Patent Grant
12022295
The present disclosure generally relates to configuring a wireless network. More specifically, the present disclosure relates to increasing the efficiency of setting up a wireless network by storing configuration information such that a wireless mesh network can be easily and securely expanded at any time.
Every day the use of wireless networks is expanding. Furthermore, various different vendors provide redundant wireless links that allow wireless data communications to be switched between different pieces of computer hardware as needed. Communications may initially be passed via a first wireless access point and those communications may switch to being passed via a second wireless access point when the first wireless access point fails or when that first wireless access point becomes heavily loaded. In other instances, communications may be switched from the first to the second wireless access point when a mobile device is moved from one place to another. Wireless mesh networks predominantly use communications consistent with one of the 802.11 (or “Wi-Fi”) wireless communication standards. Because of this, 802.11 communication channels are a preferred type of communication channel used in wireless mesh networks.
Today, a number of wireless access points or nodes in a wireless network may vary significantly. For example, a first wireless network may include two wireless access points and a second wireless network may include dozens of wireless access points. Wireless networks configured to switch communication traffic between different wireless access points are commonly referred to as wireless mesh networks, where individual access points may be referred to as mesh nodes, mesh points, or mesh portals. The ability for switching communication traffic allows hubs, routers, or switches included in conventional wired networks to be bypassed as each individual mesh node may perform functions consistent with a legacy hub, router, or switch.
Processes for setting up and configuring a wireless mesh network are often time consuming, inefficient, error prone, insecure, or are not scale-able. In certain instances, once a wireless mesh network is setup, adding additional wireless access points to that network may not be possible, in other instances adding additional wireless access points may require an administrator to manually configure new mesh nodes using tedious processes. One process for setting up wireless access points relies on initially connecting a network cable (such as an Ethernet cable) to each respective access point as each of those respective access points are configured in a serial fashion. Such a serial setup methodology does not scale well as the setting up of 10 mesh nodes takes 10 times longer than setting up a single mesh node.
A second process that may be employed to setup wireless mesh networks is to configure a fixed number of wireless access points when those access points are manufactured. Once this fixed number of access points are factory configured to securely communicate with each other, they can be installed and operate in a configuration that may not be expandable. While this second process has the advantage of easy secure installation, it suffers with scale-ability limitations. As such, this second configuration process may be appropriate for smaller mesh networks where there may be no need for the size of that mesh network to increase over time.
A third process that may be used to setup a wireless mesh network is by using non-secure wireless data communications to initially configure wireless access points. While this third process may provide the ability for a wireless mesh network to be expanded, every time a wireless access point is initially configured, data being communicated wirelessly during that configuration process may be observed or exploited by individuals with nefarious intent. This provides a window of vulnerability that exposes a network to being attacked. For example, a hacker could pretend to be a new access point or could pretend to be a device attempting to connect to the wireless network using information that was observed (snooped) by the hacker during the window of vulnerability.
In certain instances, vendors that provide mesh device rely on the use of onboarding service web portal to setup a wireless mesh network. Such instances may require that a user can login and manually input the access point device serial numbers to complete the registration process. This manual process is error-prone and requires users to spend a large amount of time collecting device information and entering that information into a web portal one by one. This is a lengthy process that is very tedious, especially when a large wireless network is configured. In other instances, other products may be installed using a batch processing solution that may help reduce manual effort to some extent, yet even such batch processing methods still require a person to enter data manually as part of the configuration process. An example of a batch process is where a user enters data into an Excel spreadsheet that is later used with a software program that accesses the spreadsheet during the network setup process. Such batch processing techniques, however still requires error-prone manual data entry and additional effort may be required to maintain the excel spreadsheet over time.
Since, current wireless access points are not designed to easily be installed, provisioned with software, or configured in a secure way, what are needed are new ways of securely installing, provisioning, and configuring wireless access points and other devices that communicate with a wireless mesh network. What are also needed are improved ways for registering and storing wireless mesh node configuration information such that new mesh nodes can be added to an existing wireless mesh network in ways that are secure, that do not require manual data entry, and that save time as compared to other methods that are commonly used to setup or configure mesh nodes in a wireless mesh network.
The presently claimed invention relates to a method, a non-transitory computer readable storage medium, and a system executing functions consistent with the present disclosure that streamline the creation and expansion of a wireless mesh network. A method consistent with the present disclosure may establish a secure communication session between a computing device and a computer via a first type of communication channel, may send validation information to the computing device via a second type of communication channel, and may receive the validation information from the computing via the first type of communication channel. Next a session token may be sent to the computing device when the received validation information matches the validation information sent to the computer device, registration information may then be received from the computing device that identifies mesh nodes to associate with a customer license. After the sent validation information is identified as matching the received validation information, the identified mesh nodes may be allowed to send wireless communications over a wireless mesh network associated with the customer license based on at least a portion of the received registration information being consistent with stored data.
When the presently claimed method is implemented as a non-transitory computer readable storage medium a processor may execute instructions out of a memory to perform functions consistent with the present disclosure. Here again the method may establish a secure communication session between a computing device and a computer via a first type of communication channel, may send validation information to the computing device via a second type of communication channel, and may receive the validation information from the computing via the first type of communication channel. Next a session token may be sent to the computing device when the received validation information matches the validation information sent to the computer device, registration information may then be received from the computing device that identifies mesh nodes to associate with a customer license. After the sent validation information is identified as matching the received validation information, the identified mesh nodes may be allowed to send wireless communications over a wireless mesh network associated with the customer license based on at least a portion of the received registration information being consistent with stored data.
A system consistent with the present disclosure may include a computer that establishes a communication session with a computing device via a first type of communication channel. This computer may also send validation information to the computing device via a second type of communication channel, and may receive the validation information from the computing via the first type of communication channel. Next a session token may be sent to the computing device when the received validation information matches the validation information sent to the computer device, registration information may then be received from the computing device that identifies mesh nodes to associate with a customer license. After the sent validation information is identified as matching the received validation information, the identified mesh nodes may be allowed to send wireless communications over a wireless mesh network associated with the customer license based on at least a portion of the received registration information being consistent with stored data.
The present disclosure relates to securely setting up mesh networks in a manner that does not require a physical network cable being attached to a wireless mesh device and that do not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus consistent with the present disclosure may allow a user to choose which mesh nodes can join a network. These methods may allow a user to specificity a custom profile that may include rules that identify how mesh network identifiers (IDs) are used, that identify passcodes/passphrases assigned to a particular network. Methods consistent with the present disclosure may also identify types of traffic that may be passed through particular 802.11 radio channels or may identify other parameters that control how traffic is switched between devices in wireless mesh network. Dual factor verification may also be used as part of a process that allows a wireless mesh network to be setup more securely.
Methods and apparatus consistent with the present disclosure may include a computer that receives registration information and that stores that registration information in a database. This registration information may be cross-referenced with a profile associated with a network configuration, with a customer license, and with an identifier that identifies a wireless mesh network. In certain instances, a customer license identifier may be the wireless mesh network identifier. Profiles consistent with the present disclosure may include configuration preferences of a wireless mesh network and may identify software components that may be installed at particular mesh nodes according to the configuration preferences. A process that registers and configures mesh node devices to be part of a wireless mesh network is referred to in the present disclosure as an onboarding process. Such an onboarding process may store registration information and configuration information in a database at a computer in the cloud or that is accessible via the Internet. This stored information may be used to easily create or expand a wireless mesh network.
In certain instances, mesh portals consistent with the present disclosure may wirelessly communicate with a plurality of wireless mesh points and may communicate over a wired network. As such, a mesh portal may act as a gateway between wireless mesh points and a wired local area network. In such instances, a mesh portal may broadcast transmissions that include a mesh identifier (MSSID) and a cluster name that advertise the wireless network to mesh points that are configured to operate as members of a particular wireless mesh network. In other instances, a mesh point may include a cellular (e.g. 3G, 4G, LTE, or 5G) link or more than one mesh node in a mesh network may be configured to operate as a redundant mesh point that uses a wired or a wireless network connection.
The terms “access point” or “wireless access point” in the present disclosure refer to a device that may be wirelessly communicatively coupled to a computer directly with or without wireless communications passing through another wireless device. As such, the terms “access point” or “wireless access point” may refer to either a mesh portal or mesh point. The term mesh portal may relate to a wireless device that performs functions that a mesh point need not perform. Both mesh portals and mesh points may perform functions consistent with a wireless access point because both mesh portals and mesh points may act as a wireless access point that directly wirelessly communicates with a computer. The terms mesh node in the present disclosure may be used to refer to either a mesh portal or a mesh point that uses wireless communications to transmit and receive wireless computer network messages and data.
Typically the terms “firewall” or “gateway” in the present disclosure may refer to computing devices that communicate over wired network connections. In certain instances, however, a mesh node may include functionality consistent with a firewall or gateway. In certain instances, functions conventionally associated with a firewall or gateway may be performed by a mesh portal or by mesh point. In these instances, a mesh portal or a mesh point may perform functions consistent with evaluating content ratings, deep packet inspection, or may include anti-virus program code.
A mesh portal may be configured to transmit and receive data network communication traffic between two different types of computer network, for example, between a network that communicates over wires and a network that uses wireless 802.11 signals. Alternatively or additionally, a mesh portal may transmit and receive data network communication traffic between a cellular network and an 802.11 network. Mesh points, however, may be limited to receiving and transmitting network traffic wirelessly over a single type of network, for example, over an 802.11 network. While mesh portals include different functionality as compared to a mesh point, certain mesh points may be configured to assume the role of a mesh portal.
Once configured, mesh points consistent with the present disclosure may communicate using wireless 802.11 communications only, or some of these mesh points may be configurable to be promoted to assume the functionality of a wireless mesh portal. While communications in a mesh network may be sent through any number of mesh points until those communications reach a mesh portal, most mesh points may typically be located within three hops of a mesh portal. Furthermore, a number of mesh portals that communicate with a mesh point may be limited by a rule or setting. For example, a rule may limit a number of mesh portals connected to a particular mesh portal to eight or another rule may limit a number of hops to three.
The mesh point portals (140B & 150B), mesh points (140 C/D & 150 C/D) of
Computing devices connecting to a particular mesh network and mesh nodes (mesh points or mesh portals) may be setup and configured using methods that increase security by using shared secrets or that use privileged communication pathways. These shared secrets or privileged communication pathways may be difficult or impossible to observe (snoop) or hack. For example, a particular computing device may be configured to communicate with cloud management system 110 of
Processes for configuring and setting up devices in a wireless mesh network may also include two factor authentications, where secret information is sent to a user device. For example, a message that includes secret information may be sent to an email address or may be sent in the form of a text message to the user device. This secret information may then be used to secretly validate or identify that the computing device can be allowed to communicate with devices at a wireless mesh network. For example, a user device may provide a secret code that was received via a text message from a computer located at the cloud or Internet to a wireless access point. This secret information may be provided to a user device via a type of communication channel that is different from a type of communication channel that communicates other information. For example, one communication channel type may be a cellular communication channels and another type of communication channel may be a wireless 802.11 channel.
Once validated, a user device may be able to connect to a particular mesh network from anywhere. For example, a configuration at a validated user device may allow that user device to connect to the mesh network via a cellular connection when that user device is located at a location far from an 802.11 mesh network. In such an instance, the user device may communicate with other devices that are located within a zone, where these other devices may communicate via the mesh network using communications consistent with an 801.22 WI-FI communication channel.
When a mesh network is configured, communications may pass from one or more mesh nodes (mesh point or mesh portals) as those mesh nodes are provisioned with software or configured using onboarding service 130 of
Whenever mesh nodes in a mesh network are powered on (boot up) they may communicate with each other when identifying best pathways that can be used to pass network communications. In certain instances, different frequencies may be used to transmit 802.11 communications and these frequencies may be configured by one or more rules that direct certain types of communication traffic to a particular radio frequency. For example, communications that use 5 gigahertz (GHz) signals may be used to transfer network associated data and client traffic and communications that use 2.4 GHz signals may be used only for client data. Furthermore, each mesh node (mesh point or mesh portal) may be configured and provisioned according to a consistent profile according to one or more rules. Profiles for a certain mesh network may be stored in a memory associated with a user mobile device that participates in the registration and configuration of wireless mesh nodes or may be stored in a database at a server that administrates a registration or onboarding process.
Initially, program code of mobile APP 200 may prepare a message 212 to send to an onboarding service in the cloud. This communication may be passed by any communication medium known in the art, yet for convenience or in certain instances, message 212 may be sent via a wireless cellular communication link. Message 212 will typically be sent via a secure communication protocol, such as the secure hyper-text transfer protocol (HTTPS). By using a secure communication protocol, information may be securely provided to a cloud computer that executes program code consistent with onboarding service 209. In certain instances, message 212 may be passed through host 206. Alternatively, message 212 may be passed directly to the computer executing the instructions of onboarding service 209, without passing through host 206. Message 212 may include a user identifier (UID), a password, and a security key. After the login information has been sent to onboarding service 209, the computer executing the onboarding service 209 program code may include instructions that cause a unique session token to be sent to a mobile device executing instructions associated with mobile APP 200. Message 212 may be part of a process where a secure communication session is established between a computer executing onboarding service 209 and a mobile device executing program code of mobile application 200. Program code associated with onboarding service 209 may also use a two-factor authentication process to validate a user device before issuing a session token. For example, a cloud computing device may send a text message, email, or voice message that includes a code that must be provided to the cloud computer before a session token is sent to a mobile device in communication 215 of
In certain instances, BLE link 203 may be coupled to a first processor at a wireless access point that communicates with a second processor at host 206. Because of this the first processor at the wireless access point may perform tasks associated with messages or processes 218, 221, 224, 227, 230, 233, 236, 239, 245, 248, 251, 266, 269, 272, and 275 and the second processor at the wireless access point may perform tasks associated with messages or processes 218, 221, 248, 251, 269, and 272. In other instances, other low power data communication technologies may be used in when a wireless mesh network is setup. For example, a proprietary wireless communication technique may be used or a high bandwidth short distance millimeter radio wave transducers (such as transducers made by Keyssa (e.g. the “Keyssa Kiss”) or optical data transmitters/receivers/transceivers may be used.
A person configuring their wireless mesh network may then use their mobile device to scan a barcode, a quick response (QR) code, or a near field data communication (NFC) tag to obtain information associated with host 206. After the mobile user device has scanned code or tag, authentication information may be sent via short distance wireless link 203 to host 206 in communication 218 of
Host computer 206 may then broadcast advertisement messages 224 to devices within range of the low power link 203. This advertisement may be in a format consistent with a low power Bluetooth® advertisement that may include an encoded universal unit identifier (UUID) and this encrypted UUID may include an authorization code, a system status, and a serial number, for example. The authorization code of message 224 may be the same authorization code associated with communications 218 and 221. The mobile APP 200 at a mobile device may then compose a connect message 227 that is sent to host computer 203 via link 203, and a Bluetooth® connection message 230 may then be sent to the mobile device when a secure low power/Bluetooth® communication session is established between the host 206 and the mobile device. After the low power communication session has been established, mobile APP 200 may then generate request message 233 to send to the host 206 of
Host 206 may then generate message 239 that includes a machine integrity code (MIC) and the second nonce. After message 239 is generated, it may be sent to the mobile device. Next, mobile APP 200 may then extract the MIC and the second nonce from message 239 and then a processor at the mobile device may generate the pairwise temporary key using information that may include the first nonce, the second nonce, the mobile device MAC, the host MAC, the serial number, the authentication code, or other information in process 242 of
The cloud computer executing the instructions consistent with onboarding service 209 may then validate the mobile device during process 260 that may check that the user device is associated with a valid license or valid customer account. Step 260 may also validate information associated with a mesh node that includes BLE link 203 and host 206. This validation information may include a serial number of a mesh node device and an authorization code associated with the mesh node device. This validation process may include accessing a database that stores information that cross-references mesh node serial numbers with authorization codes. When a particular mesh node device is manufactured, it may be assigned a serial number and an authorization code and this information may have been stored in the database as part of a manufacturing process associated with building or packaging a mesh node device. This information may also include a model number and/or a revision number and either of these model or revision numbers may be used to identify the capabilities of a particular mesh node device.
For example, a mesh node device may be assigned a serial number of A1234ADAD221 and an authorization code of Zebra221 and this mesh node device may have been built as a model A1000Z, and mesh node devices with model A1000Z may identify a processor type or an amount of non-volatile memory built within that mesh node device. Model number information may also be used to identify whether a particular mesh node device can be used as a mesh portal, a mesh point, or both. Mesh node serial number 1234ADAD221 may be a unique number assigned to only one single mesh node device. The validation process may access the database to retrieve an authorization code associated with serial number 1234ADAD221 and the retrieved authorization code Zebra221 may be compared with information received in registration message 257 of
Alternatively, the information associated with the mobile device may be a unique number such as a serial number or MAC of the mobile device or this information may have been assigned as part of an additional registration process that associates the mobile device with a particular customer or customer license. When an additional authentication process is used to register a particular mobile device may include the mobile device downloading mobile application 200 and may include the mobile device sending information that identifies a customer (e.g. using a customer identifier or number) that the mobile device may be associated with a wireless mesh network. Information that identifies the mobile device and the customer may also be stored in the database. In such instances, license check process 260 may include associating the mesh node identified by the serial number and authentication code included in registration message 257 with the customer. As such information stored in the database may cross-reference a mobile device, with a customer identifier, with a mesh node, and with a mesh network owned by the customer identified by the customer identifier.
In certain instances, the cloud computer may store information that associates host 206 and the user device serial number (or MAC address/identifier) with a particular wireless mesh network and with a particular customer. After the mobile device, the mesh node, or both are authenticated, onboarding service 209 may then prepare a message to send to the mobile device and the cloud computer may then send a registration complete message 263 to the mobile device. After receiving the registration complete message, the mobile application 200 at the mobile device may then send an encrypted message 266 via wireless link 203. This encrypted message may include an encrypted version of the pairwise temporary key that was calculated during process 242 of
After completing this configuration process, the mobile device executing program code consistent with mobile APP 200 may securely communicate with computing devices at the Internet via one or more different mesh nodes devices included in the newly configured mesh network. Host 206 may be a mesh point or a mesh point portal like those illustrated in
Methods and apparatus consistent with the present disclosure may allow a user to choose which mesh nodes can join a network and that user may specificity a custom profile that may include rules that may identify how mesh network identifiers (IDs) are used or that identify passcodes/passphrases assigned to a particular network. These methods may identify types of traffic that may be passed through particular 802.11 radio channels, or other parameters that may control how traffic is switched between devices in a particular wireless mesh network. This combined with dual factor verification and the use of low power wireless communication channels make methods and apparatus consistent with the present disclosure easy to deploy and expand according to the wishes of users that are responsible for establishing and maintaining specific wireless mesh networks. In certain instances, mesh IDs and passcodes/passphrases may be based on a timestamp or equipment identifiers that insure that a mesh ID or other information are unique. Methods consistent with the present disclosure may receive settings or profile information via operation of a program application, like mobile APP 200 of
Once the code is acquired, user device 310 may communicate with the wireless access point when a wireless mesh network is setup, provisioned, or configured. A program application executing at user device 310 may allow user device 310 to identify a serial number and authentication code associated with the wireless access point when sending communications to that wireless access point as illustrated in communications 218, 221, 224, 227, 230, and 233 of
For example, user device 310 may have been used to configure mesh nodes at an office in San Francisco that is associated with customer A. In an instance, where a user of user device 310 travels to an office of customer A in Los Angeles, user device 310 may be identified as being authorized to access the wireless 802.11 network of customer A at their Los Angeles office. Alternatively or additionally, user device 310 could access other devices at the wireless mesh network via a cellular communication interface, when user device 310 was located away from either the San Francisco or the Los Angeles office of customer A.
During installation of a new wireless mesh network or when expanding a wireless mesh network, all nearby compatible wireless mesh devices may be identified along with respective capabilities of each respective wireless mesh device. In certain instances, a user may be able to select from a list of mesh devices identified using low power data communications when the mesh network is setup or expanded and each of the selected mesh devices may be configured according to a profile in a parallel rather than in a serial manner. The scanning capability illustrated in respect to
In other instances, the onboarding of wireless devices in a wireless mesh network may include the registration of computing devices automatically with little or no user intervention. In such instances a user may not be required to manually enter device information as here again a user may simply scan a QR code that identifies a wireless mesh device. This QR code may also include an authorization code and other information that may be used during a registration or onboarding process. Registration or onboarding processes consistent with the present disclosure may include the storing of information that identifies a mesh portal, one or more mesh points, and wireless computing devices associated with a new wireless mesh network. Part of this onboarding process may include a sever updating configurations at one or mesh devices according to a profile stored in memory.
The mesh point 435 of
Mesh portal 460 includes processor/CPU 465 that may execute instructions out of memory 470. Mesh portal 460 also includes communication interfaces of low power Bluetooth® light interface 475, Wi-Fi 802.11 interface 480, and cellular interface 485. Note that mesh portal 460 includes cellular communication interface 485, where mesh point 435 does not include a cellular communication interface. Items 460 are communication connections 460C that CPU 465 may use to access memory 470 or that CPU 465 may use to communicate with low power Bluetooth® light interface 475, Wi-Fi 802.11 interface 480, and cellular interface 485. Communication connections 460C may include direct electrical connections that form a communication bus. Mesh portal 460 may implement functions consistent with the various mesh portals (140BC or 150B) discussed in respect to
Note that mesh portals and mesh points may include different capabilities as mesh portals may include functionality that allows the mesh portal to send network communications over cellular communication interface 485, where mesh point 435 may not include this functionality. In certain instances, mesh portals may include wired network interfaces that allow a mesh portal, like mesh portal 460 to send network communications over a wired computer network, where mesh point 435 may not include such functionality.
Alternatively, mesh point 435 may include a cellular communication interface or a wired that is disabled based on a mesh point configuration that is different from a mesh portal configuration. In certain instances, user device 405 may communicate with both mesh point 435 and with mesh portal 460 using a low power signals that have a limited range. For example Bluetooth® light interface 420 at mobile device 405 may communicate with mesh point 435 using Bluetooth® light interface 450 and may communication with mesh point 460 via Bluetooth® light interface 475 during a registration process. User device 405 may also communicate with mesh point 435 using 802.11 interface 425 at user device 405 and 802.11 interface 455 at mesh point 435. Alternatively or additionally, user device 405 may also communicate with mesh portal 460 using 802.11 interface 425 at user device 405 and 802.11 interface 480 at mesh portal 460.
In an instance where mesh point 435 fails when user device 405 is communicating with mesh point 435 over using communications consistent with the 802.11 specification, communications could “fail over” (switch) to mesh portal 460 or another mesh point (not illustrated in
In certain instances, methods and systems consistent with the present disclosure may include promoting a mesh point to assume functions of a mesh portal. This may occur when a particular mesh portal fails, when a greater than a threshold error rate is encountered, when an increased collision rate associated is observed, or when a measure of congestion associated with a mesh portal reaches a threshold level. The promotion of a mesh point to a mesh portal may include enabling functionality at a particular mesh point. For example, in an instance when mesh point 435 is promoted, a cellular communication interface at mesh point 435 may be turned on (enabled) such that mesh point 435 could assume duties previously performed by mesh portal 460.
Cloud management system 510 of
Processor 520 may execute instructions out of memory 530 when operations consistent with management console 540 are performed, when information is stored in database 560, when operations consistent with onboarding service 550 are performed, or when communications are transmitted/received via network interface 570. Operations consistent with onboarding service 550 may include the same sorts of operations discussed in respect to onboarding service 209 of
After step 610, information received from the user device may be validated in step 620 of
A two-factor authentication process may require the user device to send information to the cloud management system that identifies alternative communication channels that may be used to communicate with the user device. These alternative communication channels may be identified in communications sent over the secure communication connection. Alternate communication channels may be identified using a phone number or an email address, for example. While such two-factor authentication processes may be preferred, methods consistent with the present disclosure may use any validation process known in the art or may use validation processes that use more than two communication channels, connections, or mediums (e.g. computer network HTTPS connection, a cellular medium, and an email communication connection).
Authentication processes used to validate a user device may also include information that was generated by or that was provided by one or more mesh node devices. For example, the cloud management system may communicate directly with a mesh node when validating that the user device and the mesh node can communicate with each other via yet another communication channel. Information received by the user device via a Bluetooth® communication received from the mesh node may be sent via an HTTPS tunnel when the cloud management system validates that the user device can communicate with the mesh node. Alternatively or additionally, the cloud management system may communicate with a mesh node via a communication channel that communicates with members or proposed members of a mesh network. For example, a first mesh node may communicate directly or via a mesh portal using a cellular network after that mesh node has received information that identifies the user device. As such, a cloud management system may use information that validates that a particular user device can communicate with one or more mesh nodes when those mesh nodes and the user device are configured as part of a mesh network.
After a user device has been authenticated, a session token may be generated and sent to the user device in step 620 of
After step 630, the cloud management system may receive registration information. This registration information may be received from a user device via a secure communication connection as discussed in respect to
An onboarding process implemented by the cloud management system of
While not illustrated in
Information stored at this database may also include profile or configuration information. This profile information may identify mesh nodes that are configured as a mesh portal and mesh nodes that are configured as a mesh point. The profile of a wireless mesh network may also identify type of communication traffic that can be communicated over frequency band at an 802.11 wireless network. For example, a profile may allow a 5 GHz radio band to communicate both mesh-backhaul and client traffic, where a 2.4 GHz radio band may be configured to only transfer client traffic. After devices are associated with a validated license in step 650 of
Profile information may also identify preferred methods for identifying which mesh nodes should communicate with other mesh nodes in a wireless mesh network. As such profile information could instruct mesh nodes to communicate with another mesh node based on a measures of relative signal strength, measures of signal to noise ratios, error rates, or based on measures of congestion. Here again exemplary measures of congestion may include, yet are not limited to an amount of time or average time required to send or receive communication packets, a number of devices connected to a particular mesh point, a number of communications or bytes being transmitted per unit time via particular mesh nodes, or a number of hops to a mesh portal.
Once registered particular mesh nodes have been mesh nodes in that wireless mesh network may receive configuration information, settings, or software updates from a computer at the cloud or Internet that securely sends the configuration information, settings, or software updates to the registered mesh nodes. As such, any new mesh node being added to a particular wireless mesh network may be configured in a manner consistent with a profile stored in a database of an onboarding service. In certain instances, this profile information may be stored at a user device that has been used to register a mesh node with the onboarding service.
In an instance when an additional wireless mesh node is added to an existing wireless mesh network, the process may include a user device scanning a code that is associated with the additional wireless mesh node. Here again, a mobile application like to mobile application 200 of
The components shown in
Mass storage device 730, which may be implemented with a magnetic disk drive or an optical disk drive, is a non-volatile storage device for storing data and instructions for use by processor unit 710. Mass storage device 730 can store the system software for implementing embodiments of the present invention for purposes of loading that software into main memory 720.
Portable storage device 740 operates in conjunction with a portable non-volatile storage medium, such as a FLASH memory, compact disk or Digital video disc, to input and output data and code to and from the computer system 700 of
Input devices 760 provide a portion of a user interface. Input devices 760 may include an alpha-numeric keypad, such as a keyboard, for inputting alpha-numeric and other information, or a pointing device, such as a mouse, a trackball, stylus, or cursor direction keys. Additionally, the system 700 as shown in
Display system 770 may include a liquid crystal display (LCD), a plasma display, an organic light-emitting diode (OLED) display, an electronic ink display, a projector-based display, a holographic display, or another suitable display device. Display system 770 receives textual and graphical information, and processes the information for output to the display device. The display system 770 may include multiple-touch touchscreen input capabilities, such as capacitive touch detection, resistive touch detection, surface acoustic wave touch detection, or infrared touch detection. Such touchscreen input capabilities may or may not allow for variable pressure or force detection.
Peripherals 780 may include any type of computer support device to add additional functionality to the computer system. For example, peripheral device(s) 780 may include a modem or a router.
Network interface 795 may include any form of computer interface of a computer, whether that be a wired network or a wireless interface. As such, network interface 795 may be an Ethernet network interface, a Bluetooth® wireless interface, an 802.11 interface, or a cellular phone interface.
The components contained in the computer system 700 of
The present invention may be implemented in an application that may be operable using a variety of devices. Non-transitory computer-readable storage media refer to any medium or media that participate in providing instructions to a central processing unit (CPU) for execution. Such media can take many forms, including, but not limited to, non-volatile and volatile media such as optical or magnetic disks and dynamic memory, respectively. Common forms of non-transitory computer-readable media include, for example, a FLASH memory, a flexible disk, a hard disk, magnetic tape, any other magnetic medium, a CD-ROM disk, digital video disk (DVD), any other optical medium, RAM, PROM, EPROM, a FLASHEPROM, and any other memory chip or cartridge.
While various flow diagrams provided and described above may show a particular order of operations performed by certain embodiments of the invention, it should be understood that such order is exemplary (e.g., alternative embodiments can perform the operations in a different order, combine certain operations, overlap certain operations, etc.).
The foregoing detailed description of the technology herein has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the technology to the precise form disclosed. Many modifications and variations are possible in light of the above teaching. The described embodiments were chosen in order to best explain the principles of the technology and its practical application to thereby enable others skilled in the art to best utilize the technology in various embodiments and with various modifications as are suited to the particular use contemplated. It is intended that the scope of the technology be defined by the claim.
The present disclosure is a continuation in part of and claims the priority benefit of U.S. patent application publication Ser. No. 16/397,935 filed Apr. 29, 2019 entitled Instant Secure Wireless Network Setup, the disclosure of which is incorporated herein by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 7215926 | Corbett | May 2007 | B2 |
| 7576646 | Hayden | Aug 2009 | B2 |
| 8189608 | Duo et al. | May 2012 | B2 |
| 9071416 | Liu et al. | Jun 2015 | B2 |
| 9407624 | Myers et al. | Aug 2016 | B1 |
| 9521145 | Bhatt et al. | Dec 2016 | B2 |
| 9807621 | Hui et al. | Oct 2017 | B1 |
| 9955526 | Yu | Apr 2018 | B1 |
| 10057227 | Hess | Aug 2018 | B1 |
| 10142122 | Hill et al. | Nov 2018 | B1 |
| 10382203 | Loladia et al. | Aug 2019 | B1 |
| 10397013 | Hill et al. | Aug 2019 | B1 |
| 10506436 | Newman | Dec 2019 | B1 |
| 10531299 | Osborn | Jan 2020 | B1 |
| 10764128 | Kozura | Sep 2020 | B2 |
| 10972916 | Duo | Apr 2021 | B2 |
| 11128612 | Loladia | Sep 2021 | B1 |
| 11638149 | Duo et al. | Apr 2023 | B2 |
| 20040243840 | Tran | Dec 2004 | A1 |
| 20060010199 | Brailean et al. | Jan 2006 | A1 |
| 20070070943 | Livet et al. | Mar 2007 | A1 |
| 20070275701 | Jonker | Nov 2007 | A1 |
| 20080063204 | Braskich et al. | Mar 2008 | A1 |
| 20080101291 | Jiang et al. | May 2008 | A1 |
| 20090077601 | Brailean et al. | Mar 2009 | A1 |
| 20090307343 | Kumagai | Dec 2009 | A1 |
| 20100122330 | McMillan et al. | May 2010 | A1 |
| 20110055558 | Liu et al. | Mar 2011 | A1 |
| 20110138183 | Reddy | Jun 2011 | A1 |
| 20110211511 | Bakthavathsalu et al. | Sep 2011 | A1 |
| 20120190341 | Gupta | Jul 2012 | A1 |
| 20120222099 | Narendra | Aug 2012 | A1 |
| 20130152169 | Stuntebeck | Jun 2013 | A1 |
| 20130262873 | Read | Oct 2013 | A1 |
| 20130318343 | Bjarnason | Nov 2013 | A1 |
| 20140040618 | Liu et al. | Feb 2014 | A1 |
| 20140071837 | Werb | Mar 2014 | A1 |
| 20140115673 | Haynes et al. | Apr 2014 | A1 |
| 20150065093 | Schmidt | Mar 2015 | A1 |
| 20150180842 | Panther | Jun 2015 | A1 |
| 20150244706 | Grajek et al. | Aug 2015 | A1 |
| 20150372875 | Turon | Dec 2015 | A1 |
| 20150373753 | Turon | Dec 2015 | A1 |
| 20160037573 | Ko et al. | Feb 2016 | A1 |
| 20160087957 | Shah | Mar 2016 | A1 |
| 20160095153 | Chechani et al. | Mar 2016 | A1 |
| 20160105424 | Logue et al. | Apr 2016 | A1 |
| 20160134932 | Karp | May 2016 | A1 |
| 20160147506 | Britt et al. | May 2016 | A1 |
| 20160182459 | Britt et al. | Jun 2016 | A1 |
| 20160219039 | Houthooft et al. | Jul 2016 | A1 |
| 20160294828 | Zakaria | Oct 2016 | A1 |
| 20160295364 | Zakaria | Oct 2016 | A1 |
| 20160349127 | Britt | Dec 2016 | A1 |
| 20160352729 | Malik | Dec 2016 | A1 |
| 20170006528 | Bari | Jan 2017 | A1 |
| 20170006643 | Zakaria | Jan 2017 | A1 |
| 20170048280 | Logue et al. | Feb 2017 | A1 |
| 20170169640 | Britt | Jun 2017 | A1 |
| 20170171200 | Bao | Jun 2017 | A1 |
| 20170171747 | Britt et al. | Jun 2017 | A1 |
| 20170346836 | Holland et al. | Nov 2017 | A1 |
| 20170347264 | Holland et al. | Nov 2017 | A1 |
| 20170359417 | Chen | Dec 2017 | A1 |
| 20180007140 | Brickell | Jan 2018 | A1 |
| 20180019929 | Chen et al. | Jan 2018 | A1 |
| 20180063714 | Stephenson | Mar 2018 | A1 |
| 20180091506 | Chow | Mar 2018 | A1 |
| 20180102032 | Emmanuel et al. | Apr 2018 | A1 |
| 20180124039 | Gajek et al. | May 2018 | A1 |
| 20180189507 | Wakai | Jul 2018 | A1 |
| 20180262497 | Raje | Sep 2018 | A1 |
| 20180270904 | Swengler | Sep 2018 | A1 |
| 20180293367 | Urman | Oct 2018 | A1 |
| 20180314808 | Casey | Nov 2018 | A1 |
| 20180316670 | Brown | Nov 2018 | A1 |
| 20180317266 | Britt et al. | Nov 2018 | A1 |
| 20180367383 | Hardison | Dec 2018 | A1 |
| 20190028467 | Oberheide | Jan 2019 | A1 |
| 20190028988 | Yao et al. | Jan 2019 | A1 |
| 20190037613 | Anantharaman et al. | Jan 2019 | A1 |
| 20190087568 | Kim et al. | Mar 2019 | A1 |
| 20190089806 | Desphande | Mar 2019 | A1 |
| 20190132303 | Kurian | May 2019 | A1 |
| 20190141655 | Stricklen | May 2019 | A1 |
| 20190150134 | Kakinada | May 2019 | A1 |
| 20190182243 | Tjahjono | Jun 2019 | A1 |
| 20190238539 | Arora et al. | Aug 2019 | A1 |
| 20190245713 | Lo et al. | Aug 2019 | A1 |
| 20190253243 | Zimmerman et al. | Aug 2019 | A1 |
| 20190253893 | Hodroj | Aug 2019 | A1 |
| 20190259260 | Amini et al. | Aug 2019 | A1 |
| 20190281053 | Brown | Sep 2019 | A1 |
| 20190350021 | Blum | Nov 2019 | A1 |
| 20190357023 | Park | Nov 2019 | A1 |
| 20190364034 | Alexander | Nov 2019 | A1 |
| 20190386981 | Ramesh Kumar et al. | Dec 2019 | A1 |
| 20200007607 | Maxilom | Jan 2020 | A1 |
| 20200044851 | Everson | Feb 2020 | A1 |
| 20200068483 | Likar et al. | Feb 2020 | A1 |
| 20200092701 | Arnberg | Mar 2020 | A1 |
| 20200099896 | Galvin | Mar 2020 | A1 |
| 20200154448 | Wilmunder | May 2020 | A1 |
| 20200169460 | Bartlett | May 2020 | A1 |
| 20200169549 | Smith | May 2020 | A1 |
| 20200186998 | Smith et al. | Jun 2020 | A1 |
| 20200304372 | Henry et al. | Sep 2020 | A1 |
| 20200336476 | Polese Cossio et al. | Oct 2020 | A1 |
| 20200344608 | Duo | Oct 2020 | A1 |
| 20200359349 | Duo | Nov 2020 | A1 |
| 20200396613 | Duo | Dec 2020 | A1 |
| 20200412733 | Leon | Dec 2020 | A1 |
| 20210056179 | Hiratsuka | Feb 2021 | A1 |
| 20210068198 | Michielsen et al. | Mar 2021 | A1 |
| 20210227391 | Duo | Jul 2021 | A1 |
| 20220046397 | Collins | Feb 2022 | A1 |
| 20230362645 | Duo et al. | Nov 2023 | A1 |
| Number | Date | Country |
|---|---|---|
| 2978928 | Mar 2018 | CA |
| 101807998 | Aug 2010 | CN |
| 101431519 | Jun 2011 | CN |
| 102804200 | Nov 2012 | CN |
| 102804201 | Nov 2012 | CN |
| 103888941 | Jun 2014 | CN |
| 105207987 | Dec 2015 | CN |
| 106100848 | Nov 2016 | CN |
| 107113326 | Aug 2017 | CN |
| 110024422 | Jul 2019 | CN |
| 107204972 | May 2020 | CN |
| 2016072716 | May 2016 | JP |
| 20070082209 | Aug 2007 | KR |
| 2016-0091624 | Aug 2016 | KR |
| 20190105776 | Sep 2019 | KR |
| 201743625 | Dec 2017 | TW |
| 201810099 | Mar 2018 | TW |
| WO 2017053048 | Mar 2017 | WO |
| WO 2017126282 | Jul 2017 | WO |
| WO-2017126282 | Jul 2017 | WO |
| Entry |
|---|
| Wireless mesh networks: a survey By Ian F. Akyildiz, Xudong Wang, Weilin Wang Georgia Institute of Technology, Atlanta, GA 30332, USA pp. 43; Jan. 2005. |
| Cognitive Wireless Mesh Networks with Dynamic Spectrum Access by Kaushik R. Chowdhury, Student Member, IEEE, and Ian F. Akyildiz, Fellow, IEEE pp. 14; IEEE Journal on Selected Areas in Communications, vol. 26, No. 1, Jan. 2008. |
| Building a Rural Wireless Mesh Network by David Johnson, Karel Matthee, Dare Sokoya, Lawrence Mboweni, Ajay Makan, and Henk Kotze pp. 44; Oct. 30, 2007. |
| Wireless Wide-Area Networks for Internet of Things by Chandra S. Bontu, Shalini Periyalwar, and Mark Pecen pp. 10; Date of publication: Jan. 31, 2014. |
| A Novel Approach towards Resource Auto-Registration and Discovery of Embedded Systems Based on DNS by Azimbek Khudoyberdiev, Wenquan Jin and DoHyeun Kim pp. 21; Published: Apr. 17, 2019. |
| Multiple-channel Authentication by Jim Willeke (https://ldapwiki.com/wiki/Multiple-channel%20Authentication) pp. 2; Revised on Jul. 3, 2017. |
| A Support Architecture for Multichainnel, Multifactor Authentication by Karen Renaud, Richard Cooper and Mohamed Ali Al Fairuz pp. 9; Apr. 2, 2014. |
| Multi-channel, Multi-level Authentication for More Secure eBanking by Mohamed Al-Fairuz and Karen Renaud pp. 8; Jul. 3, 2017. |
| KR-20180094985-A (Machine Translation); Systems And Methods For Provisioning Security Objects Internet (IoT) Devices Inventors: Britt Joe and Zimmerman Scott pp. 27; Published on Aug. 24, 2018. |
| Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity by Ding Wang, Nan Wangb, Ping Wang and Sihan Qing pp. 17; Available online Apr. 3, 2015. |
| Two Factor Authentication by Crum & Foster pp. 9; Dated: Sep. 25, 2018. |
| U.S. Appl. No. 16/397,935, Zhuangzhi Duo, Instant Secure Wireless Network Setup, filed Apr. 29, 2019. |
| U.S. Appl. No. 16/397,935 Office Action dated Jul. 2, 2020. |
| U.S. Appl. No. 16/883,275 Office Action dated Nov. 26, 2021. |
| U.S. Appl. No. 16/883,275 Final Office Action dated Jul. 7, 2022. |
| U.S. Appl. No. 16/911,111 Office Action dated Aug. 3, 2022. |
| U.S. Appl. No. 16/883,275 Notice of Allowance dated Jan. 17, 2024. |
| U.S. Appl. No. 16/911,111 Final Office Action dated Apr. 6, 2023. |
| U.S. Appl. No. 16/911,111 Office Action dated Jul. 27, 2023. |
| Number | Date | Country | |
|---|---|---|---|
| 20200344599 A1 | Oct 2020 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 16397935 | Apr 2019 | US |
| Child | 16404655 | US |
