Wireless network controller certification authority

US 8,799,648 B1
Filed: 08/14/2008
Issued: 08/05/2014
Est. Priority Date: 08/15/2007
Status: Active Grant

First Claim

Patent Images

1. A method in a controller of a wireless communication network, the method comprising the steps of:

connecting to one or more first access points of a first wireless network, each access point including a hardware processor and routing messages to and from a set of mobile devices;

connecting to a second wireless network including a second set of access points, each of the second set of access points including a hardware processor;

selecting, for at least one of the set of mobile devices, one of the second set of access points for exchanging messages with, and routing messages on behalf of, the at least one of the set of mobile devices;

issuing, from a certification authority of the controller, certificates of key ownership with respect to authentication of the one or more first access points in order to communicate with the second set of access points; and

determining whether to allow messages between the one or more first access points and the second set of access points in response to the certificates.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controller for a wireless network includes processing elements, an interface for communication with access points for the wireless network, and an interface to another network. The processing elements oversee communication between that other network and the access points, and the controller acts as a certification authority for authenticating access points using public key techniques.

Citations

12 Claims

1. A method in a controller of a wireless communication network, the method comprising the steps of:
- connecting to one or more first access points of a first wireless network, each access point including a hardware processor and routing messages to and from a set of mobile devices;
  
  connecting to a second wireless network including a second set of access points, each of the second set of access points including a hardware processor;
  
  selecting, for at least one of the set of mobile devices, one of the second set of access points for exchanging messages with, and routing messages on behalf of, the at least one of the set of mobile devices;
  
  issuing, from a certification authority of the controller, certificates of key ownership with respect to authentication of the one or more first access points in order to communicate with the second set of access points; and
  
  determining whether to allow messages between the one or more first access points and the second set of access points in response to the certificates.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - receiving a connection request from a rogue access point; and
      
      refusing access to the rogue access point in response to the rogue access point failing to present a certificate issued by the controller.
  - 3. The method of claim 1, wherein said controller determines whether to allow said messages between particular ones of said mobile stations and particular ones of said access points.
  - 4. The method of claim 1, wherein the second wireless network is disposed to operate under control of one or more devices distinct from said controller.

5. A method, in an access point of a wireless communication network, the method comprising the steps of:
- routing messages to and from a set of mobile devices using one or more access points in a first wireless network;
  
  receiving a certificate of key ownership with respect to authentication from a controller including a hardware processor and having a certification authority coupled to the first wireless network and to a second wireless network including a set of second access points, wherein the controller selects, for each of the set of mobile devices, one of said access points for exchanging messages with, and routing messages on behalf of, each of the mobile devices,wherein the controller determines whether to allow messages between the access points and at least one of the set of second access points, in response to the certificate issued by the certification authority.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, further comprising:
    - receiving a connection request from a rogue access point; and
      
      refusing access to the rogue access point in response to the rogue access point failing to present a certificate issued by the controller.
  - 7. The method of claim 5, including steps of:
    - allowing access only between selected particular ones of said mobile stations and selected particular ones of said access points.
  - 8. The method of claim 5, wherein the second wireless network is disposed to operate under control of one or more devices distinct from said controller.

9. A non-transitory computer-readable medium including one or more instructions executable by a controller with a hardware processor to perform a method, the method comprising the steps of:
- connecting to one or more first access points of a first wireless network, each access point including a hardware processor and routing messages to and from a set of mobile devices;
  
  connecting to a second wireless network including a second set of access points, each of the second set of access points including a hardware processor;
  
  selecting, for at least one of the set of mobile devices, one of the second set of access points for exchanging messages with, and routing messages on behalf of, the at least one of the set of mobile devices;
  
  issuing, from a certification authority of the controller, certificates of key ownership with respect to authentication of the one or more first access points in order to communicate with the second set of access points; and
  
  determining whether to allow messages between the one or more first access points and the second set of access points in response to the certificates.
- View Dependent Claims (10, 11, 12)
- - 10. The computer-readable medium of claim 9, wherein the method further comprises the steps of:
    - receiving a connection request from a rogue access point; and
      
      refusing access to the rogue access point in response to the rogue access point failing to present a certificate issued by the controller.
  - 11. The computer-readable medium of claim 9, wherein said instructions direct said access points to allow access to selected particular ones of said mobile stations, in response to said certificates.
  - 12. The computer-readable medium of claim 9, wherein the second wireless network is disposed to operate under control of one or more devices distinct from said controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Meru Networks, Inc. (Fortinet Inc.)
Inventors
Singh, Rajinder
Primary Examiner(s)
Davis, Zachary A
Assistant Examiner(s)
MEJIA, FELICIANO S

Application Number

US12/191,421
Time in Patent Office

2,182 Days
Field of Search

713/155, 713/156, 380/270, 370/338, 370/310, 370/329, 455/410
US Class Current

713/156
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 88/08   Access point devices

Wireless network controller certification authority

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless network controller certification authority

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links