Claims
- 1. A method for authenticating a client by a first access point, the steps comprising:
associating a client; receiving a deregistration notice from a second access point when the client associates with the second access point; and authenticating the first access point by the second access point; wherein a secure, mutually authenticated communications channel is established between the first access point and the second access point.
- 2. The method of claim 1 wherein the associating step further comprises authenticating the client by the first access point with an authentication server.
- 3. The method of claim 2 wherein the authentication server is a Remote Authentication Dial-In User Server.
- 4. The method of claim 1, the steps further comprising adding the second access point to a Roaming Neighborhood Table.
- 5. The method of claim 1, wherein the authenticating step is initiated by the first access point.
- 6. The method of claim 1, wherein the authenticating step further comprises using an authentication server to mutually authenticate the first access point and the second access point with each other.
- 7. The method of claim 1, the steps further comprising:
associating a second client with the first access point; and forwarding the second client's authentication context information to the second access point.
- 8. The method of claim 7, wherein the authentication context information comprises a session key and a session identifier.
- 9. The method of claim 1, the steps further comprising
receiving context information from a second access point for a second client; receiving an association request from the second client; and presenting reauthentication protocol to the second client.
- 10. The method of claim 9 wherein the reauthentication protocol is a Lightweight Extensible Authentication Protocol reauthentication protocol.
- 11. A method for authenticating a client by an access point, the steps comprising:
receiving an association request from the client; sending a multicast deregistration notice; authenticating the client; receiving an authentication request from a second access point; and authenticating the second access point.
- 12. The method of claim 11 wherein the authenticating the client step uses an authentication server.
- 13. The method of claim 12 wherein the authenticating the second access point uses the authentication server.
- 14. The method of claim 13 wherein the authentication server is a Remote Authentication Dial-In User Server.
- 15. The method of claim 1, the steps further comprising adding the second access point to a Roaming Neighborhood Table.
- 16. The method of claim 11, the steps further comprising:
associating a second client with the access point; and forwarding the second client's authentication context information to the second access point.
- 17. The method of claim 16, wherein the authentication context information comprises a session key and a session identifier.
- 18. The method of claim 11, the steps further comprising
receiving context information from a second access point for a second client; receiving an association request from the second client; and presenting reauthentication protocol to the second client.
- 19. The method of claim 18 wherein the reauthentication protocol is a Lightweight Extensible Authentication Protocol reauthentication protocol.
- 20. The method of claim 1 wherein the client having an accounting session, the steps further comprising:
closing the client's accounting session by the first access point upon receiving the deregistration notice from the second access point; and initiating a new accounting session for the client.
- 21. The method of claim 20, the steps further comprising requesting an early renew reauthentication for the client.
- 22. The method of claim 21 wherein the requesting step is performed concurrently with the initiating step.
- 23. The method of claim 1, wherein the client having a current accounting session comprising current accounting records, the steps further comprising transferring the accounting records from the first access point to the second access point.
- 24 A method for authenticating clients to access points of a network, the steps comprising:
associating a client to a first access point, the client authenticated by the first access point via an authentication server; associating the client to a second access point, the second access point sending a multicast deregistration notice and authenticating the client via an authentication server; and the first access point initiating an authentication with the second access point after the first access point receives the multicast deregistration notice; wherein a secure, mutually authenticated communications channel is established between the first access point and the second access point.
- 25 The method of claim 24 wherein the authentication server is a Remote Authentication Dial-In User Server.
- 26 The method of claim 24 the steps further comprising adding the second access point to a Roaming Neighborhood Table by the first access point.
- 27. The method of claim 24, the steps further comprising:
associating a second client with the first access point; and forwarding the second client's authentication context information to the second access point.
- 28. The method of claim 27, wherein the authentication context information comprises a session key and a session identifier.
- 29. The method of claim 27, the steps further comprising
roaming by the client from the first access point to the second access point; receiving an association request from the second client by the second access point; and presenting reauthentication protocol to the second client by the second access point.
- 30. The method of claim 29 wherein the reauthentication protocol is a Lightweight Extensible Authentication Protocol reauthentication protocol.
- 31. The method of claim 24 wherein the client having an accounting session, the steps further comprising:
closing the client's accounting session by the first access point upon receiving the deregistration notice from the second access point; and initiating a new accounting session for the client.
- 32. The method of claim 31, the steps further comprising requesting an early renew reauthentication for the client.
- 33. The method of claim 32 wherein the requesting step is performed concurrently with the initiating step.
- 34. The method of claim 24, wherein the client having current accounting session comprising accounting records, the steps further comprising transferring the accounting records from the first access point to the second access point.
- 35. A computer-readable medium of instructions, comprising:
means for associating a client; means for receiving a deregistration notice from a second access point when the client associates with the second access point; and means for authenticating a first access point by the second access point; wherein a secure, mutually authenticated communications channel is established between the first access point and the second access point.
- 36. The computer-readable medium of instructions of claim 35 wherein the means for associating further comprises means for authenticating the client by the first access point with an authentication server.
- 37. The computer-readable medium of instructions of claim 35 wherein the authentication server is a Remote Authentication Dial-In User Server.
- 38. The computer-readable medium of instructions of claim 35, further comprising means for adding the second access point to a Roaming Neighborhood Table.
- 39. The computer-readable medium of instructions of claim 35, wherein the means for authenticating of the first access point initiates an authentication process.
- 40. The computer-readable medium of instructions of claim 35, the authenticating means further comprises using an authentication server to mutually authenticate the first access point and the second access point with each other.
- 41. The computer-readable medium of instructions of claim 40, further comprising:
means for associating a second client with the first access point; and means for forwarding the second client's authentication context information to the second access point.
- 42. The computer-readable medium of instructions of claim 41, wherein the authentication context information comprises a session key and a session identifier.
- 43. The computer-readable medium of instructions of claim 35, further comprising
means for receiving context information from a second access point for a second client; means for receiving an association request from the second client; and means for presenting a reauthentication protocol to the second client.
- 44. The computer-readable medium of instructions of claim 43 wherein the reauthentication protocol is a Lightweight Extensible Authentication Protocol reauthentication protocol.
- 45. A computer-readable medium of instructions, comprising:
means for receiving an association request from a client; means for sending a multicast deregistration notice; means for authenticating the client; means for receiving an authentication request from a second access point; and means for authenticating the second access point.
- 46. The computer-readable medium of instructions of claim 45 wherein the means for authenticating uses an authentication server.
- 47. The computer-readable medium of instructions of claim 46 wherein the means for authenticating the second access point uses the authentication server.
- 48. The computer-readable medium of instructions of claim 47 wherein the authentication server is a Remote Authentication Dial-In User Server.
- 49. The computer-readable medium of instructions of claim 45, further comprising means for adding the second access point to a Roaming Neighborhood Table.
- 50. The computer-readable medium of instructions of claim 45, further comprising:
means for associating a second client; and means for forwarding the second client's authentication context information to the second access point.
- 51. The computer-readable medium of instructions of claim 50, wherein the authentication context information comprises a session key and a session identifier.
- 52. The computer-readable medium of instructions of claim 45, further comprising:
means for receiving context information from the second access point for a second client; means for receiving an association request from the second client; and means for presenting a reauthentication protocol to the second client.
- 53. The computer-readable medium of instructions of claim 52 wherein the reauthentication protocol is a Lightweight Extensible Authentication Protocol reauthentication protocol.
- 54. The computer-readable medium of instructions of claim 35 wherein the client having an accounting session, further comprising:
means for closing the client's accounting session by the first access point upon receiving the deregistration notice from the second access point; and means for initiating a new accounting session for the client.
- 55. The computer-readable medium of instructions of claim 54, further comprising means for requesting an early renew reauthentication for the client.
- 56. The computer-readable medium of instructions of claim 54 wherein the means for requesting an early renew reauthentication operates concurrently with the means for initiating a new accounting session.
- 57. The computer-readable medium of instructions of claim 35, wherein the client having a current accounting session comprising current accounting records, further comprising means for transferring the accounting records from the first access point to the second access point.
- 58. A computer-readable medium of instructions, comprising:
means for associating a client to a first access point, the client authenticated by the first access point via an authentication server; means for associating the client to a second access point, the second access point sending a multicast deregistration notice and authenticating the client via an authentication server; and means for the first access point initiating an authentication with the second access point after the first access point receives the multicast deregistration notice; wherein a secure, mutually authenticated communications channel is established between the first access point and the second access point.
- 59. The computer-readable medium of instructions of claim 58 wherein the authentication server is a Remote Authentication Dial-In User Server.
- 60. The computer-readable medium of instructions of claim 58 further comprising means for adding the second access point to a Roaming Neighborhood Table by the first access point.
- 61. The computer-readable medium of instructions of claim 58, further comprising:
means for associating a second client with the first access point; and means for forwarding the second client's authentication context information to the second access point.
- 62. The computer-readable medium of instructions of claim 61, wherein the authentication context information comprises a session key and a session identifier.
- 63. The computer-readable medium of instructions of claim 61, further comprising:
means for roaming by the client from the first access point to the second access point; means for receiving an association request from the second client by the second access point; and means for presenting reauthentication protocol to the second client by the second access point.
- 64. The computer-readable medium of instructions of claim 63 wherein the reauthentication protocol is a Lightweight Extensible Authentication Protocol reauthentication protocol.
- 65. The computer-readable medium of instructions of claim 58 wherein the client having an accounting session, further comprising:
means for closing the client's accounting session by the first access point upon receiving the deregistration notice from the second access point; and means for initiating a new accounting session for the client.
- 66. The computer-readable medium of instructions of claim 65, further comprising means for requesting an early renew reauthentication for the client.
- 67. The computer-readable medium of instructions of claim 66 wherein the means for requesting an early renew reauthentication operates concurrently with the means for initiating a new accounting session.
- 68. The computer-readable medium of instructions of claim 58, wherein the client having current accounting session comprising accounting records, further comprising means for transferring the accounting records from the first access point to the second access point.
- 69. An access point, comprising:
means for associating a client; means for receiving a deregistration notice from a second access point when the client associates with the second access point; and means for authenticating a first access point by the second access point; wherein a secure, mutually authenticated communications channel is established between the first access point and the second access point.
- 70. The access point of claim 69 wherein the means for associating further comprises means for authenticating the client by the first access point with an authentication server.
- 71. The access point of claim 69 wherein the authentication server is a Remote Authentication Dial-In User Server.
- 72. The access point of claim 69, further comprising means for adding the second access point to a Roaming Neighborhood Table.
- 73. The access point of claim 69, wherein the means for authenticating of the first access point initiates an authentication process.
- 74. The access point of claim 69, the authenticating means further comprises using an authentication server to mutually authenticate the first access point and the second access point with each other.
- 75. The access point of claim 74, further comprising:
means for associating a second client; and means for forwarding the second client's authentication context information to the second access point.
- 76. The access point of claim 75, wherein the authentication context information comprises a session key and a session identifier.
- 77. The access point of claim 69, further comprising
means for receiving context information from a second access point for a second client; means for receiving an association request from the second client; and means for presenting a reauthentication protocol to the second client.
- 78. The access point of claim 77 wherein the reauthentication protocol is a Lightweight Extensible Authentication Protocol reauthentication protocol.
- 79. An access point, comprising:
means for receiving an association request from a client; means for sending a multicast deregistration notice; means for authenticating the client; means for receiving an authentication request from a second access point; and means for authenticating the second access point.
- 80. The access point of claim 79 wherein the means for authenticating uses an authentication server.
- 81. The access point of claim 80 wherein the means for authenticating the second access point uses the authentication server.
- 82. The access point of claim 81 wherein the authentication server is a Remote Authentication Dial-In User Server.
- 83. The access point of claim 79, further comprising means for adding the second access point to a Roaming Neighborhood Table.
- 84. The access point of claim 79, further comprising:
means for associating a second client with the access point; and means for forwarding the second client's authentication context information to the second access point.
- 85. The access point of claim 84, wherein the authentication context information comprises a session key and a session identifier.
- 86. The access point of claim 79, further comprising:
means for receiving context information from a second access point for a second client; means for receiving an association request from the second client; and means for presenting reauthentication protocol to the second client.
- 87. The access point of claim 86 wherein the reauthentication protocol is a Lightweight Extensible Authentication Protocol reauthentication protocol.
- 88. The access point of claim 69 wherein the client having an accounting session, further comprising:
means for closing the client's accounting session by the first access point upon receiving the deregistration notice from the second access point; and means for initiating a new accounting session for the client.
- 89. The access point of claim 88, further comprising means for requesting an early renew reauthentication for the client.
- 90. The access point of claim 89 wherein the means for requesting an early renew reauthentication operates concurrently with the means for initiating a new accounting session.
- 91. The access point of claim 69, wherein the client having a current accounting session comprising current accounting records, further comprising means for transferring the accounting records from the first access point to the second access point.
- 92. A access point, comprising:
means for associating a client to a first access point, the client authenticated by the first access point via an authentication server; means for associating the client to a second access point, the second access point sending a multicast deregistration notice and authenticating the client via an authentication server; and means for the first access point initiating an authentication with the second access point after the first access point receives the multicast deregistration notice; wherein a secure, mutually authenticated communications channel is established between the first access point and the second access point.
- 93. The access point of claim 92 wherein the authentication server is a Remote Authentication Dial-In User Server.
- 94. The access point of claim 92 further comprising means for adding the second access point to a Roaming Neighborhood Table by the first access point.
- 95. The access point of claim 92, further comprising:
means for associating a second client with the first access point; and means for forwarding the second client's authentication context information to the second access point.
- 96. The access point of claim 95, wherein the authentication context information comprises a session key and a session identifier.
- 97. The access point of claim 95, further comprising:
means for roaming by the client from the first access point to the second access point; means for receiving an association request from the second client by the second access point; and means for presenting reauthentication protocol to the second client by the second access point.
- 98. The access point of claim 97 wherein the reauthentication protocol is a Lightweight Extensible Authentication Protocol reauthentication protocol.
- 99. The access point of claim 92 wherein the client having an accounting session, further comprising:
means for closing the client's accounting session by the first access point upon receiving the deregistration notice from the second access point; and means for initiating a new accounting session for the client.
- 100. The access point of claim 99, further comprising means for requesting an early renew reauthentication for the client.
- 101. The access point of claim 100 wherein the means for requesting an early renew reauthentication operates concurrently with the means for initiating a new accounting session.
- 102. The access point of claim 92, wherein the client having current accounting session comprising accounting records, further comprising means for transferring the accounting records from the first access point to the second access point.
- 103. An access point, comprising:
a wireless communication system; a second communication system for communicating with a second access point and an authentication server; and computer readable instructions stored on a computer readable medium communicatively coupling the wireless communication system to the second communication system; wherein when a client associates with the access point via the wireless communication system, the computer readable instructions uses the second communication system to authenticate the wireless station; wherein when the client associates with the second access point, the access point receives a deregistration notice from the second access point, the computer readable instructions further comprising instructions for mutually authenticating with the second access point; and wherein a secure, mutually authenticated communications channel is established between the first access point and the second access point.
- 104. The access point of claim 103 wherein the authentication server is a Remote Authentication Dial-In User Server.
- 105. The access point of claim 103, the computer readable instructions further comprising instructions for adding the second access point to a Roaming Neighborhood Table.
- 106. The access point of claim 103, wherein when a second client associates with the second access point, the first access point receives a message via the second communication system with the second client's authentication context information.
- 107. The access point of claim 106, wherein the authentication context information comprises a session key and a session identifier.
- 108. The access point of claim 103 wherein the client having an accounting session, further comprising:
means for closing the client's accounting session by the first access point upon receiving the deregistration notice from the second access point; and means for initiating a new accounting session for the client.
- 109. The access point of claim 103 wherein the client having an accounting session further comprising further comprising means for transferring the accounting records from the first access point to the second access point.
CROSS-REFERENCE TO RELATED APPLICATIONS.
[0001] This application claims the benefit of U.S. Provisional Application No. 60/, filed Nov. 15, 2002.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60426756 |
Nov 2002 |
US |