Abstract: An access point associated on Wi-Fi portion of the communication network selectively groups stations according to a mobility profile. The mobility profile includes factors that characterize at least an amount of movement and current location for a station. Each station is assigned to a beamforming group of similar mobility profiles. A type of beamforming transmission is selected for each beamforming group based on mobility profiles of associated stations. The type of beamforming transmissions including at least MU-MIMO and SU-MIMO. Data is then transmitted to the stations of each beamforming group according to the selected type of beamforming transmissions. A Wi-Fi controller, having a network-wide view of conditions and being able to collect historical information about stations during connections to other access points, is able to provide data unique data to group selections.

Abstract: Directing station roaming in a cloud-managed Wi-Fi network. Management messages are received from a controller that is located remotely from the Wi-Fi communication network by an access point. When an RSSI (received signal strength indication) value between the station and the access point falls below a threshold, the access point (i.e., controller access point) determines which neighboring access point would be a best fit for a hand-off, with limited real-time input form the cloud-based Wi-Fi controller. One of the two or more of the plurality of access points is selected for handing-off the station based on the RSSI values received from the interrogation. Responsive to the selection, a message is sent to the selected access point instructing the one of the at least one of the plurality of access points to respond to messages from the station.

Abstract: An SDN controller to provision network resources at a data plane to keep progressive downloads of multimedia files proportional to encoding rates is disclosed. Packets from a new or unknown flow being downloaded at a default rate are forwarded from an access point, or other device, to an SDN controller for analysis. If a progressive download of a multimedia file (e.g., a video file) in progress is detected, an encoding rate of frames for the multimedia file is determined. A target download rate for the multimedia file at the access point is determined based on the encoding rate, in an embodiment. Other optional factors also take into account network-wide data plane information gathered by the SDN controller from various points on the network. Additionally, a playback history for a particular multimedia file can affect the target download rate, based on whether, for example, a file is likely to be quickly halted.

Abstract: A technique for emulating virtual port control of airtime fairness for wireless stations using per station Enhanced Distributed Channel Access (EDCA) parameters. Specific parameters are received for each of a plurality of stations connected to the access point. An EDCA field of a beacon that stores a general EDCA parameter is set to an empty state. The beacon is broadcast to a plurality stations on the wireless communication network and within range of an access point. The beacon comprises a BSSID (Basic Service Set Identifier) for use by the plurality of stations to connect with the access point for access to the wireless communication network. The beacon also comprises an empty EDCA field. In response to broadcasting the empty EDCA parameter, receiving a direct inquiry from each of the plurality of stations for the general EDCA parameter. Each of the plurality of stations is responded to with a direct communication of a specific parameter corresponding to each station.

Abstract: An SDN controller to provision network resources at a data plane to keep progressive downloads of multimedia files proportional to encoding rates is disclosed. Packets from a new or unknown flow being downloaded at a default rate are forwarded from an access point, or other device, to an SDN controller for analysis. If a progressive download of a multimedia file (e.g., a video file) in progress is detected, an encoding rate of frames for the multimedia file is determined. A target download rate for the multimedia file at the access point is determined based on the encoding rate, in an embodiment. Other optional factors also take into account network-wide data plane information gathered by the SDN controller from various points on the network. Additionally, a playback history for a particular multimedia file can affect the target download rate, based on whether, for example, a file is likely to be quickly halted.

Abstract: Directing station roaming in a cloud-managed Wi-Fi network. Management messages are received from a controller that is located remotely from the Wi-Fi communication network by an access point. When an RSSI (received signal strength indication) value between the station and the access point falls below a threshold, the access point (i.e., controller access point) determines which neighboring access point would be a best fit for a hand-off, with limited real-time input form the cloud-based Wi-Fi controller. One of the two or more of the plurality of access points is selected for handing-off the station based on the RSSI values received from the interrogation. Responsive to the selection, a message is sent to the selected access point instructing the one of the at least one of the plurality of access points to respond to messages from the station.

Abstract: A wireless communication network is self-provisioned using coordination of data plane behavior to steer stations to preferred access points. To do so, a policy concerning traffic flow for the wireless communication network is received. Data plane traffic flow is monitored at each of the plurality of access points distributed around the wireless communication network. At some point, it may be determined the data plane traffic flow at a first access point from needs to be reduced based on the data plane traffic flow relative to the policy. In response, a station is steered to a preferred access point using OpenFlow rules to affect data plane routing decisions at the access point (e.g., drop, delay, or reprioritize packets).

Abstract: Spoof attacks on location based beacons are detected. A stream of beacons (e.g., IBEACONS) comprising at least a unique source identifier is generated. The stream of beacons is broadcast over a wireless communication channel to mobile devices within range. A list of broadcasted beacons is stored in a table along with a time and location of broadcast. Subsequent to broadcasting, a stream of beacons is detected. The detected beacon stream comprises a unique source identifier along with a time and a location of broadcast. The unique source identifier, the time and the location of at least one beacon of the detected beacon stream can be compared to the unique source identifier, the time and the location of at least one beacon of the broadcast beacon stream. Responsive to a match between the unique source identifiers and a mismatch of at least one of the time and locations, it is determined that the broadcast beacon stream has been spoofed by the detected beacon stream.

Abstract: Per-station realm lists are dynamically generating per-station for hot spot connections to access points by roaming stations. A query for a list of realms is received from a roaming station when connecting to a hot spot. Using an MAC address or other station identity, a list of available realms narrowed to a subset of per-station realms sent to the station. Narrowing is performed on-the-fly with respect to at least one aspects. A last N realms are retrieved from a database record searched by MAC address. The list is further narrowed by removing realms that are inaccessible or otherwise recently shown to have bad link quality. Additional ranking factors can narrow or rearrange the realm list based on financial agreements, popularity, trends, and the like. A selection from the list of realms is received from the station. The access point then authenticates the station with the selected realm.

Abstract: Directing station roaming in a cloud-managed Wi-Fi network. Management messages are received from a controller that is located remotely from the Wi-Fi communication network by an access point. When an RSSI (received signal strength indication) value between the station and the access point falls below a threshold, the access point (i.e., controller access point) determines which neighboring access point would be a best fit for a hand-off, with limited real-time input form the cloud-based Wi-Fi controller. One of the two or more of the plurality of access points is selected for handing-off the station based on the RSSI values received from the interrogation. Responsive to the selection, a message is sent to the selected access point instructing the one of the at least one of the plurality of access points to respond to messages from the station.

Abstract: An access point provisions of network resources at a data plane to optimize progressive downloads in WLANs. To do so, link information concerning at least one routing path of the access point is periodically sent to an SDN controller. As needed, download parameters are determined for a file transfer from the access point to a station from a resource external to the communication network. Responsive to the file transfer being a progressive download, one or more OpenFlow rules are received from the SDN controller. The one or more OpenFlow rules determine download parameters for the file transfer to the station based on link conditions visible to the SDN controller from the data plane of the communication network, including at least the access point link information periodically sent to the SDN controller. The file transfer to the station is then executed according to at least the one or more OpenFlow rules.

Abstract: Spoof attacks on location based beacons are detected. A stream of beacons (e.g., IBEACONS) comprising at least a unique source identifier is generated. The stream of beacons is broadcast over a wireless communication channel to mobile devices within range. A list of broadcasted beacons is stored in a table along with a time and location of broadcast. Subsequent to broadcasting, a stream of beacons is detected. The detected beacon stream comprises a unique source identifier along with a time and a location of broadcast. The unique source identifier, the time and the location of at least one beacon of the detected beacon stream can be compared to the unique source identifier, the time and the location of at least one beacon of the broadcast beacon stream. Responsive to a match between the unique source identifiers and a mismatch of at least one of the time and locations, it is determined that the broadcast beacon stream has been spoofed by the detected beacon stream.

Abstract: A computer-implemented method for detecting rogue client devices connected to wireless hotspots may include maintaining at least one illegitimate authentication identifier that appears to rogue client devices to facilitate authentication with an external network via a wireless hotspot. The method may also include providing the illegitimate authentication identifier to one or more client devices connected to the wireless hotspot. The method may further include receiving an authentication request to authenticate the client device with at least one external network via the wireless hotspot. The method may additionally include determining that the authentication request includes the illegitimate authentication identifier. Finally, the method may include determining that the client device is a rogue device based at least in part on the illegitimate authentication identifier being included in the authentication request. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An SDN controller to provision network resources at a data plane to keep progressive downloads of multimedia files proportional to encoding rates is disclosed. Packets from a new or unknown flow being downloaded at a default rate are forwarded from an access point, or other device, to an SDN controller for analysis. If a progressive download of a multimedia file (e.g., a video file) in progress is detected, an encoding rate of frames for the multimedia file is determined. A target download rate for the multimedia file at the access point is determined based on the encoding rate, in an embodiment. Other optional factors also take into account network-wide data plane information gathered by the SDN controller from various points on the network. Additionally, a playback history for a particular multimedia file can affect the target download rate, based on whether, for example, a file is likely to be quickly halted.

Abstract: Per-station realm lists are dynamically generating per-station for hot spot connections to access points by roaming stations. A query for a list of realms is received from a roaming station when connecting to a hot spot. Using an MAC address or other station identity, a list of available realms narrowed to a subset of per-station realms sent to the station. Narrowing is performed on-the-fly with respect to at least one aspects. A last N realms are retrieved from a database record searched by MAC address. The list is further narrowed by removing realms that are inaccessible or otherwise recently shown to have bad link quality. Additional ranking factors can narrow or rearrange the realm list based on financial agreements, popularity, trends, and the like. A selection from the list of realms is received from the station. The access point then authenticates the station with the selected realm.

Abstract: An SDN controller to provision network resources at a data plane to keep progressive downloads of multimedia files proportional to encoding rates is disclosed. Packets from a new or unknown flow being downloaded at a default rate are forwarded from an access point, or other device, to an SDN controller for analysis. If a progressive download of a multimedia file (e.g., a video file) in progress is detected, an encoding rate of frames for the multimedia file is determined. A target download rate for the multimedia file at the access point is determined based on the encoding rate, in an embodiment. Other optional factors also take into account network-wide data plane information gathered by the SDN controller from various points on the network. Additionally, a playback history for a particular multimedia file can affect the target download rate, based on whether, for example, a file is likely to be quickly halted.

Abstract: RF tags using source addresses to locate stations on a Wi-Fi network are secured. An RF location server receives a pseudo source address of an RF (radio frequency) tag from a station. The station obtains the pseudo source address while being within radio range of the RF tag and the station receiving a beacon frame from the RF tag. A source address for the RF tag is looked-up utilizing the pseudo source address, and a specific location for the RF tag is looked-up utilizing the source address. Some embodiments store the locations in association with the pseudo address. Either way, the specific location of the station is identified based on the source address of the RF tag. An action is determined in response to at least the specific location of the station. Information related to the action is sent to the station for output to a user of the station.

Abstract: An SDN controller to provision network resources at a data plane to keep progressive downloads of multimedia files proportional to encoding rates is disclosed. Packets from a new or unknown flow being downloaded at a default rate are forwarded from an access point, or other device, to an SDN controller for analysis. If a progressive download of a multimedia file (e.g., a video file) in progress is detected, an encoding rate of frames for the multimedia file is determined. A target download rate for the multimedia file at the access point is determined based on the encoding rate, in an embodiment. Other optional factors also take into account network-wide data plane information gathered by the SDN controller from various points on the network. Additionally, a playback history for a particular multimedia file can affect the target download rate, based on whether, for example, a file is likely to be quickly halted.

Abstract: Spoof attacks on location based beacons are detected. A stream of beacons (e.g., iBeacons) comprising at least a unique source identifier is generated. The stream of beacons is broadcast over a wireless communication channel to mobile devices within range. A list of broadcasted beacons is stored in a table along with a time and location of broadcast. Subsequent to broadcasting, a stream of beacons is detected. The detected beacon stream comprises a unique source identifier along with a time and a location of broadcast. The unique source identifier, the time and the location of at least one beacon of the detected beacon stream can be compared to the unique source identifier, the time and the location of at least one beacon of the broadcast beacon stream. Responsive to a match between the unique source identifiers and a mismatch of at least one of the time and locations, it is determined that the broadcast beacon stream has been spoofed by the detected beacon stream.

Abstract: An SDN controller to provision network resources at a data plane to keep progressive downloads of multimedia files proportional to encoding rates is disclosed. Packets from a new or unknown flow being downloaded at a default rate are forwarded from an access point, or other device, to an SDN controller for analysis. If a progressive download of a multimedia file (e.g., a video file) in progress is detected, an encoding rate of frames for the multimedia file is determined. A target download rate for the multimedia file at the access point is determined based on the encoding rate, in an embodiment. Other optional factors also take into account network-wide data plane information gathered by the SDN controller from various points on the network. Additionally, a playback history for a particular multimedia file can affect the target download rate, based on whether, for example, a file is likely to be quickly halted.