This invention relates generally to wireless LAN (Local Area Network) system and method to provide wireless networking data services in corporate environments. More particularly, the present invention relates to a method for a secure and segregated wireless LANs, e.g. an 802.11 wireless network, for distinct groups of mobile users eliminating the need for multiple distinct WLANs in dense multi-tenant locations.
Wireless networks offer a number of advantages over traditional wired networks. Difficulties and cost of wiring category 5 cable, associated with typical ethernet networks, are eliminated when using a wireless network. Wireless networks are much easier to relocate or rearrange since the hardware is not permanently integrated into the building structure. Additionally, and most importantly, wireless networks allow the ability to mobilize users, which is an ever increasing need as laptop computing and PDA use becomes more pervasive. These practical benefits make wireless networks an ever increasingly attractive option for many businesses and organizations.
However, wireless networks are not without some inherent drawbacks when compared to wired networks. Due to the lack of physical wires, and the broadcasting of information via radio frequencies (RF), a wireless system is more susceptible to security risks, hostile attacks, and user misuse, which may jeopardize critical information and network functionality. Additionally, most jurisdictions have only a limited number of frequencies legally available for use by wireless networks. Ideally, adjacent wireless access points use different frequencies to communicate with their clients in order to avoid interference between the two systems. Moreover, wireless devices can detect data traffic on other frequencies, and rapidly switch from one frequency to another to achieve better reception. However, the limited number of frequencies becomes problematic in areas dense in wireless networks, such as a multi-tenant commercial building or metropolitan areas, because there is not enough physical space available between multiple WLAN deployments to avoid interference. Additionally, many non-802.11 devices operate using the 2.4 GHz frequency, such as wireless phones, creating additional interference and markedly reduce the perceived signal strength of a wireless access point.
Currently, in a commercial setting, wireless networks are established by each company separately to ensure the exclusivity of traffic on the network and to provide the level of control required to ensure adequate security and flexibility. These wireless networks utilize one or more wireless access points (AP) and are typically coupled to a wired network that then allows access to the company's local area network (LAN). While providing a limited degree of mobility for employees, these systems restrict wireless access to locations where the company has deployed access points and coupled them to the wired network. Additionally, security of transmitted data is still a concern even when security protocols, such as WEP (Wired Equivalent Privacy), are utilized.
Service provider solutions in these environments are generally able to offer greater mobility because they are allowed to deploy access points in a larger coverage area than any one company can. However, these public “hotspot” solutions are insecure because they couple users from all companies to one public network and cannot segment users into groups based on company or identity. These hotspots also do not provide access to the same resources as self-deployed WLANs because they are designed to couple end users to an Internet gateway for access to the world wide web. This requires companies to open their corporate networks to the Internet with a virtual private network (VPN) in order to give their wireless users access to private network resources.
However, while VPN may provide security to the company LAN and roaming ability, the user devise is exposed to an insecure environment and may be compromised. Most companies are extremely concerned with the confidential information typically found on employee laptops.
For the typical company, the above systems are still too insecure, without providing the level of user mobility or access to resources desired. Companies, particularly those in a dense network location, such as a multi-tenant environment or metropolitan area that want wireless networks must continue to deploy their own access points creating more noise and interference for themselves and their neighbors.
It is therefore apparent that an urgent need exists for an improved wide area, publicly accessible wireless LAN that is secure, keeps users segregated into private logical groups, couples end users directly to their corporate network resources without a VPN, and reduces radio frequency interference and allows for extensive roaming by users. This solution would be able to provide the same functionality as self-deployed corporate WLANs, relieving the need of companies to deploy their own access points, thereby reducing interference without sacrificing security, mobility or functionality.