Mesh networks are self-forming, multi-hop networks including a number of nodes which can operate with or without any fixed infrastructure, and in some cases the mesh network is formed entirely of mobile nodes. A mesh network typically includes a number of geographically-distributed, potentially mobile nodes which are wirelessly connected to each other by one or more logical links (e.g., radio frequency communication channels). The nodes can be fixed or mobile and can communicate with each other over a wireless media with or without the support of an infrastructure-based or wired network. Logical links between these nodes can change dynamically in an arbitrary manner as existing nodes move within the mesh network, as new nodes join or enter the mesh network, or as existing nodes leave or exit the mesh network. A single-hop logical link can only exist between two nodes when they are within direct communication range. A multi-hop logical link can only exist between two nodes whenever a set of single-hop logical links can be used to construct a path between the nodes. Such multi-hop logical links are either instantaneously coherent (e.g. all single-hop links are present at the same time) or deferred coherent (e.g. all single-hop links are expected to be present or were present over a period of time).
A mesh node typically includes an interface such as an Institute of Electrical and Electronics Engineers (IEEE 802.11) interface which continuously scans for other nodes in the mesh network. IEEE 802.11 communication systems allow for “proximity-based” communications. For example, when two nodes are mobile within a geographic area, those nodes can communicate within a range of each other, such as a range of fifty (50) meters or one hundred sixty five (165) feet of each other. Using mesh routing protocols, logical routes are established between the mesh nodes and the fixed infrastructure (using one or more wireless hops) for access to data networks and services provided within the fixed infrastructure. Security is also established within the mesh network to protect data content from eavesdropping, modification and masquerading threats common in wireless networks.
Wireless networks such as mesh based networks, particularly the municipal and public safety markets utilizing mesh based networks for wide area mobile broadband coverage, require secure, fast handoff solutions. Large wide area mesh networks are typically segmented into manageable domains. IEEE 802.11r refers to these manageable domains as mobility domains. Mobility domains are groupings of access points that together provide an opportunity for fast handoff due to hierarchical security architecture within the mobility domain. In some cases, each of the mobility domains is mapped to an Internet Protocol (IP) subnet.
Existing solutions for secure, fast handoff are defined in IEEE 802.11i and IEEE 802.11r. However, both of these standards are limited in scope to the indoor enterprise architecture, that is, limited to a wired access point communicating with an 802.11 STA. Further, the enterprise model assumes the access point is wired directly to an enterprise network. Both 802.11i and 802.11r standards have drawbacks to their centralized key hierarchy approach with respect to high availability and fast handoff.
The limitations in the existing standards result in potential single point of failure of the key-heirarchy within a mobility domain when a single key level holder (R0KH) component is servicing the entire mobility domain. Further, the single point of failure can result in non-availability of security services to new devices roaming into the mobility domain or to devices in which security associations expire. In such cases, the devices will not have access to the network. Another limitation with the current approach is that R0KH handoff is significantly diminished when the physical location of the R0KH is outside, or not in control of the radio access network. Therefore, there is a need for a solution which addresses the above limitations of the existing standards.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.