Method for grouping 802.11 stations into authorized service sets to differentiate network access and services

US 7,493,084 B2
Filed: 04/15/2005
Issued: 02/17/2009
Est. Priority Date: 08/02/2002
Status: Active Grant

First Claim

Patent Images

1. An access point, comprising:

a wireless transceiver; and

a lookup table containing service set identifier that the access point is configured to support;

wherein the access point is responsive to an association request, the association request comprising an identifier for the wireless station making the request and a service set identifier indicative of a service set that identifies a type of service for the wireless station, received by the wireless transceiver;

search the lookup table for the service set identifier received in the association request to determine whether the access point is configured to support the service set;

wherein the access point is responsive to accept the association request upon a determination that the access point is configured to support the service set;

wherein the access point is responsive to deny the association request upon a determination that the access point is not configured to support the service set; and

wherein the type of service is selected from a group consisting of a proxy mobile internet protocol service and a virtual local area network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for associating a WSTA to a service set, wherein the service set is configurable at the AP. Each service set is an arbitrary grouping of one or more network service parameters, and is typically configured for either VLAN or proxy mobile IP host. When a wireless station desires to associate with an access point, the wireless station sends a message to the access point, the message containing a SSID. The access point then matches the SSID to a service set and associates the WSTA to either a home subnet or a VLAN based on the SSID. By locally configuring the service set, the default VLAN and home subnet for a WSTA may be different at each AP the WSTA encounters. A security server is configured with a list of allowed SSIDs for each wireless station to prevent unauthorized access to a VLAN or home subnet.

69 Citations

View as Search Results

15 Claims

1. An access point, comprising:
- a wireless transceiver; and
  
  a lookup table containing service set identifier that the access point is configured to support;
  
  wherein the access point is responsive to an association request, the association request comprising an identifier for the wireless station making the request and a service set identifier indicative of a service set that identifies a type of service for the wireless station, received by the wireless transceiver;
  
  search the lookup table for the service set identifier received in the association request to determine whether the access point is configured to support the service set;
  
  wherein the access point is responsive to accept the association request upon a determination that the access point is configured to support the service set;
  
  wherein the access point is responsive to deny the association request upon a determination that the access point is not configured to support the service set; and
  
  wherein the type of service is selected from a group consisting of a proxy mobile internet protocol service and a virtual local area network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. An access point as set forth in claim 1, further comprising:
    - the access point is configured to communicate with an authentication server to determine whether the wireless station is authorized for the service set contained in the association request;
      
      wherein the access point is responsive to deny the association request upon a determination that the wireless station is not authorized for the service set.
  - 3. An access point as set forth in claim 2, further comprising:
    - the access point is suitably adapted to receive from the authentication server a list of authorized service set identifiers for the wireless station; and
      
      the access point is responsive to receiving the list of authorized service set identifiers to search the list of authorized service set identifiers to determine whether the wireless station is authorized for the service set contained in the association request.
  - 4. An access point as set forth in claim 2, further comprising:
    - the access point is suitably adapted to receive a parameter from the authentication server for the service set contained in the association request from the wireless station.
  - 5. An access point as set forth in claim 2, further comprising:
    - the access point suitably adapted to determine whether the access point can tunnel to the home subnet for the service set the wireless station is requesting;
      
      wherein the access point tunnels to the home subnet upon a determination that the access point is capable of tunneling to the home subnet; and
      
      wherein the access point binds the wireless station to a local subnet for the service set upon a determination that the access point is incapable of tunneling to the home subnet for the service set.
  - 6. An access point as set forth in claim 5, further comprising the access point configured to use Proxy Mobile IP tunneling to bind the wireless station to the home subnet.
  - 7. An access point as set forth in claim 1, wherein the configuration for the service set is instantiated locally at the access point.

8. A method for an access point to determine whether to allow a wireless station to associate, comprising:
- receiving an association request, the association request comprising an identifier for the wireless station making the request and a service set identifier indicative of a service set that identifies a type of service for the wireless station determining whether the access point is configured to support the service set;
  
  denying the association request upon a determination that the access point is not configured to support the service set;
  
  authenticating the association request with an authentication server to determine whether the wireless station is authorized for the service set contained in the association request; and
  
  denying the association request upon a determination that the wireless station is not authorized for the service set;
  
  wherein the type of service is selected from a group consisting of a proxy mobile internet protocol service and a virtual local area network.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. A method as set forth in claim 8, further comprising:
    - accepting the association request upon a determination that the access point is configured to support the service set.
  - 10. A method as set forth in claim 8, further comprising:
    - searching a lookup table containing service set identifiers that the access point is configured to support to determine whether the access point is configured to support the service set.
  - 11. A method as set forth in claim 8, further comprising:
    - receiving a list of authorized service set identifiers for the wireless station from the authentication server; and
      
      searching the list of authorized service set identifiers to determine whether the wireless station is authorized for the service set contained in the association request.
  - 12. A method as set forth in claim 8, further comprising:
    - determining whether the access point can tunnel to the home subnet for the service set the wireless station is requesting;
      
      tunneling to the home subnet upon a determination that the access point is capable of tunneling to the home subnet; and
      
      binding the wireless station to a local subnet for the service set upon a determination that the access point is incapable of tunneling to the home subnet for the service set.
  - 13. A method as set forth in claim 8, further comprising binding the wireless station to a local VLAN corresponding to the service set.

14. An access point, comprising:
- means for receiving from a wireless station an association request, the association request comprising an identifier for the wireless station making the request and a service set identifier indicative of a service set that identifies a type of service for the wireless station;
  
  means for determining whether the access point is configured to support the service set;
  
  means for accepting the association request responsive to the means for determining whether the access point is configured to support the service set determining that the access point is configured to support the service set;
  
  means for denying the association request responsive to the means for determining whether the access point is configured to support the service set determining that the access point is not configured to support the service set;
  
  means for communicating with an authentication server to determine whether the wireless station is authorized for the service set contained in the association request;
  
  means for receiving from the authentication server a list of authorized service set identifiers for the wireless station; and
  
  means for searching the list of authorized service set identifiers to determine whether the wireless station is authorized for the service set contained in the association request;
  
  wherein the type of service is selected from a group consisting of a proxy mobile internet protocol service and a virtual local area network.
- View Dependent Claims (15)
- - 15. An access point as set forth in claim 14, further comprising:
    - means for denying the association request responsive to a determination that the wireless station is not authorized for the service set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Olson, Tim, Meier, Robert C., Nelakanti, Bhavannarayana, Griswold, Victor J., Yang, Sheausong
Primary Examiner(s)
Milord; Marceau

Application Number

US11/106,943
Publication Number

US 20050185626A1
Time in Patent Office

1,404 Days
Field of Search

455/41.2, 455/414.1, 455/461, 455/417, 455/456.4, 455/512, 455/41.1, 455/418, 340/7.1, 340/870.02, 342/357.1, 370/312, 370/392
US Class Current

455/41.2
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/104   Grouping of entities

H04W 12/08   Access security

H04W 28/18   Negotiating wireless commun...

H04W 4/08   User group management

H04W 72/27   between access points

H04W 80/04   Network layer protocols, e....

H04W 84/12   WLAN [Wireless Local Area N...

Method for grouping 802.11 stations into authorized service sets to differentiate network access and services

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method for grouping 802.11 stations into authorized service sets to differentiate network access and services

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links