Managed roaming for WLANS

US 20040198220A1
Filed: 08/02/2002
Published: 10/07/2004
Est. Priority Date: 08/02/2002
Status: Active Grant

First Claim

Patent Images

1. A system for securely accessing a wireless network, comprising:

a wireless mobile device configured to use wireless network protocols conforming to one or more of the IEEE 802.11 family of specifications; and

a program executing on the wireless mobile device, the program being configured to cause the mobile device to use an association control list to control communication with access points;

the association control list comprising a plurality of BSSIDs;

the program being further configured to update the association control list by communicating with a server.

View all claims

28 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention allows any number of mobile units to roam between a large numbers of sub-networks, each with a large number of access points (tens of thousands or more total access points), with minimal direct administration effort. A hierarchy of management servers may be used across the multiple sub-networks, which can be under the control of multiple entities. The invention provides the capability for the mobile units to authenticate the access points associated with, to ensure they are both authorized and managed. Peer-to-peer and ad hoc associations between mobile units are managed as well. The invention may enforce a number of association policies such as, for example, forcing the mobile unit to only associate with access points or mobile units on a previously set mandatory association list, providing the mobile unit with a list of preferred access points to associate with, but allowing association with other access points, or providing the mobile unit with a excluded association list of access points or mobile units it is not to associate with.

Citations

75 Claims

1. A system for securely accessing a wireless network, comprising:
- a wireless mobile device configured to use wireless network protocols conforming to one or more of the IEEE 802.11 family of specifications; and
  
  a program executing on the wireless mobile device, the program being configured to cause the mobile device to use an association control list to control communication with access points;
  
  the association control list comprising a plurality of BSSIDs;
  
  the program being further configured to update the association control list by communicating with a server.
- View Dependent Claims (2)
- - 2. The system of claim 1, wherein the association control list is specific to one or more network segments.

3. A system for securely accessing a wireless network, comprising:
- a wireless mobile device; and
  
  a program executing on the wireless mobile device, the program being configured to cause the mobile device to use an association control list to control communication with an access point, the association control list comprising digital data representing information concerning at least one access point and whether the wireless mobile unit should communicate with the at least one access point.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 50, 51)
- - 4. The system of claim 3 wherein the wireless network conforms to one or more of the IEEE 802.11 family of specifications.
  - 5. The system of claim 3 wherein the wireless network conforms to one or more standards promulgated by The Bluetooth SIG, Inc.
  - 6. The system of claim 3 wherein the wireless network is infrared.
  - 7. The system of claim 3 wherein the association control list comprises a list of preferred access points with which the wireless mobile device will associate in preference to access points not on the list of preferred access points.
  - 8. The method of claim 7 wherein the wireless mobile device searches for an access point on the list of preferred access point when the wireless mobile unit is not associated with an access point on the list of preferred access points.
  - 9. The system of claim 3;
    - further comprising a second association control list, the second association control list and the association control list forming at least a portion of an association control list hierarchy.
  - 10. The system of claim 3, wherein the association control list is determined to reduce the cost of network access.
  - 11. The system of claim 3, wherein the association control list is determined to increase network capacity and performance.
  - 12. The system of claim 3, wherein the association control list comprises information identifying one or more access points with which the wireless mobile device is forbidden to associate.
  - 13. The system of claim 3, wherein the association control list comprises information identifying one or more access points with which the wireless mobile device must exclusively associate.
  - 14. The system of claim 3, wherein the association control list is updated by communicating with a server.
  - 15. The system of claim 14, wherein the communication occurs over the wireless network.
  - 16. The system of claim 14, wherein the communication occurs when the one or more mobile units are connected to a wired network.
  - 17. The system of claim 15, wherein the client program authenticates an access point before updating the association control list via the access point.
  - 18. The system of claim 14, wherein the client program authenticates the server before updating the association control list.
  - 19. The system of claim 3, wherein the association control list is updated by communicating with a first server and is further updated by communicating with one or more additional servers.
  - 20. The system of claim 19, wherein the first server and the one or more additional servers are hierarchically related.
  - 21. The system of claim 19, wherein the precedence of association control policies applied the access control lists is determined with respect to the hierarchy.
  - 22. The system of claim 3 wherein the association control list is updated by communicating with a first server, and a second association control list is updated by communicating with a second server, and the program is further configured to cause the mobile device to use the association control list and the second association control list to control communication with access points.
  - 23. The system of claim 14, wherein the server automatically detects the presence of at least one new access point on at least one network segment and subsequently updates at least one association control list.
  - 24. The system of claim 23, wherein the server adds the at least one access point with a known property or type to at least one association control lists.
  - 25. The system of claim 23, wherein the server adds information identifying one or more access points of unknown type or properties to at least one association control list so as to forbid wireless devices using the at least one association control list from associating with the one or more access points of unknown type or properties.
  - 26. The system of claim 23, wherein authorization of a network administrator is required to update an association control list.
  - 27. The system of claim 3, wherein a server is used to facilitate the authentication of the access point by the mobile unit.
  - 28. The system of claim 3, wherein the association control list is specific to one or more network segments.
  - 50. The system of claim 3, wherein the program is further configured to cause the mobile device to use a user-configurable association control list to control communication with access points to the extent that the user-configurable association control does not conflict with the association control list.
  - 51. The system of claim 3, wherein the program is further configured to cause the mobile device to select among a plurality of association control lists to control communication with access points based on an access point identifier transmitted by each access point.

29. A system for securely accessing a wireless network, comprising:
- a wireless mobile device comprising a processor and memory; and
  
  a program executing on the wireless mobile device, the program being configured to cause the wireless mobile device to associate with an access point and to send a request to a server for confirmation that the access point is authorized, the access point comprising a wireless device for communicating with wireless devices and a wired network interface for communicating via a wired network.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
- - 30. The system of claim 29, wherein the program is further configured to cause the wireless mobile device to cease association with the access point if the wireless mobile device does not receive confirmation that the access point is authorized.
  - 31. The system of claim 29, wherein the wireless mobile device stores an identifier of the access point if the server does not confirm that the access point is authorized, and subsequently transmits the identifier to the server.
  - 32. The system of claim 29 wherein the wireless network conforms to one or more of the IEEE 802.11 family of specifications.
  - 33. The system of claim 29 wherein the wireless network conforms to one or more standards promulgated by The Bluetooth SIG, Inc.
  - 34. The system of claim 29 wherein the wireless network is infrared.
  - 35. The system of claim 31, wherein the server adds information identifying the access point to at least one association control list so as to forbid wireless devices using the at least one association control list from associating with the access point.
  - 36. The system of claim 35, wherein authorization of a network administrator is required to update the list of access points.

37. A system for securely accessing a wireless network, comprising a server configured to receive a request to authenticate an access point from a wireless mobile device, the server being further configured to determine whether the wireless mobile device is associated with the access point and whether the access point is authorized, and to provide a response to the wireless mobile device indicating whether the mobile device is authorized to continue association with the access point.
- View Dependent Claims (38, 39)
- - 38. The system of claim 37, wherein the server is further configured to detect each association between the access point and the wireless mobile device and to disable communications between the access point and the wireless mobile device if no request to authenticate the access point is received within a predetermined interval.
  - 39. The system of claim 37, wherein the server restricts the network access or network service privileges of the mobile device if the mobile device is not authorized.

40. A wireless communication security system, comprising:
- a first wireless mobile device; and
  
  a program executing on the first wireless mobile device, the program configured to cause the first wireless mobile device to use an association control list to control communication with other wireless mobile devices;
  
  the association control list comprising a plurality of identifiers, each identifier uniquely identifying a wireless mobile device.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48)
- - 41. The system of claim 40 wherein the wireless network conforms to one or more of the IEEE 802.11 family of specifications.
  - 42. The system of claim 40 wherein the wireless network conforms to one or more standards promulgated by The Bluetooth SIG, Inc.
  - 43. The system of claim 40 wherein the wireless network is infrared.
  - 44. The system of claim 40, wherein the identifiers comprise IBSSIDs.
  - 45. The system of claim 40 wherein one or more servers control the content of the association control list.
  - 46. The system of claim 45 wherein a plurality of servers are organized in a hierarchy.
  - 47. The system of claim 40 wherein the control list comprises information identifying one or more other mobile units with which a given mobile unit is forbidden to associate with.
  - 48. The system of claim 40 wherein the control list comprises information identifying one or more other mobile units with which a given mobile unit must exclusively associate with.

49. A system for securely accessing a wireless network, comprising:
- a wireless mobile device; and
  
  a program executing on the wireless mobile device, the program being configured to cause the mobile device to use an association control list to control communication with access points and to update the association control list by communicating with a server.

52. A system for securely accessing a wireless network, comprising a server system comprising at least one server computer and at least one software program executing on the at least one server computer, the at least one server computer being operatively connected to a communications network, the system being configured to receive at least one access point identifier from a wireless mobile unit, the system being further configured to transmit to the wireless mobile unit information concerning at least one access point and whether the mobile unit should communicate with the at least one access point.
- View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 53. The system of claim 52, wherein the server system is further configured to receive an identifier of the mobile unit.
  - 54. The system of claim 52, wherein the server system is further configured to apply a criterion to determine at least a portion of the information.
  - 55. The system of claim 54, wherein the criterion is inclusion of an identifier in an association control list.
  - 56. The system of claim 55 wherein the wireless mobile unit complies with one or more of the IEEE 802.11 family of standards.
  - 57. The system of claim 56 wherein the access point identifier comprises a BSSID.
  - 58. The system of claim 55 wherein the wireless network conforms to one or more standards promulgated by The Bluetooth SIG, Inc.
  - 59. The system of claim 52 wherein a plurality of servers are organized in a hierarchy.
  - 60. The system of claim 55 wherein the association control list comprises information identifying one or more access points with which the unit is forbidden to associate with.
  - 61. The system of claim 55 wherein the association control list comprises information identifying one or more access points with which the mobile unit must exclusively associate with.
  - 62. The system of claim 55 wherein the wireless network is infrared.

63. A system for securely accessing a wireless network, comprising an access point comprising a wireless device for communicating with wireless devices and a wired network interface for communicating via a wired network, the access point configured to wirelessly transmit an association control list, the association control list comprising digital data representing information concerning at least one access point and whether at least one wireless mobile unit should communicate with the at least one access point.
- View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73)
- - 64. The system of claim 63 wherein the wireless network conforms to one or more of the IEEE 802.11 family of specifications.
  - 65. The system of claim 64 where in the identifier comprises a BSSID.
  - 66. The system of claim 63 wherein the wireless network conforms to one or more standards promulgated by The Bluetooth SIG, Inc.
  - 67. The system of claim 63 wherein the wireless network is infrared.
  - 68. The system of claim 63 wherein one or more servers control the content of the association control list.
  - 69. The system of claim 68 wherein a plurality of servers are organized in a hierarchy.
  - 70. The system of claim 63 wherein the association control list comprises information identifying one or more access points with which the unit is forbidden to associate with.
  - 71. The system of claim 63 wherein the association control list comprises information identifying one or more access points with which the mobile unit must exclusively associate with.
  - 72. The system of claim 63, wherein the access point is further configured to periodically broadcast the association control list.
  - 73. The system of claim 63 wherein the association control list is transmitted with a beacon message of the access point.

74. A system for securely accessing a wireless network, comprising:
- a wireless mobile unit comprising a processor and memory; and
  
  a program executing on the wireless unit, the program configured to cause the wireless mobile unit to transmit to a server system a data structure comprising identifiers of access points within range of the wireless mobile units;
  
  the program further configured to receive from the server system information concerning at least one access point and whether the mobile unit should communicate with the at least one access point.

75. A system for securely accessing a wireless network, comprising:
- a wireless mobile unit comprising a processor and memory; and
  
  a program executing on the wireless unit, the program configured to cause the wireless mobile unit to receive an association control list from an access point, the association control list comprising digital data representing information concerning at least one access point and whether the wireless mobile unit should communicate with the at least one access point.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
Wavelink Corporation (Ivanti Software, Inc.)
Inventors
Whelan, Robert, Morris, Roy, Van Wagenen, Lamar

Granted Patent

US 7,606,242 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/41.1
CPC Class Codes

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

H04W 48/02   Access restriction performe...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 84/18   Self-organising networks, e...

Managed roaming for WLANS

First Claim

28 Assignments

0 Petitions

Accused Products

Abstract

Citations

75 Claims

Specification

Solutions

Use Cases

Quick Links

Managed roaming for WLANS

First Claim

28 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

75 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links