IEEE 802.11-based wireless local area networks (WLANs) have become the focus of much research and development in recent years. WLANs offer simple, convenient to use, high throughput ways in which portable computer users can break away from the tethers of the wired world and move around freely with comparable network throughput. However, when a user moves from one access point to another, there is a need to provide seamless roaming. Present technology does not adequately meet this requirement.
In most of the current deployment, IEEE 802.11 uses static Wired Equivalent Privacy (WEP) keys and does not support per user session keys, thus, the wireless stations, usually clients, and all access points participating in roaming can have the same static WEP key. However, the security problem with static WEP keys has been highly publicized. Further, static WEP key protocols do not solve the distribution of authorization information to a large number of access points. To solve this problem, the IEEE 802.11 standard is trying to develop an Inter Access Point Protocol (IAPP).
The IEEE 802.1x standard addresses the security problem in IEEE 802.11 by using port controlled access control. In a large 802.1x installation, a backend authentication server authenticates the user. In order to secure the wireless link, the wireless station must go through an authentication process involving the station, the access point and the authentication server. If authentication is successful, a session key is agreed upon between the wireless station and the access point. This solution enables roaming, but with high overhead, i.e., each time a station is associated with a different access point, for example because of signal fluctuation, the whole authentication process has to be carried through. This is highly undesirable, especially when the authentication server is far away from the wireless LAN, e.g., in an inter-working environment where the WLAN is in, for example, JFK airport but the authentication server belongs to, for example, SBC in California.
There is a need to provide seamless roaming when a wireless user (client) wishes to switch to an access point with better signal strength.
There is also a need to move per-user session keys and authorization information from one access point to another when a client roams between wireless access points.