Managed roaming for WLANS
First Claim
1. A system for securely accessing a wireless network, comprising:
- a wireless mobile device configured to use wireless network protocols conforming to one or more of the IEEE 802.11 family of specifications;
wherein the wireless mobile device uses an association control list to control communication with access points;
the association control list comprising a plurality of BSSIDs (Basic Service Set Identifier),wherein the association control list is updated via communication with a server, andwherein a second association control list and the association control list form at least a portion of an association control list hierarchy.
28 Assignments
0 Petitions
Accused Products
Abstract
The present invention allows any number of mobile units to roam between a large numbers of sub-networks, each with a large number of access points (tens of thousands or more total access points), with minimal direct administration effort. A hierarchy of management servers may be used across the multiple sub-networks, which can be under the control of multiple entities. The invention provides the capability for the mobile units to authenticate the access points associated with, to ensure they are both authorized and managed. Peer-to-peer and ad hoc associations between mobile units are managed as well. The invention may enforce a number of association policies such as, for example, forcing the mobile unit to only associate with access points or mobile units on a previously set mandatory association list, providing the mobile unit with a list of preferred access points to associate with, but allowing association with other access points, or providing the mobile unit with a excluded association list of access points or mobile units it is not to associate with.
-
Citations
60 Claims
-
1. A system for securely accessing a wireless network, comprising:
-
a wireless mobile device configured to use wireless network protocols conforming to one or more of the IEEE 802.11 family of specifications; wherein the wireless mobile device uses an association control list to control communication with access points;
the association control list comprising a plurality of BSSIDs (Basic Service Set Identifier),wherein the association control list is updated via communication with a server, and wherein a second association control list and the association control list form at least a portion of an association control list hierarchy. - View Dependent Claims (2)
-
-
3. A system for securely accessing a wireless network, comprising:
-
a wireless mobile device; wherein the wireless mobile device uses an association control list to control communication with an access point, the association control list comprising digital data representing information concerning at least one access point and whether the wireless mobile unit should communicate with the at least one access point, wherein the association control list is updated by communicating with a server; and wherein the server is used to facilitate the authentication of the access point by the mobile unit. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A system for securely accessing a wireless network, comprising:
-
a wireless mobile device comprising a processor and memory, wherein the wireless mobile device associates with an access point and sends a request to a server for confirmation that the access point is authorized, the access point comprising a wireless device for communicating with other wireless devices and a wired network interface for communicating via a wired network, wherein the wireless network conforms to one or more of the IEEE 802.11 family of specifications, and wherein the wireless mobile device stores an identifier of the access point if the server does not confirm that the access point is authorized, and subsequently transmits the identifier to the server. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. A system for securely accessing a wireless network, comprising a server configured to receive a request to authenticate an access point from a wireless mobile device, the server being further configured to determine whether the wireless mobile device is associated with the access point and whether the access point is authorized, and to provide a response to the wireless mobile device indicating whether the mobile device is authorized to continue association with the access point,
wherein the server is further configured to detect each association between the access point and the wireless mobile device and to disable communications between the access point and the wireless mobile device if no request to authenticate the access point is received within a predetermined interval.
-
35. A wireless communication security system, comprising:
-
a first wireless mobile device; a server system comprising a plurality of servers; wherein the first wireless mobile uses an association control list to control communication with other wireless mobile devices via at least one access point;
the association control list comprising a plurality of identifiers, each identifier uniquely identifying a wireless mobile device,wherein one or more servers of the plurality of servers control the content of the association control list, and wherein the plurality of servers are organized hierarchically. - View Dependent Claims (36, 37, 38, 39, 40, 41)
-
-
42. A system for securely accessing a wireless network, comprising:
-
a wireless mobile device, wherein the mobile device uses an association control list to control communication with access points and to update the association control list by communicating with a server, and wherein the association control list is a user-configurable association control list.
-
-
43. A system for securely accessing a wireless network comprising:
-
a server system comprising a plurality of computer servers, wherein at least one server computer of the plurality of computer servers being operatively connected to a communications network, wherein the system being configured to receive at least one access point identifier from a wireless mobile unit via the communication network, the system being further configured to transmit to the wireless mobile unit information concerning at least one access point and whether the mobile unit should communicate with the at least one access point, wherein the a plurality of servers are organized hierarchically, and wherein the server system is further configured to receive an identifier of the mobile unit. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A system for securely accessing a wireless network, comprising:
-
a wireless mobile unit comprising a processor and memory, wherein the wireless mobile unit transmits to a server system comprising a plurality of servers a data structure comprising identifiers of access points within range of the wireless mobile units; wherein the wireless mobile unit receives from the server system information concerning at least one access point and whether the mobile unit should communicate with the at least one access point, and wherein the server system is organized hierarchically.
-
-
53. A system for securely accessing a wireless network, comprising:
-
a wireless mobile unit comprising a processor and memory; wherein the wireless mobile unit receives an association control list from an access point, the association control list comprising digital data representing information concerning at least one access point and whether the wireless mobile unit should communicate with the at least one access point, wherein the association control list is updated by communicating with a server, and wherein the server is authenticated for associating the access point with the mobile unit before updating the association control list.
-
-
54. A system for securely accessing a wireless network comprising:
-
an access point for communicating with wireless devices; a server system comprising a plurality of servers; and a wired network interface for communicating via a wired network, wherein the access point is configured to wirelessly transmit an association control list, the association control list comprising digital data representing information concerning at least one access point and whether at least one wireless mobile device should communicate with the at least one access point, wherein the access point is further configured to periodically broadcast the association control list, wherein one or more servers of the plurality of servers control the content of the association control list, and wherein the plurality of servers are organized hierarchically. - View Dependent Claims (55, 56, 57, 58, 59, 60)
-
Specification