device.
- FIG. 3(D) shows communication over a LAN.
- FIG. 3(E) shows communication over a secure tunnel over a wireless LAN, LAN, WAN, DS, etc.
- FIG. 4 illustrates a number of tables that might be maintained at an access point in access point data store.
- FIG. 4(A) illustrates an active clients table
- FIG. 4(B) illustrates a radio stats table
- FIG. 4(C) illustrates a broadcast keys table.
- the active clients table holds a list of clients that are associated, or the process of being associated or disassociated, with the access point.
- the function of determining which clients are allowed to associate with the access point is a function of the CCC, thereby allowing more efficient control over access.
- the radio stats table holds information about radios “visible” to the access point. With a collection of radio stats from a plurality of access points, the CCC can determine a great deal about the nature of the wireless network's space.
- FIG. 5 illustrates how an access point might be used to monitor or more map radio devices in the wireless network.
- access point 104 can listen to passing MAC frames 504 as well as signals from in-band noise sources 502 .
- noise is source 502 is a microwave oven.
- One radio band in which 802.11 signals propagate is the radio band around 2.4 to 2.5 GHz.
- Microwave ovens, cordless telephones, Bluetooth devices, etc. also operate in that radio band and since they are not operating as wireless network devices during their normal operation, signals will be received by the access point that are not valid MAC frames. Normally, such signals are just discarded, to avoid having spurious data propagate to higher layers. Also, frames that are correctly detected and received by the access point are also discarded if they are not addressed to the access point.
- the radio module 210 of the access point records the information for use by the CCC.
- the radio module might assist with active testing, such as by sending out frames to be detected by other access points or network monitors.
- mapping helps in determining weak areas, vulnerable access points, overused areas, etc.
- Physical monitoring such as by a technician moving through the wireless network space, is time-consuming and might interfere with normal operation of the network.
- FIG. 6 illustrates one possible sequence for mapping a wireless network.
- the CCC performs a passive listening process, then an active mapping process, and then a scan process. These processes can be done in that different orders or be done separately.
- step S 1 the CCC directs the access point to begin the passive listening process.
- the access point begins the process (S 2 ) listening for frame traffic and non-frame traffic and populates its radio stats table (see FIG. 4(B)) accordingly. For each is source of radio signal, the access point might be able to identify it as a station or as a non-station source of interference.
- the access point should be able to identify an SSID for the radio, whether it is an access point, if it is a client, whether it is associated with the access point, and various other measurement parameters. These radio stats are gathered and reported back to the CCC (S 3 ), which then can analyze them (S 4 ) to determine the nature of a radio sources in the wireless network.
- mapping frames can be expected to be received by other access points.
- Those other access points specifically the radio modules of those access points, would then receive the mapping frames (S 8 ), gather radio and MAC stats for those frames (S 9 ), and report the results back to the CCC (S 10 ).
- the CCC could then analyze the radio and MAC stats (S 11 ).
- the CCC sends a request for a scan over multiple channels, multiple frequency bands, or combination thereof, to the access point (S 12 ).
- the access point receives a request (S 13 ) and sequences through the channels and/or frequencies and listens for traffic and/or sends out mapping frames, gather radio stats to be reported back to the CCC (S 14 ), which then can analyze the stats (S 15 ) and perform other tasks (S 16 ).
- a survey can be done of the wireless network.
- the CCC can detect “rogue” access points that are using the wireless network but are unknown to the CCC.
- Rogue access points can be the result of an unauthorized user adding the access point to a network, interference from neighboring wireless networks, or authorized access points not yet configured or registered.
- radio monitoring does not interfere with normal network operations. For example, it would be unwise for an access point that is serving four or five active users to drop them and instead perform a scan of various other radio channels. In a passive scan, an access point “listens” to all passing frames and reports their statistical information (e.g., channel, time, date, transmission achieved yes/no, signal quality and signal strength, latency, sent to, sent from and throughput) back to the CCC where such statistical information can be stored for later processing and reference.
- statistical information e.g., channel, time, date, transmission achieved yes/no, signal quality and signal strength, latency, sent to, sent from and throughput
- Each access point can, under the control of the CCC, periodically scan across an entire frequency range, listening not just to frames directed at it, but any passing frames and additionally transmit beacons across each channel. Any frames that are “seen” (and any responses to the beaconing) can then be reported back to the CCC for further analysis.
- This process can be synchronized by the CCC such that access points are not serving any users when they begin a frequency hopping process and to ensure that beacons are not sent out on channels that other nearby access points are using to communicate with network users.
- Each transmission of a mapping data frame and a real data frame to an end user can be monitored on the same set of terms.
- One use for the frequency stepping results is to test and log the radio quality delivered to actual end users and also to present it to a system administrator, so that he or she may derive actionable conclusions. For example, if the system administrator determines that bad coverage is located at the conference room on the second floor of a particular building, the system administrator can advise placing another access point at that location.
- Each access point under the control of the CCC can periodically send test frames to other nearby in network access points at specified times and frequency channels.
- Nearby access points can be determined on the basis of proximity tables maintained by the CCC. Such proximity tables can be generated as a result of the radio monitoring process described above.
- Some access points can be designated as “listen-only devices” that passively listen to all passing frames and scanning across channels as directed by the CCC, without supporting any client connections.
- the combined results of the exercises can result in a richly detailed, real-time map of the radio environment surrounding and associated the wireless network.
- One of the results of these exercises is the creation of a proximity table, which comprises a radio-only logical map of the network.
- the CCC can produce an approximate physical map of the wireless network.
- a radio service quality log can be created, which illustrates the delivered radio transmission quality for all users of the wireless network.
- FIG. 7 is a logical representation of such a radio map.
- the wireless space includes two access points, AP 1 and AP 2 , that are known to be connected to a LAN 704 , two clients (A, B), two access points, APx and APy, known to be connected to an unrelated neighboring network 706 and an access point, AP?, of unknown origin.
- the radio map has links 700 and stats 702 for each link, where a link represents traffic from one source to one monitoring access point. Note that some of the sources might be other than network devices. Examples of stats for a link might be as shown in FIG. 4(B).
- AP 1 has detected the presence of client A, client B, access point AP 2 , access point AP?, and access points APx and APy
- AP 2 has detected the presence of client A, client B, access point AP 1 , access point AP?, access point APy, and non-network interference sources.
- the respective access point can record statistics and forward them to the CCC.
- the CCC With a collection of data for radio sources, the CCC might be able to determine an approximate mapping. For example, consider FIG. 8. Assume that distance between two radio sources is determinable from signal strength. That is often not the case for wireless networks, with differing transmit powers, multipath interference, signal delays, and the like, but it is illustrative nonetheless. With information from AP 1 , the CCC can determine the distance from AP 1 to AP 3 and the distance from AP 1 to AP 2 , and can do likewise for the other two access points. From those distances (and the absolute location of at least one source in the wireless network), the CCC might be able to determine the location of each of the other access points.
- each access point could be determined at least approximately enough to allow a technician to quickly locate and/or isolate any given radio. With such information, for example, a network administrator can quickly zero in on a rogue access point.
- radio map For example, areas of poor coverage may be detected, which in turn permits the CCC to recommend the placement of additional access points based on data compiled the real-time map.
- a map also permits the detection (i.e., area/time/date/frequency channels) of known radio sources of radio disturbances (e.g., 12:00, weekdays, all channels, around the second floor, cafeteria, etc.) and the generation of corresponding alerts.
- Any neighboring networks can also be detected based on data contained with the generated real-time map.
- the transmission channels, locations and time patterns of such neighboring networks can also be identified and detected so that any associated interferences can be bypassed.
- a radio map can also be used to detect any suspicious conversations, such as a conversation among known users (e.g., identified through a MAC address) and an unknown access point. By detecting such conversations, it can be determined that a network user may have inadvertently strayed into another network, which in turn results in the generation of a corresponding alert.
- Such a radio mapping can further be used to promote load balancing between access points by causing an overloaded access point to disassociate one or more associated users, provided that such users can be “seen” or identified and therefore picked up by another nearby access point.
- the CCC can determine from the radio map that a given user can be seen by more than one access point either by noting that more than one access point is picking up transmissions from that user and can decode frames accurately. Alternatively, but probably not as reliably, the CCC can determine that the user can get service from another access point by just estimating coverage from the calculated physical positions of each radio and stats about nearby interference.
- Radio maps can also be used to promote dynamic detection and throttling back of excessive spectrum-consuming use by specific users. For example, an individual located near an access point may back up a hard drive and consume all available bandwidth, leaving other users unattended. Additionally, a radio mapping as described herein can result in the dynamic production of radio frequency assignment commands by the CCC to each access point in order to maximize the spatial density achieved in the network by avoiding interference caused by other networks and by the network interfering with itself (i.e., through the use of non-overlapping channels in order to encourage spectrum re-use).
- Suspected rogue access points may comprise actual rogue access points, access points not yet configured, or access points from a neighboring wireless network.
- the CCC might include processes to determine which type of access point it actually comprises.
- the CCC might detect an unexpected access point and cause another device to simulate a client or a “wireless DS” access point and direct traffic at that access point to set up a link. Once a link is set up, the CCC can initiate a ping or a traceroute operation where packets travel through the unexpected access point back to a site controlled by the CCC. Using the results of that test, the CCC might be able to determine where the networks to which the access point is connected.
- the CCC can do more that if conventional access points are used.
- an access point might be dedicated to the radio stats collection process such that it does not carry client traffic, just monitors radio traffic and/or actively probes the wireless network.
- an access point will monitor just frames addressed to that access point, while in others the access point just or also monitors frames that are addressed to other network devices.
- the access point just records information that a conventional access point would record, but in other cases, the access point records more data than is normally needed to act as an access point or saves data that is developed in the PHY or MAC layer but is discarded in normal course of supporting conventional 802.11 traffic.
- radio signal strength might be data used in the PHY layer and discarded once valid frames are received, but that data can be saved and passed on to the CCC for analysis of the wireless network.
- An access point might include other functions involving sniffing the wireless network to which it has access.
- Radio stats can be combined with SNMP an authentication data to get a fuller network state.
- This data can be used to deal with rogue access points or to adjust the network in other ways. For example, if the CCC finds that an unauthorized access point is operating in its wireless space, the CCC can alert an operator and narrow down a physical search for the unauthorized access point. The CCC might also do the same for unauthorized clients, gateways, etc. The CCC might also act directly to disable the rogue access point if it is on a wired network or distribution system controlled by the CCC.
- the CCC might also handle network reconfigurations. For example, based on radio stats, the CCC might determine that an access point is overloaded and make selective requests to that overloaded access point to deassociate one or more network devices. Preferably, the network devices that are to be disassociated are within range of other access points, a condition that the CCC can determine from the collection of radio stats from other access points. The CCC might be used to monitor other, more complex statistics, such as a comparison of airtime usage versus throughput.
- FIG. 9 illustrates several tables that might be used by the CCC to support a user radio and a link management process.
- FIG. 9(A) is a table of active clients indicating, for each active client, the user MAC address, actual physical location (as that might be estimated during a radio survey), expected physical location (as might be determined during a physical installation process), a list of active services for that client, and other parameters about the client.
- FIG. 9(B) is a table of historical network activity usable for diagnostics and support.
- FIG. 10 is a flowchart of a process that a CCC might use to support such functions.
- the administrator selects a user (S 100 ) from a list of supported users and then analyzes, and/or causes a computer to analyze, historical data to determine quality of service for the selected user (S 101 ).
- the administrator or the CCC can then check connection failures and network events (S 102 ) and diagnose causes of errors automatically, based on history and failure modes (S 103 ).
- the causes, history and failure modes can be matched to trouble tickets (S 104 ) such that support can be provided (S 105 ).
- Historical traffic data can be maintained on the basis of a specific user rather than a device itself. For example, such historical traffic data can provide an indication of the quality of service experience by a particular user regardless of what type of mobile device (e.g., laptop/NIC, etc.) that user is currently using and aggregate that user's experience over different network devices. Historical network traffic data can be used to ensure (rather than merely monitor) the quality experienced by a specific network user, possibly across multiple network devices.
- the CCC might be alerted to a sequence of failed connection attempts at a particular MAC address. With a failed connection attempt, the CCC might not be able to determine the user making the attempt, as the connection might not have gotten to a stage where user identification is exchanged. Nonetheless, the CCC could use the historical network traffic data to identify the user or most likely using the problematic MAC address and proactively provide support to that user, such as by identifying the user from a company telephone directory or e-mail directory and contacting user to discuss connection problems.
- 802.1x link layer authentication can be combined with network management thereof in order to associate both and provide a variety of useful services on this basis.
- Some such services may include the ability for a system administrator to select a user and immediately see their current MAC address, their physical location, what service they are receiving, etc.
- Such services can also include maintaining a history of wireless network traffic data by user (not just by network address, but by user as they access the network using differing devices). Additionally, such services can permit the use of such information to ensure (rather than simply monitor) the quality experienced by person a particular network user, regardless of the device/MAC address they are using.
- such services can include the ability to track down multiple failed connection attempts by a certain MAC address and deduce the user who is failing to connect (e.g., the user may have lost a password) based on historical connection data and proactively call/email the user(s) with support.
- such services may include a tying of association of specific user trouble-tickets with specific events at the network level, such as for example, transmission types and rates, association/disassociation events and so forth.
- FIG. 11 is a swim diagram illustrating another use of the CCC, to provide centralized access control.
- the process begins with a client sending a MAC management frame (S 110 ) to an access point.
- Previous access points might have processed the request locally, which in turn is sent out across an associated wired network to an authentication authority (e.g., a domain server or a directory) and base its decision on data returned by the authentication authority.
- an authentication authority e.g., a domain server or a directory
- the access point transfers of the decision-making process to the CCC forwarding the control frame (S 111 ) to the CCC.
- the CCC receives a control frame (S 112 ) and determines if the clients is to be given access (S 113 ).
- the CCC responds (S 114 ) to the access point to deny the client (S 115 ) and the client receives a denial (S 116 ). In some instances, clients are not informed of the denial and only hear from the access point when access is granted.
- the CCC decides to grant access, it indicates to the access point that access is granted and provides indication of the permissions granted to the client (S 117 ).
- the access point then initializes is a local tables for granting permissions as indicated by the CCC (S 118 ) and sends an authentication response to the client (S 119 ). Once the client receives the authentication response (S 120 ) and continues with association and second authentication and other processes (S 121 ).
- the access points pass key management and control functions of 802.1x access points to a central controller (the CCC). This allows other functionality, such as the routing of visiting users away from private networks and tunneling between the client and the CCC through the access point. Communications between the CCC and the access point can be carried out through a secured tunnel (s-tunnel) connection.
- s-tunnel secured tunnel
- the access points can carry out a “firewall” function by passing any control frames (for 802.11, MMPDUs are examples of control frames) received from clients back to a dominating CCC that can control the access points in detail and assume the role of an authenticator in which a received request to access a wireless network is transferred from one of the access points to the CCC, which in turn generates a response or command which is returned to the appropriate access point either granting or denying association privileges based on the response received from the CCC.
- control frames for 802.11, MMPDUs are examples of control frames
- FIG. 12 illustrates how tunneling might be used to provide controlled connections between a client and a CCC via an access point and between an access point and a firewall via the CCC and a LAN. The latter is useful with users that are not authorized to use the LAN in that they can still get access to other networks that might be beyond the LAN.
- a variety of clients 1202 connect to services supported by a CCC 1200 via an access point 1203 .
- a visitor gateway is implemented using a tunnel 1204 and client-to-CCC tunneling is implemented using a tunnel 1210 .
- Other tunnels might be implemented as well.
- Tunnel 1204 packages up traffic between visitor clients, such as client 1202 ( 1 ), and transports it to a firewall 1206 , which connects to a visitor gateway machine 1208 at a “demilitarized zone” or “DMZ”, to allow for a visitor client to access the Internet 1220 , but not send or receive traffic to or from the LAN.
- Traffic from authorized clients can travel onto the LAN.
- the status of a particular client can be determined at the CCC using data maintained there. Since the CCC performs the access control functions, it does not necessarily need to rely on the access points to determine which clients should be tunnelled and which clients should be allowed onto the LAN.
- the visitor client and the employee client are shown as distinct network devices.
- one network device might be used to both by authorized employees and visitors, in which case the MAC address of the network device would be insufficient to identify the level of access to be granted.
- a mobile employee can communicate with an access point of a wireless network and a visitor may attempt to communicate with the access point using the same network device. Since the CCC controls access, it can distinguish between the users that
- the CCC also can automatically route a visitor to visitor gateway 1208 when the visiting user attempts to contact access point 1203 . Additionally, the CCC can communicate with the access point through a secure communications tunnel (e.g., S-tunnel).
- a secure communications tunnel e.g., S-tunnel
- 802.11 devices can send frames indicated as unicast frames, multicast frames, or broadcast frames.
- Unicast frames are characterized as having a single network device as its destination.
- Broadcast frames are characterized as being directed to all network devices that are capable of receiving the frames.
- Multicast frames are in between unicast frames and broadcast frames in that that multicast frames are characterized as having a destination that is a group with which network devices can be associated. Multicasting requires more infrastructure then the unicasting or broadcasting, as group associations need to be maintained.
- a wireless network configured according to aspects of the present invention, this is done using the encryption behaviors of the typical wireless network.
- network device receives frames and determines whether the frames are encrypted. If the frames are encrypted, the network device attempts to decrypt the frames using the encryption keys available to the network device. If the network device it cannot decrypt and encrypted frame, the network device drops the frame. In a typical instance, the network device will silently drop the frame (i.e., not request retransmission or otherwise indicate failure of receipt).
- the access point could maintain a MAC address of each client in a table indicating which MAC addresses go with which distribution systems (Doss).
- Doss distribution systems
- the access point typically transmits broadcast frames and a unicast frames using a BSSID (typically, the MAC address of the access point's radio) that the client understands is the BSSID for the access point with which the client is associated.
- BSSID typically, the MAC address of the access point's radio
- the network is configured to use 802.1x encryption processes to in effect “separate out” broadcast traffic for multiple networks.
- the clients that are part of a first network will have a first encryption key used for broadcast frames (and possibly some unicast frames) and clients that are part of a second network will have a second encryption key used for broadcast frames and other frames.
- the client attempts to decrypt the frame and if the decryption fails, the client will assume the packet was not directed at it and will ignore the packet.
- clients that are in a first network will drop frames that are broadcast frames encrypted using a second network's encryption key and clients that are in a second network will drop frames that are broadcast frames encrypted using the first network's encryption key, effectively creating more than one broadcast zone in a given area.
- each client can be associated with different networks through a common access point.
- not each client might also maintain unicast encryption keys.
- Each client will then drop all packets from that access point, except for unencrypted packets, packets encrypted with the client's unicast encryption key, and packets encrypted with the broadcast encryption key for the network with which the client is associated.
- the standard sequence for MAC management when a client connects to an AP is 1) a first authentication wherein control frames (MMPDUs in the case of 802.11 networks) are sent; in a typical network, an access point accepts all clients in this step, 2) association wherein a link is established between the client and the access point, and 3) 802.1x authentication (not required for all links).
- the access point would know the MAC address of the client.
- the 802.1x authentication exchange goes through the access point to an authentication server (which might be a RADIUS server).
- the authentication server sends a message back to the client through the access point and can include some optional attributes in a message.
- One of the possible, optional attributes is a VLAN attribute indicating that the user client should be connected and its data traffic allowed on to a particular VLAN.
- Another set of attributes is a set of keys including one or more unicast keys and one or more broadcast keys.
- FIG. 13 illustrates an access point 1304 might support multiple independent networks for our clients 1302 .
- access point 1304 supports four independent networks 1306 .
- clients A and B are part of network 1
- client C is part of network 4 .
- an access point 1304 sends a broadcast frame 1310 encoded with a broadcast key for network 1
- each client receives broadcast frame 1310 and decodes it because it is apparently addressed to each of those clients being a broadcast frame.
- clients A and B correctly the code frame 1310 but client C, not having a matching decryption key, fails to the code frame 1310 and discards it.
- access point 1304 is to send a broadcast message to all clients in the network 4 , it would use the broadcast keys for network 4 and that message would be dropped by all clients except those in the network 4 .
- Stations that expect to receive encrypted traffic are generally set to reject unencrypted traffic, so it is thus possible to partition the access point into two independent networks.
- a network device on a first independent network might be configured to ignore unencrypted traffic and receive broadcast messages encrypted with broadcast keys for the first independent network, while a network device on a second independent network might be configured without any broadcast keys and thus would only except the unencrypted traffic and discard the encrypted broadcast frames.
- Novel access points, wireless network controllers, enhanced methods of wireless network control and the like have now been described. Some implementations might be in the form of novel access points, while others are in the form of additional functionality added to existing access points. For example, an access point that is implemented as a chipset and/or programmable devices might simply include added software to handle one or more of the novel functions described herein. Modifications might be made to clients, but the present invention can operate with conventional clients as well.
Abstract
Description
- The present application claims the benefit of priority under 35 USC §119 from U.S. Provisional Patent Application No. 60/380,153 filed on May 4, 2002, the disclosure of which is hereby incorporated by reference in its entirety for all purposes.
- The present invention is generally related to wireless networks and more particularly to systems and methods for providing greater control over wireless networks than previously available.
- Wireless local area networks (WLAN) can be used in a variety of commercial, industrial and consumer applications, thereby permitting mobile and portable user computers and devices to efficiently transmit and receive data between a user computer or device and a remote system without requiring a wired connection therebetween. Many mobile and portable users, particularly in businesses, factories, universities and other professions can benefit tremendously both in terms of efficiency and productivity with the enhanced capabilities of a WLAN.
- A number of systems for implementing WLANs have been proposed and implemented. One class of systems is those conforming to, and/or interoperable with, one or more IEEE 802.11 standard. The IEEE 802.11 is a popular and well-known standard and comprises several extensions to date, with additional extensions likely. The extensions include 802.11a, 802.11b, etc. and it should be understood herein that general references to the 802.11 standard encompass the currently adopted extensions and extensions that follow.
- Wireless signals conforming to the IEEE 802.11 standard propagate in a 2.4-2.5 GHz ISM (industrial, scientific and medical) band, a 5 GHz band, infrared bands and others. The ISM band in particular is currently available worldwide and generally permits unlicensed operation for spread spectrum systems. For the US and Europe, the 2,400-2,483.5 MHz band has been allocated, while for some other countries, such as Japan, another part of the 2.4-2.5 GHz ISM band has been assigned.
- Networks, protocols and standards are typically designed and specified according to a now standard seven-layer ISO/OSI network model. Within that model, the 802.11 standard generally focuses on the MAC (medium access control) layer and the PHY (physical) layer.
- 802.11-compliant communication occurs between stations. Some stations serve as access points between a wireless medium and a distribution system other than the wireless medium, while other stations only use the wireless medium to communicate 802.11 data. An example of a distribution system is a wired local area network (LAN), such as an Ethernet-protocol LAN, the Internet, or other network. The distribution system might even be another wireless system (which might be useful to support a number of nodes that can access the access point wirelessly, but not the wireless medium that is used as that access point's distribution system). The same wireless network might also serve as the distribution system (DS) using “wireless DS” transport.
- While an access point is a station according to the 802.11 standard if it interacts with the wireless medium, the term “station” is often informally used to refer to a network node that is not connected to a distribution system and the term “access point” is used to refer to a station/node that is connected to a distribution system, thus allowing a distinction between nodes that can access a distribution system outside the wireless medium and those that cannot. That convention is used hereinafter, unless otherwise indicated.
- Wireless networks with multiple stations but no access points are referred to as “adhoc” networks. Without more, an ad-hoc network allows for communication among stations accessible via a wireless medium, but not for communications beyond that ad-hoc network.
- In an 802.11 wireless network with at least one access point, a station located within a group or cell sends packets of data to the access point, which in turn forwards messages/packets/data to a destination such as a station within the same cell or, via the access point's distribution system, to a destination outside the wireless medium.
- The 802.11 standard generally supports several data signalling schemes: DSSS (direct sequence spread spectrum) with differential encoded BPSK and QPSK; FHSS (frequency hopping spread spectrum) with GFSK (Gaussian FSK); OFDM (orthogonal frequency division multiplexing, infrared with PPM (pulse position modulation) are several examples. DSSS, FHSS and infrared all provide bit rates of 1 Mbs (megabits per second) and 2 Mbs. The 802.11b extension provides for a high rate CCK (Complementary Code Keying) physical layer protocol, providing bit rates of 5.5 and 11 Mbs as well as the basic DSSS bit rates of 1 and 2 Mbs within the 2.4-2.5 GHz ISM band. The 802.1a extension provides for a high bit rate OFDM (Orthogonal Frequency Division Multiplexing) physical layer protocol providing bit rates in the range of 6 to 54 Mbs in the 5 GHz band. The 802.11g extension provides for 802.11a-like signalling, but in the 2.4-2.5 GHz band.
- The 802.11 basic medium access control (MAC) behavior allows interoperability between compatible physical layer protocols through the use of the CSMA/CA (carrier sense multiple access with a collision avoidance) protocol and a random back-off time following a busy medium condition. In addition, directed traffic can use an immediate positive acknowledgement (ACK frame) protocol, wherein a retransmission is scheduled by the sender if no positive acknowledgement is received. The 802.11 CSMA/CA protocol is designed to reduce the collision probability between multiple stations accessing the medium at the point in time where collisions are most likely occur. The highest probability of a collision occurs just after the medium becomes free, following a busy medium. This is because multiple stations would have been waiting for the medium to become available again. Therefore, a random back-off arrangement is used to resolve medium contention conflicts. In addition, the 802.11 MAC defines special functional behavior for fragmentation of packets, medium reservation via RTS/CTS (request-to-send/clear-to-send) polling interaction, and point coordination (for time-bounded services).
- The IEEE 802.11 MAC also defines beacon frames, sent at a regular interval by an AP to allow STAs to monitor the presence of the AP. IEEE 802.11 also defines a set of management frames including probe request frames that are sent by a station and are followed by probe response frames sent by the AP. Probe request frames allow a station to actively scan whether there is an AP operating on a certain channel frequency, and for the AP to show to the station what parameter settings the AP is using.
- A client uses the wireless network by finding an AP, authenticating to that AP and associating with that AP. Normally, a client associates with one AP at a time, but where connection to one AP is lost, the client can associate with another AP (or reassociate with the same one after a connection is lost or closed). The AP's of a network can communicate over a distribution system (DS). One reason for communicating between AP's is where an AP has frames buffered for a client, but loses the client. That AP might discover that the client is now associated with a different AP and will forward the buffered frames to that new AP via the DS. The access points might also connect to a network outside of the 802.11 wireless network. In some cases, the DS is not distinct from that outside network. That outside network could be another wireless network, but a common configuration has the outside network being a local area network (LAN).
- When a wireless LAN station is powered on, it first looks for an access point. After it finds an access point, the wireless LAN station registers itself with the access point (authentication, association). The station can then synchronize with the access point and, thereafter, transmit and receive data frames to and from the access point. In a common example, the client station is a portable or mobile computer with a wireless networking card installed therein. 802.11 management frames are used to set up these connections.
- Unlike wired networks, where a network is secured at boundaries by which wires connect to the network, wireless networks do not have well-defined boundaries. A company on one floor of a building might have a wireless network that can be reached by a computer on a different floor using a computer unrelated to the company that set up the wireless network. Consequently, it is easier to join into a wireless network, for authorized users as well as unauthorized users.
- In some cases, a wireless network could be coupled to a wired network without oversight by the operators of the wired network. For example, many access points have a standard interface and can be easily plugged into a standard wired network connector, thus opening up a previously secured wired network to wireless traffic. Where an uninformed end-user replaces a wired network connection with an access point and does not secure the access point, the wired network would then be open to users within radio range of the access point, even if they were not within the physical space controlled by the organization for which the wired network is being maintained.
- Some network operators have attempted to address unexpected access points by physically surveying their network. In one approach, a network administrator would walk with a network sniffer through all of the space controlled by the organization, but for large spaces, this is often impractical.
- In large wireless networks, considerable effort is needed to maintain numerous access points and when a large number of access points are needed, for bandwidth reasons, coverage reasons, etc., the cost can be considerable as the full functionality of an access point needs to be repeated in the space where the network is set up.
- Another difficulty of wireless networks is that of not necessarily authorized users in the authorized space. For example, if a visitor with a wireless computer or wireless device is in a company building that is covered by the company's wireless network, that visitor might connect to the company network and have access equivalent to that of an employee, and that is generally undesirable.
- Yet another difficulty of wireless networks is network overlap. Where a space is to have multiple wired networks, parallel sets of network cabling can be laid down. This can be effected with wireless networks by overlapping access points and programming the access points to be selective with associations, but this necessarily involves more hardware than is necessary to support the space.
- In light of the above, the inventors have invented improvements to wireless networks.
- In embodiments of a wireless network according to the present invention, access points are used for monitoring radio spectrum traffic and interference thereof in a wireless network, managing control functions (access control, user management, radio management, tunnelling, etc.) A command and control center (CCC) is generally associated with the wireless network, wherein the CCC manages and controls the access points associated with the wireless network. Control frames (MMPDUs, in the case of 802.11 networks) received by the access point can be automatically transferred to the CCC, which thereafter transfers a response back to the access point, thereby granting or denying access to the wireless network to users thereof based on the response transferred from the CCC. The CCC might have a user interface, or could be largely automated.
- The CCC manages radio monitoring to generate a radio mapping of the wireless network and the radio environment thereof based on data received from the access points. A firewall is generally located between the CCC and a visitor gateway. The visitor gateway can communicate with a remote computer network (e.g., the Internet) and restrict access to the wireless network by a visiting user through or from the remote computer network. The CCC also can automatically route the visiting user to the visitor gateway when the visiting user attempts to access an access point associated with the wireless network.
- A plurality of clients can be generally associated with the wireless network such that the clients are separated into one or more client groups (defining a subnetwork of the network). Each client group possesses a shared key for accessing a predetermined telecommunications network through at least one interface partitioned from the access point and using broadcast frames and encryption, the CCC can arrange the network such that clients ignore broadcast packets for other than its subnetwork.
- A further understanding of the nature and the advantages of the inventions disclosed herein may be realized by reference to the remaining portions of the specification and the attached drawings.
- The accompanying figures, in which like reference numerals refer to identical or functionally-similar elements throughout the separate views and which are incorporated in and form part of the specification, further illustrate the present invention and, together with the detailed description of the invention, serve to explain the principles of the present invention.
- FIG. 1 is a block diagram of a wireless network and components to support the network according to the present invention.
- FIG. 2 is a block diagram showing elements of FIG. 1 in greater detail.
- FIG. 3 illustrates several variations of communication paths between an access point and a command and control center (CCC).
- FIG. 4 illustrates several data tables maintained by an access point according to aspects of the present invention.
- FIG. 5 illustrates an access point monitoring radio traffic under control of the CCC.
- FIG. 6 is a swim diagram illustrating interactions between two access points and the CCC for radio monitoring and mapping.
- FIG. 7 is a graphical representation of the results of a radio map, wherein several access points determine statistics of signals from objects in the wireless network space.
- FIG. 8 illustrates how radio map statistics could be used to at least approximately locate an access point at a physical location.
- FIG. 9 illustrates several data tables that might be maintained by a CCC to improve network connections and user experiences.
- FIG. 10 is a flowchart of a process for diagnosing user problems based on network history.
- FIG. 11 is a swim diagram illustrating interactions between a client, an access point and a CCC, where access is controlled centrally by the CCC.
- FIG. 12 illustrates tunnelling used in a wireless network.
- FIG. 13 illustrates broadcasting to subnetworks of a wireless network using encryption.
- The particular values and configurations discussed in these non-limiting examples can be varied and are cited merely to illustrate an embodiment of the present invention and are not intended to limit the scope of the invention.
- Definitions
- Networking technologies are often described with respect to the seven-layer network model referred to as the ISO open system interconnect (OSI) network model. Another similar model is the four-layer model used for Internet communications. The lowest layer of the ISO/OSI network model is the physical (PHY) layer and the next layer up is the data-link layer, which is generally divided into a lower layer and an upper layer, referred to as the Medium-Access Control (MAC) layer and Logical Link Control (LLC), respectively. While the present invention is not limited to any particular network model, the examples used herein generally fall within the MAC layer.
- The MAC layer provides access control functions such as addressing, access coordination, frame check sequence generation and checking for shared-medium PHYs in support of higher layers. The IEEE 802.11 specification is a wireless local area network (WLAN) standard that defines a set of specifications for physical layers (PHYs) and a medium access control (MAC) layer. With some exceptions, the unit of communication at the MAC layer is the “frame”, comprising a plurality of bits transmitted through the physical layer. As used herein, the term “frame” may refer to a group of data bits in a specific format, such as those defined by the 802;11 standard, including data frames and management frames.
- The 802.11 standards provide well-known approaches to wireless networking and will not be described in detail here. However, the 802.11-1999 standard, the 802.11a-1999 supplement to 802.11, the 802.11b-1999 supplement to 802.11 and the 802.11g draft 3.0 supplement to 802.11 are incorporated by reference herein for all purposes. The 802.11 standards generally address requirements of the PHY and MAC layers.
- Typically, but not always, the same protocols and standards are used at the LLC layer and above for 802.11 networks and other networks conforming to the 802 LAN standards, such as 802.2. One such standardization is that 48-bit addresses are used. In802 LAN standards, these are typically referred to as “MAC addresses”. In 802.11 standards, these might be referred to as service set identifiers (“SSID”), BSSID, ESSID, etc. Typically, each device that operates on an 802.11 network or other 802 network that is a stored within it a MAC address assigned by its manufacturer in a manner that ensures that the stored MAC address is unique over all manufactured devices. Network devices typically use MAC addresses to create and update routing tables and network data structures and to determine whether a particular frame is directed at that device or where to direct a particular frame. The term “MAC address” can be utilized interchangeably with the term “link layer address”.
- While it might be common to the point of being a convention that addresses on a wireless network and communication systems outside of the wireless network that are connected to the wireless network are addresses that are compatible and unique across the entire system, the present invention is not necessarily limited to such addressing schemes although many of the examples herein assume a unified, coordinated address space. Such unification has its advantages, allowing for simple bridging from wireless to IEEE 802 wired networks.
- Generally, data being communicated herein is assumed to be in the form of digital transmissions. However, it should be understood that such data can take a number of forms, such as bits, values, elements, symbols, characters, terms, numbers or the like, and can be represented as electrical or magnetic signals, states of storage elements, or the like. It is also assumed that physical signals can either be represented as analog electrical or magnetic signals, stored state, digital samples represented by numbers of predefined precision, a time sequence of such digital samples, or the like.
- The present invention should not be construed as being limited to any particular data form or representation, although it is generally understood that the data physically exists and is capable of being stored, transferred, combined, compared, and otherwise manipulated by physical processes. Further, manipulations performed are often referred to in terms that are commonly associated with mental operations performed by a human operator, even though the manipulations can only be practically performed as machine operations. Useful machines for performing operations of the present invention include data-processing systems, such as general-purpose digital computers, server-based devices, handheld devices, embedded devices, wireless and/or wireline networks, or other similar devices and systems thereof. In all cases, the distinction between the method of operations in operating a computer and the method of computation itself should be borne in mind.
- Throughout this specification, aspects of the disclosure are described by block diagrams, swim diagrams and flowcharts. Where an element is shown in a block diagram by a simple box, it should be understood that the element could be made and used with the reference to the entire specification and knowledge available to one of ordinary skill in the art. The swim diagrams illustrate interactions between two or more elements in a particular time order. Unless otherwise indicated, it should be understood that some of the interactions might occur in different orders and the diagrams are nearly illustrations of one particular order. The elements of the swim diagrams and flowcharts are labeled with an apparent order (e.g., S1, S2, S3, etc.) for ease of explanation, but it should be understood that other orders are contemplated by this disclosure.
- Throughout the figures, elements shown are labeled with reference numbers. Like elements are referenced with the same reference number, with distinct instances if like objects denoted with a common reference number followed by a parenthetical instance indicator (e.g., (1), (2), etc.). Where the number of like objects is not critical, the like objects are parenthetically numbered ending with a placeholder such as “n”. It should be understood that, unless otherwise indicated, the fact that different sets of objects are referenced with the same placeholder, that does not necessarily indicate that there are the same number of objects.
- A number of elements might be implemented entirely in software, entirely in hardware of a combination thereof, wherein software comprises a plurality of instructions executable by a processor, computer, or other programmable object, to effect the function of the software. The present invention is not limited to any particular implementation, unless otherwise indicated. In methods described herein, processes described as computing steps might be carried out by processing electrical or other (e.g., mechanical, chemical) physical signals to generate other desired physical signals, and can be implemented via one or more computing device, with the software instructions stored with the computing device or provided to the computing device as needed. In some devices, computing and or data storage performed for the computing device outside of the computing device (such as server operations), but integrated such that the computing device uses the software as needed for its own purposes.
- It can be appreciated by those skilled in the art that embodiments of the present invention may be implemented as a program product (i.e., computer program product) composed of one or more modules. The term “module” as used herein generally refers to a software module, a hardware module, or a module using hardware and software components. In the computer programming arts, it is known that a module can be implemented as a collection of routines and data structures that performs particular tasks or implements a particular abstract data type. Modules may include lists of constants, data types, variables, routines, etc. Modules need not be organized with data being distinct from routines, and various object models might be used to create and operate the modules.
- It can be additionally appreciated by those skilled in the art the system and/or method described herein can be implemented as a single module or a series of modules. Such modules can be utilized separately or together to form a program product that can be implemented through signal-bearing media, including transmission media and recordable media. A module can be stored, for example, within a memory location of a server and processed via associated processors or microprocessors thereof. Such modules may also control and command functions associated with such a server or devices in communication with the server.
- The term “user management” generally refers to activities that involve the identification of a network user, the type of network privileges associated with that network user, and the level of service that the user should be receiving. The term “radio management” generally refers to telecommunications activities taking place within a wireless network. For example, radio management can include a determination of the access point (AP) communicating with a device having a particular MAC address, along with the type and location of the service being provided.
- In the examples described herein, the wireless network is an IEEE 802.11 network, but it should be clear that other networks and variations of IEEE 802.11 networks could be used instead. Each network device is referred as to a “station”. Stations that derive their connectivity solely through the wireless network are referred to herein as “clients” and stations that connect to networks outside of the wireless network and are usable to carry traffic from clients to such networks are referred to herein as “access points”. Of course, a client might have other techniques for communication outside the wireless network, but it is assumed that the client does not carry data for other device is in the wireless network. For example, a cellular telephone that is enabled for communication over a wireless network might be described as a client even the now the cellular telephone is able to communicate through a telephone network independent of the wireless network. The term “outside network” is used herein to refer to communications channels other than the wireless network being described where the outside network might be the destination of some of the traffic of the wireless network. Thus, clients that communicate over a wireless network will communicate to an access point that carries the communication over the outside network. The outside network could itself be a wireless network.
- The above concepts should be kept in mind in understanding the figures and their description below.
- FIG. 1 is a diagram illustrating one embodiment of a
wireless network 100 according to aspects of the present invention. FIG. 1 shows several variations, not by way of limitation,clients 102, such as laptops 102(1) and 102(2), cellular telephone 102(3), desktop computer 102(4), embedded device 102(5) and handheld computer 102(M). Typically, but not required, each client is a portable or mobile computer or computing device.Clients 102 can communicate using various wireless methods, such as the infrared or radio-frequency methods defined by the 802.11 standard. Not all clients need to have user interfaces, as illustrated by embedded device 102(5). -
Clients 102 communicate to outside networks via access points 104. One such access point, 104(3), includes an integrated network controller (NC) 106, described in more detail below. Access points 104, interact with the wireless space and a distribution system (DS) 110.Distribution system 110 is typically a wired system, but that need not be the case.Distribution system 110 is in turn coupled to a local area network (LAN) 112, although other types of connections could be used. In some implementations,distribution system 110 is not necessarily distinct fromLAN 112. - A network controller (NC)114 is shown coupled to
distributional system 110 andLAN 112. If one of the access points 104 includes anintegrated network controller 106, it might assume the role of thenetwork controller 114, but in many these examples, it is assumed that a network controller distinct from the access points, is used. - As shown in FIG. 1,
network controller 114 might include connections to external networks, such as a wide area network (WAN), the Internet, etc. andLAN 112 might be coupled to other networks, such as other LANs, WANs, the Internet, other wireless networks, etc. - As described herein, the use of the network controller provides many benefits. One benefit is the ability to centrally control
wireless network 100, allowing for simpler access points. Such control might include monitoring the radio environment ofwireless network 100, controlling access by clients to access points and networks beyond the access points, integrating user management and radio management, and implementing a visitor gateway. A network controller might also be used to coordinate with access points to provide for multiple independent networks from one access point BSSID. - A client communicates beyond the wireless network via an access point. The client associates with one access point (for a given network) and that access point conveys data from the client and also receives data on behalf of the client and transmits that data to the client. For an access point to allow an association, the client needs to authenticate itself to the access point (in some networks, anyone can connect).
- FIG. 2 illustrates one
client 102, one access point (AP) 104, and oneCCC 114 in greater detail. It should be understood that a typical wireless network would include a plurality of clients and a plurality of access points, and possibly also a plurality of CCCs. - As shown in the figure,
AP 104 comprises aprocessor 202,program code 204,data store 206, a network interface to receive data from and said data to other network devices such asclient 102, an interface to communicate withCCC 114, any interfaces as needed for other communications, such as communications with a distribution system (DS) and a local area network (LAN). Other elements, components and modules might be present inAP 104, but are not shown. -
Program code 204 is shown including anetwork state module 210, a radio monitoring/mapping module 212 and a standard service setmodule 214. Standard service setmodule 214 can perform the functions typically found in conventional access points, and as such, need not be described in detail here. Other modules might be present, but are not shown.Data store 206 is shown comprising several data objects, such as a clients table 220, a radio stats table 222, a broadcast keys table 224, and other data objects not shown. -
CCC 114 is shown in comprising acontrol module 240, a radio monitor/mapper module 242, adiagnostic subsystem 244, alink layer authenticator 246, anetwork management module 248, and a list of active/supportedclients 250. Other modules and data structures are present inCCC 114 but are not shown. As indicated,CCC 114 can communicate with a distribution system, a LAN (such as a corporate network), a WAN, the Internet, or the like. -
CCC 114 can perform a number of functions, such as controlling access to the wireless network, managing radio mapping and otherwise monitoring, controlling, evaluating, reconfiguring, etc. the wireless network for optimal performance, security and user satisfaction. As illustrated in FIGS. 1-2, clients interact with access points and access points interact with the CCC. Access points generally function as the points on the edge ofwireless network 100 and CCC controls those access points. In a typical wireless network, there will be more access points than CCCs, so centralizing some functions traditionally performed by access points into the CCC allows for less expensive access points, simpler maintenance and oversight of the network, and a number of other benefits. - FIG. 3 illustrates a number of variations for communication between an access point and a CCC. FIG. 3(A) shows communication via a distribution system (DS). The medium to which an access point connects just outside the wireless network in an 802.11 network is referred to as a distribution system and can have a variety of forms. FIG. 3(B) shows communication over a dedicated link, which might be a direct wire. FIG. 3(C) shows a variation wherein the access point and the CCC are integrated into a single device. FIG. 3(D) shows communication over a LAN. FIG. 3(E) shows communication over a secure tunnel over a wireless LAN, LAN, WAN, DS, etc.
- FIG. 4 illustrates a number of tables that might be maintained at an access point in access point data store. FIG. 4(A) illustrates an active clients table; FIG. 4(B) illustrates a radio stats table; and FIG. 4(C) illustrates a broadcast keys table. The utility of these various tables is described herein. As an example, the active clients table holds a list of clients that are associated, or the process of being associated or disassociated, with the access point. As described herein, the function of determining which clients are allowed to associate with the access point is a function of the CCC, thereby allowing more efficient control over access. The radio stats table holds information about radios “visible” to the access point. With a collection of radio stats from a plurality of access points, the CCC can determine a great deal about the nature of the wireless network's space. These advantages are described below in reference to FIGS.5-8.
- FIG. 5 illustrates how an access point might be used to monitor or more map radio devices in the wireless network. As illustrated,
access point 104 can listen to passing MAC frames 504 as well as signals from in-band noise sources 502. In this example, noise issource 502 is a microwave oven. One radio band in which 802.11 signals propagate is the radio band around 2.4 to 2.5 GHz. Microwave ovens, cordless telephones, Bluetooth devices, etc., also operate in that radio band and since they are not operating as wireless network devices during their normal operation, signals will be received by the access point that are not valid MAC frames. Normally, such signals are just discarded, to avoid having spurious data propagate to higher layers. Also, frames that are correctly detected and received by the access point are also discarded if they are not addressed to the access point. - Instead of discarding information about such traffic, the
radio module 210 of the access point records the information for use by the CCC. In addition to passively listening and gathering information, the radio module might assist with active testing, such as by sending out frames to be detected by other access points or network monitors. - One of the difficulties that has been encountered in implementing wireless networks, such as IEEE 802.11 wireless networks, is the difficulty of mapping or surveying the network. Mapping helps in determining weak areas, vulnerable access points, overused areas, etc. Physical monitoring, such as by a technician moving through the wireless network space, is time-consuming and might interfere with normal operation of the network.
- FIG. 6 illustrates one possible sequence for mapping a wireless network. In a sequence, the CCC performs a passive listening process, then an active mapping process, and then a scan process. These processes can be done in that different orders or be done separately. As illustrated, in step S1, the CCC directs the access point to begin the passive listening process. The access point begins the process (S2) listening for frame traffic and non-frame traffic and populates its radio stats table (see FIG. 4(B)) accordingly. For each is source of radio signal, the access point might be able to identify it as a station or as a non-station source of interference. For stations, the access point should be able to identify an SSID for the radio, whether it is an access point, if it is a client, whether it is associated with the access point, and various other measurement parameters. These radio stats are gathered and reported back to the CCC (S3), which then can analyze them (S4) to determine the nature of a radio sources in the wireless network.
- When requesting active mapping (S5), the CCC would issue a particular mapping command or set of mapping commands to the access point, which would then receive the command or commands (S6) and form suitable mapping frames to be transmitted (S7) over the wireless network in support of those commands. Some of the mapping frames can be expected to be received by other access points. Those other access points, specifically the radio modules of those access points, would then receive the mapping frames (S8), gather radio and MAC stats for those frames (S9), and report the results back to the CCC (S10). The CCC could then analyze the radio and MAC stats (S11).
- For a scan process, the CCC sends a request for a scan over multiple channels, multiple frequency bands, or combination thereof, to the access point (S12). The access point then receives a request (S13) and sequences through the channels and/or frequencies and listens for traffic and/or sends out mapping frames, gather radio stats to be reported back to the CCC (S14), which then can analyze the stats (S15) and perform other tasks (S16).
- In this manner, a survey can be done of the wireless network. One interesting result of a survey is that the CCC can detect “rogue” access points that are using the wireless network but are unknown to the CCC. Rogue access points can be the result of an unauthorized user adding the access point to a network, interference from neighboring wireless networks, or authorized access points not yet configured or registered.
- Preferably, radio monitoring does not interfere with normal network operations. For example, it would be unwise for an access point that is serving four or five active users to drop them and instead perform a scan of various other radio channels. In a passive scan, an access point “listens” to all passing frames and reports their statistical information (e.g., channel, time, date, transmission achieved yes/no, signal quality and signal strength, latency, sent to, sent from and throughput) back to the CCC where such statistical information can be stored for later processing and reference.
- Each access point can, under the control of the CCC, periodically scan across an entire frequency range, listening not just to frames directed at it, but any passing frames and additionally transmit beacons across each channel. Any frames that are “seen” (and any responses to the beaconing) can then be reported back to the CCC for further analysis. This process can be synchronized by the CCC such that access points are not serving any users when they begin a frequency hopping process and to ensure that beacons are not sent out on channels that other nearby access points are using to communicate with network users. Each transmission of a mapping data frame and a real data frame to an end user can be monitored on the same set of terms.
- One use for the frequency stepping results is to test and log the radio quality delivered to actual end users and also to present it to a system administrator, so that he or she may derive actionable conclusions. For example, if the system administrator determines that bad coverage is located at the conference room on the second floor of a particular building, the system administrator can advise placing another access point at that location.
- Each access point under the control of the CCC can periodically send test frames to other nearby in network access points at specified times and frequency channels. Note that “nearby” access points can be determined on the basis of proximity tables maintained by the CCC. Such proximity tables can be generated as a result of the radio monitoring process described above. Some access points can be designated as “listen-only devices” that passively listen to all passing frames and scanning across channels as directed by the CCC, without supporting any client connections.
- The combined results of the exercises can result in a richly detailed, real-time map of the radio environment surrounding and associated the wireless network. One of the results of these exercises, as indicated previously, is the creation of a proximity table, which comprises a radio-only logical map of the network. Using the proximity table, the CCC can produce an approximate physical map of the wireless network. Additionally, a radio service quality log can be created, which illustrates the delivered radio transmission quality for all users of the wireless network.
- FIG. 7 is a logical representation of such a radio map. As shown there, the wireless space includes two access points, AP1 and AP2, that are known to be connected to a
LAN 704, two clients (A, B), two access points, APx and APy, known to be connected to an unrelatedneighboring network 706 and an access point, AP?, of unknown origin. In one representation, the radio map haslinks 700 andstats 702 for each link, where a link represents traffic from one source to one monitoring access point. Note that some of the sources might be other than network devices. Examples of stats for a link might be as shown in FIG. 4(B). As illustrated, AP1 has detected the presence of client A, client B, access point AP2, access point AP?, and access points APx and APy, while AP2 has detected the presence of client A, client B, access point AP1, access point AP?, access point APy, and non-network interference sources. For each of these presences, the respective access point can record statistics and forward them to the CCC. - With a collection of data for radio sources, the CCC might be able to determine an approximate mapping. For example, consider FIG. 8. Assume that distance between two radio sources is determinable from signal strength. That is often not the case for wireless networks, with differing transmit powers, multipath interference, signal delays, and the like, but it is illustrative nonetheless. With information from AP1, the CCC can determine the distance from AP1 to AP3 and the distance from AP1 to AP2, and can do likewise for the other two access points. From those distances (and the absolute location of at least one source in the wireless network), the CCC might be able to determine the location of each of the other access points. Of course, given the typical environment expected of a wireless network, the signals will not be perfect, but with many access points providing additional data points, the location of each access point could be determined at least approximately enough to allow a technician to quickly locate and/or isolate any given radio. With such information, for example, a network administrator can quickly zero in on a rogue access point.
- Other conclusions can be derived from the radio map. For example, areas of poor coverage may be detected, which in turn permits the CCC to recommend the placement of additional access points based on data compiled the real-time map. Such a map also permits the detection (i.e., area/time/date/frequency channels) of known radio sources of radio disturbances (e.g., 12:00, weekdays, all channels, around the second floor, cafeteria, etc.) and the generation of corresponding alerts. Any neighboring networks can also be detected based on data contained with the generated real-time map. In addition, the transmission channels, locations and time patterns of such neighboring networks can also be identified and detected so that any associated interferences can be bypassed.
- A radio map can also be used to detect any suspicious conversations, such as a conversation among known users (e.g., identified through a MAC address) and an unknown access point. By detecting such conversations, it can be determined that a network user may have inadvertently strayed into another network, which in turn results in the generation of a corresponding alert. Such a radio mapping can further be used to promote load balancing between access points by causing an overloaded access point to disassociate one or more associated users, provided that such users can be “seen” or identified and therefore picked up by another nearby access point. The CCC can determine from the radio map that a given user can be seen by more than one access point either by noting that more than one access point is picking up transmissions from that user and can decode frames accurately. Alternatively, but probably not as reliably, the CCC can determine that the user can get service from another access point by just estimating coverage from the calculated physical positions of each radio and stats about nearby interference.
- Radio maps can also be used to promote dynamic detection and throttling back of excessive spectrum-consuming use by specific users. For example, an individual located near an access point may back up a hard drive and consume all available bandwidth, leaving other users unattended. Additionally, a radio mapping as described herein can result in the dynamic production of radio frequency assignment commands by the CCC to each access point in order to maximize the spatial density achieved in the network by avoiding interference caused by other networks and by the network interfering with itself (i.e., through the use of non-overlapping channels in order to encourage spectrum re-use).
- Suspected rogue access points may comprise actual rogue access points, access points not yet configured, or access points from a neighboring wireless network. The CCC might include processes to determine which type of access point it actually comprises.
- In one example of such a process, the CCC might detect an unexpected access point and cause another device to simulate a client or a “wireless DS” access point and direct traffic at that access point to set up a link. Once a link is set up, the CCC can initiate a ping or a traceroute operation where packets travel through the unexpected access point back to a site controlled by the CCC. Using the results of that test, the CCC might be able to determine where the networks to which the access point is connected.
- Since the access point collects more information than a conventional access point, the CCC can do more that if conventional access points are used. In some cases, an access point might be dedicated to the radio stats collection process such that it does not carry client traffic, just monitors radio traffic and/or actively probes the wireless network. In some cases, an access point will monitor just frames addressed to that access point, while in others the access point just or also monitors frames that are addressed to other network devices. In some cases, the access point just records information that a conventional access point would record, but in other cases, the access point records more data than is normally needed to act as an access point or saves data that is developed in the PHY or MAC layer but is discarded in normal course of supporting conventional 802.11 traffic. For example, radio signal strength might be data used in the PHY layer and discarded once valid frames are received, but that data can be saved and passed on to the CCC for analysis of the wireless network. An access point might include other functions involving sniffing the wireless network to which it has access.
- Radio stats can be combined with SNMP an authentication data to get a fuller network state. This data can be used to deal with rogue access points or to adjust the network in other ways. For example, if the CCC finds that an unauthorized access point is operating in its wireless space, the CCC can alert an operator and narrow down a physical search for the unauthorized access point. The CCC might also do the same for unauthorized clients, gateways, etc. The CCC might also act directly to disable the rogue access point if it is on a wired network or distribution system controlled by the CCC.
- In addition to dealing with rogue network devices, the CCC might also handle network reconfigurations. For example, based on radio stats, the CCC might determine that an access point is overloaded and make selective requests to that overloaded access point to deassociate one or more network devices. Preferably, the network devices that are to be disassociated are within range of other access points, a condition that the CCC can determine from the collection of radio stats from other access points. The CCC might be used to monitor other, more complex statistics, such as a comparison of airtime usage versus throughput.
- FIG. 9 illustrates several tables that might be used by the CCC to support a user radio and a link management process. FIG. 9(A) is a table of active clients indicating, for each active client, the user MAC address, actual physical location (as that might be estimated during a radio survey), expected physical location (as might be determined during a physical installation process), a list of active services for that client, and other parameters about the client. FIG. 9(B) is a table of historical network activity usable for diagnostics and support.
- FIG. 10 is a flowchart of a process that a CCC might use to support such functions. In this example, is assumed that the process of FIG. 10 is performed by a support person, but it should be understood that some of these processes might be fully automated without human intervention. As illustrated there, the administrator selects a user (S100) from a list of supported users and then analyzes, and/or causes a computer to analyze, historical data to determine quality of service for the selected user (S101). The administrator or the CCC can then check connection failures and network events (S102) and diagnose causes of errors automatically, based on history and failure modes (S103). The causes, history and failure modes can be matched to trouble tickets (S104) such that support can be provided (S 105).
- Historical traffic data can be maintained on the basis of a specific user rather than a device itself. For example, such historical traffic data can provide an indication of the quality of service experience by a particular user regardless of what type of mobile device (e.g., laptop/NIC, etc.) that user is currently using and aggregate that user's experience over different network devices. Historical network traffic data can be used to ensure (rather than merely monitor) the quality experienced by a specific network user, possibly across multiple network devices.
- As template uses used for the historical network traffic data, the CCC might be alerted to a sequence of failed connection attempts at a particular MAC address. With a failed connection attempt, the CCC might not be able to determine the user making the attempt, as the connection might not have gotten to a stage where user identification is exchanged. Nonetheless, the CCC could use the historical network traffic data to identify the user or most likely using the problematic MAC address and proactively provide support to that user, such as by identifying the user from a company telephone directory or e-mail directory and contacting user to discuss connection problems.
- In a trouble-ticket based support system, specific user trouble-tickets might be associated with specific network events. In essence, specific user trouble-tickets can be tied with specific events at the network level, such as for example, transmission types and rates, association/disassociation events, and so forth.
- Using these techniques, 802.1x link layer authentication can be combined with network management thereof in order to associate both and provide a variety of useful services on this basis. Some such services may include the ability for a system administrator to select a user and immediately see their current MAC address, their physical location, what service they are receiving, etc. Such services can also include maintaining a history of wireless network traffic data by user (not just by network address, but by user as they access the network using differing devices). Additionally, such services can permit the use of such information to ensure (rather than simply monitor) the quality experienced by person a particular network user, regardless of the device/MAC address they are using. In addition, such services can include the ability to track down multiple failed connection attempts by a certain MAC address and deduce the user who is failing to connect (e.g., the user may have lost a password) based on historical connection data and proactively call/email the user(s) with support. Finally, such services may include a tying of association of specific user trouble-tickets with specific events at the network level, such as for example, transmission types and rates, association/disassociation events and so forth.
- FIG. 11 is a swim diagram illustrating another use of the CCC, to provide centralized access control. The process begins with a client sending a MAC management frame (S110) to an access point. Previous access points might have processed the request locally, which in turn is sent out across an associated wired network to an authentication authority (e.g., a domain server or a directory) and base its decision on data returned by the authentication authority. With the present approach, the access point transfers of the decision-making process to the CCC forwarding the control frame (S111) to the CCC. The CCC receives a control frame (S112) and determines if the clients is to be given access (S113). If the client is not to be given access, the CCC responds (S114) to the access point to deny the client (S115) and the client receives a denial (S116). In some instances, clients are not informed of the denial and only hear from the access point when access is granted.
- Where the CCC decides to grant access, it indicates to the access point that access is granted and provides indication of the permissions granted to the client (S117). The access point then initializes is a local tables for granting permissions as indicated by the CCC (S118) and sends an authentication response to the client (S119). Once the client receives the authentication response (S120) and continues with association and second authentication and other processes (S121).
- As described above, the access points pass key management and control functions of 802.1x access points to a central controller (the CCC). This allows other functionality, such as the routing of visiting users away from private networks and tunneling between the client and the CCC through the access point. Communications between the CCC and the access point can be carried out through a secured tunnel (s-tunnel) connection. It can be appreciated that the access points can carry out a “firewall” function by passing any control frames (for 802.11, MMPDUs are examples of control frames) received from clients back to a dominating CCC that can control the access points in detail and assume the role of an authenticator in which a received request to access a wireless network is transferred from one of the access points to the CCC, which in turn generates a response or command which is returned to the appropriate access point either granting or denying association privileges based on the response received from the CCC. With centralized control, subnet roaming and guest services can be easily accommodated.
- FIG. 12 illustrates how tunneling might be used to provide controlled connections between a client and a CCC via an access point and between an access point and a firewall via the CCC and a LAN. The latter is useful with users that are not authorized to use the LAN in that they can still get access to other networks that might be beyond the LAN.
- As illustrated in FIG. 12, a variety of
clients 1202 connect to services supported by aCCC 1200 via anaccess point 1203. A visitor gateway is implemented using atunnel 1204 and client-to-CCC tunneling is implemented using atunnel 1210. Other tunnels might be implemented as well.Tunnel 1204 packages up traffic between visitor clients, such as client 1202(1), and transports it to afirewall 1206, which connects to avisitor gateway machine 1208 at a “demilitarized zone” or “DMZ”, to allow for a visitor client to access theInternet 1220, but not send or receive traffic to or from the LAN. Traffic from authorized clients can travel onto the LAN. The status of a particular client can be determined at the CCC using data maintained there. Since the CCC performs the access control functions, it does not necessarily need to rely on the access points to determine which clients should be tunnelled and which clients should be allowed onto the LAN. - In FIG. 12, the visitor client and the employee client are shown as distinct network devices. In some cases, one network device might be used to both by authorized employees and visitors, in which case the MAC address of the network device would be insufficient to identify the level of access to be granted. Thus, a mobile employee can communicate with an access point of a wireless network and a visitor may attempt to communicate with the access point using the same network device. Since the CCC controls access, it can distinguish between the users that
- The CCC also can automatically route a visitor to
visitor gateway 1208 when the visiting user attempts to contactaccess point 1203. Additionally, the CCC can communicate with the access point through a secure communications tunnel (e.g., S-tunnel). - Multiple Independent Networks
- Occasionally there is a need to have more than one independent network operating in an overlapping wireless space. This can be done by having parallel sets of access points, but from a hardware perspective, this is inefficient. According to embodiments of wireless networks according to the present invention, multiple independent networks are supported through a set of access points use the existing 802.11 encryption protocols. 802.11 devices can send frames indicated as unicast frames, multicast frames, or broadcast frames. Unicast frames are characterized as having a single network device as its destination. Broadcast frames are characterized as being directed to all network devices that are capable of receiving the frames. Multicast frames are in between unicast frames and broadcast frames in that that multicast frames are characterized as having a destination that is a group with which network devices can be associated. Multicasting requires more infrastructure then the unicasting or broadcasting, as group associations need to be maintained.
- Where multiple independent overlapping wireless networks exist, it is preferable to have technique for broadcasting just among one of the overlapping networks and to do so with the minimum amount of set up. Using a wireless network configured according to aspects of the present invention, this is done using the encryption behaviors of the typical wireless network. In a typical wireless network, network device receives frames and determines whether the frames are encrypted. If the frames are encrypted, the network device attempts to decrypt the frames using the encryption keys available to the network device. If the network device it cannot decrypt and encrypted frame, the network device drops the frame. In a typical instance, the network device will silently drop the frame (i.e., not request retransmission or otherwise indicate failure of receipt).
- For unicast traffic, the access point could maintain a MAC address of each client in a table indicating which MAC addresses go with which distribution systems (Doss). However, for broadcast traffic, is more difficult for one access point to manage multiple sets of traffic among the stations associated with the access point. When an access point transmits a broadcast frame, all associated clients will receive and process that broadcast frame, which is undesirable when attempting to a broadcast a frame to just a subset of clients associated with less than all of the distribution systems served by the access point. The access point typically transmits broadcast frames and a unicast frames using a BSSID (typically, the MAC address of the access point's radio) that the client understands is the BSSID for the access point with which the client is associated.
- To solve this problem, the network is configured to use 802.1x encryption processes to in effect “separate out” broadcast traffic for multiple networks. Thus, the clients that are part of a first network will have a first encryption key used for broadcast frames (and possibly some unicast frames) and clients that are part of a second network will have a second encryption key used for broadcast frames and other frames. When a particular client receives a broadcast frame, the client attempts to decrypt the frame and if the decryption fails, the client will assume the packet was not directed at it and will ignore the packet. As a result, clients that are in a first network will drop frames that are broadcast frames encrypted using a second network's encryption key and clients that are in a second network will drop frames that are broadcast frames encrypted using the first network's encryption key, effectively creating more than one broadcast zone in a given area.
- In this manner, different clients can be associated with different networks through a common access point. In addition to multiple broadcast encryption keys, not each client might also maintain unicast encryption keys. Each client will then drop all packets from that access point, except for unencrypted packets, packets encrypted with the client's unicast encryption key, and packets encrypted with the broadcast encryption key for the network with which the client is associated.
- The standard sequence for MAC management when a client connects to an AP is 1) a first authentication wherein control frames (MMPDUs in the case of 802.11 networks) are sent; in a typical network, an access point accepts all clients in this step, 2) association wherein a link is established between the client and the access point, and 3) 802.1x authentication (not required for all links).
- Following those three steps, the access point would know the MAC address of the client. The 802.1x authentication exchange goes through the access point to an authentication server (which might be a RADIUS server). At the end of the exchange, the authentication server sends a message back to the client through the access point and can include some optional attributes in a message. One of the possible, optional attributes is a VLAN attribute indicating that the user client should be connected and its data traffic allowed on to a particular VLAN. Another set of attributes is a set of keys including one or more unicast keys and one or more broadcast keys.
- FIG. 13 illustrates an
access point 1304 might support multiple independent networks for ourclients 1302. As illustrated there,access point 1304 supports fourindependent networks 1306. As illustrated, clients A and B are part ofnetwork 1 and client C is part ofnetwork 4. When anaccess point 1304 sends abroadcast frame 1310 encoded with a broadcast key fornetwork 1, each client receivesbroadcast frame 1310 and decodes it because it is apparently addressed to each of those clients being a broadcast frame. However, clients A and B correctly thecode frame 1310 but client C, not having a matching decryption key, fails to thecode frame 1310 and discards it. Of course, whenaccess point 1304 is to send a broadcast message to all clients in thenetwork 4, it would use the broadcast keys fornetwork 4 and that message would be dropped by all clients except those in thenetwork 4. - While the above example is explained with an illustration of multiple distribution systems (DS's), there might be some configurations where the traffic is carried on a single distribution system.
- Stations that expect to receive encrypted traffic are generally set to reject unencrypted traffic, so it is thus possible to partition the access point into two independent networks. For example, a network device on a first independent network might be configured to ignore unencrypted traffic and receive broadcast messages encrypted with broadcast keys for the first independent network, while a network device on a second independent network might be configured without any broadcast keys and thus would only except the unencrypted traffic and discard the encrypted broadcast frames.
- Novel access points, wireless network controllers, enhanced methods of wireless network control and the like have now been described. Some implementations might be in the form of novel access points, while others are in the form of additional functionality added to existing access points. For example, an access point that is implemented as a chipset and/or programmable devices might simply include added software to handle one or more of the novel functions described herein. Modifications might be made to clients, but the present invention can operate with conventional clients as well.
- The embodiments and examples set forth herein are presented to best explain the present invention and its practical application and to thereby enable those skilled in the art to make and use the invention. Those skilled in the art, however, will recognize that the foregoing description and examples have been presented for the purpose of illustration and example only. Other variations and modifications of the present invention will be apparent to those of skill in the art, and it is the intent of the appended claims that such variations and modifications be covered. The description as set forth is not intended to be exhaustive or to limit the scope of the invention. Many modifications and variations are possible in light of the above teaching without departing from the spirit and scope of the following claims. It is contemplated that the use of the present invention can involve components having different characteristics. Many variations of the invention will become apparent to those of skill in the art upon review of this disclosure. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the appended claims along with their full scope of equivalents.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/430,804 US20040078598A1 (en) | 2002-05-04 | 2003-05-05 | Key management and control of wireless network access points at a central server |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US38015302P | 2002-05-04 | 2002-05-04 | |
US10/430,804 US20040078598A1 (en) | 2002-05-04 | 2003-05-05 | Key management and control of wireless network access points at a central server |
Publications (1)
Publication Number | Publication Date |
---|---|
US20040078598A1 true US20040078598A1 (en) | 2004-04-22 |
Family
ID=29401629
Family Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/430,699 Abandoned US20040078566A1 (en) | 2002-05-04 | 2003-05-05 | Generating multiple independent networks on shared access points |
US10/430,682 Active 2024-12-05 US7382756B2 (en) | 2002-05-04 | 2003-05-05 | Integrated user and radio management in a wireless network environment |
US10/430,804 Abandoned US20040078598A1 (en) | 2002-05-04 | 2003-05-05 | Key management and control of wireless network access points at a central server |
US10/430,731 Abandoned US20040054774A1 (en) | 2002-05-04 | 2003-05-05 | Using wireless network access points for monitoring radio spectrum traffic and interference |
US10/430,810 Active 2024-11-05 US7248858B2 (en) | 2002-05-04 | 2003-05-05 | Visitor gateway in a wireless network |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/430,699 Abandoned US20040078566A1 (en) | 2002-05-04 | 2003-05-05 | Generating multiple independent networks on shared access points |
US10/430,682 Active 2024-12-05 US7382756B2 (en) | 2002-05-04 | 2003-05-05 | Integrated user and radio management in a wireless network environment |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/430,731 Abandoned US20040054774A1 (en) | 2002-05-04 | 2003-05-05 | Using wireless network access points for monitoring radio spectrum traffic and interference |
US10/430,810 Active 2024-11-05 US7248858B2 (en) | 2002-05-04 | 2003-05-05 | Visitor gateway in a wireless network |
Country Status (3)
Country | Link |
---|---|
US (5) | US20040078566A1 (en) |
AU (1) | AU2003230274A1 (en) |
WO (1) | WO2003093951A2 (en) |
Cited By (84)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030041125A1 (en) * | 2001-08-16 | 2003-02-27 | Salomon Kirk C. | Internet-deployed wireless system |
US20040003285A1 (en) * | 2002-06-28 | 2004-01-01 | Robert Whelan | System and method for detecting unauthorized wireless access points |
US20040004948A1 (en) * | 2002-07-03 | 2004-01-08 | Richard Fletcher | Hybrid wireless network for data collection and distribution |
US20040030895A1 (en) * | 2002-08-09 | 2004-02-12 | Canon Kabushiki Kaisha | Network configuration method and communication system and apparatus |
US20040098610A1 (en) * | 2002-06-03 | 2004-05-20 | Hrastar Scott E. | Systems and methods for automated network policy exception detection and correction |
US20040157624A1 (en) * | 2002-05-20 | 2004-08-12 | Hrastar Scott E. | Systems and methods for adaptive location tracking |
US20040198220A1 (en) * | 2002-08-02 | 2004-10-07 | Robert Whelan | Managed roaming for WLANS |
US20040203593A1 (en) * | 2002-08-09 | 2004-10-14 | Robert Whelan | Mobile unit configuration management for WLANs |
US20040203862A1 (en) * | 2002-06-24 | 2004-10-14 | Intel Corporation | Logical boundaries in communications networks |
US20040209617A1 (en) * | 2003-04-21 | 2004-10-21 | Hrastar Scott E. | Systems and methods for wireless network site survey systems and methods |
US20040210654A1 (en) * | 2003-04-21 | 2004-10-21 | Hrastar Scott E. | Systems and methods for determining wireless network topology |
US20040209634A1 (en) * | 2003-04-21 | 2004-10-21 | Hrastar Scott E. | Systems and methods for adaptively scanning for wireless communications |
US20040218568A1 (en) * | 2003-02-14 | 2004-11-04 | Goodall David S. | Selecting an access point according to a measure of received signal quality |
US20040218602A1 (en) * | 2003-04-21 | 2004-11-04 | Hrastar Scott E. | Systems and methods for dynamic sensor discovery and selection |
WO2004095192A2 (en) * | 2003-04-21 | 2004-11-04 | Airdefense, Inc. | Systems and methods for securing wireless computer networks |
WO2004112354A2 (en) * | 2003-06-04 | 2004-12-23 | Symbol Technologies, Inc. | Method for mobile unit location estimate in a wireless lan |
US20050030976A1 (en) * | 2002-06-12 | 2005-02-10 | Globespan Virata Incorporated | Link margin notification using return frame |
US20050053046A1 (en) * | 2003-09-10 | 2005-03-10 | Shiwei Wang | QoS based load-balance policy for WLAN |
US20050059396A1 (en) * | 2003-09-09 | 2005-03-17 | Chuah Mooi Choo | Communications protocol between a gateway and an access point |
US20050094588A1 (en) * | 2002-06-12 | 2005-05-05 | Globespan Virata Incorporated | Direct link relay in a wireless network |
US20050128977A1 (en) * | 2003-07-23 | 2005-06-16 | Interdigital Technology Corporation | Method and apparatus for determining and managing congestion in a wireless communications system |
US20050130634A1 (en) * | 2003-10-31 | 2005-06-16 | Globespanvirata, Inc. | Location awareness in wireless networks |
US20050141498A1 (en) * | 2003-10-16 | 2005-06-30 | Cisco Technology, Inc | Network infrastructure validation of network management frames |
US20050157676A1 (en) * | 2003-07-23 | 2005-07-21 | Interdigital Technology Corporation | Method and apparatus for determining and managing congestion in a wireless communications system |
US20050174961A1 (en) * | 2004-02-06 | 2005-08-11 | Hrastar Scott E. | Systems and methods for adaptive monitoring with bandwidth constraints |
US20050243936A1 (en) * | 2003-03-28 | 2005-11-03 | Agrawala Ashok K | Method and system for determining user location in a wireless communication network |
US20060078124A1 (en) * | 2002-05-21 | 2006-04-13 | Wavelink Corporation | System and method for providing WLAN security through synchronized update and rotation of WEP keys |
US20060085543A1 (en) * | 2004-10-19 | 2006-04-20 | Airdefense, Inc. | Personal wireless monitoring agent |
US20060123133A1 (en) * | 2004-10-19 | 2006-06-08 | Hrastar Scott E | Detecting unauthorized wireless devices on a wired network |
US20060258350A1 (en) * | 2005-05-11 | 2006-11-16 | Interdigital Technology Corporation | Method and system for reselecting an access point |
US20070094741A1 (en) * | 2002-05-20 | 2007-04-26 | Airdefense, Inc. | Active Defense Against Wireless Intruders |
US20070183443A1 (en) * | 2006-02-08 | 2007-08-09 | Sang-Yeon Won | Apparatus and method for transmitting data frame in WLAN terminal |
US20070189194A1 (en) * | 2002-05-20 | 2007-08-16 | Airdefense, Inc. | Method and System for Wireless LAN Dynamic Channel Change with Honeypot Trap |
US20070208937A1 (en) * | 2006-03-02 | 2007-09-06 | Cisco Technology, Inc. | System and method for wireless network profile provisioning |
US20070218874A1 (en) * | 2006-03-17 | 2007-09-20 | Airdefense, Inc. | Systems and Methods For Wireless Network Forensics |
US20070217371A1 (en) * | 2006-03-17 | 2007-09-20 | Airdefense, Inc. | Systems and Methods for Wireless Security Using Distributed Collaboration of Wireless Clients |
EP1854005A1 (en) * | 2005-03-03 | 2007-11-14 | Cisco Technology, Inc. | Method and apparatus for locating rogue access point switch ports in a wireless network |
US20070263587A1 (en) * | 2006-05-12 | 2007-11-15 | Sbc Knowleage Ventures, L.P. | Adaptive rate and reach optimization for wireless access networks |
EP1868102A1 (en) * | 2005-03-17 | 2007-12-19 | Fujitsu Ltd. | Communication information management method, communication information management device, radio communication device, relay device, communication information management program, radio communication program, relay program, and communication information management system |
US20070294645A1 (en) * | 2005-10-04 | 2007-12-20 | General Instrument Corporation | Method and apparatus for determining the proximity of a client device |
US7327697B1 (en) * | 2002-06-25 | 2008-02-05 | Airespace, Inc. | Method and system for dynamically assigning channels across multiple radios in a wireless LAN |
US20080040476A1 (en) * | 2004-07-09 | 2008-02-14 | Matsushita Electric Industrial Co., Ltd. | Access Point Control System and Access Point Control Method |
US20080052779A1 (en) * | 2006-08-11 | 2008-02-28 | Airdefense, Inc. | Methods and Systems For Wired Equivalent Privacy and Wi-Fi Protected Access Protection |
US20080285530A1 (en) * | 2004-05-18 | 2008-11-20 | Cisco Systems, Inc. | Wireless Node Location Mechanism Featuring Definition of Search Region to Optimize Location Computation |
US20090021343A1 (en) * | 2006-05-10 | 2009-01-22 | Airdefense, Inc. | RFID Intrusion Protection System and Methods |
US20090073905A1 (en) * | 2007-09-18 | 2009-03-19 | Trapeze Networks, Inc. | High level instruction convergence function |
US20090210935A1 (en) * | 2008-02-20 | 2009-08-20 | Jamie Alan Miley | Scanning Apparatus and System for Tracking Computer Hardware |
US7593356B1 (en) | 2002-06-25 | 2009-09-22 | Cisco Systems, Inc. | Method and system for dynamically assigning channels across multiple access elements in a wireless LAN |
US20090327736A1 (en) * | 2003-10-16 | 2009-12-31 | Cisco Technology, Inc. | Insider attack defense for network client validation of network management frames |
US7715800B2 (en) | 2006-01-13 | 2010-05-11 | Airdefense, Inc. | Systems and methods for wireless intrusion detection using spectral analysis |
US20100182983A1 (en) * | 2009-01-22 | 2010-07-22 | Belair Networks Inc. | System and method for providing wireless local area networks as a service |
US20100182984A1 (en) * | 2009-01-22 | 2010-07-22 | Belair Networks | System and method for providing wireless local area networks as a service |
US20100211790A1 (en) * | 2009-02-13 | 2010-08-19 | Ning Zhang | Authentication |
US20100284368A1 (en) * | 2007-11-23 | 2010-11-11 | Telefonaktiebolaget Lm Ericsson (Publ) | Wireless LAN Mobility |
US7873061B2 (en) | 2006-12-28 | 2011-01-18 | Trapeze Networks, Inc. | System and method for aggregation and queuing in a wireless network |
US7948951B2 (en) | 2002-06-12 | 2011-05-24 | Xocyst Transfer Ag L.L.C. | Automatic peer discovery |
US7970013B2 (en) | 2006-06-16 | 2011-06-28 | Airdefense, Inc. | Systems and methods for wireless network content filtering |
US20110167478A1 (en) * | 2010-01-06 | 2011-07-07 | Qualcomm Incorporated | Method and apparatus for providing simultaneous support for multiple master keys at an access point in a wireless communication system |
USRE43127E1 (en) | 2002-06-12 | 2012-01-24 | Intellectual Ventures I Llc | Event-based multichannel direct link |
US8116275B2 (en) | 2005-10-13 | 2012-02-14 | Trapeze Networks, Inc. | System and network for wireless network monitoring |
US8150357B2 (en) | 2008-03-28 | 2012-04-03 | Trapeze Networks, Inc. | Smoothing filter for irregular update intervals |
US8161278B2 (en) | 2005-03-15 | 2012-04-17 | Trapeze Networks, Inc. | System and method for distributing keys in a wireless network |
US8218449B2 (en) | 2005-10-13 | 2012-07-10 | Trapeze Networks, Inc. | System and method for remote monitoring in a wireless network |
US8238298B2 (en) | 2008-08-29 | 2012-08-07 | Trapeze Networks, Inc. | Picking an optimal channel for an access point in a wireless network |
US8238942B2 (en) | 2007-11-21 | 2012-08-07 | Trapeze Networks, Inc. | Wireless station location detection |
US20120294235A1 (en) * | 2011-05-18 | 2012-11-22 | Radius Networks, Inc. | System and method for managing content exchanges in a wireless network using a listener module |
US8340110B2 (en) * | 2006-09-15 | 2012-12-25 | Trapeze Networks, Inc. | Quality of service provisioning for wireless networks |
US20130115918A1 (en) * | 2011-11-09 | 2013-05-09 | Nokia Corporation | Methods and Apparatus For Wireless Networking Connection |
US8457031B2 (en) | 2005-10-13 | 2013-06-04 | Trapeze Networks, Inc. | System and method for reliable multicast |
US8638762B2 (en) | 2005-10-13 | 2014-01-28 | Trapeze Networks, Inc. | System and method for network integrity |
US8818322B2 (en) | 2006-06-09 | 2014-08-26 | Trapeze Networks, Inc. | Untethered access point mesh system and method |
US8848679B2 (en) | 2010-08-19 | 2014-09-30 | Blackberry Limited | Method of limiting use of a mobile wireless access point near a wireless local area network |
US8902904B2 (en) | 2007-09-07 | 2014-12-02 | Trapeze Networks, Inc. | Network assignment based on priority |
US8964747B2 (en) | 2006-05-03 | 2015-02-24 | Trapeze Networks, Inc. | System and method for restricting network access using forwarding databases |
US8966018B2 (en) | 2006-05-19 | 2015-02-24 | Trapeze Networks, Inc. | Automated network device configuration and network deployment |
US8978105B2 (en) | 2008-07-25 | 2015-03-10 | Trapeze Networks, Inc. | Affirming network relationships and resource access via related networks |
US9002415B2 (en) | 2002-06-12 | 2015-04-07 | Intellectual Ventures I Llc | Power management for wireless direct link |
US9191799B2 (en) | 2006-06-09 | 2015-11-17 | Juniper Networks, Inc. | Sharing data between wireless switches system and method |
US20160020977A1 (en) * | 2007-06-18 | 2016-01-21 | Xirrus Inc. | Node fault identification in wireless lan access points |
US9258702B2 (en) | 2006-06-09 | 2016-02-09 | Trapeze Networks, Inc. | AP-local dynamic switching |
US9578458B2 (en) * | 2013-07-19 | 2017-02-21 | Intel Corporation | Identification of rogue access points |
US9763094B2 (en) | 2014-01-31 | 2017-09-12 | Qualcomm Incorporated | Methods, devices and systems for dynamic network access administration |
EP3294037A4 (en) * | 2015-06-01 | 2018-05-09 | Huawei Technologies Co., Ltd. | Method, device and system for improving concurrent processing ability of wireless local area network |
US11271217B1 (en) * | 2009-06-23 | 2022-03-08 | CSC Holdings, LLC | Wireless network polling |
Families Citing this family (188)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070091015A1 (en) * | 2000-10-27 | 2007-04-26 | Lavelle Patrick M | Vehicle seat entertainment system incorporating a databus |
US7301946B2 (en) * | 2000-11-22 | 2007-11-27 | Cisco Technology, Inc. | System and method for grouping multiple VLANs into a single 802.11 IP multicast domain |
US20040078566A1 (en) * | 2002-05-04 | 2004-04-22 | Instant802 Networks Inc. | Generating multiple independent networks on shared access points |
US6799054B2 (en) * | 2002-05-06 | 2004-09-28 | Extricom, Ltd. | Collaboration between wireless LAN access points using wired lan infrastructure |
US7319688B2 (en) * | 2002-05-06 | 2008-01-15 | Extricom Ltd. | LAN with message interleaving |
US20030206532A1 (en) * | 2002-05-06 | 2003-11-06 | Extricom Ltd. | Collaboration between wireless lan access points |
US7113497B2 (en) * | 2002-05-08 | 2006-09-26 | Lenovo (Singapore) Pte. Ltd. | Bandwidth management in a wireless network |
US7782813B2 (en) * | 2002-06-07 | 2010-08-24 | Ember Corporation | Monitoring network traffic |
US20050195786A1 (en) * | 2002-08-07 | 2005-09-08 | Extricom Ltd. | Spatial reuse of frequency channels in a WLAN |
US7697549B2 (en) * | 2002-08-07 | 2010-04-13 | Extricom Ltd. | Wireless LAN control over a wired network |
US7421266B1 (en) * | 2002-08-12 | 2008-09-02 | Mcafee, Inc. | Installation and configuration process for wireless network |
US20060171335A1 (en) * | 2005-02-03 | 2006-08-03 | Michael Yuen | Backup channel selection in wireless LANs |
US20040039817A1 (en) * | 2002-08-26 | 2004-02-26 | Lee Mai Tranh | Enhanced algorithm for initial AP selection and roaming |
WO2004025887A2 (en) * | 2002-09-13 | 2004-03-25 | Strix Systems, Inc. | Network access points using multiple devices |
US7606573B1 (en) * | 2002-09-27 | 2009-10-20 | Autocell Laboratories, Inc. | Wireless switched network |
US7782876B2 (en) * | 2003-01-08 | 2010-08-24 | Vtech Telecommunications Limited | Wireless voice data gateway |
US7274930B2 (en) * | 2003-02-24 | 2007-09-25 | Autocell Laboratories, Inc. | Distance determination program for use by devices in a wireless network |
US7634252B2 (en) * | 2003-03-07 | 2009-12-15 | Computer Assocaites Think, Inc. | Mobility management in wireless networks |
US7428413B2 (en) * | 2003-03-11 | 2008-09-23 | Wayport, Inc. | Method and system for providing network access and services using access codes |
US7346338B1 (en) | 2003-04-04 | 2008-03-18 | Airespace, Inc. | Wireless network system including integrated rogue access point detection |
US7313113B1 (en) * | 2003-04-04 | 2007-12-25 | Airespace, Inc. | Dynamic transmit power configuration system for wireless network environments |
JP4397929B2 (en) * | 2003-04-29 | 2010-01-13 | 株式会社エヌ・ティ・ティ・ドコモ | Apparatus and method for high-speed active search of wireless network |
US8108916B2 (en) * | 2003-05-21 | 2012-01-31 | Wayport, Inc. | User fraud detection and prevention of access to a distributed network communication system |
EP1629655A1 (en) * | 2003-06-05 | 2006-03-01 | Wireless Security Corporation | Methods and systems of remote authentication for computer networks |
US8068441B1 (en) | 2003-06-05 | 2011-11-29 | Mcafee, Inc. | Automated discovery of access points in wireless computer networks |
US20040264413A1 (en) * | 2003-06-26 | 2004-12-30 | Oren Kaidar | Device, system and method for channel scanning |
US8971913B2 (en) | 2003-06-27 | 2015-03-03 | Qualcomm Incorporated | Method and apparatus for wireless network hybrid positioning |
US8483717B2 (en) | 2003-06-27 | 2013-07-09 | Qualcomm Incorporated | Local area network assisted positioning |
US7453840B1 (en) | 2003-06-30 | 2008-11-18 | Cisco Systems, Inc. | Containment of rogue systems in wireless network environments |
US7539169B1 (en) | 2003-06-30 | 2009-05-26 | Cisco Systems, Inc. | Directed association mechanism in wireless network environments |
US7286515B2 (en) * | 2003-07-28 | 2007-10-23 | Cisco Technology, Inc. | Method, apparatus, and software product for detecting rogue access points in a wireless network |
US7646710B2 (en) | 2003-07-28 | 2010-01-12 | Nortel Networks Limited | Mobility in a multi-access communication network |
US7934005B2 (en) * | 2003-09-08 | 2011-04-26 | Koolspan, Inc. | Subnet box |
US20050060576A1 (en) * | 2003-09-15 | 2005-03-17 | Kime Gregory C. | Method, apparatus and system for detection of and reaction to rogue access points |
US20050070279A1 (en) * | 2003-09-30 | 2005-03-31 | Boris Ginzburg | Device, system and method of selecting channels to be scanned in wireless network association |
US20050094663A1 (en) * | 2003-11-05 | 2005-05-05 | Interdigital Technology Corporation | Method and system for providing intelligent remote access to wireless transmit/receive units |
EP1542401B8 (en) * | 2003-12-11 | 2010-09-08 | Swisscom AG | Access point for wireless local area networks |
US7170868B2 (en) * | 2004-02-05 | 2007-01-30 | Motorola, Inc. | Method for preserving wireless resources in a wireless local area network |
US7536723B1 (en) * | 2004-02-11 | 2009-05-19 | Airtight Networks, Inc. | Automated method and system for monitoring local area computer networks for unauthorized wireless access |
FR2866496A1 (en) * | 2004-02-18 | 2005-08-19 | France Telecom | Source terminal`s access control method for e.g. Internet, involves placing and protecting firewall in its access authorization state for connection in tunneling mode to permit communication between source and destination terminals |
WO2005081460A1 (en) * | 2004-02-19 | 2005-09-01 | Nec Corporation | Unauthorized wireless station detecting system, apparatus used therein, and method therefor |
US7248856B2 (en) * | 2004-03-15 | 2007-07-24 | Symbol Technologies, Inc. | System and method for client-server-based wireless intrusion detection |
US7969937B2 (en) | 2004-03-23 | 2011-06-28 | Aruba Networks, Inc. | System and method for centralized station management |
US9432848B2 (en) | 2004-03-23 | 2016-08-30 | Aruba Networks, Inc. | Band steering for multi-band wireless clients |
US20050213549A1 (en) * | 2004-03-26 | 2005-09-29 | Laura Bridge | System and method for access point/probe conversion |
US20050220106A1 (en) * | 2004-03-31 | 2005-10-06 | Pierre Guillaume Raverdy | Inter-wireless interactions using user discovery for ad-hoc environments |
EP1741306B1 (en) * | 2004-04-26 | 2013-07-24 | TELEFONAKTIEBOLAGET LM ERICSSON (publ) | Validation of mobile stations in unlicensed radio access networks |
US8069117B1 (en) * | 2004-05-28 | 2011-11-29 | Adobe Systems Incorporated | Ad hoc access rights in restricted-access electronic space |
US7319878B2 (en) | 2004-06-18 | 2008-01-15 | Qualcomm Incorporated | Method and apparatus for determining location of a base station using a plurality of mobile stations in a wireless mobile network |
US20060039451A1 (en) * | 2004-08-23 | 2006-02-23 | Xiangyang Zhuang | Method and apparatus for fast cell search |
US7706326B2 (en) * | 2004-09-10 | 2010-04-27 | Interdigital Technology Corporation | Wireless communication methods and components that implement handoff in wireless local area networks |
US8666816B1 (en) | 2004-09-14 | 2014-03-04 | Google Inc. | Method and system for access point customization |
US20060059043A1 (en) * | 2004-09-14 | 2006-03-16 | Chan Wesley T | Method and system to provide wireless access at a reduced rate |
US20060058019A1 (en) * | 2004-09-15 | 2006-03-16 | Chan Wesley T | Method and system for dynamically modifying the appearance of browser screens on a client device |
US7778228B2 (en) * | 2004-09-16 | 2010-08-17 | The Boeing Company | “Wireless ISLAND” mobile LAN-to-LAN tunneling solution |
JP4375197B2 (en) * | 2004-10-25 | 2009-12-02 | 日本電気株式会社 | Wireless LAN system, wireless terminal, wireless base station, wireless terminal communication setting method and program thereof |
US7516174B1 (en) | 2004-11-02 | 2009-04-07 | Cisco Systems, Inc. | Wireless network security mechanism including reverse network address translation |
US7440728B2 (en) | 2004-12-03 | 2008-10-21 | Microsoft Corporation | Use of separate control channel to mitigate interference problems in wireless networking |
US7463592B2 (en) | 2004-12-03 | 2008-12-09 | Microsoft Corporation | Protocol for exchanging control data to mitigate interference problems in wireless networking |
US7630687B2 (en) | 2004-12-03 | 2009-12-08 | Microsoft Corporation | Extensible framework for mitigating interference problems in wireless networking |
FR2881312A1 (en) * | 2005-01-26 | 2006-07-28 | France Telecom | Medium access control Internet protocol spoofing detecting method for e.g. corporate network, involves analyzing data fields of frames and triggering alarm in case of variation detected from analyzed data fields |
JP2006217096A (en) * | 2005-02-02 | 2006-08-17 | Nec Corp | Movement management system and movement management server, and movement management method and program thereof used for same |
US20060171305A1 (en) * | 2005-02-03 | 2006-08-03 | Autocell Laboratories, Inc. | Access point channel forecasting for seamless station association transition |
US20060171304A1 (en) * | 2005-02-03 | 2006-08-03 | Hill David R | WLAN background scanning |
US20080263660A1 (en) * | 2005-02-18 | 2008-10-23 | France Telecom | Method, Device and Program for Detection of Address Spoofing in a Wireless Network |
US7805140B2 (en) * | 2005-02-18 | 2010-09-28 | Cisco Technology, Inc. | Pre-emptive roaming mechanism allowing for enhanced QoS in wireless network environments |
US7596376B2 (en) * | 2005-02-18 | 2009-09-29 | Cisco Technology, Inc. | Methods, apparatuses and systems facilitating client handoffs in wireless network systems |
US20060193299A1 (en) * | 2005-02-25 | 2006-08-31 | Cicso Technology, Inc., A California Corporation | Location-based enhancements for wireless intrusion detection |
US8041824B1 (en) * | 2005-04-14 | 2011-10-18 | Strauss Acquisitions, L.L.C. | System, device, method and software for providing a visitor access to a public network |
US7443809B2 (en) | 2005-04-27 | 2008-10-28 | Symbol Technologies, Inc. | Method, system and apparatus for creating a mesh network of wireless switches to support layer 3 roaming in wireless local area networks (WLANs) |
US7515573B2 (en) * | 2005-04-27 | 2009-04-07 | Symbol Technologies, Inc. | Method, system and apparatus for creating an active client list to support layer 3 roaming in wireless local area networks (WLANS) |
US20060251013A1 (en) * | 2005-05-04 | 2006-11-09 | Interdigital Technology Corporation | Resource allocation in multi-access point wireless networks |
US7440436B2 (en) * | 2005-05-13 | 2008-10-21 | Natural Lighting Systems, Inc. | Self-organizing multi-channel mesh network |
US7529203B2 (en) | 2005-05-26 | 2009-05-05 | Symbol Technologies, Inc. | Method, system and apparatus for load balancing of wireless switches to support layer 3 roaming in wireless local area networks (WLANs) |
US9059782B2 (en) | 2005-06-01 | 2015-06-16 | Broadcom Corporation | Method and system for antenna and radio front-end topologies for a system-on-a-chip (SOC) device that combines bluetooth and IEEE 802.11 b/g WLAN technologies |
US7783756B2 (en) * | 2005-06-03 | 2010-08-24 | Alcatel Lucent | Protection for wireless devices against false access-point attacks |
FR2888696A1 (en) * | 2005-07-18 | 2007-01-19 | France Telecom | DETECTION OF DOUBLE ATTACHMENT BETWEEN A WIRED NETWORK AND AT LEAST ONE WIRELESS NETWORK |
US7813738B2 (en) * | 2005-08-11 | 2010-10-12 | Extricom Ltd. | WLAN operating on multiple adjacent bands |
US7257413B2 (en) * | 2005-08-24 | 2007-08-14 | Qualcomm Incorporated | Dynamic location almanac for wireless base stations |
EP1922838A1 (en) * | 2005-09-23 | 2008-05-21 | Smart Internet Technology Crc Pty Limited | Methods and systems for facilitating secure communication |
JP2007104536A (en) * | 2005-10-07 | 2007-04-19 | Sony Corp | Radio terminal and program |
US20090233646A1 (en) * | 2005-11-02 | 2009-09-17 | Pallasium Ltd. | Interference Cancellation in Sector Antenna |
US8411616B2 (en) | 2005-11-03 | 2013-04-02 | Piccata Fund Limited Liability Company | Pre-scan for wireless channel selection |
US7664465B2 (en) | 2005-11-04 | 2010-02-16 | Microsoft Corporation | Robust coexistence service for mitigating wireless network interference |
RU2390791C2 (en) * | 2005-11-07 | 2010-05-27 | Квэлкомм Инкорпорейтед | Positioning for wlan and other wireless networks |
US7996554B1 (en) | 2005-11-18 | 2011-08-09 | Marvell International Ltd. | System for improving quality of service for wireless LANs |
KR101246774B1 (en) * | 2005-11-22 | 2013-03-26 | 삼성전자주식회사 | Method and apparatus for transmitting/receiving a signal in a wireless local network mesh communication system |
CN100490408C (en) * | 2005-11-24 | 2009-05-20 | 鸿富锦精密工业(深圳)有限公司 | Access point and its method for establishment of wireless distribution system connection |
US20070133453A1 (en) * | 2005-12-05 | 2007-06-14 | Aseem Sethi | System and method for management of a wireless environment |
US9215754B2 (en) * | 2007-03-07 | 2015-12-15 | Menu Networks | Wi-Fi virtual port uplink medium access control |
US9723520B1 (en) | 2005-12-20 | 2017-08-01 | Microsoft Technology Licensing, Llc | Location based mode switching for dual mode mobile terminals |
KR100705584B1 (en) * | 2006-01-02 | 2007-04-09 | 삼성전자주식회사 | Wireless lan and method for transmitting frames thereof |
US7653813B2 (en) * | 2006-02-08 | 2010-01-26 | Motorola, Inc. | Method and apparatus for address creation and validation |
US8040835B2 (en) | 2006-02-17 | 2011-10-18 | Cisco Technology, Inc. | Troubleshooting link and protocol in a wireless network |
US7564816B2 (en) * | 2006-05-12 | 2009-07-21 | Shared Spectrum Company | Method and system for determining spectrum availability within a network |
US9148843B2 (en) * | 2006-05-25 | 2015-09-29 | Wefi Inc. | Method and system for selecting a wireless network for offloading |
US10225788B2 (en) | 2006-05-25 | 2019-03-05 | Truconnect Technologies, Llc | Method and system for selecting a wireless network for offloading |
US7512570B2 (en) * | 2006-05-30 | 2009-03-31 | Zaracom Technologies Inc. | Artificial intelligence analyzer and generator |
US7821986B2 (en) * | 2006-05-31 | 2010-10-26 | Cisco Technology, Inc. | WLAN infrastructure provided directions and roaming |
US7804806B2 (en) | 2006-06-30 | 2010-09-28 | Symbol Technologies, Inc. | Techniques for peer wireless switch discovery within a mobility domain |
US8315233B2 (en) * | 2006-07-07 | 2012-11-20 | Skyhook Wireless, Inc. | System and method of gathering WLAN packet samples to improve position estimates of WLAN positioning device |
US7961690B2 (en) | 2006-07-07 | 2011-06-14 | Symbol Technologies, Inc. | Wireless switch network architecture implementing mobility areas within a mobility domain |
US7826869B2 (en) | 2006-07-07 | 2010-11-02 | Symbol Technologies, Inc. | Mobility relay techniques for reducing layer 3 mobility control traffic and peering sessions to provide scalability in large wireless switch networks |
US7639648B2 (en) | 2006-07-20 | 2009-12-29 | Symbol Technologies, Inc. | Techniques for home wireless switch redundancy and stateful switchover in a network of wireless switches supporting layer 3 mobility within a mobility domain |
US7613150B2 (en) | 2006-07-20 | 2009-11-03 | Symbol Technologies, Inc. | Hitless restart mechanism for non-stop data-forwarding in the event of L3-mobility control-plane failure in a wireless switch |
JP5110819B2 (en) * | 2006-07-31 | 2012-12-26 | キヤノン株式会社 | Server and server control method |
TW200826702A (en) * | 2006-09-19 | 2008-06-16 | Qualcomm Inc | Multiplexing strip and data channels in a time division duplex communication system |
US7746796B2 (en) * | 2006-09-29 | 2010-06-29 | Cisco Technology, Inc. | Directed echo requests and reverse traceroute |
US9137663B2 (en) * | 2006-11-02 | 2015-09-15 | Cisco Technology, Inc. | Radio frequency firewall coordination |
US9226257B2 (en) * | 2006-11-04 | 2015-12-29 | Qualcomm Incorporated | Positioning for WLANs and other wireless networks |
US8265004B2 (en) * | 2006-11-11 | 2012-09-11 | Microsoft Corporation | Transferring data using ad hoc networks |
US20080112373A1 (en) * | 2006-11-14 | 2008-05-15 | Extricom Ltd. | Dynamic BSS allocation |
US7978619B2 (en) * | 2006-11-16 | 2011-07-12 | Vocera Communications, Inc. | Application specific, network performance measurement system and method for applications |
CN101242636B (en) * | 2007-02-06 | 2011-02-09 | 华为技术有限公司 | Method and system for configuring single-frequency network area |
CN102065373B (en) * | 2007-02-06 | 2013-01-23 | 华为技术有限公司 | Method for configuring single frequency network area and system thereof |
US8248948B2 (en) * | 2007-04-03 | 2012-08-21 | Tropos Networks, Inc. | Monitoring network conditions of a wireless network |
JP4309932B2 (en) * | 2007-04-16 | 2009-08-05 | 株式会社エヌ・ティ・ティ・ドコモ | Communication terminal and search method |
US8948046B2 (en) | 2007-04-27 | 2015-02-03 | Aerohive Networks, Inc. | Routing method and system for a wireless network |
KR100906389B1 (en) | 2007-05-10 | 2009-07-07 | 에스케이 텔레콤주식회사 | System, Server and Method for Analyzing Integrated Authentication-Logs based on ?????? |
DE102007025892A1 (en) * | 2007-06-01 | 2008-12-11 | Phoenix Contact Gmbh & Co. Kg | Tool recognition in Profinet |
US8331294B2 (en) | 2007-07-20 | 2012-12-11 | Broadcom Corporation | Method and system for managing information among personalized and shared resources with a personalized portable device |
US7907735B2 (en) | 2007-06-15 | 2011-03-15 | Koolspan, Inc. | System and method of creating and sending broadcast and multicast data |
US20090086693A1 (en) * | 2007-06-26 | 2009-04-02 | Kennedy Joseph P | System and method for RF space protection and control |
US20090003253A1 (en) * | 2007-06-29 | 2009-01-01 | Tropos Networks, Inc. | Controlling wireless network beacon transmission |
CA2693834C (en) * | 2007-07-13 | 2014-08-26 | Kabushiki Kaisha Toshiba | Secure localization for 802.11 networks with fine granularity |
US8345591B2 (en) * | 2007-07-20 | 2013-01-01 | Broadcom Corporation | Method and system for utilizing plurality of physical layers to retain quality of service in a wireless device during a communication session |
US7885233B2 (en) | 2007-07-31 | 2011-02-08 | Symbol Technologies, Inc. | Forwarding broadcast/multicast data when wireless clients layer 3 roam across IP subnets in a WLAN |
US9250084B2 (en) * | 2007-08-10 | 2016-02-02 | Cisco Technology, Inc. | System and method for navigating using multiple modalities |
JP5139851B2 (en) | 2008-03-14 | 2013-02-06 | キヤノン株式会社 | Communication apparatus and network construction method thereof |
JP5418496B2 (en) * | 2008-04-23 | 2014-02-19 | 日本電気株式会社 | Base station and terminal, and control method thereof |
US9395929B2 (en) * | 2008-04-25 | 2016-07-19 | Netapp, Inc. | Network storage server with integrated encryption, compression and deduplication capability |
US20090319772A1 (en) * | 2008-04-25 | 2009-12-24 | Netapp, Inc. | In-line content based security for data at rest in a network storage system |
US8589697B2 (en) * | 2008-04-30 | 2013-11-19 | Netapp, Inc. | Discarding sensitive data from persistent point-in-time image |
US8117464B1 (en) | 2008-04-30 | 2012-02-14 | Netapp, Inc. | Sub-volume level security for deduplicated data |
US8218502B1 (en) | 2008-05-14 | 2012-07-10 | Aerohive Networks | Predictive and nomadic roaming of wireless clients across different network subnets |
US8897801B2 (en) | 2008-06-13 | 2014-11-25 | Qualcomm Incorporated | Transmission of location information by a transmitter as an aid to location services |
US9604245B2 (en) | 2008-06-13 | 2017-03-28 | Kateeva, Inc. | Gas enclosure systems and methods utilizing an auxiliary enclosure |
US8036161B2 (en) | 2008-07-30 | 2011-10-11 | Symbol Technologies, Inc. | Wireless switch with virtual wireless switch modules |
JP5347401B2 (en) * | 2008-09-19 | 2013-11-20 | 富士通株式会社 | Wireless device and method for controlling and monitoring wireless device |
US9674892B1 (en) | 2008-11-04 | 2017-06-06 | Aerohive Networks, Inc. | Exclusive preshared key authentication |
US8898474B2 (en) * | 2008-11-04 | 2014-11-25 | Microsoft Corporation | Support of multiple pre-shared keys in access point |
US8040219B2 (en) * | 2008-11-06 | 2011-10-18 | Sony Ericsson Mobile Communications Ab | System and method for in-building location determination |
US8583832B2 (en) * | 2008-12-31 | 2013-11-12 | Verizon Patent And Licensing Inc. | Network interface device management using management transport channel |
US8483194B1 (en) | 2009-01-21 | 2013-07-09 | Aerohive Networks, Inc. | Airtime-based scheduling |
EP2446654A2 (en) * | 2009-06-24 | 2012-05-02 | Nokia Corp. | Methods and apparatuses for avoiding denial of service attacks by rogue access points |
US9900251B1 (en) | 2009-07-10 | 2018-02-20 | Aerohive Networks, Inc. | Bandwidth sentinel |
US11115857B2 (en) | 2009-07-10 | 2021-09-07 | Extreme Networks, Inc. | Bandwidth sentinel |
US8325696B2 (en) | 2009-07-29 | 2012-12-04 | Cisco Technology, Inc. | Dynamically dedicated wireless local area network service for high definition video teleconferencing |
US20110191827A1 (en) * | 2010-01-29 | 2011-08-04 | Rajini Balay | Detecting Unauthorized Router Access Points or Rogue APs in the Wired Network |
US9002277B2 (en) | 2010-09-07 | 2015-04-07 | Aerohive Networks, Inc. | Distributed channel selection for wireless networks |
US8667148B1 (en) * | 2010-10-04 | 2014-03-04 | Netblazr Inc. | Minimal effort network subscriber registration |
US8588844B2 (en) | 2010-11-04 | 2013-11-19 | Extricom Ltd. | MIMO search over multiple access points |
US20120320815A1 (en) * | 2010-12-13 | 2012-12-20 | 3Meters Llc | Entity Identification Based on Proximity to Access Points |
US20120155308A1 (en) * | 2010-12-21 | 2012-06-21 | Electronics and Telecomcunications Research Institute | Method for controlling access point and apparatus for the same in communication system |
US8638767B2 (en) * | 2011-02-14 | 2014-01-28 | Qualcomm Incorporated | Multi-communication mode packet routing mechanism for wireless communications systems |
US20120230189A1 (en) * | 2011-03-08 | 2012-09-13 | Medium Access Systems Private Limited | System and method of transferring Wi-Fi clients between SSIDs |
US8730811B2 (en) * | 2011-04-07 | 2014-05-20 | Hewlett-Packard Development Company, L.P. | Managing network traffic |
US8775533B2 (en) | 2011-05-20 | 2014-07-08 | Microsoft Corporation | Auto connect in peer-to-peer network |
US8806023B2 (en) | 2011-05-20 | 2014-08-12 | Microsoft Corporation | Auto-connect in a peer-to-peer network |
US9565708B2 (en) | 2011-05-20 | 2017-02-07 | Microsoft Technology Licensing, Llc | Auto-connect in a peer-to-peer network |
GB2491226A (en) * | 2011-05-27 | 2012-11-28 | Vodafone Ip Licensing Ltd | Single band query of frequency bands supported by a multi-band WLAN access point |
CN102869012B (en) * | 2011-07-05 | 2018-11-06 | 横河电机株式会社 | Device of wireless local area network access point and system and associated method |
US9020008B2 (en) * | 2011-07-12 | 2015-04-28 | Cisco Technology, Inc. | Overlaying independent unicast frequency hopping schedules with a common broadcast schedule |
US9120344B2 (en) | 2011-08-09 | 2015-09-01 | Kateeva, Inc. | Apparatus and method for control of print gap |
US10091065B1 (en) | 2011-10-31 | 2018-10-02 | Aerohive Networks, Inc. | Zero configuration networking on a subnetted network |
US8976702B2 (en) | 2012-02-07 | 2015-03-10 | Cisco Technology, Inc. | Co-channel utilization estimation |
FR2990042B1 (en) * | 2012-04-27 | 2015-04-17 | Somfy Sas | COMMUNICATION METHOD IN A DOMOTIC FACILITY |
JP5981761B2 (en) * | 2012-05-01 | 2016-08-31 | キヤノン株式会社 | Communication device, control method, program |
EP2862301B1 (en) | 2012-06-14 | 2020-12-02 | Extreme Networks, Inc. | Multicast to unicast conversion technique |
GB201211580D0 (en) | 2012-06-29 | 2012-08-15 | Microsoft Corp | Determining suitablity of an access network |
GB201211565D0 (en) | 2012-06-29 | 2012-08-15 | Microsoft Corp | Determining availability of an acess network |
GB201211568D0 (en) | 2012-06-29 | 2012-08-15 | Microsoft Corp | Determining network availability based on geographical location |
US9060352B2 (en) | 2012-08-14 | 2015-06-16 | Cisco Technology, Inc. | Dynamic channel assignment for WLAN deployments with IEEE 802.11ac access points |
US8971273B2 (en) * | 2012-10-09 | 2015-03-03 | Cisco Technology, Inc. | Dynamic bandwidth selection for wide bandwidth wireless local area networks |
WO2014080375A2 (en) * | 2012-11-26 | 2014-05-30 | Brightsource Industries (Israel) Ltd. | Systems and methods for wireless communications |
US10098002B2 (en) * | 2012-12-31 | 2018-10-09 | Zte Corporation | Integrated wireless local area network for spectrum sharing |
US9288273B2 (en) * | 2013-01-23 | 2016-03-15 | Qualcomm Incorporated | Systems and methods for pre-association discovery of services on a network |
CN104053213B (en) | 2013-03-11 | 2018-04-17 | 中兴通讯股份有限公司 | Integrated relaying in cordless communication network |
US9413772B2 (en) | 2013-03-15 | 2016-08-09 | Aerohive Networks, Inc. | Managing rogue devices through a network backhaul |
US10389650B2 (en) | 2013-03-15 | 2019-08-20 | Aerohive Networks, Inc. | Building and maintaining a network |
US20150085746A1 (en) * | 2013-09-20 | 2015-03-26 | Vallabhajosyula Somayazulu | Selective utilization of consumer shared access points to facilitate optimized wireless communications |
US9763137B2 (en) | 2013-12-13 | 2017-09-12 | Cable Television Laboratories, Inc. | Predictive load balancing |
US9781006B2 (en) * | 2014-06-24 | 2017-10-03 | Ruckus Wireless, Inc. | Group isolation in wireless networks |
WO2016059479A1 (en) | 2014-10-13 | 2016-04-21 | Yandex Europe Ag | Method of processing system requests in a wireless communication device |
WO2016199130A1 (en) | 2015-06-09 | 2016-12-15 | Corning Optical Communications Wireless Ltd. | Radio frequency (rf) communication channel reconfiguration in remote antenna unit (rau) coverage areas in a distributed antenna system (das) to reduce rf interference |
PL3106907T3 (en) | 2015-06-19 | 2022-01-24 | Corning Optical Communications LLC | Optical fiber cable and method of forming an optical fiber cable |
CN105228202B (en) * | 2015-10-12 | 2020-03-03 | 小米科技有限责任公司 | Network connection method and device |
IL263956A (en) * | 2018-12-24 | 2020-06-30 | Amzel Moshe | Systems and methods for early detection, warning and prevention of cyber threats |
Citations (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5621732A (en) * | 1994-04-18 | 1997-04-15 | Nec Corporation | Access method and a relay station and terminals thereof |
US5663954A (en) * | 1994-10-31 | 1997-09-02 | Nokia Mobile Phones Ltd. | Frame timing control of time division multiple access |
US6141763A (en) * | 1998-09-01 | 2000-10-31 | Hewlett-Packard Company | Self-powered network access point |
US6359872B1 (en) * | 1997-10-28 | 2002-03-19 | Intermec Ip Corp. | Wireless personal local area network |
US20020035699A1 (en) * | 2000-07-24 | 2002-03-21 | Bluesocket, Inc. | Method and system for enabling seamless roaming in a wireless network |
US20020136233A1 (en) * | 2001-03-22 | 2002-09-26 | Minghua Chen | Coordination architecture for wireless communication devices using multiple protocols |
US20020150095A1 (en) * | 2001-01-16 | 2002-10-17 | Sherman Matthew J. | Interference suppression methods for 802.11 |
US6526506B1 (en) * | 1999-02-25 | 2003-02-25 | Telxon Corporation | Multi-level encryption access point for wireless network |
US20030093691A1 (en) * | 2001-11-13 | 2003-05-15 | Reefedge, Inc., A Delaware Corporation | Enabling secure communication in a clustered or distributed architecture |
US20040013128A1 (en) * | 2002-07-19 | 2004-01-22 | Moreton Michael John Vidion | Method of controlling access to a communications medium |
US6714987B1 (en) * | 1999-11-05 | 2004-03-30 | Nortel Networks Limited | Architecture for an IP centric distributed network |
US20040120301A1 (en) * | 2002-12-24 | 2004-06-24 | Kitchin Duncan M. | Method and apparatus to establish communication with wireless communication networks |
US20040160928A1 (en) * | 2003-02-14 | 2004-08-19 | Perlman Stephen G. | Single transceiver architecture for a wireless network |
US20050025129A1 (en) * | 1996-08-22 | 2005-02-03 | Meier Robert C. | Enhanced mobility and address resolution in a wireless premises based network |
US6910074B1 (en) * | 2000-07-24 | 2005-06-21 | Nortel Networks Limited | System and method for service session management in an IP centric distributed network |
US7016948B1 (en) * | 2001-12-21 | 2006-03-21 | Mcafee, Inc. | Method and apparatus for detailed protocol analysis of frames captured in an IEEE 802.11 (b) wireless LAN |
US7039027B2 (en) * | 2000-12-28 | 2006-05-02 | Symbol Technologies, Inc. | Automatic and seamless vertical roaming between wireless local area network (WLAN) and wireless wide area network (WWAN) while maintaining an active voice or streaming data connection: systems, methods and program products |
US7058390B2 (en) * | 2000-06-15 | 2006-06-06 | Mitsubishi Denki Kabushiki Kaisha | Mobile communication system using an encryption/decryption device |
US20060120336A1 (en) * | 2001-12-03 | 2006-06-08 | Steve Fantaske | Wireless communication system |
US7072652B2 (en) * | 2003-12-15 | 2006-07-04 | Intel Corporation | Handoff apparatus, systems, and methods |
US7130625B2 (en) * | 2002-07-01 | 2006-10-31 | 3Com Corporation | System and method for a universal wireless access gateway |
US7146636B2 (en) * | 2000-07-24 | 2006-12-05 | Bluesocket, Inc. | Method and system for enabling centralized control of wireless local area networks |
US7149197B2 (en) * | 2001-08-15 | 2006-12-12 | Meshnetworks, Inc. | Movable access points and repeaters for minimizing coverage and capacity constraints in a wireless communications network and a method for using the same |
US7185196B1 (en) * | 2000-09-15 | 2007-02-27 | Atheros Communications, Inc. | Key caching system |
US7221681B2 (en) * | 2001-11-13 | 2007-05-22 | Koninklijke Philips Electronics N.V. | Apparatus and method for providing IEEE 802.11e hybrid coordinator recovery and backoff rules |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000023956A1 (en) * | 1998-10-22 | 2000-04-27 | University Of Maryland | Method and system for providing location dependent and personal identification information to a public safety answering point |
US7133909B2 (en) * | 2001-01-12 | 2006-11-07 | Microsoft Corporation | Systems and methods for locating mobile computer users in a wireless network |
US20020178365A1 (en) | 2001-05-24 | 2002-11-28 | Shingo Yamaguchi | Method and system for controlling access to network resources based on connection security |
US7130904B2 (en) * | 2001-08-16 | 2006-10-31 | Intel Corporation | Multiple link layer wireless access point |
US7224685B2 (en) * | 2001-09-13 | 2007-05-29 | Ipr Licensing, Inc. | Method of detection of signals using an adaptive antenna in a peer-to-peer network |
US7362865B2 (en) * | 2002-04-15 | 2008-04-22 | Hewlett-Packard Development Company, L.P. | Wireless network system |
US20030200455A1 (en) * | 2002-04-18 | 2003-10-23 | Chi-Kai Wu | Method applicable to wireless lan for security control and attack detection |
US20040078566A1 (en) * | 2002-05-04 | 2004-04-22 | Instant802 Networks Inc. | Generating multiple independent networks on shared access points |
US7327690B2 (en) * | 2002-08-12 | 2008-02-05 | Harris Corporation | Wireless local or metropolitan area network with intrusion detection features and related methods |
-
2003
- 2003-05-05 US US10/430,699 patent/US20040078566A1/en not_active Abandoned
- 2003-05-05 US US10/430,682 patent/US7382756B2/en active Active
- 2003-05-05 WO PCT/US2003/014204 patent/WO2003093951A2/en not_active Application Discontinuation
- 2003-05-05 US US10/430,804 patent/US20040078598A1/en not_active Abandoned
- 2003-05-05 US US10/430,731 patent/US20040054774A1/en not_active Abandoned
- 2003-05-05 US US10/430,810 patent/US7248858B2/en active Active
- 2003-05-05 AU AU2003230274A patent/AU2003230274A1/en not_active Abandoned
Patent Citations (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5621732A (en) * | 1994-04-18 | 1997-04-15 | Nec Corporation | Access method and a relay station and terminals thereof |
US5663954A (en) * | 1994-10-31 | 1997-09-02 | Nokia Mobile Phones Ltd. | Frame timing control of time division multiple access |
US20050025129A1 (en) * | 1996-08-22 | 2005-02-03 | Meier Robert C. | Enhanced mobility and address resolution in a wireless premises based network |
US6359872B1 (en) * | 1997-10-28 | 2002-03-19 | Intermec Ip Corp. | Wireless personal local area network |
US6141763A (en) * | 1998-09-01 | 2000-10-31 | Hewlett-Packard Company | Self-powered network access point |
US6526506B1 (en) * | 1999-02-25 | 2003-02-25 | Telxon Corporation | Multi-level encryption access point for wireless network |
US6714987B1 (en) * | 1999-11-05 | 2004-03-30 | Nortel Networks Limited | Architecture for an IP centric distributed network |
US7058390B2 (en) * | 2000-06-15 | 2006-06-06 | Mitsubishi Denki Kabushiki Kaisha | Mobile communication system using an encryption/decryption device |
US20020035699A1 (en) * | 2000-07-24 | 2002-03-21 | Bluesocket, Inc. | Method and system for enabling seamless roaming in a wireless network |
US7146636B2 (en) * | 2000-07-24 | 2006-12-05 | Bluesocket, Inc. | Method and system for enabling centralized control of wireless local area networks |
US6910074B1 (en) * | 2000-07-24 | 2005-06-21 | Nortel Networks Limited | System and method for service session management in an IP centric distributed network |
US7185196B1 (en) * | 2000-09-15 | 2007-02-27 | Atheros Communications, Inc. | Key caching system |
US7039027B2 (en) * | 2000-12-28 | 2006-05-02 | Symbol Technologies, Inc. | Automatic and seamless vertical roaming between wireless local area network (WLAN) and wireless wide area network (WWAN) while maintaining an active voice or streaming data connection: systems, methods and program products |
US20020150095A1 (en) * | 2001-01-16 | 2002-10-17 | Sherman Matthew J. | Interference suppression methods for 802.11 |
US7046690B2 (en) * | 2001-01-16 | 2006-05-16 | At&T Corp. | Interference suppression methods for 802.11 |
US20020136233A1 (en) * | 2001-03-22 | 2002-09-26 | Minghua Chen | Coordination architecture for wireless communication devices using multiple protocols |
US7149197B2 (en) * | 2001-08-15 | 2006-12-12 | Meshnetworks, Inc. | Movable access points and repeaters for minimizing coverage and capacity constraints in a wireless communications network and a method for using the same |
US20030093691A1 (en) * | 2001-11-13 | 2003-05-15 | Reefedge, Inc., A Delaware Corporation | Enabling secure communication in a clustered or distributed architecture |
US7221681B2 (en) * | 2001-11-13 | 2007-05-22 | Koninklijke Philips Electronics N.V. | Apparatus and method for providing IEEE 802.11e hybrid coordinator recovery and backoff rules |
US20060120336A1 (en) * | 2001-12-03 | 2006-06-08 | Steve Fantaske | Wireless communication system |
US7016948B1 (en) * | 2001-12-21 | 2006-03-21 | Mcafee, Inc. | Method and apparatus for detailed protocol analysis of frames captured in an IEEE 802.11 (b) wireless LAN |
US7130625B2 (en) * | 2002-07-01 | 2006-10-31 | 3Com Corporation | System and method for a universal wireless access gateway |
US20040013128A1 (en) * | 2002-07-19 | 2004-01-22 | Moreton Michael John Vidion | Method of controlling access to a communications medium |
US20040120301A1 (en) * | 2002-12-24 | 2004-06-24 | Kitchin Duncan M. | Method and apparatus to establish communication with wireless communication networks |
US20040160928A1 (en) * | 2003-02-14 | 2004-08-19 | Perlman Stephen G. | Single transceiver architecture for a wireless network |
US7072652B2 (en) * | 2003-12-15 | 2006-07-04 | Intel Corporation | Handoff apparatus, systems, and methods |
Cited By (168)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030041125A1 (en) * | 2001-08-16 | 2003-02-27 | Salomon Kirk C. | Internet-deployed wireless system |
US20040157624A1 (en) * | 2002-05-20 | 2004-08-12 | Hrastar Scott E. | Systems and methods for adaptive location tracking |
US20070192870A1 (en) * | 2002-05-20 | 2007-08-16 | Airdefense, Inc., A Georgia Corporation | Method and system for actively defending a wireless LAN against attacks |
US7779476B2 (en) | 2002-05-20 | 2010-08-17 | Airdefense, Inc. | Active defense against wireless intruders |
US20070094741A1 (en) * | 2002-05-20 | 2007-04-26 | Airdefense, Inc. | Active Defense Against Wireless Intruders |
US8060939B2 (en) | 2002-05-20 | 2011-11-15 | Airdefense, Inc. | Method and system for securing wireless local area networks |
US20070189194A1 (en) * | 2002-05-20 | 2007-08-16 | Airdefense, Inc. | Method and System for Wireless LAN Dynamic Channel Change with Honeypot Trap |
US7133526B2 (en) | 2002-05-21 | 2006-11-07 | Wavelink Corporation | System and method for providing WLAN security through synchronized update and rotation of WEP keys |
US20060078124A1 (en) * | 2002-05-21 | 2006-04-13 | Wavelink Corporation | System and method for providing WLAN security through synchronized update and rotation of WEP keys |
US20040098610A1 (en) * | 2002-06-03 | 2004-05-20 | Hrastar Scott E. | Systems and methods for automated network policy exception detection and correction |
US20090073913A9 (en) * | 2002-06-12 | 2009-03-19 | Globespan Virata Incorporated | Direct link relay in a wireless network |
US7948951B2 (en) | 2002-06-12 | 2011-05-24 | Xocyst Transfer Ag L.L.C. | Automatic peer discovery |
US7933293B2 (en) | 2002-06-12 | 2011-04-26 | Xocyst Transfer Ag L.L.C. | Link margin notification using return frame |
USRE45212E1 (en) | 2002-06-12 | 2014-10-28 | Intellectual Ventures I Llc | Event-based multichannel direct link |
US9002415B2 (en) | 2002-06-12 | 2015-04-07 | Intellectual Ventures I Llc | Power management for wireless direct link |
US20050030976A1 (en) * | 2002-06-12 | 2005-02-10 | Globespan Virata Incorporated | Link margin notification using return frame |
US8446933B2 (en) | 2002-06-12 | 2013-05-21 | Intellectual Ventures I Llc | Direct link relay in a wireless network |
US8050360B2 (en) | 2002-06-12 | 2011-11-01 | Intellectual Ventures I Llc | Direct link relay in a wireless network |
US20050094588A1 (en) * | 2002-06-12 | 2005-05-05 | Globespan Virata Incorporated | Direct link relay in a wireless network |
USRE43127E1 (en) | 2002-06-12 | 2012-01-24 | Intellectual Ventures I Llc | Event-based multichannel direct link |
US20040203862A1 (en) * | 2002-06-24 | 2004-10-14 | Intel Corporation | Logical boundaries in communications networks |
US7346358B2 (en) * | 2002-06-24 | 2008-03-18 | Intel Corporation | Logical boundaries in communications networks |
US7593356B1 (en) | 2002-06-25 | 2009-09-22 | Cisco Systems, Inc. | Method and system for dynamically assigning channels across multiple access elements in a wireless LAN |
US20090296647A1 (en) * | 2002-06-25 | 2009-12-03 | Cisco Systems, Inc. | Method and System for Dynamically Assigning Channels Across Multiple Radios in a Wireless LAN |
US9185714B2 (en) | 2002-06-25 | 2015-11-10 | Cisco Technology, Inc. | Method and system for dynamically assigning channels across multiple radios in a wireless LAN |
US7327697B1 (en) * | 2002-06-25 | 2008-02-05 | Airespace, Inc. | Method and system for dynamically assigning channels across multiple radios in a wireless LAN |
US8488524B2 (en) | 2002-06-25 | 2013-07-16 | Cisco Technology, Inc. | Method and system for dynamically assigning channels across multiple radios in a wireless LAN |
US20040003285A1 (en) * | 2002-06-28 | 2004-01-01 | Robert Whelan | System and method for detecting unauthorized wireless access points |
US7965842B2 (en) | 2002-06-28 | 2011-06-21 | Wavelink Corporation | System and method for detecting unauthorized wireless access points |
US7327705B2 (en) * | 2002-07-03 | 2008-02-05 | Massachusetts Institute Of Technology | Hybrid wireless network for data collection and distribution |
US20040004948A1 (en) * | 2002-07-03 | 2004-01-08 | Richard Fletcher | Hybrid wireless network for data collection and distribution |
US20040198220A1 (en) * | 2002-08-02 | 2004-10-07 | Robert Whelan | Managed roaming for WLANS |
US7606242B2 (en) * | 2002-08-02 | 2009-10-20 | Wavelink Corporation | Managed roaming for WLANS |
US7418591B2 (en) * | 2002-08-09 | 2008-08-26 | Canon Kabushiki Kaisha | Network configuration method and communication system and apparatus |
US20040203593A1 (en) * | 2002-08-09 | 2004-10-14 | Robert Whelan | Mobile unit configuration management for WLANs |
US20040030895A1 (en) * | 2002-08-09 | 2004-02-12 | Canon Kabushiki Kaisha | Network configuration method and communication system and apparatus |
US7522906B2 (en) | 2002-08-09 | 2009-04-21 | Wavelink Corporation | Mobile unit configuration management for WLANs |
US7460512B2 (en) | 2003-02-14 | 2008-12-02 | Cisco Technology, Inc. | Selecting an access point according to a measure of received signal quality |
US20050249129A1 (en) * | 2003-02-14 | 2005-11-10 | Goodall David S | Selecting an access point according to a measure of received signal quality |
US20080266160A1 (en) * | 2003-02-14 | 2008-10-30 | Goodall David S | Selecting an access point according to a measure of received signal quality |
US7929507B2 (en) | 2003-02-14 | 2011-04-19 | Cisco Technology, Inc. | Selecting an access point according to a measure of received signal quality |
US20040218568A1 (en) * | 2003-02-14 | 2004-11-04 | Goodall David S. | Selecting an access point according to a measure of received signal quality |
US6940843B2 (en) * | 2003-02-14 | 2005-09-06 | Cisco Technology, Inc. | Selecting an access point according to a measure of received signal quality |
US7406116B2 (en) * | 2003-03-28 | 2008-07-29 | University Of Maryland | Method and system for determining user location in a wireless communication network |
US20050243936A1 (en) * | 2003-03-28 | 2005-11-03 | Agrawala Ashok K | Method and system for determining user location in a wireless communication network |
US20040210654A1 (en) * | 2003-04-21 | 2004-10-21 | Hrastar Scott E. | Systems and methods for determining wireless network topology |
US20040218602A1 (en) * | 2003-04-21 | 2004-11-04 | Hrastar Scott E. | Systems and methods for dynamic sensor discovery and selection |
US20040209634A1 (en) * | 2003-04-21 | 2004-10-21 | Hrastar Scott E. | Systems and methods for adaptively scanning for wireless communications |
US20040209617A1 (en) * | 2003-04-21 | 2004-10-21 | Hrastar Scott E. | Systems and methods for wireless network site survey systems and methods |
WO2004095192A2 (en) * | 2003-04-21 | 2004-11-04 | Airdefense, Inc. | Systems and methods for securing wireless computer networks |
WO2004095192A3 (en) * | 2003-04-21 | 2007-11-29 | Airdefense Inc | Systems and methods for securing wireless computer networks |
WO2004112354A3 (en) * | 2003-06-04 | 2005-05-12 | Symbol Technologies Inc | Method for mobile unit location estimate in a wireless lan |
WO2004112354A2 (en) * | 2003-06-04 | 2004-12-23 | Symbol Technologies, Inc. | Method for mobile unit location estimate in a wireless lan |
US8005055B2 (en) | 2003-07-23 | 2011-08-23 | Interdigital Technology Corporation | Method and apparatus for determining and managing congestion in a wireless communications system |
US20050157676A1 (en) * | 2003-07-23 | 2005-07-21 | Interdigital Technology Corporation | Method and apparatus for determining and managing congestion in a wireless communications system |
US8953573B2 (en) | 2003-07-23 | 2015-02-10 | Interdigital Technology Corporation | Method and apparatus for determining and managing congestion in a wireless communications system |
US20050128977A1 (en) * | 2003-07-23 | 2005-06-16 | Interdigital Technology Corporation | Method and apparatus for determining and managing congestion in a wireless communications system |
US9743313B2 (en) | 2003-07-23 | 2017-08-22 | Interdigital Technology Corporation | Method and apparatus for determining and managing congestion in a wireless communications system |
US20050059396A1 (en) * | 2003-09-09 | 2005-03-17 | Chuah Mooi Choo | Communications protocol between a gateway and an access point |
US20050053046A1 (en) * | 2003-09-10 | 2005-03-10 | Shiwei Wang | QoS based load-balance policy for WLAN |
US7675890B2 (en) * | 2003-09-10 | 2010-03-09 | Delta Networks, Inc. | QoS based load-balance policy for WLAN |
US20050141498A1 (en) * | 2003-10-16 | 2005-06-30 | Cisco Technology, Inc | Network infrastructure validation of network management frames |
US20090327736A1 (en) * | 2003-10-16 | 2009-12-31 | Cisco Technology, Inc. | Insider attack defense for network client validation of network management frames |
US8191144B2 (en) * | 2003-10-16 | 2012-05-29 | Cisco Technology, Inc. | Network infrastructure validation of network management frames |
US7882349B2 (en) | 2003-10-16 | 2011-02-01 | Cisco Technology, Inc. | Insider attack defense for network client validation of network management frames |
US9264895B2 (en) * | 2003-10-16 | 2016-02-16 | Cisco Technology, Inc. | Network infrastructure validation of network management frames |
US7558960B2 (en) * | 2003-10-16 | 2009-07-07 | Cisco Technology, Inc. | Network infrastructure validation of network management frames |
US20130333012A1 (en) * | 2003-10-16 | 2013-12-12 | Cisco Technology, Inc. | Network infrastructure validation of network management frames |
US20090235077A1 (en) * | 2003-10-16 | 2009-09-17 | Nancy Cam Winget | Network infrastructure validation of network management frames |
US20050130634A1 (en) * | 2003-10-31 | 2005-06-16 | Globespanvirata, Inc. | Location awareness in wireless networks |
AU2004307921B2 (en) * | 2003-11-03 | 2008-01-17 | Cisco Technology, Inc. | Selecting an access point according to a measure of received signal quality |
AU2004307921C1 (en) * | 2003-11-03 | 2009-04-23 | Cisco Technology, Inc. | Selecting an access point according to a measure of received signal quality |
WO2005046267A1 (en) * | 2003-11-03 | 2005-05-19 | Cisco Technology, Inc. | Selecting an access point according to a measure of received signal quality |
US20050174961A1 (en) * | 2004-02-06 | 2005-08-11 | Hrastar Scott E. | Systems and methods for adaptive monitoring with bandwidth constraints |
US20080285530A1 (en) * | 2004-05-18 | 2008-11-20 | Cisco Systems, Inc. | Wireless Node Location Mechanism Featuring Definition of Search Region to Optimize Location Computation |
US8204512B2 (en) | 2004-05-18 | 2012-06-19 | Cisco Technology | Wireless node location mechanism featuring definition of search region to optimize location computation |
US20080040476A1 (en) * | 2004-07-09 | 2008-02-14 | Matsushita Electric Industrial Co., Ltd. | Access Point Control System and Access Point Control Method |
WO2006031834A3 (en) * | 2004-09-13 | 2006-11-09 | Interdigital Tech Corp | Method and apparatus for determining and managing congestion in a wireless communications system |
US8196199B2 (en) | 2004-10-19 | 2012-06-05 | Airdefense, Inc. | Personal wireless monitoring agent |
US20060085543A1 (en) * | 2004-10-19 | 2006-04-20 | Airdefense, Inc. | Personal wireless monitoring agent |
US20060123133A1 (en) * | 2004-10-19 | 2006-06-08 | Hrastar Scott E | Detecting unauthorized wireless devices on a wired network |
EP1854005A4 (en) * | 2005-03-03 | 2008-04-30 | Cisco Tech Inc | Method and apparatus for locating rogue access point switch ports in a wireless network |
EP1854005A1 (en) * | 2005-03-03 | 2007-11-14 | Cisco Technology, Inc. | Method and apparatus for locating rogue access point switch ports in a wireless network |
US8635444B2 (en) | 2005-03-15 | 2014-01-21 | Trapeze Networks, Inc. | System and method for distributing keys in a wireless network |
US8161278B2 (en) | 2005-03-15 | 2012-04-17 | Trapeze Networks, Inc. | System and method for distributing keys in a wireless network |
EP1868102A4 (en) * | 2005-03-17 | 2010-10-27 | Fujitsu Ltd | Communication information management method, communication information management device, radio communication device, relay device, communication information management program, radio communication program, relay program, and communication information management system |
EP1868102A1 (en) * | 2005-03-17 | 2007-12-19 | Fujitsu Ltd. | Communication information management method, communication information management device, radio communication device, relay device, communication information management program, radio communication program, relay program, and communication information management system |
US20080098105A1 (en) * | 2005-03-17 | 2008-04-24 | Fujitsu Limited | Method, apparatus, and system for communication-information management, wireless-communication device, and relay device |
US20060258350A1 (en) * | 2005-05-11 | 2006-11-16 | Interdigital Technology Corporation | Method and system for reselecting an access point |
WO2006122233A3 (en) * | 2005-05-11 | 2007-11-01 | Interdigital Tech Corp | Method and system for reselecting an access point |
US8391866B2 (en) | 2005-05-11 | 2013-03-05 | Interdigital Technology Corporation | Method and system for reselecting an access point |
US8190155B2 (en) | 2005-05-11 | 2012-05-29 | Interdigital Technology Corporation | Method and system for reselecting an access point |
US9177114B2 (en) * | 2005-10-04 | 2015-11-03 | Google Technology Holdings LLC | Method and apparatus for determining the proximity of a client device |
US20070294645A1 (en) * | 2005-10-04 | 2007-12-20 | General Instrument Corporation | Method and apparatus for determining the proximity of a client device |
US8638762B2 (en) | 2005-10-13 | 2014-01-28 | Trapeze Networks, Inc. | System and method for network integrity |
US8457031B2 (en) | 2005-10-13 | 2013-06-04 | Trapeze Networks, Inc. | System and method for reliable multicast |
US8116275B2 (en) | 2005-10-13 | 2012-02-14 | Trapeze Networks, Inc. | System and network for wireless network monitoring |
US8218449B2 (en) | 2005-10-13 | 2012-07-10 | Trapeze Networks, Inc. | System and method for remote monitoring in a wireless network |
US8514827B2 (en) | 2005-10-13 | 2013-08-20 | Trapeze Networks, Inc. | System and network for wireless network monitoring |
US7715800B2 (en) | 2006-01-13 | 2010-05-11 | Airdefense, Inc. | Systems and methods for wireless intrusion detection using spectral analysis |
US20070183443A1 (en) * | 2006-02-08 | 2007-08-09 | Sang-Yeon Won | Apparatus and method for transmitting data frame in WLAN terminal |
US8054812B2 (en) * | 2006-02-08 | 2011-11-08 | Samsung Electronics Co., Ltd. | Apparatus and method for transmitting data frame in WLAN terminal |
US7903817B2 (en) * | 2006-03-02 | 2011-03-08 | Cisco Technology, Inc. | System and method for wireless network profile provisioning |
US20070208937A1 (en) * | 2006-03-02 | 2007-09-06 | Cisco Technology, Inc. | System and method for wireless network profile provisioning |
US20070218874A1 (en) * | 2006-03-17 | 2007-09-20 | Airdefense, Inc. | Systems and Methods For Wireless Network Forensics |
US20070217371A1 (en) * | 2006-03-17 | 2007-09-20 | Airdefense, Inc. | Systems and Methods for Wireless Security Using Distributed Collaboration of Wireless Clients |
US7971251B2 (en) | 2006-03-17 | 2011-06-28 | Airdefense, Inc. | Systems and methods for wireless security using distributed collaboration of wireless clients |
US8964747B2 (en) | 2006-05-03 | 2015-02-24 | Trapeze Networks, Inc. | System and method for restricting network access using forwarding databases |
US20090021343A1 (en) * | 2006-05-10 | 2009-01-22 | Airdefense, Inc. | RFID Intrusion Protection System and Methods |
US10952225B2 (en) | 2006-05-12 | 2021-03-16 | Sbc Knowledge Ventures, L.P. | Adaptive rate and reach optimization for wireless access networks |
US20070263587A1 (en) * | 2006-05-12 | 2007-11-15 | Sbc Knowleage Ventures, L.P. | Adaptive rate and reach optimization for wireless access networks |
US9949274B2 (en) | 2006-05-12 | 2018-04-17 | At&T Intellectual Property I, L.P. | Adaptive rate and reach optimization for wireless access networks |
US8503419B2 (en) | 2006-05-12 | 2013-08-06 | At&T Intellectual Property I. L.P. | Adaptive rate and reach optimization for wireless access networks |
US8064413B2 (en) * | 2006-05-12 | 2011-11-22 | At&T Intellectual Property I, L.P. | Adaptive rate and reach optimization for wireless access networks |
US8966018B2 (en) | 2006-05-19 | 2015-02-24 | Trapeze Networks, Inc. | Automated network device configuration and network deployment |
US8818322B2 (en) | 2006-06-09 | 2014-08-26 | Trapeze Networks, Inc. | Untethered access point mesh system and method |
US10327202B2 (en) | 2006-06-09 | 2019-06-18 | Trapeze Networks, Inc. | AP-local dynamic switching |
US10798650B2 (en) | 2006-06-09 | 2020-10-06 | Trapeze Networks, Inc. | AP-local dynamic switching |
US10638304B2 (en) | 2006-06-09 | 2020-04-28 | Trapeze Networks, Inc. | Sharing data between wireless switches system and method |
US11432147B2 (en) | 2006-06-09 | 2022-08-30 | Trapeze Networks, Inc. | Untethered access point mesh system and method |
US9838942B2 (en) | 2006-06-09 | 2017-12-05 | Trapeze Networks, Inc. | AP-local dynamic switching |
US11758398B2 (en) | 2006-06-09 | 2023-09-12 | Juniper Networks, Inc. | Untethered access point mesh system and method |
US11627461B2 (en) | 2006-06-09 | 2023-04-11 | Juniper Networks, Inc. | AP-local dynamic switching |
US9258702B2 (en) | 2006-06-09 | 2016-02-09 | Trapeze Networks, Inc. | AP-local dynamic switching |
US9191799B2 (en) | 2006-06-09 | 2015-11-17 | Juniper Networks, Inc. | Sharing data between wireless switches system and method |
US10834585B2 (en) | 2006-06-09 | 2020-11-10 | Trapeze Networks, Inc. | Untethered access point mesh system and method |
US7970013B2 (en) | 2006-06-16 | 2011-06-28 | Airdefense, Inc. | Systems and methods for wireless network content filtering |
US8281392B2 (en) | 2006-08-11 | 2012-10-02 | Airdefense, Inc. | Methods and systems for wired equivalent privacy and Wi-Fi protected access protection |
US20080052779A1 (en) * | 2006-08-11 | 2008-02-28 | Airdefense, Inc. | Methods and Systems For Wired Equivalent Privacy and Wi-Fi Protected Access Protection |
US8340110B2 (en) * | 2006-09-15 | 2012-12-25 | Trapeze Networks, Inc. | Quality of service provisioning for wireless networks |
US8670383B2 (en) | 2006-12-28 | 2014-03-11 | Trapeze Networks, Inc. | System and method for aggregation and queuing in a wireless network |
US7873061B2 (en) | 2006-12-28 | 2011-01-18 | Trapeze Networks, Inc. | System and method for aggregation and queuing in a wireless network |
US20160020977A1 (en) * | 2007-06-18 | 2016-01-21 | Xirrus Inc. | Node fault identification in wireless lan access points |
US10425305B2 (en) * | 2007-06-18 | 2019-09-24 | Riverbed Technology, Inc. | Node fault identification in wireless LAN access points |
US8902904B2 (en) | 2007-09-07 | 2014-12-02 | Trapeze Networks, Inc. | Network assignment based on priority |
US8509128B2 (en) | 2007-09-18 | 2013-08-13 | Trapeze Networks, Inc. | High level instruction convergence function |
US20090073905A1 (en) * | 2007-09-18 | 2009-03-19 | Trapeze Networks, Inc. | High level instruction convergence function |
US8238942B2 (en) | 2007-11-21 | 2012-08-07 | Trapeze Networks, Inc. | Wireless station location detection |
US20100284368A1 (en) * | 2007-11-23 | 2010-11-11 | Telefonaktiebolaget Lm Ericsson (Publ) | Wireless LAN Mobility |
US8442006B2 (en) * | 2007-11-23 | 2013-05-14 | Telefonaktiebolaget Lm Ericsson | Wireless LAN mobility |
US20090210935A1 (en) * | 2008-02-20 | 2009-08-20 | Jamie Alan Miley | Scanning Apparatus and System for Tracking Computer Hardware |
US8150357B2 (en) | 2008-03-28 | 2012-04-03 | Trapeze Networks, Inc. | Smoothing filter for irregular update intervals |
US8978105B2 (en) | 2008-07-25 | 2015-03-10 | Trapeze Networks, Inc. | Affirming network relationships and resource access via related networks |
US8238298B2 (en) | 2008-08-29 | 2012-08-07 | Trapeze Networks, Inc. | Picking an optimal channel for an access point in a wireless network |
US20100182984A1 (en) * | 2009-01-22 | 2010-07-22 | Belair Networks | System and method for providing wireless local area networks as a service |
CN102293047A (en) * | 2009-01-22 | 2011-12-21 | 贝拉尔网络公司 | System and method for providing wireless local area networks as a service |
US20100182983A1 (en) * | 2009-01-22 | 2010-07-22 | Belair Networks Inc. | System and method for providing wireless local area networks as a service |
EP2389781A1 (en) * | 2009-01-22 | 2011-11-30 | Belair Networks Inc. | System and method for providing wireless local area networks as a service |
US8428036B2 (en) | 2009-01-22 | 2013-04-23 | Belair Networks Inc. | System and method for providing wireless local area networks as a service |
EP2389781A4 (en) * | 2009-01-22 | 2012-06-27 | Belair Networks Inc | System and method for providing wireless local area networks as a service |
US8467355B2 (en) | 2009-01-22 | 2013-06-18 | Belair Networks Inc. | System and method for providing wireless local area networks as a service |
US9392453B2 (en) * | 2009-02-13 | 2016-07-12 | Lantiq Beteiligungs-GmbH & Co.KG | Authentication |
US20100211790A1 (en) * | 2009-02-13 | 2010-08-19 | Ning Zhang | Authentication |
US11271217B1 (en) * | 2009-06-23 | 2022-03-08 | CSC Holdings, LLC | Wireless network polling |
US20110167478A1 (en) * | 2010-01-06 | 2011-07-07 | Qualcomm Incorporated | Method and apparatus for providing simultaneous support for multiple master keys at an access point in a wireless communication system |
US8955054B2 (en) | 2010-01-06 | 2015-02-10 | Qualcomm Incorporated | Method and apparatus for providing simultaneous support for multiple master keys at an access point in a wireless communication system |
US9241344B2 (en) | 2010-08-19 | 2016-01-19 | Blackberry Limited | Method of limiting use of a mobile wireless access point near a wireless local area network |
US9451634B2 (en) | 2010-08-19 | 2016-09-20 | Blackberry Limited | Method of limiting use of a mobile wireless access point near a wireless local area network |
US8848679B2 (en) | 2010-08-19 | 2014-09-30 | Blackberry Limited | Method of limiting use of a mobile wireless access point near a wireless local area network |
US9167443B2 (en) * | 2011-05-18 | 2015-10-20 | Radius Networks, Inc. | System and method for managing content exchanges in a wireless network using a listener module |
US10212647B2 (en) * | 2011-05-18 | 2019-02-19 | Radius Networks Inc. | System and method for managing content exchanges in a wireless network using a listener module |
US20120294235A1 (en) * | 2011-05-18 | 2012-11-22 | Radius Networks, Inc. | System and method for managing content exchanges in a wireless network using a listener module |
US9071966B2 (en) * | 2011-11-09 | 2015-06-30 | Nokia Technologies Oy | Methods and apparatus for wireless networking connection |
US20130115918A1 (en) * | 2011-11-09 | 2013-05-09 | Nokia Corporation | Methods and Apparatus For Wireless Networking Connection |
US9578458B2 (en) * | 2013-07-19 | 2017-02-21 | Intel Corporation | Identification of rogue access points |
US9763094B2 (en) | 2014-01-31 | 2017-09-12 | Qualcomm Incorporated | Methods, devices and systems for dynamic network access administration |
US10356841B2 (en) | 2015-06-01 | 2019-07-16 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for enhancing concurrent processing capability of wireless local area network |
EP3294037A4 (en) * | 2015-06-01 | 2018-05-09 | Huawei Technologies Co., Ltd. | Method, device and system for improving concurrent processing ability of wireless local area network |
Also Published As
Publication number | Publication date |
---|---|
WO2003093951A2 (en) | 2003-11-13 |
US20040076134A1 (en) | 2004-04-22 |
US20040054774A1 (en) | 2004-03-18 |
WO2003093951A3 (en) | 2004-04-08 |
US7382756B2 (en) | 2008-06-03 |
AU2003230274A8 (en) | 2003-11-17 |
US7248858B2 (en) | 2007-07-24 |
US20040078566A1 (en) | 2004-04-22 |
AU2003230274A1 (en) | 2003-11-17 |
US20050073979A1 (en) | 2005-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7382756B2 (en) | Integrated user and radio management in a wireless network environment | |
EP3059992B1 (en) | System and method for the decentralised control of wireless networks | |
JP4865819B2 (en) | Monitor local area network | |
US7336670B1 (en) | Discovery of rogue access point location in wireless network environments | |
US8442445B2 (en) | Protocol reference model, security and inter-operability in a cognitive communications system | |
US9356761B2 (en) | Methods, apparatuses and systems facilitating management of airspace in wireless computer network environments | |
US7346338B1 (en) | Wireless network system including integrated rogue access point detection | |
KR100956192B1 (en) | Detecting a counterfeit access point in a wireless local area network | |
EP1641183B1 (en) | Collaboratively locating disconnected clients and rogue access points in a wireless network | |
US7764648B2 (en) | Method and system for allowing and preventing wireless devices to transmit wireless signals | |
EP1641184B1 (en) | Accessing a WLAN by establishing an ad-hoc network with a wireless connected device | |
Bing | Emerging technologies in wireless LANs: theory, design, and deployment | |
JP2009500969A (en) | Direct wireless client-to-client communication | |
JP2006524974A (en) | Wireless service point network | |
JP2007174287A (en) | Radio packet communication system, radio packet base station, radio packet terminal and illegal communication canceling method | |
Piva | Planning and realization of a WiFi 6 network to replace wired connections in an enterprise environment | |
Perez-Diaz-de-Cerio et al. | Audit of a real Wi-Fi deployment to provide data, VoIP communications and an IIoT item location service | |
Safineh | Wireless Mesh Network and Wi-Fi Coexistence Measurements: Interference Analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INSTANT802 NETWORKS INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BARBER, SIMON;PETRUSCHKA, ROY;DE CASTRO, EDWARD RODRIGUEZ;REEL/FRAME:015169/0440;SIGNING DATES FROM 20040618 TO 20040917 |
|
AS | Assignment |
Owner name: DEVICESCAPE SOFTWARE, INC., CALIFORNIA Free format text: CHANGE OF NAME;ASSIGNOR:INSTANT802 NETWORKS INC.;REEL/FRAME:015704/0586 Effective date: 20050106 |
|
AS | Assignment |
Owner name: BROADCOM CORPORATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DEVICESCAPE SOFTWARE, INC.;REEL/FRAME:019819/0364 Effective date: 20070717 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH CAROLINA Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001 Effective date: 20160201 Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001 Effective date: 20160201 |
|
AS | Assignment |
Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD., SINGAPORE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001 Effective date: 20170120 Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001 Effective date: 20170120 |
|
AS | Assignment |
Owner name: BROADCOM CORPORATION, CALIFORNIA Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:041712/0001 Effective date: 20170119 |