Inter subnet roaming system and method
First Claim
Patent Images
1. A method comprising:
- receiving, with a first wireless domain service device, authentication information of a mobile device from a second wireless domain service device, wherein the first wireless domain service device is configured to provide network access to mobile devices located in a first geographical area, wherein the second wireless domain service device is configured to provide network access to mobile devices located in a second geographical area, and wherein the authentication information is configured to indicate that the second wireless domain service device previously authenticated the mobile device for communication over a network;
receiving a request for the mobile device to communicate over a network through the first wireless domain service device; and
authenticating the mobile device according to the authentication information received from the second wireless domain service device utilizing a reduced authentication process responsive to the request, wherein the mobile device, once authenticated by the first wireless domain service device, is capable of communicating over the network through the first wireless domain service device.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention communication network system and method facilitates authentication and registration in a communication network as mobile nodes move from one geographical region to another. Multiple wireless domain services (WDSs) share client authentication information permitting relatively seamless roaming between subnets with minimal interruptions and delays. In one embodiment, a wireless domain service network communication method is performed utilizing partial authentication processes. A mobile node engages in an authentication protocol with a first wireless domain service (WDS) access point in a first subnet. The authentication credentials are forwarded to a second wireless domain service in a second subnet if the authentication protocol is successfully completed. The forwarded authentication credentials are utilized to authenticate the client entering the service area of the second wireless domain service in the second subnet. The authentication credentials can be “pushed” or “pulled” from the first wireless domain service to the second wireless domain service.
23 Citations
20 Claims
-
1. A method comprising:
-
receiving, with a first wireless domain service device, authentication information of a mobile device from a second wireless domain service device, wherein the first wireless domain service device is configured to provide network access to mobile devices located in a first geographical area, wherein the second wireless domain service device is configured to provide network access to mobile devices located in a second geographical area, and wherein the authentication information is configured to indicate that the second wireless domain service device previously authenticated the mobile device for communication over a network; receiving a request for the mobile device to communicate over a network through the first wireless domain service device; and authenticating the mobile device according to the authentication information received from the second wireless domain service device utilizing a reduced authentication process responsive to the request, wherein the mobile device, once authenticated by the first wireless domain service device, is capable of communicating over the network through the first wireless domain service device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network communication system comprising:
-
a communication component for transmitting and receiving information to and from a mobile device; and a wireless domain service device for implementing a wireless domain service including inter subnet fast roaming authentication and registration of the mobile device, wherein the wireless domain service device is configured to receive authentication information of the mobile device from a neighboring wireless domain service device, wherein the authentication information is configured to indicate that the neighboring wireless domain service device previously authenticated the mobile device for communication over the network, wherein the wireless domain service device is configured to authenticate the mobile device according to the authentication information received from the neighboring wireless domain service device utilizing a reduced authentication process, and wherein the mobile device, once authenticated by the wireless domain service device, is capable of communicating over the network via the wireless domain service device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer readable medium for storing computer readable code including instruction for directing a processor in the performance of a communication network roaming authentication process comprising:
-
directing operations associated with communication of client authentication information of a mobile device to and from one or more wireless domain service devices, wherein the wireless domain service devices are configured to provide network access to mobile devices located in different geographical areas, and wherein the client authentication information is configured to indicate that at least one of the wireless domain service devices previously authenticated the mobile device for communication over a network; receiving a request for the mobile device to communicate over a network through the first wireless domain service device; and authenticating the mobile device according to the client authentication information received from at least one of the wireless domain service devices utilizing a reduced authentication process responsive to the request, wherein the mobile device, once authenticated, is capable of communicating over the network through the first wireless domain service device. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A system comprising:
-
means for receiving, with a first wireless domain service device, authentication information of a mobile device from a second wireless domain service device, wherein the first wireless domain service device is configured to provide network access to mobile devices located in a first geographical area, wherein the second wireless domain service device is configured to provide network access to mobile devices located in a second geographical area, and wherein the authentication information is configured to indicate that the second wireless domain service device previously authenticated the mobile device for communication over a network; means for receiving a request for the mobile device to communicate over a network through the first wireless domain service device; and means for authenticating the mobile device according to the authentication information received from the second wireless domain service device utilizing a reduced authentication process responsive to the request, wherein the mobile device, once authenticated by the first wireless domain service device, is capable of communicating over the network through the first wireless domain service device.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
InventorsMeier, Robert Charles, Leung, Patrick Pak-Chiu, Pathan, Arnavkumar M., Winget, Nancy Cam, Wakerly, John F.
-
Primary Examiner(s)Nalven; Andrew L
-
Assistant Examiner(s)RAHIM, MONJUR
-
Application NumberUS11/060,923Publication NumberTime in Patent Office1,740 DaysField of Search380/247, 455/435, 455/422, 455/432, 455/436, 709/223, 370/345, 713/171, 713/176, 713/185, 713/182US Class Current713/171CPC Class CodesH04L 2209/80 Wireless network architectu...H04L 2463/061 applying further key deriva...H04L 63/06 for supporting key manageme...H04L 63/08 for authentication of entit...H04L 63/0869 for achieving mutual authen...H04L 63/162 at the data link layerH04L 63/20 for managing network securi...H04L 9/0891 Revocation or update of sec...H04L 9/3273 for mutual authentication n...H04W 12/041 Key generation or derivationH04W 12/068 using credential vaults, e....H04W 12/069 using certificates or pre-s...H04W 36/0038 of security context informa...
