1. Field of Invention
The field of the present invention relates in general to wireless local area networks including wireless access points (WAP) and wireless stations and methods for access control to same.
2. Description of the Related Art
Home and office networks, a.k.a. wireless local area networks (WLAN) are established using a device called a Wireless Access Point (WAP). The WAP may include a router. The WAP wirelessly couples all the devices of the home network, e.g. wireless stations such as: computers, printers, televisions, digital video (DVD) players, security cameras and smoke detectors to one another and to the Cable or Subscriber Line through which Internet, video, and television is delivered to the home. Most WAPs implement the IEEE 802.11 standard which is a contention based standard for handling communications among multiple competing devices for a shared wireless communication medium on a selected one of a plurality of communication channels. The frequency range of each communication channel is specified in the corresponding one of the IEEE 802.11 protocols being implemented, e.g. “a”, “b”, “g”, “n”, “ac”, “ad”. Communications follow a hub and spoke model with a WAP at the hub and the spokes corresponding to the wireless links to each ‘client’ device.
After selection of a single communication channel for the associated home network, access to the shared communication channel requires an association request by a station to a WAP followed by mutual cryptographic authentication by both the station and the WAP. If the nodes mutually authenticate one another then subsequent communications are encrypted using the same shared secret, a.k.a. password, used for authentication. The most recent IEEE standard for authentication and encryption of wireless communications is set forth in IEEE 802.11i standard, also known as WPA2 Preshared Key Mode (PSK). This standard, intended for homes and small offices has an enterprise counterpart identified as WPA2 Enterprise. The centerpiece of the WPA2 PSK cryptographic schema is the subscriber entry of a shared password onto each networked device. Cryptographic processes for authentication and encryption are based on this password. The security of the network is no stronger than the security the homeowner takes to protect the password.
Communications on the single communication medium are identified as “simplex” meaning, one communication stream from a single source node to one or more target nodes at one time, with all remaining nodes capable of “listening” to the subject transmission. WLAN access by authenticated nodes relies on a multiple access methodology identified as Collision Sense Multiple Access (CSMA). CSMA is a distributed random access methodology first introduced for home wired networks such as Ethernet for sharing a single communication medium, by having a contending communication link back off and retry access to the line if a collision is detected, i.e. if the wireless medium is in use.
What is needed are improved methods for security on a wireless home network.