ENGELSTAD PAAL (NO)
| WO2005027560A1 | 2005-03-24 | |||
| WO2006002676A1 | 2006-01-12 |
| EP1441469A2 | 2004-07-28 | |||
| US20060251021A1 | 2006-11-09 |
CLAIMS
1. A method for initiating a handover of a wireless terminal from a first access point in a first wireless network to a second access point in a second wireless network, comprising: - transmitting a handover instruction from said first access point to said terminal, said handover instruction including information identifying said second access point; receiving at said second access point, a request to establish communication over said second access point; and - associating said terminal with said second wireless network and providing communication with said terminal over said second access point.
2. The method of claim 1, wherein said first access point and said second access point are virtual access points configured as part of the same physical access point. 3. The method of claim 1 or 2, wherein said first wireless network is identified by a first extended service set identifier and said second wireless network is identified by a second extended service set identifier.
4. The method of one of the claims 1 to 3, wherein said information identifying said second access point includes an extended service set identifier of said second wireless network.
5. The method of one of the claims 1 to 4, wherein said information identifying said second access point includes at least one of a basic service set identifier and a media access control (MAC) address.
6. The method of one of the claims 1 to 5, further comprising: - obtaining at said first access point, security credentials that will enable said terminal to authenticate with said second access point; transmitting said credentials to said terminal; and receiving at said second access point, said credentials as part of an authentication request, and providing said communication over said second access point only if said credentials can be authenticated by said second access point.
7. The method of claim 6, wherein said handover instruction is transmitted as data link control data and said credentials are transmitted as application data to said terminal.
8. The method of claim 6, wherein said handover instruction and said credentials are transmitted to said terminal as application data, and said request to establish communication is received as a data link control data and said authentication is received as application data at said second access point. 9. The method of one of the claims 6 to 8, wherein said credentials are obtained from a server.
10. The method according to claim 9, wherein said server is a captive web portal.
11. The method according to one of the claims 1 to 10, wherein said first , wireless network is an unsecured wireless local area network (WLAN) and said second wireless network is a secured wireless local area network (WLAN).
12. The method according to one of the claims 1 to 11, wherein said first wireless network provides restricted access to a limited set of network services and said second wireless network provides access to a full set of network services. 13. A system for initiating a handover of a wireless terminal from a first access point in a first wireless network to a second access point in a second wireless network, the system comprising: a first access point, configured to transmit a handover instruction from said first access point to said terminal, said handover instruction including information identifying said second access point; a second access point, configured to receive a request to establish communication over said second access point and to associate said terminal with said second wireless network and providing communication with said terminal over said second access point. 14. The system of claim 13, wherein said first access point and said second access points are virtual access points configured as part of the same physical access point.
15. The system of claim 13 or 14, wherein said first wireless network is identified by a first extended service set identifier and said second wireless network is identified by a second extended service set identifier.
16. The system of one of the claims 13 to 15, wherein said information identifying said second access point includes an extended service set identifier of said second wireless network.
17. The system of one of the claims 13 to 16, wherein said information identifying said second access point includes at least one of a basic service set identifier and a media access control (MAC) address.
18. The system of one of the claims 13 to 17, wherein said first access point is further configured to obtain security credentials that will enable said terminal to authenticate with said second access point and to transmit said credentials to said terminal; and said second access point is further configured to receive said credentials as part of an authentication request and to provide said communication over said second access point only if said credentials can be authenticated by said second access point.
19. The system of claim 18, wherein said first access point is further configured to transmit said handover instruction as data link control data and to transmit said credentials as application data to said terminal. 20. The system of claim 18, wherein said first access point is further configured to transmit said handover instruction and said credentials to said terminal as application data, and said second access point is further configured to receive said request to establish communication as a data link control data and to receive said authentication as application data. 21. The system of one of the claims 18 to 20, wherein said credentials are obtained from a server.
22. The system according to claim 21, wherein said server is a captive web portal.
23. The system according to one of the claims 13 to 22, wherein said first wireless network is an unsecured wireless local area network (WLAN) and said second wireless network is a secured wireless local area network (WLAN).
24. The system according to one of the claims 13 to 23, wherein said first wireless network provides restricted access to a limited set of network services and said second wireless network provides access to a full set of network services. 25. Computer program, comprising instructions which cause a processor to perform a method as set forth in one of the claims 1-12 when said instructions are executed by said processor.
26. Computer program according to claim 25, tangibly embodied in a memory or on a computer-readable medium.
27. A device for a wireless communication adapter, embodied as a programmable logic device or an application-specific integrated circuit, implementing a method as set forth in one of the claims 1-12.
28. In a wireless terminal, a method for obtaining data communication access, comprising: establishing communication with a first access point in a first wireless network; receiving from said first access point, a handover instruction including information identifying a second access point in a second wireless network; and - transmitting to said second wireless network a request to establish communication over said second access point.
29. The method of claim 28, wherein said first wireless network is identified by a first extended service set identifier and said second wireless network is identified by a second extended service set identifier. 30. The method of claim 28 or 29, wherein said information identifying said second access point includes an extended service set identifier of said second wireless network.
31. The method of one of the claims 28 to 30, wherein said information identifying said second access point includes at least one of a basic service set identifier and a media access control (MAC) address.
32. The method of one of the claims 28 to 31, further comprising: upon establishing communication with said first access point, requesting security credentials that will enable said terminal to authenticate with said second access point; - receiving said credentials from said first access point; and transmitting said credentials to said second access point as part of an authentication request.
33. The method of claim 32, wherein said handover instruction is received from said first access point and transmitted to said second access point as a data link control data, and said credentials are received from said first access point and transmitted to said second access point as application data.
34. The method of claim 32, wherein said handover instruction and said credentials are received from said first access point as application data, said handover instruction is sent to said second access point as data link control data, and said authentication request including said credentials are sent to said second access point as application data.
35. The method of one of the claims 32 to 34, wherein said credentials are requested from a server with which said terminal communicates over said first access point.
36. The method of claim 35, wherein said server is a captive web portal.
37. The method according to one of the claims 28 to 36, wherein said first wireless network is an unsecured wireless local area network (WLAN) and said second wireless network is a secured wireless local area network (WLAN). 38 The method according to one of the claims 28 to 37, wherein said first wireless network provides restricted access to a limited set of network services and said second wireless network provides access to a full set of network services.
39. Wireless terminal, configured to perform a method as set forth in one of the claims 28-38. 40. Computer program, comprising instructions which cause a processor to perform a method as set forth in one of the claims 28-38 when said instructions are executed by said processor.
41. Computer program according to claim 40, tangibly embodied in a memory or on a computer-readable medium. 42. A device for a wireless communication adapter, embodied as a programmable logic device or an application-specific integrated circuit, implementing a method as set forth in one of the claims 28-38.
43. Method performed by a wireless terminal for discovering candidate access points in a wireless local area network, each candidate access point being represented by a basic service set and an extended service set, the method comprising: receiving a frame, the frame including a number of identification pairs, each pair including a first identification (BSSID) that identifies a basic service set, and a second identification (SSID) that identifies an extended service set; and - deriving said identification pairs from said frame, each identification pair corresponding to a candidate access point.
44. Method according to claim 43, wherein said number of identification pairs is 1.
45. Method according to claim 43, wherein said number of identification pairs is 2, 3, 4, 5 or more.
46. Method according to claim 45, wherein said identification pairs comprises a first, default identification pair, and a second, non-default identification pair.
47. Method according to one of the claims 43-46, wherein said candidate access point is a virtual access point among a plurality of virtual access points implemented on a single physical access point node. 48. Method according to one of the claims 43-47, wherein said received frame is a beacon frame.
49. Method according to one of the claims 43-48, wherein said received frame is received from an access point in said wireless local area network. 50. Method according to one of the claims 43-47, wherein a request frame is transmitted prior to said step of receiving said frame; and wherein said step of receiving a frame comprises receiving a response frame from an access point in said local area network.
51. Method according to claim 50, wherein said request frame is a probe request frame and said response frame is a probe response frame.
52. Method according to one of the claims 43-48, wherein said wireless terminal is associated in advance with a current access point in said wireless local area network. 53. Method according to claim 52, wherein said derived identification pairs are stored in a memory prior to said selecting step.
54. Method according to one of the claims 52 or 53, wherein said step of receiving a frame comprises receiving an action frame from said current access point in said wireless local area network. 55. Method according to one of the claims 52-55, wherein a request frame is transmitted to said current access point prior to said step of receiving said frame; and wherein said step of receiving a frame comprises receiving a response frame from said current access point.
56. Method according to claim 55, wherein said request frame and said response frame are action frames.
57. Method according to one of the claims 43-56, further comprising - selecting an identification pair from said number of identification pairs, said identification pair corresponding to a selected candidate access point.
58. Method according to claim 57, further comprising steps of authenticating said wireless terminal with said selected candidate access point, and associating said wireless terminal with said selected candidate access point, enabling the exchange of data frames between said wireless terminal and said candidate access point.
59. Method according to claim 58, wherein said step of authenticating said wireless terminal with said selected candidate access point comprises transmitting an authentication request using the BSSID of the selected identification pair.
60. Method according to claim 59, wherein said step of associating said wireless terminal with said selected candidate access point comprises transmitting an association request using the SSID of the selected identification pair.
61. Method according to one of the claims 43-60, wherein said frame comprises an advertisement response element in conformity with the GAS (Generic Advertisement Service) protocol. 62. Method according to one of the claims 43-61, implemented in conformity with the IEEE 802.11 specification.
63. Wireless terminal adapted for communicating in a wireless local area network, configured to perform a method as set forth in one of the claims 43-62.
64. Wireless local area network communication adapter for a wireless terminal, configured to perform a method as set forth in one of the claims 43-62.
65. Computer program, comprising instructions which cause a processor to perform a method as set forth in one of the claims 43-62 when said instructions are executed by said processor.
66. Computer program according to claim 65, tangibly embodied in a memory or on a computer- readable medium.
67. A device for a wireless communication adapter, embodied as a programmable logic device or an application-specific integrated circuit, implementing a method as set forth in one of the claims 43-62.
68. Method performed by a first wireless access point for identifying candidate access points in a wireless local area network, each candidate access point being represented by a basic service set and an extended service set, the method comprising: obtaining a number of identification pairs, each pair including a first identification (BSSID) that identifies a basic service set, and a second identification (SSID) that identifies an extended service set, each identification pair corresponding to a candidate access point; inserting into a frame a number of identification pairs; transmitting the frame.
69. Method according to claim 68, wherein said number of identification pairs is 1.
70. Method according to claim 68, wherein said number of identification pairs is 2, 3, 4, 5 or more.
71. Method according to claim 70, wherein said identification pairs comprises a first, default identification pair, and a second, non-default identification pair.
72. Method according to one of the claims 68-71, wherein said candidate access point is a virtual access point among a plurality of virtual access points implemented on a single physical access point node.
73. Method according to one of the claims 68-72, wherein said transmitted frame is a beacon frame.
74. Method according to one of the claims 68-72, wherein a request frame is received from a terminal in said local area network prior to said step of transmitting said frame; and wherein said step of transmitting a frame comprises transmitting a response frame to be received by said terminal in said local area network.
75. Method according to claim 74, wherein said request frame is a probe request frame and said response frame is a probe response frame.
76. Method according to claim 74, wherein said request frame and said response frame are action frames.
77. Method according to claim 71, wherein said first, default identification pair is associated with said access point, and said second, non-default identification pair is associated with a second access point.
78. Method according to claim 77, wherein said second access point is a virtual access point configured on the same physical device as said first access point. 79. Method according to claim 77, wherein said second access point is a different physical access point from said first access point, but that is associated with the same extended service set as said first access point.
80. Method according to claim 77, wherein said second access point is a different physical access point from said first access point, associated with a different extended service set than said first access point.
81. Access point adapted for communicating in a wireless local area network, configured to perform a method as set forth in one of the claims 68-80. 82. Wireless local area network communication adapter for an access point, configured to perform a method as set forth in one of the claims 68-80.
83. Computer program, comprising instructions which cause a processor to perform a method as set forth in one of the claims 68-80 when said instructions are executed by said processor. 84. Computer program according to claim 83, tangibly embodied in a memory or on a computer-readable medium.
85. A device for a wireless communication adapter, embodied as a programmable logic device or an application-specific integrated circuit, implementing a method as set forth in one of the claims 68-80. 86. Method for initiating authentication of a wireless terminal with an access point (AP) in a wireless local area network, comprising providing a first identification (BSSID) that identifies a basic service set of the access point and a second identification (SSID) that identifies an extended service set of the access point; including said first identification (BSSID) and said second identification (SSID) in an authentication request frame, and transmitting said authentication request frame.
87. Method according to claim 86, performed by said wireless terminal.
88. Method according to claim 86 or 87, wherein said step of including said first identification (BSSID) and said second identification (SSID) in an authentication request frame comprises including said first identification (BSSID) in a MAC portion of the authentication request frame.
89. Method according to claim 86 or 87, wherein said step of including said first identification (BSSID) and said second identification (SSID) in an authentication request frame comprises including said second identification (SSID) in a frame body of a MAC portion of the authentication request frame.
90. Method according to claim 89, wherein said second identification (SSID) is included in an information element (SSID IE) in said frame body.
91. Method according to one of the claims 86-89, further comprising - authenticating the wireless terminal with the access point.
92. Method according to claim 91, further comprising receiving an authentication response, confirming successful authentication.
93. Method according to claim 92, further comprising associating said wireless terminal with said access point, enabling the exchange of data frames between said wireless terminal and said access point.
94. Method according to claim 93, wherein said step of associating said wireless terminal with said access point includes transmitting an association request frame including said second identification (SSID). 95. Method according to one of the claims 86-94, wherein said access point is a virtual access point among a plurality of virtual access points implemented on a single physical access point node.
96. Method according to one of the claims 86-95, implemented in conformity with the IEEE 802.11 specification.
97. Wireless terminal adapted for communicating in a wireless local area network, configured to perform a method as set forth in one of the claims 86-96.
98. Wireless local area network communication adapter for a wireless terminal, configured to perform a method as set forth in one of the claims 86-96. 99. Computer program, comprising instructions which cause a processor to perform a method as set forth in one of the claims 86-96 when said instructions are executed by said processor.
100. Computer program according to claim 99, tangibly embodied in a memory or on a computer-readable medium. 101. Device for a wireless communication adapter, embodied as a programmable logic device or an application-specific integrated circuit, implementing a method as set forth in one of the claims 86-96.
102. Method for initiating authentication of a wireless terminal (STA) with an access point (AP) in a wireless local area network, comprising - receiving an authentication request frame, the authentication request frame including a first identification (BSSID) that identifies a desired basic service set and a second identification (SSID) that identifies a desired extended service set; deriving said first identification (BSSID) and said second identification (SSID) from said authentication request frame, - verifying that said first identification (BSSID) and said second identification
(SSID) correspond to a current configuration of said access point.
103. Method according to claim 102, performed by said access point.
104. Method according to claim 102 or 103, wherein said first identification (BSSID) is included in a MAC portion of the authentication request frame.
105. Method according to one of the claims 102-104, wherein said second identification (SSID) is included in a frame body of a MAC portion of the authentication request frame. 106. Method according to claim 105, wherein said second identification (SSID) is included in an information element (SSID IE) in said frame body.
107. Method according to one of the claims 102-106, further comprising selecting an authentication procedure based on said second identification (SSID).
108. Method according to one of the claims 102-107, further comprising authenticating the access point with the wireless terminal.
109. Method according to claim 108, further comprising transmitting an authentication response, confirming successful authentication.
110. Method according to claim 109, further comprising associating said access point with said wireless terminal, enabling the exchange of data frames between said access point and said wireless terminal.
111. Method according to claim 110, wherein said step of associating said access point with said wireless terminal includes receiving an association request frame including said second identification (SSID).
112. Method according to one of the claims 102-111, wherein said access point is a virtual access point among a plurality of virtual access points implemented on a single physical access point node. 113. Method according to one of the claims 102- 112, implemented in conformity with the IEEE 802.11 specification.
114. Access point adapted for communicating in a wireless local area network, configured to perform a method as set forth in one of the claims 102-113.
115. Wireless local area network communication adapter for an access point, configured to perform a method as set forth in one of the claims 102-113.
116. Computer program, comprising instructions which cause a processor to perform a method as set forth in one of the claims 102-113 when said instructions are executed by said processor.
117. Computer program according to claim 116, tangibly embodied in a memory or on a computer-readable medium.
118. A device for a wireless communication adapter, embodied as a programmable logic device or an application-specific integrated circuit, implementing a method as set forth in one of the claims 102-113. |
Methods and devices for initiating handover, discovering candidate access points and initiating authentication of a wireless terminal in a wireless network
FIELD OF THE INVENTION
The present invention relates in general to the technical field of wireless local area networks.
More specifically, a first aspect of the invention relates to methods and devices for initiating/performing handover of a wireless terminal operating in a wireless local area network, from a first access point to a second access point. A second aspect of the invention relates to methods and devices for discovering candidate access points in a wireless local area network. Finally, a third aspect of the invention relates to methods and devices for initiating authentication of a wireless terminal with an access point in a wireless local area network.
BACKGROUND OF THE INVENTION
Wireless local area networks (WLANs) are increasingly used in offices, industry, public areas and homes.
General background of the present invention is provided in the IEEE 802.11 specification, including its subsequent amendments, such as the IEEE 802.1 Ia, 802.11b, 802.1 Ig, 802.1 Ii, 802.1 In, 802.1 Iu, 802.1 Iv, and more.
Before a wireless terminal can associate with an AP in order to connect to a wireless local area network, it has to detect or discover the basic service set and extended service set it belongs to. Several solutions to this problem have been previously presented in the IEEE 802.11 specification, including its amendments.
During roaming, a wireless terminal may scan the surrounding area in order to discover candidate access points, i.e. possible access points with which the terminal can associate. The wireless terminal may also build a list of candidate access points within its wireless range.
Needs exist for initiating handover, discovering candidate access points and initiating authentication of a station in wireless networks.
SUMMARY OF THE INVENTION In a first aspect, the invention relates to methods and devices for initiating/performing handover of a wireless terminal operating in a wireless local area network from a first access point to a second access point. In a second aspect of the invention, the present invention relates to a method and a wireless terminal for discovering candidate access points in a wireless local area network, as well as a
method and an access point for identifying candidate access points in a wireless local area network. In a third aspect of the invention, the present invention relates to methods and devices for initiating authentication of a wireless terminal with an access point in a wireless local area network. The present invention is defined by the appended claims 1-118.
Further aspects and details are set forth in the appended, dependent claims. Other features and aspects of the invention will be understood from the detailed description and the attached drawings below.
BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a schematic block diagram illustrating a basic wireless local area network structure;
Fig. 2 includes flow charts illustrating a method in a wireless terminal for obtaining data communication access and a method for initiating handover of a wireless terminal from a first, initiating access point to a second, target access point; Fig. 3 includes flow charts illustrating a method in a wireless terminal for obtaining data communication access, and a method for initiating handover of a wireless terminal from a first, initiating access point to a second, target access point;
Fig. 4 is a schematic flow chart illustrating exemplary details of a timeout/check submethod; Fig. 5 is a schematic diagram illustrating the principles of an exemplary frame structure applicable for the handover of a wireless terminal from a first, initiating access point to a second, target access point;
Fig. 6 is a schematic diagram illustrating exemplary details of the frame structure illustrated in fig. 5; Fig. 7 is a schematic diagram illustrating exemplary details of the frame structure illustrated in fig. 5;
Fig. 8 is a schematic diagram illustrating exemplary details of the frame structure illustrated in fig. 5;
Fig. 9 is a schematic diagram illustrating exemplary details of the frame structure illustrated in fig. 5;
Fig. 10 is a schematic flow chart illustrating a first embodiment of a method for discovering candidate access points in a wireless local area network;
Fig. 11 is a schematic flow chart illustrating a second embodiment of a method for discovering candidate access points in a wireless local area network;
Fig. 12 is a schematic flow chart illustrating a third embodiment of a method for discovering candidate access points in a wireless local area network; Fig. 13 is a schematic flow chart illustrating a fourth embodiment of a method for discovering candidate access points in a wireless local area network;
Fig. 14 is a schematic diagram illustrating the principles of an exemplary frame structure applicable for the first and the second embodiments of a method for discovering candidate access points; Fig. 15 is a schematic diagram illustrating the principles of an alternative, exemplary frame structure applicable for the first and the second embodiments of a method for discovering candidate access points;
Fig. 16 is a schematic diagram illustrating the principles of an exemplary frame structure applicable for the third and fourth embodiments of a method for discovering candidate access points;
Fig. 17 is a schematic diagram illustrating exemplary details of the frame structure illustrated in fig. 16;
Fig. 18 is a schematic diagram illustrating alternative exemplary details of the frame structure illustrated in fig. 16; Fig. 19 is a schematic diagram illustrating further principles of a frame structure applicable for a method for discovering candidate access points;
Fig. 20 is a schematic diagram illustrating further principles of a frame structure applicable for embodiments of the invention;
Fig. 21 is a schematic flow chart illustrating a method performed by a wireless terminal in a wireless local area network for initiating authentication of the wireless terminal with an access point;
Fig. 22 is a schematic flow chart illustrating a method performed by an access point in a wireless local area network for initiating authentication of a wireless terminal with the access point; Fig. 23 is a schematic diagram illustrating the principles of an exemplary frame structure applicable for an embodiment of a method for initiating the authentication of a wireless terminal with an access point; and
Fig. 24 is a schematic diagram illustrating the principles of an exemplary frame structure applicable for an embodiment of a method for initiating the authentication of a wireless terminal with an access point.
DETAILED DESCRIPTION OF THE INVENTION Embodiments of the invention will be described in detail and by example with reference to the attached figures, which illustrate various principles of some embodiments. Where possible, identical reference numerals have been used for features that are identical or correspond to each other among the various embodiments. It is noted that the detailed description and the drawings are presented for purposes of illustration, not for limitation.
The present disclosure has been provided in terms of wireless local area network technology that conforms to the IEEE 802.11 specification. Although the embodiments may be implemented and used in completely or partly conformity with the IEEE 802.11 specification and its existing and future amendments, the invention is not necessarily restricted to this specification.
In the following, the term "wireless terminal" includes, but is not limited to, a "station" (STA) as defined in the IEEE 802.11 specification. In particular, the "wireless terminal" has been used in the present disclosure in the meaning "non-AP STA", i.e. an IEEE 802.11 station which is not also an access point. A wireless terminal may be embodied as a portable personal computer, including a laptop, a notebook, a handheld computer such as a PDA, or a mobile telephone or smartphone with WLAN capabilities, an IP phone, etc. A wireless terminal may also be embodied as a stationary computer device such as a desktop or workstation computer provided with WLAN capabilities. The term "wireless local area network communication adapter" includes, but is not limited to, a wireless network card for external or internal use, a USB-dongle, etc.
The term "access point" includes, but is not limited to, an access point as defined by the IEEE 802.11 specification, i.e. any entity that has station functionality and provides access to the distribution system via the wireless medium for associated stations. The access point thus has the function of connecting wireless communication devices (such as wireless terminals) together to form a wireless network, and in particular to form a basic service set in such a network.
An access point may be physical or virtual. A virtual access point is a logical entity that exists within a physical access point. A single physical access point may support multiple virtual access points. Each virtual access point appears to stations/terminals to be an independent physical access point, even though only a single physical access point is present. Other terms and phrases used in the following detailed description include, but are not necessarily limited to, their
definitions in the IEEE 802.11 specification, or their interpretation as recognized by a skilled person within the field of wireless communication network technology.
Fig. 1 is a schematic block diagram illustrating a basic wireless local area network structure. A wired LAN segment 150 operates as a distribution system which communicatively interconnects a first wireless access point (AP) 100 and a second wireless access point (AP) 110. The distribution system may comprise a wired network segment. The first 100 and the second 1 10 access points may alternatively be interconnected by means of a wireless link (not shown). Fig. 1 also schematically shows a server 160 connected to the LAN segment 150. Consistent with the invention, any type and number of network elements such as bridges routers, hubs, gateways etc. may alternatively or additionally be connected to the LAN segment 150, interconnecting the segment with additional network structures. A first wireless terminal 102 and a second wireless terminal 104 are communicatively connected to the first access point 100. The first 102 and second 104 wireless terminals and the first access point 100 constitute a first basic service set (BSS) 120. The first 102 and second 104 wireless terminals operate as non- access point Stations, i.e. clients, in the first basic service set 120. The first basic service set 120 is identified by a first, globally unique basic service set identifier, BSSID.
A third wireless terminal 112 and a fourth wireless terminal 114 are communicatively connected to the second access point 1 10. The third 112 and fourth 114 wireless terminals and the second access point 110 constitute a second basic service set (BSS) 130. The third 1 12 and fourth 1 14 wireless terminals operate as non-access point stations, i.e. clients, in the second basic service set 130. The second basic service set 120 is identified by a second, globally unique basic service set identifier, BSSID.
The interconnected first basic service set 120 and second basic service set 130 form an extended service set (ESS) 140.
The extended service set 140 is identified by a service set identifier. The term "service set identifier" (or "SSID") used in this document, includes, but is not limited to, an SSID as defined by the IEEE 802.1 1 specification, which is also referred to as "ESSID" by some vendors and authors. Furthermore, the term "service set identifier" (or "SSID") used in this document, includes, but is not limited to, an ESSID as defined by the current draft version or future versions of the IEEE 802.1 Iu amendment. Moreover, the term "service set identifier" (or "SSID") used in
this document, includes, but is not limited to, a combination of the SSID and ESSID as defined by the IEEE 802.11 specification or any current or future amendments to this specification.
More generally speaking, a basic service set may be thought of as including one (physical or virtual) access point and the stations present in its coverage area. In ad- hoc mode two stations that communicate with each other may also be considered a basic service set. An extended service set may be thought of as including one or more (physical and/or virtual) access points that are somehow associated with each other (e.g. at the data link level) such that they appear as a single service. The stations present in the coverage area of any of the associated access points may also be considered part of the extended service set.
When multiple virtual access points are present in a single physical access point, several virtual access points may belong to the same extended service set on the same physical access point. Alternatively, each virtual access point on one physical access point may belong to different extended service sets. Similarly, each virtual access point may belong to the same extended service set as other access points on other physical devices. In other words, an extended service set may include one or more physical access points, and include one, some or all virtual access points on each such physical access point. Wireless local networks applicable with embodiments of the present invention, in particular IEEE 802.11 networks, may have several basic modes of operation, including the Infrastructure mode that is used in an Infrastructure Basic Service Set (BSS) and the Ad hoc mode that is used in an Independent Basic Service Set (IBSS). In Infrastructure mode, wireless terminals communicate through an access point that serves as bridge to an external network infrastructure. In Ad hoc mode, peer-to-peer transmission between wireless terminals is allowed. Embodiments of the present invention are applicable for Infrastructure mode, but other modes, including Ad hoc mode, should not necessarily be excluded from the principles and scope of the invention.
According to the first aspect of the invention, methods and devices for initiating handover of a wireless terminal in a wireless local area network are provided.
According to principles consistent with the first aspect of the invention, access points, such as the access point 100 and the access point 110, or virtual access points embodied in one or both of the access points 100 and/or 110, may be configured to perform an initiation of a handover of a wireless terminal from a first access point in a first wireless network to a second access point in a second wireless network, such as a method as described by example below with reference to fig. 2
or 3 and further explained by example with reference to the present detailed description and figures.
The communication between an access point in the wireless local area network and a wireless terminal is enabled by means of, e.g., a wireless local area network communication adapter included in the wireless terminal. Likewise, the communication is enabled by means of, e.g., a wireless local area network communication adapter included in the access point.
In order to implement the access point, the wireless local area network adapter included in the access point is adapted to perform a method for initiating a handover of a wireless terminal in a first wireless network to a second access point in a second wireless network, e.g. as described by example with reference to fig. 2 or fig. 3 and further explained by example with reference to the present detailed description and figures.
In particular, the access point may contain a wireless local area network communication adapter which is configured to perform such a method. In an exemplary implementation, the WLAN communication adapter in the access point includes a processor for executing the method and a memory in which processor instructions are stored. The instructions are programmed to cause the processor to perform the disclosed method when they are executed by the processor. The instructions may thus be tangibly embodied in the memory in the WLAN communication adapter, or they may be tangibly embodied in another memory, or on any computer-readable medium such as a hard disk drive or an optical disk. Alternatively, embodiments of the present invention may be implemented - in its entirety or in part - by means of specially adapted hardware, e.g. programmable logic devices, such as field-programmable gate arrays, or by means of application- specific integrated circuits (ASICs), which may be incorporated in the communication adapter included in the access point.
In order to implement the wireless terminal, the wireless local area network adapter included in the wireless terminal is adapted to perform a method for obtaining data communication access, e.g. as described by example with reference to fig. 2 or fig. 3 and further explained by example with reference to the present detailed description and figures.
In particular, the wireless terminal may contain a wireless local area network communication adapter which is configured to perform such a method. In an exemplary implementation, the WLAN communication adapter in the wireless terminal includes a processor for executing the method and a memory in which processor instructions are stored. The instructions are programmed to cause the processor to perform the disclosed method when they are executed by the processor. The instructions may thus be tangibly embodied in the memory in the WLAN
communication adapter, or they may be tangibly embodied in another memory, or on any computer-readable medium such as a hard disk drive or an optical disk. Alternatively, embodiments of the present invention may be implemented - in its entirety or in part - by means of specially adapted hardware, e.g. programmable logic devices, such as field-programmable gate arrays, or by means of application- specific integrated circuits (ASICs), which may be incorporated in the communication adapter included in the wireless terminal.
According to a second aspect of the invention, methods and devices for discovering candidate access points in the wireless local area network are provided. In accordance with this second aspect of the invention, at least one wireless terminal such as the terminal 102, 104, 112 and/or 114 may be configured to perform a method for discovering candidate access points in the wireless local area network, such as a method as described by example with reference to the present detailed description and figures. A candidate access point is an access point that is possibly available (for authentication/association) to a wireless terminal in a certain situation and/or location.
The communication between an access point in the wireless local area network and a wireless terminal is enabled by means of a wireless local area network communication adapter included in the wireless terminal. In order to implement the wireless terminal, the wireless local area network adapter included in the wireless terminal is adapted to perform a method for discovering candidate access points, such as a method as described by example with reference the present detailed description and figures.
In particular, the wireless terminal may contain a wireless local area network communication adapter which is configured to perform such a method. In an exemplary implementation, the WLAN communication adapter includes a processor for executing the method and a memory in which processor instructions are stored. The instructions are programmed to cause the processor to perform the disclosed method when they are executed by the processor. The instructions may thus be tangibly embodied in the memory in the WLAN communication adapter, or they may be tangibly embodied in another memory, or on any computer-readable medium such as a hard disk drive or an optical disk. Alternatively, embodiments of the present invention may be implemented - in its entirety or in part - by means of specially adapted hardware, e.g. programmable logic devices, such as fϊeld- programmable gate arrays, or by means of application-specific integrated circuits (ASICs), which may be incorporated in the communication adapter included in the wireless terminal.
Figures 10, 11, 12 and 13 illustrate exemplary embodiments of a method for discovering candidate access points in a wireless local area network. Certain aspects of various exemplary embodiments are described below:
A first wireless access point may be configured to identify candidate access points in a wireless local area network to wireless terminals, or stations, present in that network. Each candidate access point may be represented by a basic service set identification, BSSID, and an extended service set identification, SSID.
The access point will have knowledge of its own BSSID and SSID. In addition it may obtain additional identification pairs, each pair including a first identification (BSSID) that identifies a basic service set, and a second identification (SSID) that identifies an extended service set. Each such identification pair may correspond to a candidate access point. The access point may then insert a number of such identification pairs into a frame and transmit the frame. Terminals that receive the frame will identify candidate access points by deriving the identification pairs from the frame.
In an embodiment, the number of identification pairs is 1. In other embodiments, the number is 2, 3, 4, or 5, respectively. Alternatively, the number may be any number larger than 5.
The identification pairs may then comprise a first, default identification pair, and a second, non-default identification pair. The first, default identification pair may be associated with the first access point, and the second (and additional), non-default identification pair is associated with a second (and possibly third, fourth etc) access point.
It should be understood that the access points (the first as well as any additional access points) may be physical or virtual access points as defined above. In other words, the candidate access points as well as the first access point may be virtual access points among a plurality of virtual access points implemented on a single physical access point node.
The transmitted frame may typically be a beacon frame, a probe response frame or an action frame, but the invention is not limited to only such types of frames.
According to some embodiments consistent with the principles of the invention, a request frame may be received from a terminal in the local area network, and the first access point responds by transmitting a response frame including the identification pairs. The response frame can then be received by the terminal in response to the request. The request frame may e.g. be a probe request frame or an action frame and the response frame may be a probe response frame or an action frame, but the invention is not limited to only such types of frames.
If a second access point identified by a non-default identification pair is a virtual access point configured on the same physical device as said first access point (i.e. on a physical access point capable of hosting multiple access points), the first access point will readily have information about the BSSID and the SSID of the second access point. It is a matter of design choice whether the two (virtual) access points configured on the same physical device should have the same or different identities. In other words, each such virtual access point may have different SSIDs, but they do not have to have different SSIDs. Also, they may have, but do not have to have, different BSSIDs. The present invention allows for any combination of virtual access points with different BSSIDs and SSIDs, the same BSSID but different SSIDs, different BSSIDs but the same SSID, or the same BSSID and the same SSID.
It should be understood that this implies that a basic service set, with its corresponding BSSID, may be associated with a physical access point where a plurality of virtual access points have the same BSSID, or that each virtual access point configured on a physical access point have different BSSIDs. In the latter case, we may refer to the basic service set associated with a virtual access point as a virtual basic service set.
If the second access point is a different physical access point from the first access point, it may, or may not, be associated with the same extended service set as said first access point. If it is, the two access points will typically have the same SSID, but different BSSIDs. If it is not, both SSID and BSSID will typically be different.
An access point operating in accordance with the invention may further be configured with knowledge about neighboring access points, and a terminal on the network may be able to learn about neighboring access points by retrieving the information from the current access point with which it is communicating. The access points may share the same SSID, or they may have different SSIDs. In either case the access points may be configured to exchange information regarding each other's SSIDs and BSSIDs according to predefined criteria. Alternatively, such information may be provided to access points operating in accordance with the invention when the network is configured, or when the access point is configured and added to the network.
An access point configured with such knowledge of neighbouring access points may, of course, also be the host of a plurality of virtual access points. This means that an extended service set may consist of one or more basic service sets where any one or more of these basic service sets may be a virtual basic service set as defined above.
According to a third aspect of the invention, methods and devices for initiating authentication of a wireless terminal are provided.
According to principles consistent with the third aspect of the invention, at least one wireless terminal such as the terminal 102, 104, 112 and/or 114 may be configured to perform a method for initiating authentication of the wireless terminal, such as a method as described by example below with reference to fig. 21 and further explained by example with reference to the present detailed description and figures.
At least one access point such as the access point 100 and/or the access point 110 may be configured to perform a method for initiating authentication of the wireless terminal, such as a method as described by example below with reference to fig. 22 and further explained by example with reference to the present detailed description and figures.
The communication between an access point in the wireless local area network and a wireless terminal is enabled by means of, i.a., a wireless local area network communication adapter included in the wireless terminal. Likewise, the communication is enabled by means of, i.a., a wireless local area network communication adapter included in the access point.
In order to implement the wireless terminal, the wireless local area network adapter included in the wireless terminal is adapted to perform a method for initiating authentication of the wireless terminal, e.g. as described by example with reference to fig. 21 and further explained by example with reference to the present detailed description and figures.
In particular, the wireless terminal may contain a wireless local area network communication adapter which is configured to perform such a method. In an exemplary implementation, the WLAN communication adapter includes a processor for executing the method and a memory in which processor instructions are stored. The instructions are programmed to cause the processor to perform the disclosed method when they are executed by the processor. The instructions may thus be tangibly embodied in the memory in the WLAN communication adapter, or they may be tangibly embodied in another memory, or on any computer-readable medium such as a hard disk drive or an optical disk. Alternatively, embodiments of the present invention may be implemented - in its entirety or in part - by means of specially adapted hardware, e.g. programmable logic devices, such as field- programmable gate arrays, or by means of application-specific integrated circuits (ASICs), which may be incorporated in the communication adapter included in the wireless terminal. In order to implement the access point, the wireless local area network adapter included in the access point is adapted to perform a method for initiating authentication of the wireless terminal, e.g. as described by example with reference to fig. 22 and further explained by example with reference to the present detailed description and figures.
In particular, access point may contain a wireless local area network communication adapter which is configured to perform such a method. In an exemplary implementation, the WLAN communication adapter in the access point includes a processor for executing the method and a memory in which processor instructions are stored. The instructions are programmed to cause the processor to perform the disclosed method when they are executed by the processor. The instructions may thus be tangibly embodied in the memory in the WLAN communication adapter, or they may be tangibly embodied in another memory, or on any computer-readable medium such as a hard disk drive or an optical disk. Alternatively, embodiments of the present invention may be implemented - in its entirety or in part - by means of specially adapted hardware, e.g. programmable logic devices, such as field- programmable gate arrays, or by means of application-specific integrated circuits (ASICs), which may be incorporated in the communication adapter included in the access point. Exemplary methods and devices for initiating handover of a wireless terminal, in accordance with the invention, will now be described.
Fig. 2 includes three schematic flow charts illustrating methods/steps involved in the handover of a wireless terminal operating in a wireless local area network from a first, initiating access point to a second, target access point. The vertical arrows illustrate transitions between steps performed by a network element, more particularly the wireless terminal (a), the first, initiating access point (b) and the second, target access point (c). The horizontal, dotted lines schematically represent data flow between the network elements. The arrows of the horizontal, dotted lines indicate a normal direction of data flow. A bidirectional arrow indicates that the data flow will normally comprise messages traveling in either direction. For the purpose of illustration and readability, the wireless terminal has been denoted by STA. Likewise, the first access point is denoted API, and the second access point is denoted AP2.
The first access point, the second access point or both may be virtual access points. In a particular embodiment, the first and the second access points are virtual access points implemented on a single physical access point.
In an embodiment, the first wireless network is identified by a first extended service set identifier and the second wireless network is identified by a second extended service set identifier. In an embodiment, the first wireless network is an unsecured wireless local area network (WLAN) and the second wireless network is a secured wireless local area network (WLAN).
In an embodiment, the first wireless network provides restricted access to a limited set of network services and the second wireless network provides access to a full set of network services.
In the flowcharts of fig. 2, it will be appreciated that the illustrated sequences of steps are provided in order to make the methods easier to understand. Some of the steps may be performed in different order without any consequences for the result, and in this case, the order of the steps may be performed in a different order. Certain steps may even be performed concurrently or simultaneously, if desired.
The initiating step 200 initiates a method in a wireless terminal for obtaining data communication access.
Corresponding steps performed by the first access point are initiated by the initiating step 300. Corresponding steps performed by the second access point are initiated by the initiating step 400.
In step 201, performed by the wireless terminal, a communication is established between the wireless terminal and the first access point in the first wireless network. More specifically, the wireless terminal may be associated with the first access point. Alternatively, the wireless terminal may have been associated with the first access point in a previous step which has not been illustrated.
A corresponding step 301 is performed by the first access point, establishing communication with the wireless terminal. More specifically, the first access point may associate the wireless terminal in step 301. Alternatively, the wireless terminal may have been associated with the first access point in a previous step which has not been illustrated.
In step 310, the first access point establishes that the wireless terminal is to be handed over to the second access point.
In step 320, a handover instruction is composed. The composed handover instruction will be transmitted to the wireless terminal in order to initiate handover to the second access point.
The composing step 320 comprises including in the handover instruction information that identifies the second access point.
In an embodiment, the information that identifies the second access point includes an extended service set identifier of the second wireless network. This identification may e.g. be an SSID in conformity with the IEEE 802.11 specification, or another service set identifier as described below. In an embodiment, the information identifying said second access point includes a basic service set identifier, or a media access control (MAC) address, or both, of the
second, target access point. The basic service set identifier may be a BSSID in conformity with the IEEE 802.11 specification, or another basic service set identifier as described below.
In scenarios where the first initiating access point wants to instruct the wireless terminal to hand over to any target access point in another target extended service set, it might not be necessary that the handover instruction includes the BSSID of a second target access point, and the inclusion of only the SSID might be sufficient. In this case, the wireless terminal might subsequently have to discover a second target access point in the target extended service set. This means that if the target extended service set includes several access points and the handover instruction does not specify a particular one of these access points, the wireless terminal may choose any preferable access point in the target extended service set.
In scenarios where the first initiating access point wants to instruct the wireless terminal to hand over to a specific target access point in another target extended service set, the handover instruction may include the BSSID of the target access point. Moreover, the inclusion of the BSSID in the handover instruction may remove the need for the wireless terminal to perform a subsequent discovery of the second target access point.
Step 320 of composing the handover instruction may comprise to embody the handover instruction as a single data frame, such as an IEEE 802.1 1 Action frame, e.g. as further illustrated below with reference to figures 5-9.
Step 320 of composing the handover instruction may comprise authentication information in the handover instruction. Such authentication information may comprise security information, such as information about security/encryption schemes, e.g. WPA or WP A2, (Wi-Fi Protected Access), WEP (Wired Equivalent Privacy), No Encryption, Message Integrity, or 802.11 Authentication.
The authentication information may also specify primary methods for authentication such as Captive Web portal authentication (also known as Sticky Page Authentication), or EAP-based (Extensible Authentication Protocol) authentication using WPA/WPA2 or IEEE 802. Ix. The authentication information may also, or alternatively, comprise specification of secondary authentication methods, such as the type of EAP method that is supported (in case of EAP based authentication), information that indicates if the authentication is based on certificates or other credentials, such as passwords, etc. Step 320 of composing the handover instruction may comprise including in the handover instruction information representing the remaining time period the wireless terminal is allowed to be connected to said first access point. In this case, the method may further comprise the step of handing over to the second access
point when the remaining time, identified by content for the handover instruction, has elapsed. Such timeout/check steps may further involve the use of disassociation and/or de-authentication instructions, and will be described in closer detail below with reference to a timeout/check submethod illustrated in fig. 4. Next, in step 330, the handover instruction composed in step 320 is transmitted to the wireless terminal.
In the corresponding step 210, performed by the wireless terminal, the handover instruction is received from the first access point.
The wireless terminal then transmits a request to the second wireless network to establish communication over the second access point.
When an access point and a wireless terminal communicate in accordance with the IEEE 802.11 specification, it is required that the wireless terminal authenticates with the access point before it is allowed to associate with the access point.
Therefore, in such embodiments, step 220 is performed by the wireless terminal for authenticating with the second access point. In an embodiment, the transmission of a request to the second wireless network to establish communication over the second access point is a part of the authenticating step 220. Correspondingly, the second access point performs step 410 of authenticating the wireless terminal.
The authentication process may include steps in which the wireless terminal and access point are not successfully authenticated with each other unless the wireless terminal is able to prove to the access point that it is holding sufficient credentials to be authenticated and/or unless the access point is able to prove to the wireless terminal that it is holding sufficient credentials to be authenticated.
The authentication process may also include only a no-authentication approach, in which the wireless terminal and the access point is successfully authenticated with each other without any of them having to prove that they hold any credentials. Whether or not authentication is undertaken with the use of such a no-authentication approach is a matter of definition. In this specification, a no-authentication method may also be considered as a method for authentication. When an access point and a wireless terminal communicate in accordance with the IEEE 802.11 specification, it is required that the wireless terminal associates with the access point before it is allowed to exchange any data frame with the access point.
Therefore, in such embodiments, upon the completion of the authentication step 410, step 420 of associating the wireless terminal is performed by the second access point.
Step 230 is performed by the wireless terminal as the counterpart to step 420 in the second access point. In step 230 the wireless terminal associates with the second access point.
In an embodiment, the transmission of a request to the second wireless network to establish communication over the second access point is a part of the authenticating step 220.
In an embodiment, the transmission of a request to the second wireless network to establish communication over the second access point is a part of the association step 230. Subsequent to the association, the steps performed at the second access point terminates at step 490, and the steps performed at wireless terminal terminate at step 290.
Fig. 3 includes three schematic flow charts illustrating methods/steps involved in the handover of a wireless terminal operating in a wireless local area network from a first, initiating access point to a second, target access point. The vertical arrows illustrate transitions between steps performed by a network element, more particularly the wireless terminal (a), the first, initiating access point (b) and the second, target access point (c). The horizontal, dotted lines schematically represent data flow between the network elements. The arrows of the horizontal, dotted lines indicate a normal direction of data flow. A bidirectional arrow indicates that the data flow will normally comprise messages traveling in either direction. For the purpose of illustration and readability, the wireless terminal has been denoted by STA. Likewise, the first access point is denoted API, and the second access point is denoted AP2. In all the flowcharts of fig. 3, it will be appreciated that the illustrated sequences of steps are provided in order to make the methods easier to understand. Some of the steps may be performed in different order without any consequences for the result, and in this case, the order of the steps may be performed in a different order. Certain steps may even be performed concurrently or simultaneously, if desired. The methods and steps illustrated in figure 3 may include all the features that have already been described above with reference to fig. 2. In the following description, emphasis will therefore be put on describing the additional or distinguishing features.
The initiating step 200 initiates a method in a wireless terminal for obtaining data communication access. Corresponding steps performed by the first access point are initiated by the initiating step 300. Corresponding steps performed by the second access point are initiated by the initiating step 400.
Upon the establishing of a communication with the first access point in step 201, the wireless terminal performs step 202 of obtaining security credentials.
In the credential obtaining step 202, the wireless terminal obtains security credentials while it is associated with the first access point. The security credentials will enable the terminal to authenticate with the second, target access point. The security credentials may, e.g., be a digital certificate, and they may, e.g., have been provided as a result of an authentication using a captive web portal, i.e. a web portal that forces a client to complete a user authentication. In the credential obtaining step 202 the security credentials are first requested and then received from the first access point. The security credentials are further transmitted to the second access point as part of the authentication request 220.
Several alternatives for how the first access point is able to provide the security credentials are within the scope of the invention. According to some embodiments, the first access point is configured to include a service which maintains such credentials in memory. Credentials are then obtained from memory and provided to wireless terminals e.g. dependent on authentication from the wireless terminal. Alternatively, the first access point may be configured to request and obtain such credentials from a server with which it is in communication. Such a request may be sent by the first access point using its own authentication capabilities towards the server, or the role of the first access point may simply be to forward a request from the wireless client, e.g. to a captive web server as described above, and to forward the response from the server to the wireless client.
The first access point performs step 301 of establishing a communication with the wireless terminal in step. Next the first access point performs step 302 of observing that the wireless terminal has obtained security credentials, e.g. a digital certificate.
If the wireless access point is configured to administer its own service of providing credentials, or to request credentials from a server using its own authentication, it is trivial for the first access point to observe that the wireless terminal has obtained security credentials. If the first access point is simply forwarding requests and responses between the wireless client and a server, the first access point may monitor such traffic in order to detect that a request for credentials has resulted in a response.
The security credentials may according to some embodiments be transmitted to the wireless terminal as application data. Next, the first access point performs step 310 of establishing that the wireless terminal is to be handed over to the second access point, e.g. in the same way as the in the method described above with reference to fig. 2. This may e.g. be established
as a consequence of a positive observation of the fact that the wireless terminal has received security credentials.
In step 320, a handover instruction is composed, e.g. in the same way as described above with reference to fig. 2. The handover instruction is transmitted to the wireless terminal in step 330, e.g. in the same way as described above with reference to fig. 2.
According to some embodiments the handover instruction is transmitted as data link control data, e.g. as service data on layer two of the OSI model. According to other embodiments the handover instruction is transmitted as application data. Next the timeout/check submethod 340 may be performed. The timeout/check submethod 340 is described in closer detail below with reference to fig. 4.
The terminating step 390 terminates the steps performed by the first access point.
Upon step 330 of transmitting the handover instruction, receiving step 210 is performed by the wireless terminal, e.g. in the same way as explained above with reference to fig. 2.
If the handover instruction was transmitted as application data, as per some embodiments of the application, there may be an application running on the wireless client that is capable of receiving such application data and interacting with services operating e.g. at the data link level in order to compose the request that is to be transmitted to the second access point. Alternatively, if all data is received as data link control data, it may be sufficient to involve services on the wireless terminal operating on the data link control level.
The method illustrated in fig. 3 further includes steps relating to discovery of the second access point, which may be performed in certain embodiments. These steps are illustrated at 212, 402, 404 and 214, which are explained further below.
The steps relating to discovery of the second access point may be omitted or irrelevant, in particular in case the wireless terminal has already discovered the second access point, or if the wireless terminal discovers the second access point by other means. The discovery instruction transmitting step 212 might be performed by the wireless terminal. Such a discovery instruction transmitting step comprises transmitting a discovery instruction to surrounding access points, including the second access point.
The discovery instruction may be received by the second access point in the discovery instruction receiving step 402. As a result, the second access point may
transmit a response in the response transmitting step 404. The response may announce the presence of the second access point. The response may further announce information about certain capabilities of the second access point.
Responsive to the response submitted by the second access point, the wireless terminal may perform the step 214 of discovering the presence of the second access point. Step 214 may also comprise providing information about the capabilities of the second access point.
The discovery instruction may, e.g., be a probe request frame in conformity with the IEEE 802.11 specification. The discovery instruction may contain the extended service set identifier of the second access point, in order to identify the second access point. The discovery instruction may further include the basic service set identifier of the second access point.
The response transmitted by the second access point in the transmitting step 404 and received by the wireless terminal in step receiving step 214 may, e.g., be a probe response frame in conformity with the IEEE 802.11 specification. The response may contain the extended service set identifier and the basic service set identifier of the second access point.
Alternatively, the discovery in steps 402 and 404 may be replaced by a step where the second access point transmits a discovery message, e.g. periodically or arbitrarily, to surrounding nodes, including the wireless terminal. The discovery message may, e.g., be a beacon frame transmitted by the second access point. In this case, the wireless terminal might go directly from step 210 to 214, where the discovery in 214 comprises the reception of the beacon frame transmitted by the second access point. Next, consistent with the illustrated embodiment in fig, 3, the authenticating step 220 and the associating step 230 are performed, wherein the wireless terminal authenticates and associates with the second access point, e.g. in the same way as described above with reference to fig. 2.
Correspondingly, the authenticating step 410 and the associating step 420 are performed by the second access point.
A request to the second wireless network to establish communication over the second access point, transmitted by the wireless terminal, may be considered as a substep contained in the authenticating step 220 or the associating step 230, analogous to what has been described above with reference to fig. 2. As a result of the associating step 230 in the wireless terminal and the associating step 420 in the second access point, data frames are exchanged with the second access point in step 232, i.e. data communication access has been obtained.
The method in the wireless terminal terminates at step 290, while the terminating step 490 terminates the steps performed by the second access point.
Fig. 4 is a schematic flow chart illustrating exemplary steps of the timeout/check submethod 340, referred to in figures 2 and 3. The timeout/check submethod is initiated at step 800.
It is assumed that information representing the remaining period of time that the wireless terminal is allowed to be connected to the first, initiating access point, is provided in the submethod. Consistent with an embodiment, such information representing the allowable, remaining period of time may be included in the handover instruction.
In the timeout/check submethod, the wireless terminal is forced to hand over to the second, target access point when the remaining time has elapsed. This is illustrated by the time test substep 860, testing if the time limit, representing the time period, has expired. If the time limit has not expired, the time test step 860 is repeated. It will be understood that such iteration does not necessarily mean that the access point is busy in the resulting loop. Instead, the access point may perform other tasks or be idle until the time limit has expired, and the method may continue at the association test step 870.
In the association test step 870 the first access point determines if the terminal is still associated with the first access point.
For example, the first access point may maintain a list of wireless terminals that are associated with it. When a wireless terminal successfully associates with the access point, an identifier of the wireless terminal (e.g. the MAC address of the wireless terminal) is added to the list. When the wireless terminal disassociates with the access point, it is removed from the list. With such an implementation, the association test is performed by checking if the terminal is still on the list of associated terminals.
Consistent with an embodiment, if the terminal is still associated, the disassociation step 875 is performed, wherein a disassociation message is transmitted to the wireless terminal. For example, the disassociation message might be a
"disassociation frame", according to the IEEE 802.11 specification. After the disassociation step 875, or alternatively if the terminal was determined not to be still associated, the method continues at the authentication test step 880.
Next, consistent with an embodiment, an authentication test step 880 is performed, wherein the first access point determines if the terminal is still authenticated with the first access point.
For example, the first access point may maintain a list of wireless terminals that are authenticated with it. When a wireless terminal successfully authenticated with the access point, an identifier of the wireless terminal (e.g. the MAC address of the wireless terminal) is added to the list. When the wireless terminal de-authenticates with the access point or is being de-authenticated by the access point, it is removed from the list. With such an implementation, the authentication test is performed by checking if the terminal is still on the list of authenticated terminals.
If the terminal is still authenticated, the de-authentication step 885 is performed, wherein a de-authentication message is transmitted to the wireless terminal. For example, the de-authentication message may be a "de-authentication frame", according to the IEEE 802.11 specification. After the de-authentication step 885, or alternatively if the terminal was determined not to be still authenticated, the method continues at the terminating step 890.
As will be understood from the above explanation, the step of forcing the wireless terminal to hand over to the second, target access point may comprise the transmitting of a disassociation message to the wireless terminal. Alternatively, or in addition, the step of forcing the wireless terminal to hand over to the second access point may comprise the transmitting of a de-authentication message to the wireless terminal. The timeout/check submethod is terminated at step 890.
The above mentioned timeout/check submethod may be performed as part of any proposed embodiment of a method for initiating a handover of a wireless terminal from a first access point in a first wireless network to a second access point in a second wireless network. Fig. 5 is a schematic diagram illustrating the principles of an exemplary frame structure applicable for the methods described above.
An Action Frame is illustrated at 901. The Action Frame includes, i.a., a MAC portion field 902. The MAC portion field includes, i.a., a Frame Body 903. The Frame Body 903, which is illustrated in further detail in the lower part of fig. 9 contains an Action field 904. The Action field 904 includes a Category subfield 905 and an Action Details subfield 906.
The Category subfield 905 carries an 8-bit code with a value that indicates that this Action Frame 901 is an action frame for handover between extended service sets. The Action Details subfields 906 carries information that is necessary to instruct the terminal to hand over to a new target extended service set, including the SSID of the new target extended service set.
Fig. 6 is a schematic diagram illustrating exemplary details of the frame structure illustrated in fig. 5.
As explained above, the Frame Body 903 of the Action Frame 901 includes a Category subfϊeld 905 and an Action Details subfield 906. The Action Details subfϊeld 906 contains an Action subfield 1005 that carries an 8-bit code indicating further detail about the content of the Action frame 901. In this embodiment, the code might indicate that this Action Frame 901 carries a handover instruction to hand over any access point within the target extended service set identified by the SSID found in the Action Frame 901, where the SSID here is defined according to the IEEE 802.11 specification. After the Action subfield 1001 follows the SSID information element (SSID IE) 1002.
The Element ID field 1003 within the SSID IE is an 8-bit field indicating that this information element is an SSID IE, and that the format of the fields after the Element ID 1003 is on a format according to how SSID IEs must be formed. An SSID IE 1002 must carry an 8-bit Length subfield 1004 after the Element ID subfield 1003 indicating the length in bit-octets (bytes) of the SSID 1005 that follows after the Length subfield 1004. The SSID 1005 is identifying the target extended service set that the terminal is instructed to hand over to. The length indicator in the Length subfield 1003 is necessary since the SSID length may generally be variable.
Fig. 7 is another schematic diagram illustrating exemplary details of the frame structure illustrated in fig. 5.
As explained above, the Frame Body 903 of the Action Frame 901 includes a Category subfield 905 and an Action Details subfield 906. The Action Details subfield 906 contains an Action subfield 1101 that carries an 8-bit code indicating further detail about the content of the Action frame 901. In this embodiment, the code in the Action subfield 1201 might indicate that this Action Frame 901 carries a handover instruction to hand over to a specific access point within the target extended service set identified by the SSID 1005 and ESSID 1104 found in the Action Frame 901, where the SSID here is defined according to the IEEE 802.11 specification and where the ESSID here is defined according to the current draft 802.1 Iu amendment to this specification. After the Action subfield 1001 follow the SSID information element (SSID IE) 1002 and the ESSID information element (BSSID IE) 1102. The SSID IE 1002 is on the same format as shown in figure 6, and contains the
SSID 1005 of the target extended service set that the target access points belongs to.
The Element ID field 1103 within the ESSID IE is an 8-bit field indicating that this information element is an ESSID IE, and that the format of the fields after the
Element ID 1103 is on a format according to how ESSID IEs must be formed. An ESSID IE 1102 must carry a 48-bit (6 octets) ESSID subfield 1104 after the Element ID subfield 1103. The ESSID in the ESSID subfield 1104 is a globally unique number that ensures that the service set identifier comprised by the SSID and ESSID found in the SSID IE and ESSID IE subfields, respectively, is globally unique.
Fig. 8 is another schematic diagram illustrating exemplary details of the frame structure illustrated in fig. 5.
As explained above, the Frame Body 903 of the Action Frame 901 includes a Category subfield 905 and an Action Details subfield 906. The Action Details subfield 906 contains an Action subfield 1201 that carries an 8-bit code indicating further detail about the content of the Action frame 901. In this embodiment, the code in the Action subfield 1201 might indicate that this Action Frame 901 carries a handover instruction to hand over to a specific access point within the target extended service set identified by the SSID 1005 found in the Action Frame 901, where the specific target access point is identified by the BSSID 1204 found in the Action Frame. After the Action subfield 1201 follow the SSID information element (SSID IE) 1002 and the BSSID information element (BSSID IE) 1202.
The SSID IE 1002 is on the same format as shown in figure 6, and contains the SSID of the target extended service set that the target access points belongs to.
The Element ID field 1203 within the BSSID IE 1202 is an 8-bit field indicating that this information element is a BSSID IE, and that the format of the fields after the Element ID 1203 is on a format according to how BSSID IEs must be formed. A BSSID IE 1202 must carry a 48-bit (6 octets) BSSID subfield 1204 after the Element ID subfield 1203. The BSSID in the BSSID subfield 1204 identifies the target access point that the terminal is instructed to hand over to.
Fig. 9 is another schematic diagram illustrating exemplary details of the frame structure illustrated in fig. 5.
As explained above, the Frame Body 903 of the Action Frame 901 includes a Category subfield 905 and an Action Details subfield 906. The Action Details subfield 906 contains an Action subfield 1301 that carries an 8 -bit code indicating further detail about the content of the Action frame 901. In this embodiment, the code in the Action subfield 1301 might indicate that this Action Frame 901 carries a handover instruction to hand over to a specific access point as explained for figure 8, as well as with further authentication details about how to authenticate with the target access point.
The SSID IE 1002 is on the same format as shown in figure 6, and contains the SSID of the target extended service set that the target access points belongs to.
The BSSID IE 1202 is on the same format as shown in figure 8, and contains the BSSID of the target access points that the terminal is instructed to hand over to. The Element ID field 1303 within the RSN (Robust Secure Network) IE 1302 is an 8-bit field indicating that this information element is an RSN IE, and that the format of the fields after the Element ID 1303 is on a format according to how RSN IEs must be formed. The RSN IE carries further information about how to authenticate with the target access point in the Authentication details subfield 1304. Consistent with certain embodiments of the methods described above, the
BSSID/SSID fields contained in the action frame, in particular in the Action Details of the frame body of the MAC portion, may be used for including the SSID and the BSSID of the second, target access point in a handover instruction.
Consistent with an embodiment of the method described with reference to fig. 2, the RSN IE fields contained in the action frame, in particular in the Action Details of the frame body of the MAC portion, may be used for including authentication information.
The remaining elements on figures 5, 6, 7, 8, and 9 will be easily understood by the skilled person, in particular in light of the foregoing description. In particular, the Preamble of the Action frame 901 may be an action frame preamble, and the PLCP header may be a physical layer convergence protocol header of an action frame.
When interpreting the exemplary illustrations of frame format principles above, it should be understood that the indicated identification elements and/or information elements may be arranged in various ways without departing from the principles and scope of the shown embodiments. The order of BSSID and SSID elements may be interchanged, and the location of certain elements in the frames, frame bodies and information element may be changed according to implementation specifications. In particular, although the authentication information has been illustrated in an RSN IE field at the end of the Action Details part of the frame body, it should be recognized that many other possibilities exist for including authentication information in the handover instruction.
Although it has specifically been mentioned that action frames are used by example and for illustration, it should be appreciated that other frame types may alternatively be used for the handover instruction. Exemplary methods and devices for discovering candidate access points in a wireless local area network, in accordance with the invention, will now be described.
Fig. 10 is a schematic flow chart illustrating a first embodiment of a method for discovering candidate access points in a wireless local area network.
The method is performed by a wireless terminal communicatively operating in the wireless local area network. Consistent with this embodiment, the method is initiated by an announcement frame transmitted from an access point in the wireless local area network. An announcement frame is a communication frame that is transmitted by another network element either randomly, or periodically, or substantially periodically, i.e. not as a response to a preceding request. An announcement frame may e.g. be a beacon frame. The left portion of the flowchart corresponds to steps performed by the wireless terminal. The right portion of the flowchart corresponds to steps performed by a physical or virtual access point in the communication coverage area of the wireless terminal. The dotted lines between the left and right portions represent communication, in the direction indicated by the arrows, between the wireless terminal and an access point.
The method starts at the initiating step 2200.
An aim of the illustrated method is to discover candidate access points (which do not necessarily include the access point that is part of the communication illustrated in fig. 10). Each candidate access point is represented by a basic service set and an extended service set.
In step 2210, the wireless terminal waits for an announcement frame transmitted by the access point in the communication coverage area.
A corresponding process performed by the access point in the communication coverage area, shown to the right in fig. 10, is initiated at the access point process initiating step 2270.
In step 2280, the access point transmits an announcement frame which includes a number of identification pairs. Each pair includes a first identification (BSSID) that identifies a basic service set, and a second identification (SSID) that identifies an extended service set. Consistent with an embodiment, the transmitting step 2280 comprises transmitting the IEEE 802.11 Beacon frame. Alternatively, other frame types may be used. Step 2280 may be repeated after a pause or idle step 2290, wherein the access point may perform other tasks.
Referring again to the wireless terminal process shown in the left portion of fig. 10, the announcement frame is received in the receiving step 2220. The announcement frame includes a number of identification pairs, each pair including a first identification (BSSID) that identifies a basic service set, and a second identification (SSID) that identifies an extended service set. In an embodiment, the announcement
frame is an IEEE 802.11 Beacon frame, i.e. the Beacon frame transmitted by the access point in step 2280 referred to above. Further details of frame structures that may be used with the first embodiment of the method, as illustrated in fig. 10, are described below with reference to fig. 14 and 15. The receiving step 2220 comprises or is followed by a step (not illustrated) of deriving the identification pairs from the received frame.
The step of deriving identification pairs appears directly from the frame structure scheme that has been implemented. For instance, if the exemplary frame structure illustrated in fig. 14 is applied, the identification pairs BSSIDl /SSIDl, BSSID2/SSID2, etc. are explicitly obtainable from the Multi-SSID IE field 2603 included in the Frame Body field 2602 of the (e.g.) Beacon Frame 2601.
In an embodiment, the number of identification pairs is 1. In other embodiments, the number is 2, 3, 4, or 5, respectively. Alternatively, the number may be any number larger than 5. At this point in the process, the candidate access points have been discovered.
Consistent with an embodiment, a candidate access point is a virtual access point among a plurality of virtual access points implemented on a single physical access point node. Alternatively, a candidate access point is a non-virtual access point, i.e. a physical access point node. Consistent with an embodiment, the selecting step 2230 is subsequently performed. In the selecting step 2230, an identification pair is selected from the number of identification pairs.
Consistent with a feature of the invention, the selecting step 2230 includes reading an input that represents the selected identification pair, e.g. from a user interface. In such a situation, information representing the discovered candidate access points may be presented to the user, and the input is provided by the user. Alternatively, the selection may be performed automatically, based on certain policies, based on physical signal parameters such as signal strength, as a result of a network initiated handover, pseudo-randomly, or as a result of other, e.g. external events or other information.
Subsequent to the selecting step 2230, the selected candidate access point has been determined.
Subsequent to the selecting step 2230, further steps may additionally be performed for authenticating and associating the wireless terminal with the selected candidate access point that has been discovered, enabling the exchange of data frames between the wireless terminal and the selected candidate access point.
In such embodiments, the method further comprises steps of authenticating said wireless terminal with said selected candidate access point, and associating said wireless terminal with said selected candidate access point.
This may be performed by first executing step 2240 of transmitting an authentication request using the BSSID of the selected identification pair, followed by the step 2242 of authenticating the wireless terminal with the selected candidate access point.
Next, the step 2244 of transmitting an association request using the SSID of the selected identification pair may be performed, followed by step 2246 of receiving an association response corresponding to the association request.
As a result, the data exchange step 2250 may be performed, wherein data frames are allowed to be exchanged between the wireless terminal and the selected discovered candidate access point.
The process in the wireless terminal may be terminated at 2260. Fig. 11 is a schematic flow chart illustrating a second embodiment of a method for discovering candidate access points in a wireless local area network. The embodiment of fig. 11 corresponds largely to the embodiment of figure 10, except from the initiating part. While the embodiment of fig. 10 was initiated by waiting for an announcement frame, the embodiment of fig. 11 is actively initiated by transmitting a request frame.
The method is performed by a wireless terminal communicatively operating in the wireless local area network.
The left portion of the flowchart corresponds to steps performed by the wireless terminal. The right portion of the flowchart corresponds to steps performed by a physical or virtual access point in the communication coverage area of the wireless terminal. The dotted lines between the left and right portions represent communication, in the direction indicated by the arrows, between the wireless terminal and an access point.
The method starts at the initiating step 2300. An aim of the illustrated method is to discover candidate access points (which do not necessarily include the access point that is part of the communication illustrated in fig. 11.) Each candidate access point is represented by a basic service set and an extended service set.
In step 2310, the wireless terminal transmits a request frame.
A corresponding process performed by an access point in the communication coverage area, shown to the right in fig. 11, is initiated at the access point process initiating step 2370.
In step 2380, the access point waits for a request frame transmitted by a wireless terminal, while performing other tasks.
In step 2390, which is performed by the access point upon the receipt of a request frame, a response frame is transmitted, which includes a number of identification pairs. Each pair includes a first identification (BSSID) that identifies a basic service set, and a second identification (SSID) that identifies an extended service set. In the wireless terminal process shown to the left in fig. 11, the response frame is received in the receiving step 2320. In this embodiment, the response frame thus includes a number of identification pairs, each pair including a first identification (BSSID) that identifies a basic service set, and a second identification (SSID) that identifies an extended service set. Consistent with an embodiment of the method illustrated in fig. 11, the request transmitting step 2310 comprises transmitting an IEEE 802.11 Probe Request frame. Further in this embodiment, the receiving step 2320 comprises receiving an IEEE 802.11 Probe Response frame. Correspondingly, in this embodiment, the transmitting step 2380 performed by the access point comprises transmitting the IEEE 802.11 Probe Response frame. Alternatively, other frame types may be used. Further details of frame structures that may be used with the second embodiment of the method, as illustrated in fig. 11, are described below with reference to fig. 14 and 15.
The receiving step 2320 comprises or is followed by a step (not illustrated) of deriving the identification pairs from the frame. The step of deriving will be explicitly understood from the frame structure scheme that has been implemented, in the same manner as explained above with reference to the first embodiment of fig. 10.
In an embodiment, the number of identification pairs is 1. In other embodiments, the number is 2, 3, 4, or 5, respectively. Alternatively, the number may be any number larger than 5.
Consistent with an embodiment, the candidate access point is a virtual access point among a plurality of virtual access points implemented on a single physical access point node. Alternatively, the candidate access point is a non-virtual access point, i.e. a physical access point node.
Consistent with an embodiment, the selecting step 2230 is subsequently performed. The selecting step 2230 has been previously described above with reference to fig 10.
Subsequent to the selecting step 2230, further steps may additionally be performed for authenticating and associating the wireless terminal with the candidate access point that has been discovered, enabling the exchange of data frames between the wireless terminal and the candidate access point. Such steps 2240, 2242, 2244, 2246, 2250 have been described above with reference to fig. 10.
The process in the wireless terminal may be terminated at 2360. Fig. 12 is a schematic flow chart illustrating a third embodiment of a method for discovering candidate access points in a wireless local area network.
The method is performed by a wireless terminal communicatively operating in the wireless local area network. Consistent with this embodiment, the method is initiated by a request transmitted by the wireless terminal, similar to the embodiment illustrated in fig. 11. The wireless terminal is pre-associated with an access point, but is also looking for further SSID/BSSID pairs in order to discover candidate access points, e.g. for the further purpose of associating with a selected candidate access point.
The left portion of the flowchart corresponds to steps performed by the wireless terminal. The right portion of the flowchart corresponds to steps performed by an access point in the communication coverage area of the wireless terminal. The dotted lines between the left and right portions represent communication, in the direction indicated by the arrows, between the wireless terminal and an access point. The method starts at the initiating step 2400.
An aim of the illustrated method is to discover candidate access points (which do not necessarily include the access point that is part of the communication illustrated in fig. 11.) Each candidate access point is represented by a basic service set and an extended service set. In step 2410, the wireless terminal transmits a request frame.
A corresponding process performed by an access point in the communication coverage area, shown to the right in fig. 12, is initiated at the access point process initiating step 2470.
In step 2480, the access point waits for a request frame transmitted by a wireless terminal, while performing other tasks.
In step 2490, which is performed by the access point upon the receipt of a request frame, a response frame is transmitted, which includes a number of identification pairs. Each pair includes a first identification (BSSID) that identifies a basic service set, and a second identification (SSID) that identifies an extended service set. In the wireless terminal process shown to the left in fig. 12, the response frame is received in the receiving step 2420. The response frame thus includes a number of identification pairs, each pair including a first identification (BSSID) that identifies a basic service set, and a second identification (SSID) that identifies an extended service set. Consistent with an embodiment of the method illustrated in fig. 12, the request transmitting step 2410 comprises transmitting an IEEE 802.11 Action frame. Further in this embodiment, the receiving step 2420 comprises receiving an IEEE 802.11 Action frame. Correspondingly, in this embodiment, the transmitting step 2480 performed by the access point comprises transmitting the IEEE 802.11 Action frame. Alternatively, other frame types may be used. Further details of frame structures that may be used with the third embodiment of the method, as illustrated in fig. 12, are described below with reference to fig. 16, 17, 18, and 19.
The receiving step 2420 comprises or is followed by a step (not illustrated) of deriving the identification pairs from the frame. The step of deriving will be explicitly understood from the frame structure scheme that has been implemented, in the same manner as explained above with reference to the first embodiment of fig. 10.
In an embodiment, the number of identification pairs is 1. In other embodiments, the number is 2, 3, 4, or 5, respectively. Alternatively, the number may be any number larger than 5.
Consistent with an embodiment, the candidate access point is a virtual access point among a plurality of virtual access points implemented on a single physical access point node. Alternatively, the candidate access point is a non-virtual access point, i.e. a physical access point node. In an embodiment, in the storing step 2430, the identification pairs are stored in a memory as a list of pairs for later use. The list may be embodied in a memory in the wireless terminal, in particular in a wireless communication adapter of the wireless terminal.
Consistent with an embodiment, the selecting step 2230 is subsequently performed. The selecting step has been previously described above with reference to fig 10.
Additionally, if the identification pairs have been stored in a storing step 2430, the
identification pair may be selected from the stored list of pairs. The selected identification pair corresponds to the selected discovered candidate access point.
Subsequent to the selecting step 2230, further steps may additionally be performed for authenticating and associating the wireless terminal with the candidate access point that has been discovered, enabling the exchange of data frames between the wireless terminal and the candidate access point. Such steps 2240, 2242, 2244, 2246, 2250, have been described above with reference to fig. 10.
The process in the wireless terminal may be terminated at 2460.
Fig. 13 is a schematic flow chart illustrating a fourth embodiment of a method for discovering candidate access points in a wireless local area network.
The method is performed by a wireless terminal communicatively operating in the wireless local area network. Consistent with this embodiment, the method is initiated by an announcement frame transmitted by an access point, similar to the first embodiment illustrated in fig. 10. However, in the embodiment of fig. 13, the wireless terminal is pre-associated with an access point, as opposed to the embodiment of fig. 10. The wireless terminal is also looking for further SSID/BSSID pairs in order to discover candidate access point, e.g. for the further purpose of associating with a selected discovered candidate access point, similar to the embodiment of fig. 12. The left portion of the flowchart corresponds to steps performed by the wireless terminal. The right portion of the flowchart corresponds to steps performed by an access point in the communication coverage area of the wireless terminal. The dotted lines between the left and right portions represent communication, in the direction indicated by the arrows, between the wireless terminal and an access point.
The method starts at the initiating step 2500.
An aim of the illustrated method is to discover candidate access points each represented by a basic service set and an extended service set.
In step 2510, the wireless terminal waits for an announcement frame transmitted by an access point in the communication coverage area.
A parallel process performed by an access point in the communication coverage area, shown to the right in fig. 13, is initiated at the access point process initiating step 2570.
In step 2580, the access point transmits an announcement frame which includes a number of identification pairs. Each pair includes a first identification (BSSID) that identifies a basic service set, and a second identification (SSID) that identifies an
extended service set. Consistent with an embodiment, the transmitting step 2580 comprises transmitting an IEEE 802.11 Action frame. Alternatively, other frame types may be used. Step 2580 may be repeated after a pause or idle step 2590, wherein the access point may perform other tasks. Further details of frame structures that may be used with the fourth embodiment of the method, as illustrated in fig. 13, are described below with reference to fig. 16, 17, and 18.
In the wireless terminal process shown to the left in fig. 13, the announcement frame is received in the receiving step 2520. The announcement frame thus includes a number of identification pairs, each pair including a first identification (BSSID) that identifies a basic service set, and a second identification (SSID) that identifies an extended service set.
Consistent with an embodiment of the method illustrated in fig. 13, the receiving step 2520 comprises receiving an IEEE 802.11 Action frame. Alternatively, other frame types may be used. The receiving step 2520 comprises or is followed by a step (not illustrated) of deriving the identification pairs from the frame. The step of deriving will be explicitly understood from the frame structure scheme that has been implemented, in the same manner as explained above with reference to the first embodiment of fig. 10. In an embodiment, the number of identification pairs is 1. In other embodiments, the number is 2, 3, 4, or 5, respectively. Alternatively, the number may be any number larger than 5.
In an embodiment, the identification pairs are stored in the storing step 2530 as a list of pairs for later use. The list may be embodied in a memory in the wireless terminal, in particular in a wireless communication adapter of the wireless terminal.
Consistent with an embodiment, the selecting step 2230 is subsequently performed. The selecting step 2230 has been previously described above with reference to fig 10. Additionally, if the identification pairs have been stored in a storing step 2530, the identification pair may be selected from the stored list of pairs. The selected identification pair corresponds to the selected discovered candidate access point.
Consistent with an embodiment, each candidate access point is a virtual access point among a plurality of virtual access points implemented on a single physical access point node. Alternatively, the candidate access point is a non-virtual access point, i.e. a physical access point node. Subsequent to the selecting step 2230, further steps may additionally be performed for authenticating and associating the wireless terminal with the selected discovered candidate access point, enabling the exchange of data frames between the wireless
terminal and the selected candidate access point. Such steps 2240, 2242, 2244, 2246, 2250 have been described above with reference to fig. 10.
The process in the wireless terminal may be terminated at 2560.
Fig. 14 is a schematic diagram illustrating the principles of an exemplary frame structure applicable for the first and second embodiments of a method for discovering candidate access points.
A Beacon frame may be used as a possible frame type consistent with the first embodiment of the invention. A Beacon Frame is illustrated at 2601. The Beacon Frame includes, i.a., a BSSID field and a Frame Body field 2602. The Frame Body field 2602 includes, i.a., an SSID IE field and a Multi-SSID IE-field 2603. In the present context, IE denotes "Information Element". The BSSID field and the SSID IE field together constitute a default BSSID/SSID pair, illustrated at 2604. The Multi-SSID IE field, which is illustrated in further detail in the lower part of fig. 14, comprises, i.a., the fields BSSIDl, SSIDl, BSSID2, and SSID2. As illustrated, a total number of n BSSID and SSID fields may be included in the Multi-SSID IE field 2603. The BSSID/ fields (i=\,...ή) may be used to contain the first identification that identifies a basic service set, and the SSID/ fields (i=\,...ή) may be used to contain the second identification that identifies an extended service set, for any BSSID/SSID pair /, where n is the number of identification pairs included in the Beacon Frame 2601. In fig. 14, a first non-default BSSID/SSID pair has been illustrated at 2605. Likewise, a «-th non-default BSSID/SSID pair has been illustrated at 2606.
In addition, the Multi-SSID field 2603 may also include an element identification (Element ID) and a total length indicator (Length). In case of variable-length SSIDs the Multi-SSID field 2603 also includes, for each BSSID/SSID pair i, a length field Lem which indicates the length (e.g. in bytes) of the SSID number /. The remaining elements on figure 14 will be well understood by the skilled person.
Fig. 15 is a schematic diagram illustrating the principles of an alternative, exemplary frame structure applicable for the first and second embodiments of a method for discovering candidate access points.
A Beacon frame may be used as a possible frame type consistent with the first embodiment of the invention. A Beacon Frame is illustrated at 2701. The Beacon Frame includes, i.a., a BSSID field and a Frame Body field 2702. The Frame Body field 2702 includes, i.a., an SSID IE (Information Element) field. The BSSID field and the SSID IE field together constitute a default BSSID/SSID pair 2704. A plurality of (three illustrated by example) BSSID/SSID IE fields 2703, also contained in the Frame Body field 2702, are illustrated in further detail in the lower part of fig. 15. Each such BSSID/SSID IE field comprises, i.a., a BSSID and an
SSID. As will be understood, this results in an alternative implementation for providing a plurality of BSSID/SSID pairs within one frame, in particular the Beacon Frame 2701.
In addition, each BSSID/SSID IE field 2703 may also include an element identification (Element ID) and a length indicator (Length), since the SSID length may generally be variable.
In fig. 15, a first non-default BSSID/SSID pair has been illustrated at 2705. Likewise, an n-th non-default BSSID/SSID pair has been illustrated at 2706.
The remaining elements on figure 15 will be well understood by the skilled person. A Probe Request frame and a Probe Response frame may be used as possible frame types consistent with the second embodiment of the invention. In this case, the frame structure of the Probe Response frame will correspond directly to the Beacon Frame structure described above with reference to fig. 14 and 15, since the structures of the frame body of a Beacon frame (illustrated as 2602, 2702) and the frame body of a Probe Response frame are substantially equal. Thus, fig. 14 and 15 are also illustrative for describing details in case of the use of a Probe Response frame.
Fig. 16 is a schematic diagram illustrating the principles of an exemplary frame structure applicable for the third and fourth embodiments of a method for discovering candidate access points.
An Action Frame is illustrated at 2801. The Action Frame includes, i.a., a MAC portion field 2802. The MAC portion field includes, i.a., a Frame Body 2803. The Frame Body 2803, which is illustrated in further detail in the lower part of fig. 16, includes a Category field and an Action Details field. The remaining elements on figure 16 will be well understood by the skilled person.
Fig. 17 is a schematic diagram illustrating exemplary details of the frame structure illustrated in fig. 16.
As explained above, the Frame Body 2803 of the Action Frame 2801 includes a Category field and an Action Details field. In the case of an Action Request Frame 2901, the Category field contains a byte, or another suitable data element, that indicates that the frame is a single BSSID/SSID pair action frame, and the Action field contains a bit, a byte or another suitable data element that indicates that this is a request type Action frame.
In the case of an Action Response Frame 2902, the frame includes the BSSID/SSID pair. In addition, the frame may include the contents of the Category field and
Action field that was also included in the corresponding Action Request Frame 2901.
In addition, the Frame Body 2803 of the Action Frame 2801 may also include a length indicator (Length), since the SSID length may generally be variable. Fig. 18 is a schematic diagram illustrating alternative exemplary details of the frame structure illustrated in fig. 16.
As explained above with reference to fig. 16, the Frame Body 2803 of the Action Frame includes a Category field and an Action Details field.
In the case of an Action Request Frame 2911, the Category field contains a byte, or another suitable data element, that indicates that the frame is a multiple
BSSID/SSID pair action frame. The Action field contains a bit, a byte or another suitable data element that indicates that this is a request type Action frame.
In the case of an Action Response Frame 2912, the frame includes the plurality of BSSID/SSID pairs. In addition, the frame may include the contents of the Category field and Action field that were also included in the corresponding Action Request Frame 291 1. The frame may also include an element (# pairs) containing information on the number of BSSID/SSID pairs.
In case of variable-length SSIDs, the Action Response Frame 2912 may also include, for each BSSID/SSID pair number /, a length field Len/ which indicates the length (e.g. in bytes) of the SSID number /. The remaining elements on figure 18 will be well understood by the skilled person.
Fig. 19 is a schematic diagram illustrating further principles of a frame structure applicable in certain aspects of the invention.
In an embodiment, the identification pairs that are included in and derived from the received frame may comprise a first, default identification pair, and a second, non- default identification pair. This feature is illustrated in fig. 19.
Fig 19 has many points of resemblance with fig. 14 as described above. Reference is therefore also made to fig. 14 and the corresponding description above, and the differences will explained in detail in the following. Further, the frame structure shown in fig. 19 is directly applicable with the first and second embodiments of the invention as illustrated in fig. 10 and 11, respectively. However, the principles of using a first, default identification pair and a second, non-default identification pair in the frame, may also be applicable in other embodiments.
The frame shown at 2921 is a response frame, exemplified as a Probe Response frame, i.e. the frame type used in the second embodiment illustrated in fig. 1 1.
However, the present description would still be relevant in case of an announcement
frame, exemplified as a Beacon frame, as used in the first embodiment illustrated in fig. 10.
The Probe Response frame includes, i.a., a BSSID field and a Frame Body field 2922. The Frame Body field 2922 includes, i.a., an SSID IE field and a Multi-SSID IE-field 2923. In this example, the Multi-SSID IE-field actually contains only one SSID. The field is however denoted "Multi-SSID" in order to obtain consistency with the other embodiments.
The BSSID field and the SSID IE field together constitute a default BSSID/SSID pair. The Multi-SSID IE field, which is illustrated in further detail in the lower part of fig. 14, comprises, i.a., the fields BSSIDl and SSIDl, which form a non-default BSSID/SSID pair.
Thus, in this particular embodiment, there are two identification pairs, wherein one identification pair is the default pair that is contained partly at Probe Response Frame level (BSSID) and partly at Frame Body field level (SSID). The second identification pair is the non-default pair that is contained in the Multi-SSID IE field 2923.
It will be understood that an alternative solution would be to ignore the default BSSID/SSID pair for the purposes of discovering candidate access pairs, and use BSSID/SSID information merely contained in the Multi-SSID IE field 2923 instead, for the purpose of discovering candidate access pairs.
The remaining elements on figure 19 will be well understood by the skilled person, in particular in light of the foregoing description of other embodiments.
Fig. 20 is a schematic diagram illustrating further principles of a frame structure applicable for embodiments of the invention.
The frame structure shown in fig. 20 may be applicable with an embodiment of the invention that conforms to the emerging GAS (Generic Advertisement Service) protocol, which is a part of the IEEE 802.1 Iu amendment.
The frame structure shown in fig. 20 may also be applicable with embodiments utilizing IEEE 802.11 Action Frames for communication. Examples of such embodiments are the third embodiment above, illustrated with reference to fig. 12, and the fourth embodiment illustrated above with reference to fig. 13. However, the principles of fig. 20 may also be applicable in other embodiments.
In fig. 20, an Action frame is shown at 2931. By example, the Action frame 2931 may be an advertisement response element in conformity with the GAS protocol.
The Action frame comprises, i .a., an Advertisement Response Information Element
(IE) 2932. The Action frame may also comprise further elements which are not described herein.
As further illustrated in fig. 20, the Advertisement Response IE 2932 comprises a Native Query Response Information Element (IE) 2933. The Advertisement Response IE 2932 may also comprise further elements, including an Element IE, a Length indicator and an Advertisement Protocol IE.
The Native Query Response IE 2933 comprises an information elements denoted Native Info Multiple SSID Information Elements (Native Info mSSID IE) 2934. The Native Query Response IE 2933 may also comprise further elements, including an Element IE, a Length indicator and other information elements (Other IEs).
The information element Native Info mSSID IEl 2934 comprises, i.a. a number n of container elements, denoted SSID Containers, SSID Container IE \ ...n. The first such container element, SSID Container IE 1, is illustrated at 2935. The Native Info mSSID IEl may also comprise further elements, including an information element Info IE, a Length indicator, and a Status Code element.
Each SSID Container IE (for the purpose of illustration, only SSID Container IEl and SSID Container IEn have been illustrated) comprises, i.a., a BSSID IE 2936 and an SSID IE 2937. Each SSID Container IE may comprise further elements, including an Element IE, a Length indicator, and an optional supplementary information element 2938, which may e.g. be used for an element such as the "RSN IE" of the IEEE 802.1 Ii amendment.
The BSSID IE 2936 includes, i.a., a BSSID. The BSSID IE 2936 may also include further elements, including an Element IE and a Length indicator.
The SSID IE 2937 includes, i.a., an SSID. The SSID IE 2937 may also include further elements, including an Element IE and a Length indicator.
The remaining elements on figure 20 will be well understood by the skilled person, in particular in light of the foregoing description of other embodiments.
When interpreting all the exemplary illustrations of frame format principles, i.e. all the figures 14-20, it should be understood that the indicated identification elements and/or information elements may be arranged in various ways without departing from the principles and scope of the shown embodiments. The order of BSSID and SSID elements may, e.g., of course be interchanged, and the location of certain elements in the frames, frame bodies and information element may be changed according to implementing specifications. Although it has specifically been mentioned, by example, that Action frames are used in the case of an already established association between a wireless terminal
and an access point, it should be appreciated that Action frames may alternatively be used in the communication between an access point and an non-associated wireless terminal.
Exemplary methods and devices for initiating authentication of a wireless terminal with an access point, in accordance with the invention, will now be described.
Fig. 21 is a schematic flow chart illustrating a method performed by a wireless terminal in a wireless local area network for initiating authentication of the wireless terminal with an access point.
The method is performed by a wireless terminal communicatively operating in the wireless local area network. Consistent with this embodiment, the method is initiated by an authentication frame transmitted from an access point in the wireless local area network.
An aim of the illustrated method is to initiate authentication of a wireless terminal with an access point in a wireless local area network. Steps are also described for performing the initiated authentication, to perform a subsequent association and to exchange data between the terminal and the access point.
The method starts at the initiating step 3200.
In step 3210, identification information related to the access point is provided. More specifically, a first identification (BSSID) that identifies a basic service set of the access point and a second identification (SSID) that identifies an extended service set of the access point are provided.
In an embodiment, the step 3210 of providing the first and second identification is performed first. This step 3210 comprises steps of discovering the first and second identification of a number of access points, followed by selecting an access point. Next, in the including step 3220, an authentication request frame is composed. The including step 3220 comprises including the first identification (BSSID) and the second identification (SSID) in the authentication frame.
Consistent with an embodiment, the including step 3220 comprises including the first identification (BSSID) in a MAC portion of the authentication frame.
Consistent with an embodiment, the including step 3220 comprises including the second identification (SSID) in a frame body of a MAC portion of the authentication frame.
Consistent with an embodiment, the second identification (SSID) is included in an information element (SSID IE) in the frame body.
The method for initiating an authentication further comprises a step 3230 of transmitting the authentication request frame.
In an embodiment, the initiating of an authentication may be considered as terminated at this point. Consistent with an embodiment, the method may further comprise a step 3240 of authenticating the wireless terminal with the access point.
Consistent with an embodiment, the method may further comprise a step 3250 of receiving an authentication response, confirming successful authentication, from the access point. Consistent with an embodiment, the method may further comprise associating the wireless terminal with the access point, enabling the exchange of data frames between the wireless terminal and the access point. The step of associating the wireless terminal with the access point may include the step 3260 of transmitting an association request frame that includes the second identification (SSID). Consistent with an embodiment, the method may further comprise the step 3270 of receiving an association response.
As a result, the data exchange step 3280 may be performed, wherein data frames are allowed to be exchanged between the wireless terminal and the access point.
In an embodiment, the access point may be a virtual access point among a plurality of virtual access points implemented on a single physical access point node. Alternatively, the access point is a physical access point.
The method in the wireless terminal may be terminated at 3290.
The method may be implemented in conformity with the IEEE 802.11 specification.
In particular, the above steps relating to authenticating and associating may be implemented in conformity with the IEEE 802.11 specification.
Fig. 22 is a schematic flow chart illustrating a method performed by an access point in a wireless local area network for initiating authentication of a wireless terminal with the access point.
The method starts at step 3300. First, an initial step 3310 may be performed. In the initial step, the access point may perform initial actions such as transmitting beacon frames (e.g. periodically) or it may have transmitted a probe response upon reception of a probe request.
Next, in the receiving step 3320, an authentication request frame is received. The authentication request frame includes a first identification (BSSID) that identifies a desired basic service set and a second identification (SSID) that identifies a desired extended service set. Consistent with an embodiment, the first identification (BSSID) is included in a MAC portion of the authentication request frame.
Consistent with an embodiment, the second identification (SSID) is included in a frame body of a MAC portion of the authentication request frame. More specifically, the second identification (SSID) may be included in an information element (SSID IE) in the frame body.
Next, in the verifying step 3330, the first identification (BSSID) and said second identification (SSID) are extracted from the authentication request frame, and the access point verifies that the first identification (BSSID) and the second identification (SSID) correspond to a current configuration of the access point. The extracting may comprise extracting the first identification (BSSID) from a MAC portion of the authentication request frame, and extracting the second identification (SSID) from the frame body of a MAC portion of the authentication request frame. According to a specific feature, the second identification (SSID) is extracted from an information element (SSID IE) in the frame body of the MAC portion of the authentication request frame.
In an embodiment, the initiating of an authentication may be considered as terminated at this point.
Consistent with an embodiment, the method further comprises the selecting step 3340 of selecting an authentication procedure, based on the second identification (SSID).
Consistent with an embodiment, the method further comprises the authentication step 3350 of authenticating the access point with the wireless terminal.
Consistent with an embodiment, the method further comprises a transmitting step 3360 of transmitting an authentication response, confirming successful authentication.
Consistent with an embodiment, the method further comprises associating the access point with said wireless terminal, enabling the exchange 3390 of data frames between the access point and the wireless terminal. In an embodiment, the associating step may include a step 3370 of receiving an association request frame which includes the second identification (SSID). Upon this request, an association response corresponding to the association request may be transmitted 3380.
In the above described embodiments, the access point may be a virtual access point among a plurality of virtual access points implemented on a single physical access point node.
The method may be implemented in conformity with the IEEE 802.11 specification. In particular, the above steps relating to authenticating and associating may be implemented in conformity with the IEEE 802.11 specification.
Fig. 23 is a schematic diagram illustrating the principles of an exemplary frame structure applicable for an embodiment of a method for initiating the authentication of a wireless terminal with an access point. An Authentication Request frame is illustrated at 3401. The Authentication Request frame 3401 includes, i.a., a MAC portion 3402. The Authentication Request frame 3401 may also include other elements including a preamble (denoted Preamble etc.) and a header (denoted PLCP header).
The MAC portion 3402 comprises, i.a., a Frame Body 3403. It also comprises an identification element 3404, denoted BSSID, which may contain the first identification BSSID. The MAC portion 3402 may also include other elements as indicated on fig. 23 and/or other elements, which will be understood by the skilled person acquainted with the IEEE 802.11 specification.
The Frame Body 3403 includes, i.a., an information element 3405, denoted SSID IE. The Frame Body 3403 may also include other elements as indicated on fig. 23, and/or other elements, which will be understood by the skilled person acquainted with the IEEE 802.11 specification.
The information element 3405 comprises, i.a., a field denoted SSID, which contains the second identification SSID 406. The information element 3405 may also include other fields, including an Element ID, a Length indicator, and/or other elements which will be understood by the skilled person acquainted with the IEEE 802.11 specification.
Fig. 24 is a schematic diagram illustrating the principles of an exemplary frame structure applicable for an embodiment of a method for initiating the authentication of a wireless terminal with an access point.
Fig. 24 equals fig. 23, except from the content of the information element 3405, denoted SSID IE. In the embodiment illustrated in fig. 24, the information element 3405 further comprises a field 3407 which contains the first identification BSSID, here denoted BSSIDl. Consequently, the first identification is contained in the field 3407 rather than in the field 3404 on MAC portion level, as was the case in the embodiment of fig. 23. Thus, in fig. 24, the information element 3405, and thus also the frame body 3403, included in the MAC portion 3402 of the Authentication
frame 3401, includes an identification pair, resulting in that first (BSSID) and second (SSID) identifications are included in the Authentication frame 3401. In the embodiment of fig. 24, the content of the field 3404 may be another identification of a BSSID, which may either be disregarded or used for other purposes. Specific embodiments of the present invention have been described by example above. As described in the foregoing, embodiments of the present invention have particular advantages when implemented in conformity with the IEEE 802.11 specification. However, the skilled person will realize that the principles of the invention may also be applied in other wireless local area network environments, including future network types and standards. The scope of the invention is therefore defined by the appended claims.