Method and system for enabling seamless roaming in a wireless network
First Claim
1. A method for authorizing access by a user to a resource over a wireless local area network, comprising the steps of:
- setting access privileges to the resource for a cluster of users of the wireless local area network, wherein the cluster is indicative of the user'"'"'s role in an organization and the access privileges represent data access rights of members of the cluster to the resource;
receiving a request from a device controlled by the user to access the resource over the wireless local area network, the user having a membership in the cluster, and the request including a user identifier for the user and a device identifier for the device making the request;
locating session context information based on the device identifier, the session context information having been associated with the device identifier during a previous wireless session;
locating access privileges in response to the user identifier and the device identifier in the received request based on the device identifier, the user identifier, and the cluster; and
using the located access privileges and data contained in the session context information to authorize a current session between the device and the resource.
3 Assignments
0 Petitions
Accused Products
Abstract
A gateway server manages connections in a wireless local area network (WLAN). The gateway server provides context information, such as an IP address, that is stored after being previously allocated to a mobile device in a previous connection to the WLAN. The gateway server reassigns the IP address to the mobile device after it reconnects to the WLAN after a disconnection, thus providing seamless roaming for the mobile device from WLAN to WLAN (or subnets within one WLAN) without requiring the user of the device to re-register. The gateway server also provides cluster information (e.g., as part of the context information) for a mobile device making a new connection to the WLAN, such as access privileges associated with the cluster of users of the mobile devices. The gateway server also provides load balancing among two or more WLAN'"'"'s by directing a newly connection mobile device to another WLAN (or subnet), if less congestion results.
283 Citations
18 Claims
-
1. A method for authorizing access by a user to a resource over a wireless local area network, comprising the steps of:
-
setting access privileges to the resource for a cluster of users of the wireless local area network, wherein the cluster is indicative of the user'"'"'s role in an organization and the access privileges represent data access rights of members of the cluster to the resource; receiving a request from a device controlled by the user to access the resource over the wireless local area network, the user having a membership in the cluster, and the request including a user identifier for the user and a device identifier for the device making the request; locating session context information based on the device identifier, the session context information having been associated with the device identifier during a previous wireless session; locating access privileges in response to the user identifier and the device identifier in the received request based on the device identifier, the user identifier, and the cluster; and using the located access privileges and data contained in the session context information to authorize a current session between the device and the resource.
-
-
2. A system comprising a digital processor for authorizing access by a user to a resource over a wireless local area network, the system comprising:
-
a gateway application executing on the digital processor for setting access privileges to the resource for a cluster of users of the wireless local area networks wherein the cluster is indicative of the user'"'"'s role in an organization and the access privileges represent data access rights of members of the cluster to the resource; and a communications interface coupled with the digital processor for receiving a request from a device controlled by the user to access the resource over the wireless local area network, the user having a membership in the cluster, and the request including a user identifier for the user and a device identifier for the device making the request, the gateway application being responsive to the user identifier and the device identifier in the received request and; (i) locating session context information based on the device identifier, the session context information having been associated with the device identifier during a previous wireless session; (ii) locating access privileges based on the device identifier, the user identifier, and the cluster; and (iii) using the located access privileges and data contained in the session context information to authorize a current session between the device and the resource.
-
-
3. A computer program product that includes a computer usable medium having computer program instructions stored thereon for authorizing access by a user to a resource over a wireless local area network, such that the computer program instructions, when performed by a digital processor, cause the digital processor to:
-
set access privileges to the resource for a cluster of users of the wireless local area network, wherein the cluster is indicative of the user'"'"'s role in an organization and the access privileges represent data access rights of members of the cluster to the resource; receive a request from a device controlled by the user to access the resource over the wireless local area network, the user having a membership in the cluster, and the request including a user identifier for the user and a device identifier for the device making the request; locate, in response to the device identifier, session context information associated with the device identifier during a previous wireless session; locate, in response to the user identifier and the device identifier in the received request, access privileges based on the device identifier, the user identifier, and the cluster; and use the located access privileges and data contained in the session context information to authorize a current session between the device and the resource.
-
-
4. A method for managing context information for a wireless local area network, comprising the steps of:
-
receiving a request to access the resource over the wireless local area network, the request including a device identifier for a device making the request; locating, in response to the received request, session context information associated with the device identifier, the session context information having been assigned to the device during a previous wireless session between the device and the resource and including access privileges associated with a cluster of users, wherein the cluster is indicative of the users'"'"'role in an organization and the access privileges represent data access rights of members of the cluster to the resource; and providing the session context information to the device, thereby facilitating authentication of a current session between the device and the resource, based at least in part on the session context information and the access privileges. - View Dependent Claims (5, 6, 7, 8, 9, 10)
-
-
11. A system comprising a digital processor for managing context information for a wireless local area network, the system comprising:
-
a communications interface coupled with the digital processor for receiving a request to access the resource over the wireless local area network, the request including a device identifier for a device making the request; and a gateway application executing on the digital processor, in response to the received request, the gateway application locating session context information associated with the device identifier, the session context information associated with a previous wireless session between the device and the resource and including access privileges associated with a cluster of users, wherein the cluster is indicative of the users'"'"'role in an organization and the access privileges represent data access rights of members of the cluster to the resource, and providing the session context information and access privileges to authorize a current session between the device and the resource based thereon. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A computer program product that includes a computer usable medium having computer program instructions stored thereon for managing context information for a wireless local area network, such that the computer program instructions, when performed by a digital processor, cause the digital processor to:
-
receive a request to access the resource over the wireless local area network, the request including a device identifier for a device making the request; locate, in response to the received request, session context information associated with the device identifier, the session context information associated with a previous wireless session between the device and the resource and including access privileges associated with a cluster of users, wherein the cluster is indicative of the users'"'"'role in an organization and the access privileges represent data access rights of members of the cluster to the resource; and initiating a current session between the device and the resource based at least in part on the session context information and the access privileges.
-
Specification