System and methods for a secure and segregated computer network

US 7,574,202 B1
Filed: 07/21/2006
Issued: 08/11/2009
Est. Priority Date: 07/21/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for managing a secure local area network wherein the local area network includes a plurality of private networks logically linked to a wireless network having a plurality of wireless access points for isolating data traffic, the method comprising:

authenticating a plurality of wireless user devices to be coupled to the wireless network;

segregating the plurality of authenticated wireless user devices into a first logical wireless virtual local area network of the wireless network and a second logical wireless virtual local area network of the wireless network;

assigning at least one wireless access point of the plurality of wireless access points to at least one authenticated wireless user device of the authenticated plurality of wireless user devices based upon the proximity of the plurality of wireless access points to the plurality of wireless user devices;

coupling the authenticated plurality of wireless user devices to the wireless network through the assigned at least one wireless access point of the plurality of wireless access points;

dynamically reassigning at least a second wireless access point of the plurality of wireless access points to the at least one authenticated wireless user device based upon the proximity of the plurality of wireless access points to the plurality of wireless user devices, wherein the dynamically reassigning of at least a second wireless access point is performed as the at least one authenticated wireless user device is repositioned;

dynamically coupling the authenticated plurality of wireless user devices to the wireless network through at least the second wireless access point wherein the dynamically coupling of the authenticated plurality of wireless user devices is performed as the plurality of authenticated wireless user devices are repositioned, thereby permitting the plurality of authenticated user devices to roam seamlessly throughout the wireless network;

segregating the plurality of private networks into a corresponding plurality of logical private virtual local area networks of the local area network; and

linking the first and second logical wireless virtual local area network to at least one of the plurality of logical private virtual local area networks, thereby enabling the plurality of authenticated wireless user devices to couple to at least one of the plurality of private networks, wherein traffic between the first logical wireless virtual local area network and the at least one linked private virtual local area network is isolated from traffic between the second logical wireless virtual local area network and the at least one linked private virtual local area network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is a method and system for managing a secure local area network wherein the local area network includes a plurality of private networks logically linked to a wireless network having a plurality of wireless access points for isolating data traffic. The system provides authentication of the user devices, segregation of the user device into logical wireless virtual local area networks (WVLANs), and places the private networks into virtual local area networks (VLANs). By linking WVLANs with the appropriate VLANs, the management system provides segregation of user device traffic, as well as private network traffic, despite a shared physical network. By consolidating wireless networks in a multi-tenant environment, the work area of each individual tenant is expanded to a building wide roaming area, and radio frequency interference is reduced. In addition, by coupling together numerous wireless networks a greater roaming capability is created across all managed wireless networks.

116 Citations

20 Claims

1. A method for managing a secure local area network wherein the local area network includes a plurality of private networks logically linked to a wireless network having a plurality of wireless access points for isolating data traffic, the method comprising:
- authenticating a plurality of wireless user devices to be coupled to the wireless network;
  
  segregating the plurality of authenticated wireless user devices into a first logical wireless virtual local area network of the wireless network and a second logical wireless virtual local area network of the wireless network;
  
  assigning at least one wireless access point of the plurality of wireless access points to at least one authenticated wireless user device of the authenticated plurality of wireless user devices based upon the proximity of the plurality of wireless access points to the plurality of wireless user devices;
  
  coupling the authenticated plurality of wireless user devices to the wireless network through the assigned at least one wireless access point of the plurality of wireless access points;
  
  dynamically reassigning at least a second wireless access point of the plurality of wireless access points to the at least one authenticated wireless user device based upon the proximity of the plurality of wireless access points to the plurality of wireless user devices, wherein the dynamically reassigning of at least a second wireless access point is performed as the at least one authenticated wireless user device is repositioned;
  
  dynamically coupling the authenticated plurality of wireless user devices to the wireless network through at least the second wireless access point wherein the dynamically coupling of the authenticated plurality of wireless user devices is performed as the plurality of authenticated wireless user devices are repositioned, thereby permitting the plurality of authenticated user devices to roam seamlessly throughout the wireless network;
  
  segregating the plurality of private networks into a corresponding plurality of logical private virtual local area networks of the local area network; and
  
  linking the first and second logical wireless virtual local area network to at least one of the plurality of logical private virtual local area networks, thereby enabling the plurality of authenticated wireless user devices to couple to at least one of the plurality of private networks, wherein traffic between the first logical wireless virtual local area network and the at least one linked private virtual local area network is isolated from traffic between the second logical wireless virtual local area network and the at least one linked private virtual local area network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method, as recited in claim 1, wherein the linking of the first and second logical wireless virtual local area network to the plurality of logical virtual local area networks is dictated by set policies, and wherein the policies are configurable.
  - 3. The method, as recited in claim 2, wherein the plurality of private networks are coupled to the local area network through a plurality of access ports, and wherein each access port couples to one private network.
  - 4. The method, as recited in claim 3, wherein traffic from the plurality of private networks through the plurality of access ports is tagged by at least one building router for identification.
  - 5. The method, as recited in claim 2, wherein the plurality of private networks are coupled to the local area network through a plurality of wireless-to-Ethernet bridges, wherein the plurality of wireless-to-Ethernet bridges couple wirelessly to the plurality of access points and wherein each wireless-to-Ethernet bridge couples to one private network.
  - 6. The method, as recited in claim 1, wherein the plurality of access points are distributed in a cell-like fashion, and wherein radio frequency mapping is used to determine the placement of the plurality of access points.
  - 7. The method, as recited in claim 1, wherein the authenticating the plurality of wireless user devices is performed against a wireless local area network switch including wireless user device credentials, a local database including wireless user device credentials and a roamer database including wireless user device credentials, thereby allowing for extensive authenticated wireless user device mobility and authenticated wireless user device roaming capability.
  - 8. The method, as recited in claim 1, further wherein a plurality of devices are all wirelessly transmitting devices located in a coverage area of the wireless network.
  - 9. The method, as recited in claim 8, wherein radio frequency interference is decreased by reducing superfluous devices within the coverage area of the wireless network, wherein the superfluous devices do not serve a legitimate function in the wireless network and wherein the plurality of devices includes superfluous devices.
  - 10. The method, as recited in claim 7, wherein the wireless network includes at least two wireless networks enabling extensive roaming by user devices.

11. A method for managing the secure local area network wherein the local area network includes a plurality of private networks logically linked to a wireless network having a plurality of wireless access points for isolating data traffic, the method comprising:
- authenticating the plurality of wireless user devices to be coupled to the wireless network;
  
  segregating the plurality of authenticated wireless user devices into a first logical wireless virtual local area network of the wireless network and a second logical wireless virtual local area network of the wireless network;
  
  coupling the authenticated plurality of wireless user devices to the wireless network, wherein the coupling is performed through at least one wireless access point of the plurality of wireless access points and wherein the at least one wireless access point is dynamically designated by the user device location;
  
  coupling the plurality of private networks to the local area network through a plurality of access ports, wherein each access port couples to one private network;
  
  segregating the plurality of private networks into a corresponding plurality of logical private virtual local area networks of the local area network; and
  
  linking the first and second logical wireless virtual local area network to at least one of the plurality of logical private virtual local area networks, thereby enabling the plurality of authenticated wireless user devices to couple to at least one of the plurality of private networks, wherein traffic between the first logical wireless virtual local area network and at least one linked private virtual local area network is isolated from traffic between the second logical wireless virtual local area network and the at least one linked private virtual local area network.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method, as recited in claim 11, wherein the linking of the first and second logical wireless virtual local area network to the plurality of logical virtual local area networks is dictated by set policies, and wherein the policies are configurable.
  - 13. The method, as recited in claim 11, wherein the authenticating the plurality of wireless user devices is performed against a wireless local area network switch including wireless user device credentials, a local database including wireless user device credentials and a roamer database including wireless user device credentials, thereby allowing for extensive authenticated wireless user device mobility and authenticated wireless user device roaming capability.
  - 14. The method, as recited in claim 11, wherein radio frequency interference is decreased by reducing wirelessly transmitting devices within the wireless network.
  - 15. The method, as recited in claim 11, wherein the wireless network includes at least two wireless networks enabling extensive roaming by user devices.

16. A secure and segregated local area network useful in association with a multi user group environment, the local area network comprising:
- a wireless local area network switch configured to a plurality of wireless user devices, segregating the plurality of authenticated wireless user devices into a first logical wireless virtual local area network of a wireless network and a second logical wireless virtual local area network of the wireless network, segregating a plurality of private networks into a corresponding plurality of logical private virtual local area networks of the local area network, and linking the first and second logical wireless virtual local area network to at least one of the plurality of logical private virtual local area networks;
  
  a plurality of access points configured to couple the authenticated plurality of wireless user devices to the wireless network, wherein the coupling is performed through at least one wireless access point of the plurality of wireless access points and wherein the at least one wireless access point is dynamically designated by the user device location; and
  
  a plurality of access ports configured to couple the plurality of private networks to the local area network through the plurality of access ports, wherein each access port couples to one private network.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The secure local area network of claim 16, wherein the plurality of access points are distributed in a cell-like fashion, and wherein radio frequency mapping is used to determine the placement of the plurality of access points.
  - 18. The secure local area network of claim 16, wherein the wireless local area network switch for authenticating the plurality of wireless user devices utilizes at least one remote authentication dial in user service server.
  - 19. The secure local area network of claim 18, wherein the plurality of access ports are a plurality of wireless-to-Ethernet bridges, wherein the plurality of wireless-to-Ethernet bridges couple wirelessly to the plurality of access points and wherein each wireless-to-Ethernet bridge couples to one private network.
  - 20. The secure local area network of claim 16, wherein at least one router couples the at least two wireless networks together.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Airsurf Wireless Incorporated
Original Assignee
Airsurf Wireless Incorporated
Inventors
Redfield, Keith C., Tsao, Robert, Speakman, Grant D., Gillies, Graham N., Thirlwall, David G.
Primary Examiner(s)
Phan; Huy Q

Application Number

US11/459,191
Time in Patent Office

1,117 Days
Field of Search

455/411, 455/410, 455/517, 455/525, 455/435.2, 455/422.1, 455/403, 370/328, 370/338, 370/310.2, 370/310, 370/331
US Class Current

455/411
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/1441   Countermeasures against mal...

H04W 12/06   Authentication

H04W 12/64   using geofenced areas

H04W 84/12   WLAN [Wireless Local Area N...

System and methods for a secure and segregated computer network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

116 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and methods for a secure and segregated computer network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others