For ease of illustration, the various techniques disclosed herein are discussed below in the context of IEEE 802.11-based wireless networking. This context is described in the IEEE 802.11 specifications for wireless local area network (WLAN) media access control (MAC) and Physical Layer (PHY). However, those of ordinary skill in the art, using the teachings provided herein, may implement the disclosed techniques in other wireless networks. Accordingly, references to techniques and components specific to IEEE 802.11 apply also to the equivalent techniques or components in other wireless network standards unless otherwise noted.
A WLAN is identified by its network name, which in IEEE 802.11 is known as a service-set identifier (SSID). An infrastructure basic service set (BSS) is defined in IEEE 802.11 as a single AP together with all its associated mobile stations (STAs), and is uniquely identified by its basic service-set identifier (BSSID). Since an AP is uniquely identified by its MAC address, the MAC address of the AP is used as the BSSID. BSSs are connected to one another via networks denoted distribution systems (DS). Multiple DSs may be interconnected by routing devices. A subnetwork is a portion of a network that shares a common address component and operates at Layers 1 and 2 (physical and data link) of the OSI (Open System Interconnection) reference model. On TCP/IP (Transmission Control Protocol/Internet Protocol) networks, subnetworks are all devices whose Internet Protocol (IP) addresses have the same prefix. Routers, and the process of routing, operate at Layer 3 (network) of the OSI reference model. In IEEE 802.11 an Extended Service Set (ESS) includes two or more BSSs that use the same SSID.
Having a STA join an existing BSS is a multi-stage process, involving scanning, selection of a target AP, authentication, association, and IP address acquisition.
Stage 1—Scanning:
The STA scans, using passive scanning or active scanning or any combination thereof, to identify APs in whose coverage area the STA is currently located. In active scanning, the STA transmits at least one probe request specifying a particular network name and may receive a probe response from an AP configured with the particular network name. The STA extracts details about the AP and the WLAN from the received probe response(s) and adds the details for each received probe response as a record to the scan results of active scanning. In passive scanning, the STA receives beacon frames from APs or probe responses destined for other STAs or both. The STA extracts details about the AP and the WLAN from the received beacon frame(s) and the received probe response(s) and adds the details for each received beacon frame and each received probe response as a record to the scan results of passive scanning A record in the scan results may include at least the following extracted details about the AP and the WLAN: a unique identifier of the AP, for example, its MAC address; the network name of the WLAN; an identification of the frequency band on channels of which communication in the WLAN is conducted; an identification of the channel on which the beacon frame or probe response was received; an indication of the security type implemented in the WLAN; and if applicable to the security type, an indication of the encryption type implemented in the WLAN. The record may also include an indication of the strength of the received signal.
A non-exhaustive list of examples for the security type is, in no particular order, no security, Wired Equivalent Privacy (WEP), Pre-Shared Key (PSK), and Extensible Authentication Protocol (EAP). The EAP security type has several subtypes, for example, Lightweight EAP (LEAP), Protected EAP (PEAP), EAP Transport Layer Security (EAP-TLS), EAP Tunneled Transport Layer Security (EAP-TTLS), EAP—Flexible Authentication via Secured Tunneling (EAP-FAST), EAP for GSM Subscriber Identity Modules (EAP-SIM), and EAP—Authentication and Key Agreement (EAP-AKA). Temporal Key Integrity Protocol (TKIP) and Counter-Mode/CBC-Mac Protocol (CCMP) are two examples for the encryption type that are applicable to the PSK and EAP security types.
Stage 2—Selection of Target AP:
The STA selects a target AP with which to attempt a connection.
A STA may store in its memory one or more connection profiles, which are editable via a user interface component of the STA. Each connection profile includes a network name of the WLAN. The network name uniquely identifies the connection profile in the STA, so that no two connection profiles stored in the same STA include the same network name. A connection profile is optionally labeled with a profile label. A connection profile may include indications of other network details, for example, one or more of the following: a security type, a security subtype, an authentication method, and an encryption type. A connection profile may also include credentials for use with the implemented security type or with the authentication method or with both. A connection profile may also include other information, for example, Internet Protocol (IP) network parameters.
Selecting a target AP may involve comparing the scan results to one or more of the connection profiles stored in the STA. A target AP whose beacon frame or probe response is in the scan results is considered a match to a particular connection profile if the following network details of the particular connection profile and the network details of the beacon frame or probe response are identical: network name, security type, and encryption type.
Stages 3 and 4—Authentication and Association:
If the security type is “Open System” or a form of Shared Key Authentication such as “WEP” or “PSK”, then authentication precedes association. The authentication process for an “Open System” simply consists of two communications: an authentication request from the STA to the target AP, and an authentication response from the target AP. In the case of “WEP” or “PSK”, the authentication process is initiated by the STA sending to the target AP an authentication request that includes parameters of the identified profile relevant to the authentication process.
If the security type is EAP, which in the case of an IEEE 802.11 system means that the IEEE 802.1x standard is used, then the STA must successfully complete an association process with the target AP before the IEEE 802.1x authentication procedure begins. The association between the STA and the target AP is the port to be secured with the EAP authentication process. In the EAP authentication process, the STA initiates the authentication process by sending an appropriate packet to the target AP, which passes the packet on to an authentication server. An Authentication, Authorization and Accounting (AAA) server and a Remote Authentication Dial In User Service (RADIUS) server are both examples of an authentication server.
Stage 5—Dynamic IP Address Acquisition:
This stage is skipped if the STA has a static IP address. If the STA does not have a static IP address, then once the STA is associated with the target AP, the STA performs a dynamic IP address acquisition process with the target AP, which typically passes the request on to a DHCP (Dynamic Host Configuration Protocol) server. If encryption is implemented in the WLAN, the dynamic IP address acquisition process involves encrypted data packets.
Stage6—Connection Completed:
The STA is considered to be connected to the BSS once the STA is associated with the target AP, and either the STA has a static IP address or the STA has acquired a dynamically-allocated IP address. Data packets exchanged between the STA and the target AP are encrypted if encryption is implemented in the WLAN.
In order to enable a STA to be truly mobile, the STA is typically powered by a battery. Power consumption and battery drain are issues of concern.
It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity.