Abstract: The present disclosure discloses a method and network device for overlaying one or more broadcast groups over virtual local area networks in a wireless network. The network device receives a broadcast/multicast message from a member device of a broadcast group. The broadcast group includes a subset of devices sharing at least one common property. The broadcast/multicast message is to be received by other member devices, but not by non-member devices of the first broadcast group. Furthermore, the broadcast group includes one of (i) a subset of devices from a single virtual local area network, and (ii) at least two subsets of devices from different virtual local area networks. The network device then determines the broadcast group associated with the received broadcast/multicast message based on the common property, and then transmits the received broadcast/multicast message to other member devices in the broadcast group.

Abstract: According to one embodiment, a particular network device that comprises at least one hardware processor is described. The network device is configured to perform operations including operating in a first mode by communicating wirelessly with at least one wireless client device to provide the at least one wireless client device access to one or more resources, where the operating in the first mode comprises receiving packets transmitted by the at least one wireless client device and forwarding the packets to the one or more resources. Furthermore, the network device performs operations, including switching from operating in the first mode to operating in a monitoring mode and operating in the monitoring mode by decoding data packets addressed to network devices other than the particular network device.

Abstract: Location detection of a mobile device is achieved by initiating an API call at an application program. The API call directs an operating system of the mobile device to initiate a scan of wireless access points within wireless communication range of the mobile device. The scanning performed by the mobile device is detected by the network via one or more of the wireless access points. A location of the mobile device is estimated by the network based on detection of the mobile device via the one or more wireless access points. Location-based services are provided to the mobile device by the network based on the estimated location of the mobile device. The location-based services may be transmitted to the mobile device via a different wireless access point and/or wireless communication protocol than used during scanning and/or detection of the mobile device.

Abstract: The present invention comprises a system and method for determining an estimated position of a wireless mobile client device operating in a communications environment covered by a wireless local area network. The received signal strength of the wireless mobile client device is measured by one or more access points serving devices in the communications environment. In a preferred embodiment, the error between the received signal strength measured by the access points and the expected received signal strength at a plurality of locations in the communications environment is calculated. The location of the device is determined from the error.

Abstract: An automation process verifies that a test bed includes a set of devices specified by at least one script which are to be executed by the automation process on the test bed. The test bed is locked and the set of devices is allocated to the automation process. Performance data collection and logging for the set of devices is started and the at least one script is executed on the set of devices. After executing the at least one script, the set of devices is de-allocated and the test bed is unlocked. A notification is generated indicating that the at least one script has been executed.

Abstract: Authorizing remote access points for use in a network: After the remote access point is provisioned to communicate securely to a controller using its TCP/IP address provided by a user, the remote access point is put into an un-authorized state by the controller pending further authorization. The user is presented with a secure captive portal page authenticating the end-user. User's authentication credentials are verified by the controller. After the remote access point has been authorized, the controller marks it verified as a fully functional node, and saves this state. The remote access point is provisioned with the current provisioning parameters for the remote access point as configured by the IT administrator for the end user, so that each remote access point can have unique per-user configuration applied.

Abstract: According to one embodiment of the invention, a method for assistance in roaming and call capacity comprises the transmission of a first message to obtain information regarding access point capacity prior to transmitting a data flow. The first message identifies the priority level of the data flow and a requested medium time for the data flow. Thereafter, an access point transmits a second message that identifies whether the requested medium time is available for the data flow. This may involve setting of a “zero” value in the medium time allowed if there are no resources available or a reduced medium time if limited resources are offered to the requesting wireless device.

Abstract: Methods of aggregating spectrum data captured from a narrowband radio to form a spectrum covering a much wider frequency band. Frequency data, such as FFT spectrum data captured from a narrowband receiver such as an IEEE 802.11 Wi-Fi receiver are combined to display representative real-time FFT, average FFT, and FFT duty cycle data of a wideband spectrum. Data is captured from narrow band radios such as access points, station monitors, or client devices on a wireless network. A wideband spectrum may be aggregated from data captured from one or from multiple devices. Data may be stored for later analysis and display.

Abstract: A method and system for radio frequency management (RFM) in a mesh network using a path distance factor (PDF) is disclosed. According to one embodiment, a computer-implemented method, comprises calculating a path distance factor (PDF) between a first mesh router and a portal. A frame is transmitted to a second mesh router, wherein the frame includes the path distance factor.

Abstract: An in-band decryptor and scanner (IBDS) for monitoring data packets or frames of an encrypted communication session. The IBDS may reroute or process the data packets or frames prior to reaching their destination. The IBDS may be used to decrease the load on a server by decrypting, preprocessing or rerouting the incoming data without altering the endpoints of the encrypted communication session from the server and a client.

Abstract: Methods, apparatuses and systems facilitating the management of wireless computer network environments and the detection of rogue and other devices that may affect the performance and/or security of the wireless computer network. The present invention enables accurate and cost effective WLAN airspace mapping. In one embodiment, the present invention allows any conforming access point the ability to routinely scan its airspace, collect data on all operating frequencies and report this information back to a management platform. In one embodiment, the management and reporting functionality described herein uses a standards-based vehicle, such as Simple Network Management Protocol (SNMP). In one embodiment, the present invention facilitates isolation of rogue wireless devices affecting the computer network environment and effective decision-making as to management of the detected device.

Abstract: A method and system for QoS provisioning in broadband wireless mesh networks are disclosed. According to one embodiment, a computer-implemented method, comprises providing a dual mode mesh router having a plurality of radios, wherein the mesh router is used in a cell of a plurality of cells that covers a geographic region. The mesh router includes one or more WiMAX backhaul radios, one or more WiFi backhaul radios, one or more WiMAX access radios, one or more WiFi access radios, and three or more intra-mesh radios. Traffic is received at the dual mode mesh router. A minimum quality of service requirement is identified for the traffic. The traffic is routed via the one or more WiMAX backhaul radio when the minimum quality of service meets a predetermined value.

Abstract: Providing secure network access in a networked client device. A client device is provided with a secure connection adapter. In operation, the secure connection adapter detects the network environment of the client device and determines of the network environment is trusted or untrusted. If the client device is operating in an untrusted network environment, the secure connection adapter establishes a secure connection to an enterprise host using a secure tunnel such as IPSec, SSL, or other secure connection. Programs executing on the client device now operate in the secure network environment, with all network activity routed through the secure connection to the enterprise. Optionally, a split tunnel mechanism may be used to direct some network traffic directly to the Internet from the client device.

Abstract: A method includes transmitting frames from a first device to a second device, where a first frame is transmitted at a first value for a particular transmission parameter, and where a second frame is transmitted at a second value for the particular transmission parameter that is different than the first value. For each of the transmitted frames, a determination is made if a corresponding Acknowledgement (ACK) frame, as defined by IEEE 802.11 standards, is received by the first device from the second device. Based on the IEEE 802.11 ACK frames received by the first device from the second device, a distance estimate is calculated from the first device to the second device.

Abstract: According to embodiments of the present disclosure, a managed network device assigns to itself an IP address, in absence of a DHCP service, in a link local address space within a wireless network. The system further responds to a network frame received from another device based on the assigned IP address in the link local address space. The network frame can be a network traffic frame, a control path frame, and/or a management frame. The control path frame comprises a source IP address and a destination IP address that correspond to internal IP addresses in the link local address space that are self-assigned by managed network devices. The management frame comprises the self-assigned internal IP address for the managed network device, and provides for management of managed network devices in the wireless network through a single IP address when a virtual controller is configured for the wireless network.

Abstract: The present disclosure discloses a method and network device for network failover and/or network selection with a multi-mode modem in remote access points. A RAP initially is set to allow the modem's firmware to select an ISP-preferred available network. Then, the RAP collects network selection attributes, including RSSI, for the selected network, derives a NSC value based on the attributes, and determines whether the derived NSC value is within an expected range. If so, the device establishes a secure tunnel connection through the modem on the modem-selected network. Otherwise, the RAP commands the modem connect to an alternative network, and derives the NSC value for the alternative network selected by the RAP. If the NSC value for the alternative network is within an expected range, the RAP establishes a secure connection on the alternative network. On rebootstrap, the RAP repeats the above operations until a stable network is selected.

Abstract: A method of analyzing streaming media traffic comprises intercepting a data stream that is at least in part encrypted, observing a characteristic associated with the data stream, deriving, based at least in part on the characteristic associated with the data stream, a characteristic associated with an IP telephony session.

Abstract: Single voicemail for dual-mode phones. Functionality is added to a dual-mode phone such that the dual-mode phone when operating in cellular mode sends a predetermined signal when it answers an incoming call. An enterprise mobility controller, on forwarding a call to the cellular side of a dual-mode phone after failing to complete a Wi-Fi connection, starts a timer. If the mobility controller does not receive the predetermined signal before the timer expires, it assumes that the cellular call has been handed off to the cellular voicemail system, terminates the cellular call, and sends the call to the enterprise voicemail system.

Abstract: Improved distance estimation of a selected transmitter. An improved distance estimate from a target transmitter to a receiver is produced by assessing the target transmitter to determine transmit power, and combining this information with a propagation model, received signal strength, and reference signal strength indications. Target transmit power may be assessed through knowledge of the target device or device class, and/or transmit power reporting features of target wireless networks. The assessment may be made through looking up reported target device characteristics in a database, making inferences based on target device characteristics, or through standards-based diagnostic and/or reporting mechanisms.

Abstract: The present invention comprises a system and method for determining an estimated position of a wireless mobile client device operating in a communications environment covered by a wireless local area network. The received signal strength of the wireless mobile client device is measured by one or more access points serving devices in the communications environment. In a preferred embodiment, the error between the received signal strength measured by the access points and the expected received signal strength at a plurality of locations in the communications environment is calculated. The location of the device is determined from the error.