AUTHENTICATION AND ENCRYPTION METHOD AND APPARATUS FOR A WIRELESS LOCAL ACCESS NETWORK
First Claim
Patent Images
1. An apparatus for secure wireless communication between at least one user mobile client station and a network to which the apparatus is connectable, the apparatus comprising:
- a base unit communicatively coupled to an external network as a wireless access point, the base unit including;
a port configured for wireless communication with one or more mobile clients;
a firewall connected to the port and configured to control communications from the external network and the port;
a virtual private network (VPN) server connected to, and controlling, the firewall;
a router connected to the firewall and to the VPN server; and
the one or more mobile clients communicatively coupled wirelessly with the base unit;
wherein the one or more mobile clients have initial permission at the firewall to access only an authentication function of the VPN server until the VPN server communicates to the firewall a permission profile for a respective mobile client, whereupon a corresponding VPN tunnel connection is established for an authenticated mobile client to the VPN server, the VPN server loading rules into the firewall to accept communications from the authenticated mobile client only through the corresponding VPN tunnel connection; and
wherein communications between authenticated mobile clients are transmitted through the router and secured through both the firewall and the corresponding VPN tunnel connection established from each respective authenticated mobile client to the VPN server.
0 Assignments
0 Petitions
Accused Products
Abstract
This invention pertains to the field of Wireless Local Area Network (WLAN). This invention allows a secure connection of a user client station to a base unit. The secure connection comprises the use of authentication and encryption means. The base unit comprises a switching unit, at least one firewall, an authentication/encryption unit and at least one port device. The invention also provides a secure roaming scheme when a roaming is performed by a wireless user.
-
Citations
15 Claims
-
1. An apparatus for secure wireless communication between at least one user mobile client station and a network to which the apparatus is connectable, the apparatus comprising:
-
a base unit communicatively coupled to an external network as a wireless access point, the base unit including; a port configured for wireless communication with one or more mobile clients; a firewall connected to the port and configured to control communications from the external network and the port; a virtual private network (VPN) server connected to, and controlling, the firewall; a router connected to the firewall and to the VPN server; and the one or more mobile clients communicatively coupled wirelessly with the base unit; wherein the one or more mobile clients have initial permission at the firewall to access only an authentication function of the VPN server until the VPN server communicates to the firewall a permission profile for a respective mobile client, whereupon a corresponding VPN tunnel connection is established for an authenticated mobile client to the VPN server, the VPN server loading rules into the firewall to accept communications from the authenticated mobile client only through the corresponding VPN tunnel connection; and wherein communications between authenticated mobile clients are transmitted through the router and secured through both the firewall and the corresponding VPN tunnel connection established from each respective authenticated mobile client to the VPN server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for secure wireless communication between a mobile client and a network via an access point, the access point comprising a port, a Virtual Private Network (VPN) server, a router, and a firewall, the method comprising:
-
establishing an authentication link between the mobile client and the VPN server via the firewall and the port; authenticating the mobile client; and after successful authentication of the mobile client; retrieving to the firewall a profile associated with the authenticated mobile client; establishing a VPN tunnel connection for the authenticated mobile client to the VPN server; applying the profile at the firewall, allowing the authenticated mobile client to communicate data via the router, secured through both the firewall according to the profile and the VPN tunnel connection to the VPN server; and communicating the data to a second mobile client via a second VPN tunnel connection that is established for the second mobile client to the VPN server, the second mobile client station having been authenticated by the VPN server. - View Dependent Claims (14, 15)
-
Specification