Method for organizing virtual networks while optimizing security

US 7,546,458 B1
Filed: 10/18/2002
Issued: 06/09/2009
Est. Priority Date: 05/04/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of configuring an access device to include multiple virtual LANS (VLANs) based on security levels, the method comprising:

enabling encryption in the access device;

selectively assigning one of a predetermined security level, multiple security levels, and no security level to each VLAN; and

setting a security association for each station associated with the access device, wherein the security association of a station determines its assigned VLAN.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access point in a wireless communication system can be configured to include multiple virtual LANS (VLANs) based on security levels, thereby allowing secure traffic to be isolated from insecure traffic. Configuring the access point can include assigning a security level to each VLAN and setting a security association for each station associated with the access point. Based on this security association, each station can be assigned to an appropriate VLAN.

Citations

17 Claims

1. A method of configuring an access device to include multiple virtual LANS (VLANs) based on security levels, the method comprising:
- enabling encryption in the access device;
  
  selectively assigning one of a predetermined security level, multiple security levels, and no security level to each VLAN; and
  
  setting a security association for each station associated with the access device, wherein the security association of a station determines its assigned VLAN.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further including setting a multi-cast key for each security level before enabling encryption.
  - 3. The method of claim 1, further including enabling access control before setting the security association for each station.
  - 4. The method of claim 3, wherein enabling access control includes filtering unencrypted communication from any station.
  - 5. The method of claim 1, wherein setting a security association includes setting key maps for stations associated with the access device.
  - 6. The method of claim 1, wherein selectively assigning includes designating a VLAN identification (VID) for each VLAN.
  - 7. The method of claim 1, wherein selectively assigning includes allowing certain functions on the access device to be accessible via a designated VLAN.
  - 8. The method of claim 1, wherein selectively assigning includes filtering untagged traffic received on a network port on the access device.
  - 9. The method of claim 1, further including reassigning a new security level to at least one VLAN.
  - 10. The method of claim 1, wherein selectively assigning includes accessing a default VLAN configuration based on encryption mode.
  - 11. The method of claim 10, wherein the default VLAN configuration includes:
    - assigning security levels with encryption to a default VLAN; and
      
      assigning security levels without encryption to an invalid VLAN.
  - 12. The method of claim 1, further including:
    - deleting any previously-set VLANs; and
      
      reverting to any default VLANs.

13. A method of isolating more secure traffic from less secure traffic in a wireless communication system, the method comprising:
- building an association between multiple virtual LANS (VLANs) and security levels, wherein a first VLAN having a first security level facilitates the more secure traffic and a second VLAN having a second security level facilitates the less secure traffic, wherein each security level is selectable between a single security level, multiple security levels, and no security level.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein the multiple security levels include at least two of AES, WEP, and unencrypted.
  - 15. The method of claim 13, wherein building includes configuring an access device.
  - 16. The method of claim 15, wherein configuring includes:
    - assigning a security level to each VLAN; and
      
      setting a security association for each station associated with the access device, wherein the security association of a station determines its assigned VLAN.

17. A wireless communication system comprising:
- an access device; and
  
  a plurality of stations associated with the access device, each station being assigned to a virtual LAN (VLAN) based on a security level associated with that station, each security level being user-selectable between a single security level, multiple security levels, and no security level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Atheros Communications Incorporated (Qualcomm, Inc.)
Inventors
Hayes, Kevin, Davidson, Andrew M., Singla, Aman, Fine, Michael
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US10/273,497
Time in Patent Office

2,426 Days
Field of Search

713/166, 709/223, 380/255
US Class Current

713/166
CPC Class Codes

H04L 12/4645 Details on frame tagging ro...

Method for organizing virtual networks while optimizing security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method for organizing virtual networks while optimizing security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links