Wireless computer networks have been defined in which a wireless computing device communicates with a network via an access point.
When a wireless computing device (also referred to as a “station” or “node”) wants to access a WLAN, for example after power-up, sleep mode, or moving to a new area, the wireless computing device searches for access points (APs) by scanning. The IEEE 802.11 standard defines both passive and active scanning. As used herein, “IEEE 802.11” refers to a set of IEEE Wireless LAN (WLAN) standards that govern wireless networking transmission methods. IEEE 802.11 standards have been and are currently being developed by working group 11 of the IEEE LAN/MAN Standards Committee (IEEE 802). Any of the IEEE standards or specifications referred to herein are incorporated by reference in their entirety and may be obtained at http://standards.ieee.org/getieee802/index.html or by contacting the IEEE at IEEE, 445 Hoes Lane, PO Box 1331, Piscataway, N.J. 08855-1331, USA.
In passive scanning the wireless computing device scans individual channels for beacon frame that are periodically transmitted by the AP. The beacon frame includes synchronization information, and other information about the access point including service set identifier (SSID), supported data rates, etc. Active scanning is optional, and differs from passive scanning in that the wireless computing device tries to locate access points and initiates the scanning process by broadcasting a probe request frame. A probe request frame may include an SSID or can have a null SSID. When the probe request frame includes an SSID, all APs with a matching SSID that receive the probe request frame will respond by transmitting a probe response frame. When the probe request frame includes a null SSID, all APs that receive the probe request frame will respond by transmitting a probe response frame. Active scanning enables a wireless computing device to receive immediate response from access points, without waiting for transmission of a beacon frame.
When the wireless computing device receives a beacon frame it can record information associated with the beacon frame (e.g., corresponding power level and received signal strength) and subsequently use this information to select which access point to communicate through. At the conclusion of the scanning, the WCD generates a scan report that includes parameters for each of the APs that were detected during scanning. For each AP detected the scan report can include a number of parameters.
When the wireless computing device decides to join a BSS associated with a particular one of the detected APs, the wireless computing device undergoes an authentication process with that AP. The authentication process involves the interchange of information between the AP so that each can prove its identity to the other. Early IEEE 802.11 networks implemented one-way authentication mechanisms (i.e., open system authentication and optionally shared key authentication) that exhibited certain weaknesses. For example, such one-way authentication mechanisms only authenticate the wireless computing device to the AP, but do not authenticate the AP to the wireless computing device.
To address weaknesses of one-way authentication mechanisms, the IEEE 802.11i standard was created. Among other things, the IEEE 802.11i standard defines mechanisms for mutual authentication. The IEEE 802.11i standard utilizes the IEEE 802.1x standard for port based network access control. The IEEE 802.1x standard specifies a protocol for generating or deriving a pairwise master key (PMK) (also referred to as a session key) and a groupwise master key (GMK) (also referred to as a group key). The groupwise master key (GMK) is used for multi-cast traffic and is shared among all wireless computing devices connected to the same AP. By contrast, the pairwise master key (PMK) is a symmetric key that is unique to each session between an individual wireless computing device and a particular AP and protects communications between the wireless computing device an its AP. The PMK creates a private virtual port between the wireless computing device and the AP. Pairwise master keys (PMKs) are the foundation of 802.11i security since the PMK is used as source material for generation of lower level keys used by MAC layer encryption. For instance, the PMK is used as part of a four-way handshake between the wireless computing device and the AP to derive, bind, and verify a Pairwise Transient Key (PTK) that is a collection of operational keys including a Key Confirmation Key (KCK) that is used to prove possession of the PMK and to bind the PMK to the AP, a Key Encryption Key (KEK) that is used to distribute a Group Transient Key (GTK), and Temporal Keys that are used for encryption.
A pairwise master key (PMK) is generated via an 802.1X exchange between the wireless computing device and an authentication server (AS). To explain further, when the wireless computing device successfully authenticates with the AS, one of the last messages sent from AS is a Master Key (MK) that is known only to the wireless computing device and the AS. The MK is bound to a session between the wireless computing device and the AS. Both the wireless computing device and the AS perform computations using this MK to derive a Pairwise Master Key (PMK) from the MK; the AS then provides the PMK to the AP. As a result, generation of a PMK involves significant message exchanges and computations that can take a significant amount of time (e.g., several seconds). During this process the wireless client device is unable to send or receive data. To avoid performing a full 802.1X authentication process to generate a PMK each time a WCD connects to a particular AP, the WCD can cache PMKs after establishing them with a particular AP.
Once the authentication process is complete and the wireless computing device is authenticated with the AP, the wireless computing device must associate with the access point before sending data frames. The association process involves the exchange of information about capabilities of the wireless computing device and the AP. Association is necessary to synchronize the wireless computing device and access point with important information, such as supported data rates. The wireless computing device initiates the association by sending an association request frame containing elements such as SSID and supported data rates. The access point responds by sending an association response frame containing an association ID along with other information regarding the access point. Once the wireless computing device and access point complete the association process, they can send data frames to each other.
When the wireless computing device moves about the wireless network or “roams,” the wireless computing device can often benefit from associating with and communicating through a different access point even though the wireless computing device is still within communication range of the access point it is currently associated with. To decide which AP the wireless computing device should join and authenticate and associate with as the wireless computing device moves about the network, the wireless computing device implements an AP selection or “roaming algorithm” to make this decision. The IEEE 802.11 standards do not specify a standard roaming algorithm. Instead, the AP selection or roaming algorithms are vendor specific. Many AP selection or roaming algorithms rank APs using one or more performance metrics, such as a Received Signal Strength Indicator (RSSI) that reflects signal strength of a beacon frame received from the AP, and then select the highest ranked AP as the AP to roam to.
Accordingly, it is desirable to provide improved AP selection techniques for use by a wireless computing device as the wireless computing device encounters different APs when moving from one physical location to another in a network. Furthermore, other desirable features and characteristics of the present invention will become apparent from the subsequent detailed description of the invention and the appended claims, taken in conjunction with the accompanying drawings and this background of the invention.