A. Field of the Invention
The principles of the invention relate generally to wireless computer networks, and more particularly, to wireless computer networks configured to include multiple security interfaces.
B. Description of Related Art
In recent years, it has been found that Wireless Local Area Networks (WLANs) offer an inexpensive and effective extension of a wired network or standard local area network (LAN). FIG. 1 is a block diagram illustrating a conventional network 100 including both wired and wireless components. Using a wireless router or access point (AP) 102, network 100 may include wired elements, such as server 104 and local client 106 and wireless elements, such as client devices 108, 110, 112, and 114 connected to AP 102 via wireless network 116. Recently, most deployments of WLANs have conformed to the various Institute of Electrical and Electronics Engineers (IEEE) 802.11x standards (e.g., 802.11b, a, and g) that operate over the unregulated 2.4 and 5 GHz frequency spectrums. A firewall 118 may be implemented to protect network 100 and act as a security gate to fend off unauthorized traffic coming from the Internet at large 120.
In operation, client devices 108-114 may access wireless network 116 by selecting or otherwise identifying the Service Set Identifier (SSID) associated with network 116. As is known in the art, traffic across network 116 may be encrypted using several available network layer security protocols, such as the Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA) protocols. Assuming that one of these protocols is employed, client devices 108-114 must enter an encryption key or password prior to being granted access to network 100.
Unfortunately, once granted, access to network 116 is granted identically to all client devices 108-114 in possession of network 116's SSID and associated password, regardless of the individual security level associated with a client device's user. Accordingly, lower level (e.g., layer 2 of the OSI Network Model) segmentation of the wireless user base is rendered impossible, thereby requiring reliance upon higher level security procedures to provide security to network 100.