Managed roaming for WLANS

US 7,606,242 B2
Filed: 08/02/2002
Issued: 10/20/2009
Est. Priority Date: 08/02/2002
Status: Active Grant

First Claim

Patent Images

1. A system for securely accessing a wireless network, comprising:

a wireless mobile device configured to use wireless network protocols conforming to one or more of the IEEE 802.11 family of specifications;

wherein the wireless mobile device uses an association control list to control communication with access points;

the association control list comprising a plurality of BSSIDs (Basic Service Set Identifier),wherein the association control list is updated via communication with a server, andwherein a second association control list and the association control list form at least a portion of an association control list hierarchy.

View all claims

28 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention allows any number of mobile units to roam between a large numbers of sub-networks, each with a large number of access points (tens of thousands or more total access points), with minimal direct administration effort. A hierarchy of management servers may be used across the multiple sub-networks, which can be under the control of multiple entities. The invention provides the capability for the mobile units to authenticate the access points associated with, to ensure they are both authorized and managed. Peer-to-peer and ad hoc associations between mobile units are managed as well. The invention may enforce a number of association policies such as, for example, forcing the mobile unit to only associate with access points or mobile units on a previously set mandatory association list, providing the mobile unit with a list of preferred access points to associate with, but allowing association with other access points, or providing the mobile unit with a excluded association list of access points or mobile units it is not to associate with.

Citations

60 Claims

1. A system for securely accessing a wireless network, comprising:
- a wireless mobile device configured to use wireless network protocols conforming to one or more of the IEEE 802.11 family of specifications;
  
  wherein the wireless mobile device uses an association control list to control communication with access points;
  
  the association control list comprising a plurality of BSSIDs (Basic Service Set Identifier),wherein the association control list is updated via communication with a server, andwherein a second association control list and the association control list form at least a portion of an association control list hierarchy.
- View Dependent Claims (2)
- - 2. The system of claim 1, wherein the association control list is specific to one or more network segments.

3. A system for securely accessing a wireless network, comprising:
- a wireless mobile device;
  
  wherein the wireless mobile device uses an association control list to control communication with an access point, the association control list comprising digital data representing information concerning at least one access point and whether the wireless mobile unit should communicate with the at least one access point,wherein the association control list is updated by communicating with a server; and
  
  wherein the server is used to facilitate the authentication of the access point by the mobile unit.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 4. The system of claim 3, wherein the wireless network conforms to one or more of the IEEE 802.11 family of specifications.
  - 5. The system of claim 3, wherein the wireless network conforms to one or more standards promulgated by The Bluetooth.
  - 6. The system of claim 3, wherein the wireless network is infrared.
  - 7. The system of claim 3, wherein the association control list comprises a list of preferred access points with which the wireless mobile device will associate with.
  - 8. The system of claim 7, wherein the wireless mobile device searches for an access point on the list of preferred access point when the wireless mobile unit is not associated with an access point on the list of preferred access points.
  - 9. The system of claim 3, wherein the association control list is determined to reduce the cost of network access.
  - 10. The system of claim 3, wherein the association control list is determined to increase network capacity and performance.
  - 11. The system of claim 3, wherein the association control list comprises information identifying one or more access points with which the wireless mobile device is forbidden to associate.
  - 12. The system of claim 3, wherein the association control list comprises information identifying one or more access points with which the wireless mobile device must exclusively associate.
  - 13. The system of claim 3, wherein the communication occurs over the wireless network.
  - 14. The system of claim 13, wherein access points are authenticated before updating the association control list via the access point.
  - 15. The system of claim 3, wherein the communication occurs when the one or more mobile units are connected to a wired network.
  - 16. The system of claim 3, wherein the server is authenticated before updating the association control list.
  - 17. The system of claim 3, wherein the association control list is updated by communicating with a first server and is further updated by communicating with one or more additional servers.
  - 18. The system of claim 17, wherein the first server and the one or more additional servers are hierarchically related.
  - 19. The system of claim 17, wherein a precedence of association control policies applied the access control lists is determined with respect to the hierarchy.
  - 20. The system of claim 3, wherein the association control list is updated by communicating with a first server, and a second association control list is updated by communicating with a second server, andthe mobile device uses the association control list and the second association control list to control communication with access points.
  - 21. The system of claim 3, wherein the server automatically detects the presence of at least one new access point on at least one network segment and subsequently updates the association control list.
  - 22. The system of claim 21, wherein the server adds the at least one access point with a known property or type to the association control list.
  - 23. The system of claim 21, wherein the server adds information identifying one or more access points of unknown type or properties to at least one association control list so as to forbid wireless devices using the at least one association control list from associating with the one or more access points of unknown type or properties.
  - 24. The system of claim 21, wherein authorization of a network administrator is required to update an association control list.
  - 25. The system of claim 3, wherein the association control list is specific to one or more network segments.
  - 26. The system of claim 3, wherein the mobile device selects among a plurality of association control lists to control communication with access points based on an access point identifier transmitted by each access point.

27. A system for securely accessing a wireless network, comprising:
- a wireless mobile device comprising a processor and memory,wherein the wireless mobile device associates with an access point and sends a request to a server for confirmation that the access point is authorized, the access point comprising a wireless device for communicating with other wireless devices and a wired network interface for communicating via a wired network,wherein the wireless network conforms to one or more of the IEEE 802.11 family of specifications, andwherein the wireless mobile device stores an identifier of the access point if the server does not confirm that the access point is authorized, and subsequently transmits the identifier to the server.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. The system of claim 27, wherein the wireless mobile device ceases association with the access point if the wireless mobile device does not receive confirmation that the access point is authorized.
  - 29. The system of claim 27, wherein the wireless network conforms to one or more standards promulgated by The Bluetooth.
  - 30. The system of claim 27, wherein the wireless network is infrared.
  - 31. The system of claim 27, wherein the server adds information identifying the access point to at least one association control list so as to forbid wireless devices using the at least one association control list from associating with the access point.
  - 32. The system of claim 31, wherein authorization of a network administrator is required to update the list of access points.

33. A system for securely accessing a wireless network, comprising a server configured to receive a request to authenticate an access point from a wireless mobile device, the server being further configured to determine whether the wireless mobile device is associated with the access point and whether the access point is authorized, and to provide a response to the wireless mobile device indicating whether the mobile device is authorized to continue association with the access point,wherein the server is further configured to detect each association between the access point and the wireless mobile device and to disable communications between the access point and the wireless mobile device if no request to authenticate the access point is received within a predetermined interval.
- View Dependent Claims (34)
- - 34. The system of claim 33, wherein the server restricts the network access or network service privileges of the mobile device if the mobile device is not authorized.

35. A wireless communication security system, comprising:
- a first wireless mobile device;
  
  a server system comprising a plurality of servers;
  
  wherein the first wireless mobile uses an association control list to control communication with other wireless mobile devices via at least one access point;
  
  the association control list comprising a plurality of identifiers, each identifier uniquely identifying a wireless mobile device,wherein one or more servers of the plurality of servers control the content of the association control list, and wherein the plurality of servers are organized hierarchically.
- View Dependent Claims (36, 37, 38, 39, 40, 41)
- - 36. The system of claim 35, wherein the wireless network conforms to one or more of the IEEE 802.11 family of specifications.
  - 37. The system of claim 35, wherein the wireless network conforms to one or more standards promulgated by The Bluetooth.
  - 38. The system of claim 35, wherein the wireless network is infrared.
  - 39. The system of claim 35, wherein the identifiers comprise IBSSIDs.
  - 40. The system of claim 35, wherein the association control list comprises information identifying one or more other mobile units with which a given mobile unit is forbidden to associate with.
  - 41. The system of claim 35, wherein the control list comprises information identifying one or more other mobile units with which a given mobile unit must exclusively associate with.

42. A system for securely accessing a wireless network, comprising:
- a wireless mobile device,wherein the mobile device uses an association control list to control communication with access points and to update the association control list by communicating with a server, andwherein the association control list is a user-configurable association control list.

43. A system for securely accessing a wireless network comprising:
- a server system comprising a plurality of computer servers, wherein at least one server computer of the plurality of computer servers being operatively connected to a communications network,wherein the system being configured to receive at least one access point identifier from a wireless mobile unit via the communication network, the system being further configured to transmit to the wireless mobile unit information concerning at least one access point and whether the mobile unit should communicate with the at least one access point,wherein the a plurality of servers are organized hierarchically, and wherein the server system is further configured to receive an identifier of the mobile unit.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51)
- - 44. The system of claim 43, wherein the server system is further configured to apply a criterion to determine at least a portion of the information.
  - 45. The system of claim 44, wherein the criterion is inclusion of an identifier in an association control list.
  - 46. The system of claim 45, wherein the wireless mobile unit complies with one or more of the IEEE 802.11 family of standards.
  - 47. The system of claim 46, wherein the access point identifier comprises a BSSID.
  - 48. The system of claim 45, wherein the wireless network conforms to one or more standards promulgated by The Bluetooth.
  - 49. The system of claim 45, wherein the association control list comprises information identifying one or more access points with which the unit is forbidden to associate with.
  - 50. The system of claim 45, wherein the association control list comprises information identifying one or more access points with which the mobile unit must exclusively associate with.
  - 51. The system of claim 45, wherein the wireless network is infrared.

52. A system for securely accessing a wireless network, comprising:
- a wireless mobile unit comprising a processor and memory,wherein the wireless mobile unit transmits to a server system comprising a plurality of servers a data structure comprising identifiers of access points within range of the wireless mobile units;
  
  wherein the wireless mobile unit receives from the server system information concerning at least one access point and whether the mobile unit should communicate with the at least one access point, andwherein the server system is organized hierarchically.

53. A system for securely accessing a wireless network, comprising:
- a wireless mobile unit comprising a processor and memory;
  
  wherein the wireless mobile unit receives an association control list from an access point, the association control list comprising digital data representing information concerning at least one access point and whether the wireless mobile unit should communicate with the at least one access point,wherein the association control list is updated by communicating with a server, and wherein the server is authenticated for associating the access point with the mobile unit before updating the association control list.

54. A system for securely accessing a wireless network comprising:
- an access point for communicating with wireless devices;
  
  a server system comprising a plurality of servers; and
  
  a wired network interface for communicating via a wired network,wherein the access point is configured to wirelessly transmit an association control list, the association control list comprising digital data representing information concerning at least one access point and whether at least one wireless mobile device should communicate with the at least one access point,wherein the access point is further configured to periodically broadcast the association control list,wherein one or more servers of the plurality of servers control the content of the association control list, and wherein the plurality of servers are organized hierarchically.
- View Dependent Claims (55, 56, 57, 58, 59, 60)
- - 55. The system of claim 54, wherein the wireless network conforms to one or more of the IEEE 802.11 family of specifications.
  - 56. The system of claim 55, wherein the digital data comprises a BSSID.
  - 57. The system of claim 54, wherein the wireless network conforms to one or more standards promulgated by The Bluetooth.
  - 58. The system of claim 54, wherein the wireless network is infrared.
  - 59. The system of claim 54, wherein the association control list comprises information identifying one or more access points with which the at least one mobile device is forbidden to associate with.
  - 60. The system of claim 54, wherein the association control list comprises information identifying one or more access points with which the at least one mobile device must exclusively associate with.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
Wavelink Corporation (Ivanti Software, Inc.)
Inventors
Whelan, Robert, Morris, Roy, Van Wagenen, Lamar
Primary Examiner(s)
HO, DUC CHI

Application Number

US10/211,841
Publication Number

US 20040198220A1
Time in Patent Office

2,636 Days
Field of Search

370/245, 370/328, 370/338, 370/329, 370/334, 455/432.1, 455/422.1
US Class Current

370/401
CPC Class Codes

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

H04W 48/02   Access restriction performe...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 84/18   Self-organising networks, e...

Managed roaming for WLANS

First Claim

28 Assignments

0 Petitions

Accused Products

Abstract

Citations

60 Claims

Specification

Solutions

Use Cases

Quick Links

Managed roaming for WLANS

First Claim

28 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

60 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links