公开(公告)号：US20070076671A1

公开(公告)日：2007-04-05

申请号：US11240002

申请日：2005-09-30

Applicant: Nancy Winget ,  Rajneesh Kumar

Inventor： Nancy Winget ,  Rajneesh Kumar

IPC: H04Q7/24

CPC classification number: H04W28/26 ,  H04L63/08 ,  H04L63/0892 ,  H04L63/10 ,  H04L67/1002 ,  H04L67/1008 ,  H04W12/0602 ,  H04W12/08 ,  H04W36/0016

Abstract: A method and system for network infrastructure driven context setup to facilitate roaming for a client coupled to the network. The method includes generating an optimized list of the client's neighbors. The list is suitably generated either statically or dynamically based on any number of parameters managed by the network element to ensure an optimal set of AP candidates are provided. At least one access point is selected from the optimized list. A pre-allocation of resources is initiated with the at least one access point prior to the client roaming

Abstract translation: 一种用于网络基础设施驱动的上下文设置的方法和系统，以便于耦合到网络的客户端的漫游。 该方法包括生成客户端邻居的优化列表。 基于由网络元件管理的任何数量的参数来静态地或动态地适当地生成列表，以确保提供AP候选的最佳集合。 从优化列表中选择至少一个接入点。 在客户端漫游之前，利用至少一个接入点发起资源的预先分配

公开(公告)号：US20050086481A1

公开(公告)日：2005-04-21

申请号：US10686205

申请日：2003-10-15

Applicant: Nancy Winget

Inventor： Nancy Winget

IPC: H04L29/06 ,  H04L9/00

CPC classification number: H04L63/062 ,  H04L63/0428 ,  H04L63/065 ,  H04L63/104 ,  H04L63/123 ,  H04W12/0013 ,  H04W12/10

Abstract: A method for transmitting multicast messages where a group key is generated for signing the multicast message transmitted on a network. Next, the system establishes a group key name corresponding to the group key. Once the group key name is established, the data packet is transmitted together with the group key name, the group key and the multicast message. Upon receipt, the recipient validates the group key name in the received data packet by comparing the received group key name to a group key name table in order to determine the intended group recipients.

Abstract translation: 一种用于发送组播消息的方法，其中生成用于对在网络上发送的多播消息进行签名的组密钥。 接下来，系统建立与组密钥对应的组密钥名称。 组密钥名称建立后，数据包与组密钥名称，组密钥和组播消息一起发送。 收到后，接收者通过将接收到的组密钥名称与组密钥名称表进行比较来验证接收到的数据包中的组密钥名称，以便确定预期的组接收者。

公开(公告)号：US20050143065A1

公开(公告)日：2005-06-30

申请号：US11060923

申请日：2005-02-18

Applicant: Arnavkumar Pathan ,  Patrick Leung ,  John Wakerly ,  Nancy Winget ,  Robert Meier

Inventor： Arnavkumar Pathan ,  Patrick Leung ,  John Wakerly ,  Nancy Winget ,  Robert Meier

IPC: H04L12/28 ,  H04L29/06 ,  H04W12/06 ,  H04Q7/20

CPC classification number: H04W12/06 ,  H04L9/0891 ,  H04L9/3273 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0869 ,  H04L63/162 ,  H04L63/20 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/04 ,  H04W36/0038

Abstract: The present invention communication network system and method facilitates authentication and registration in a communication network as mobile nodes move from one geographical region to another. Multiple wireless domain services (WDSs) share client authentication information permitting relatively seamless roaming between subnets with minimal interruptions and delays. In one embodiment, a wireless domain service network communication method is performed utilizing partial authentication processes. A mobile node engages in an authentication protocol with a first wireless domain service (WDS) access point in a first subnet. The authentication credentials are forwarded to a second wireless domain service in a second subnet if the authentication protocol is successfully completed. The forwarded authentication credentials are utilized to authenticate the client entering the service area of the second wireless domain service in the second subnet. The authentication credentials can be “pushed” or “pulled” from the first wireless domain service to the second wireless domain service.

Abstract translation: 本发明的通信网络系统和方法随着移动节点从一个地理区域移动到另一个地理区域，便于通信网络中的认证和注册。 多个无线域服务（WDS）共享客户端认证信息，允许在最小的中断和延迟之间在子网之间进行相对无缝漫游。 在一个实施例中，使用部分认证过程来执行无线域服务网络通信方法。 移动节点与第一子网中的第一无线域服务（WDS）接入点进行认证协议。 如果认证协议成功完成，认证凭证将被转发到第二个子网中的第二个无线域服务。 转发的认证证书用于对进入第二子网中的第二无线域服务的服务区的客户端进行认证。 认证凭证可以从第一无线域服务“推”或“拉”到第二无线域服务。

公开(公告)号：US20050120213A1

公开(公告)日：2005-06-02

申请号：US10724995

申请日：2003-12-01

Applicant: Nancy Winget ,  Hao Zhou ,  Mark Krischer ,  Joseph Salowey ,  Jeremy Stieglitz ,  Saar Gillai ,  Padmanabha Jakkahalli

Inventor： Nancy Winget ,  Hao Zhou ,  Mark Krischer ,  Joseph Salowey ,  Jeremy Stieglitz ,  Saar Gillai ,  Padmanabha Jakkahalli

IPC: H04L29/06 ,  H04L9/00

CPC classification number: H04L63/08 ,  H04L9/0838 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/0869 ,  H04L63/1458 ,  H04W12/0023 ,  H04W12/02 ,  H04W12/08 ,  H04W12/12

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

Abstract translation: 提供了用于通过网络（例如，IEEE 802.11）保护通信的系统架构和相应的方法。 根据一个实施例，本系统和方法协议可以被适当地配置为通过使用共享秘密来建立用于保护较弱认证方法（例如，用户名和密码）的隧道来实现相互认证。 在本实施例中被称为受保护的访问凭证的共享秘密可以有利地用于在保护用于经由网络进行通信的隧道的相互认证服务器和对等体之间。 在本文中公开和要求保护的本系统和方法在其一个方面包括以下步骤：1）提供第一方和第二方之间的通信实现; 2）在第一方和第二方之间提供安全证书; 以及3）使用安全证书在第一方和第二方之间建立安全隧道。

公开(公告)号：US20050086465A1

公开(公告)日：2005-04-21

申请号：US10687075

申请日：2003-10-16

Applicant: Bhawani Sapkota ,  Nancy Winget

Inventor： Bhawani Sapkota ,  Nancy Winget

IPC: H04L12/24 ,  H04L12/28 ,  H04L12/56 ,  H04L29/06 ,  H04L9/00

CPC classification number: H04L63/126 ,  H04L41/00 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04W12/06 ,  H04W12/10 ,  H04W12/12 ,  H04W84/12

Abstract: System architecture and corresponding method for securing the transmission of management frame packets on a network (e.g. IEEE 802.11) is provided. Once a trust relationship is created between a transmitter and a receiver on the network such that the transmitter is authorized to communicate over the network, a key and corresponding message integrity check may be generated in order to sign management frame communications via the network. The message integrity check and a replay protection value may be transmitted with the management frame packet. Upon receipt, the message integrity check and replay protection value are authenticated to verify permitted transmission of the management frame packet.

Abstract translation: 提供了用于保护网络上的管理帧分组的传输的系统架构和相应方法（例如，IEEE 802.11）。 一旦在网络上的发射机和接收机之间建立了信任关系，使得发射机被授权通过网络通信，则可以生成密钥和对应的消息完整性检查，以便通过网络对管理帧通信进行签名。 消息完整性检查和重放保护值可以与管理帧分组一起发送。 接收到消息完整性检查和重放保护值后，验证管理帧包的允许传输。

公开(公告)号：US20050060319A1

公开(公告)日：2005-03-17

申请号：US10957394

申请日：2004-10-01

Applicant: Bretton Douglas ,  Arnold Bilstad ,  Timothy Olson ,  David Stephenson ,  Sheausong Yang ,  Nancy Winget ,  Stuart Norman ,  Robert Meier ,  Douglas Smith

Inventor： Bretton Douglas ,  Arnold Bilstad ,  Timothy Olson ,  David Stephenson ,  Sheausong Yang ,  Nancy Winget ,  Stuart Norman ,  Robert Meier ,  Douglas Smith

IPC: H04L12/28 ,  H04L12/46 ,  H04W16/22 ,  G06F7/00

CPC classification number: H04W24/00 ,  H04W8/00

Abstract: A technique for network planning that includes an interface for guiding a network user through the network allocation process, such as defining groups of clients based on their capabilities. Portions of the wireless local area network infrastructure, e.g., access points, are allocated among the groups. When a client attempts to associate with an access point, the access point determines the client capabilities. If the client is supported by the access point, the access point allows the client to associate and sends the client a message that contains a prioritized list of other nearby access points allocated to service that client, otherwise the access point sends a prioritized roaming list of nearby access points to the client that are allocated to serve that type of client. Feedback is provided by the network infrastructure enabling a network user or the network to automatically reallocate resources based on the feedback.

Abstract translation: 一种用于网络规划的技术，其包括用于通过网络分配过程来引导网络用户的接口，诸如基于其能力来定义客户端组。 在组之间分配无线局域网基础设施的部分，例如接入点。 当客户端尝试与接入点关联时，接入点确定客户端功能。 如果客户端被接入点支持，则接入点允许客户端将客户端关联并发送包含分配给该客户端的其他附近接入点的优先列表的消息，否则该接入点发送优先化的漫游列表 分配给客户端的客户端的附近接入点。 反馈由网络基础设施提供，使网络用户或网络能够根据反馈自动重新分配资源。

公开(公告)号：US20060200862A1

公开(公告)日：2006-09-07

申请号：US11073317

申请日：2005-03-03

Applicant: Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Nancy Winget ,  Pejman Roshan

Inventor： Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Nancy Winget ,  Pejman Roshan

IPC: G06F12/14

CPC classification number: H04W12/12 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/1466 ,  H04W48/08 ,  H04W48/16 ,  H04W88/08

Abstract: Methods and apparatus are disclosed for locating and disabling the switch port of a rogue wireless access point. In one embodiment, a network management device is configured to detect the presence of a rogue access point on a managed wireless network. Once detected, the management device may then instruct a special client, such as a scanning AP, to associate with the rogue access point and send a discovery packet through the rogue access point to network management device. The network management device upon receiving the discovery packet may thereby determine that the rogue access point is connected to a network managed by said network device. The network device may then utilize information contained in the discovery packet to locate the switch port to which the rogue access point is connected, and ultimately disable the switch port to which the rogue access point is connected.

Abstract translation: 公开了用于定位和禁用流氓无线接入点的交换机端口的方法和装置。 在一个实施例中，网络管理设备被配置为检测被管理无线网络上的恶意接入点的存在。 一旦检测到，管理设备然后可以指示诸如扫描AP的特殊客户端与流氓接入点关联，并通过流氓接入点将发现分组发送到网络管理设备。 因此，网络管理装置在接收到发现分组时可以确定恶意接入点连接到由所述网络设备管理的网络。 然后，网络设备可以利用包含在发现分组中的信息来定位与恶意接入点连接的交换机端口，并且最终禁用与恶意接入点连接的交换机端口。

公开(公告)号：US20050220054A1

公开(公告)日：2005-10-06

申请号：US11121633

申请日：2005-05-04

Applicant: Robert Meier ,  Richard Rebo ,  Victor Griswold ,  Douglas Smith ,  Nancy Winget

Inventor： Robert Meier ,  Richard Rebo ,  Victor Griswold ,  Douglas Smith ,  Nancy Winget

IPC: H04L12/28 ,  H04L29/06 ,  H04W12/06 ,  H04W36/00 ,  H04Q7/00

CPC classification number: H04W12/06 ,  G06Q20/3674 ,  H04L9/0836 ,  H04L9/0891 ,  H04L63/06 ,  H04L63/08 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/04 ,  H04W84/12 ,  Y10S707/99945 ,  Y10S707/99948

Abstract: A Wireless LAN Context Control Protocol (WLCCP) is used to establish and manage a wireless network topology and securely manages the “operational context” for mobile stations in a campus network. The WLCCP registration protocol can automatically create and delete links in the network, securely distribute operational context, and reliably establish Layer 2 forwarding paths on wireless links. A single infrastructure node is established as the central control point for each subnet, and enables APs and MNs to select the parent node that provides the “least-cost path” to a backbone LAN. Context messages provide a general-purpose transport for context and management information. WLCCP “Trace” messages facilitate network diagnostic tools. Ethernet or UDP/IP encapsulation can be used for WLCCP messages. Ethernet encapsulation is employed for intra-subnet (e.g. AP-to-AP or AP-to-SCM) WLCCP messages. IP encapsulation is used for inter-subnet WLCCP messages and may also be used for intra-subnet WLCCP messages.

Abstract translation: 无线LAN上下文控制协议（WLCCP）用于建立和管理无线网络拓扑，并安全管理校园网中移动台的“运行环境”。 WLCCP注册协议可以自动创建和删除网络中的链路，安全地分发运行环境，并可靠地建立无线链路上的二层转发路径。 建立单个基础架构节点作为每个子网的中央控制点，并使AP和MN能够选择向骨干局域网提供“最低成本路径”的父节点。 上下文消息为上下文和管理信息提供通用传输。 WLCCP“跟踪”消息便于网络诊断工具。 以太网或UDP / IP封装可用于WLCCP消息。 以太网封装被用于子网内（例如AP到AP或AP到SCM）WLCCP消息。 IP封装用于子网间WLCCP消息，也可用于子网内WLCCP消息。

公开(公告)号：US20050097362A1

公开(公告)日：2005-05-05

申请号：US10702167

申请日：2003-11-05

Applicant: Nancy Winget ,  Mark Krischer ,  Ilan Frenkel ,  Hao Zhou

Inventor： Nancy Winget ,  Mark Krischer ,  Ilan Frenkel ,  Hao Zhou

IPC: H04L9/00 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L63/0442 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/162 ,  H04L63/166

Abstract: A method and implementation is disclosed for secure communication between two or more parties. A secure tunnel is established between parties using an encryption algorithm. An authentication process is performed between parties over the secured tunnel. The provisioning of credentials is thereafter performed between parties.

Abstract translation: 公开了一种用于两个或多个方之间的安全通信的方法和实现。 使用加密算法在各方之间建立安全通道。 在安全隧道之间的各方之间执行认证过程。 之后在各方之间执行凭证的提供。

公开(公告)号：US07370362B2

公开(公告)日：2008-05-06

申请号：US11073317

申请日：2005-03-03

Applicant: Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Nancy Winget ,  Pejman Roshan

Inventor： Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Nancy Winget ,  Pejman Roshan

IPC: G06F11/00 ,  G06F12/16

CPC classification number: H04W12/12 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/1466 ,  H04W48/08 ,  H04W48/16 ,  H04W88/08

Abstract: Methods and apparatus are disclosed for locating and disabling the switch port of a rogue wireless access point. In one embodiment, a network management device is configured to detect the presence of a rogue access point on a managed wireless network. Once detected, the management device may then instruct a special client, such as a scanning AP, to associate with the rogue access point and send a discovery packet through the rogue access point to network management device. The network management device upon receiving the discovery packet may thereby determine that the rogue access point is connected to a network managed by said network device. The network device may then utilize information contained in the discovery packet to locate the switch port to which the rogue access point is connected, and ultimately disable the switch port to which the rogue access point is connected.

Abstract translation: 公开了用于定位和禁用流氓无线接入点的交换机端口的方法和装置。 在一个实施例中，网络管理设备被配置为检测被管理无线网络上的恶意接入点的存在。 一旦检测到，管理设备然后可以指示诸如扫描AP的特殊客户端与流氓接入点关联，并通过流氓接入点将发现分组发送到网络管理设备。 因此，网络管理装置在接收到发现分组时可以确定恶意接入点连接到由所述网络设备管理的网络。 然后，网络设备可以利用包含在发现分组中的信息来定位与恶意接入点连接的交换机端口，并且最终禁用与恶意接入点连接的交换机端口。