Abstract: Methods and apparatus for transmitting service information in a neighborhood of peer-to-peer communication groups are disclosed. A peer-to-peer client device connects to a peer-to-peer communication group via a peer-to-peer group owner. The peer-to-peer client generates a service notification including a category and a sub-category and transmits the service notification to the first peer-to-peer group owner. The first peer-to-peer group owner then forwards the service notification (a) to a first group member that is associated with the category and the sub-category, and (b) to a second group member that is identified as a first bridge and is associated with the category.

Abstract: Methods and apparatus for transmitting service information in a neighborhood of peer-to-peer communication groups are disclosed. A peer-to-peer client device connects to a peer-to-peer communication group via a peer-to-peer group owner. The peer-to-peer client generates a service notification including a category and a sub-category and transmits the service notification to the first peer-to-peer group owner. The first peer-to-peer group owner then forwards the service notification (a) to a first group member that is associated with the category and the sub-category, and (b) to a second group member that is identified as a first bridge and is associated with the category.

Abstract: Methods and apparatus for transmitting data between different peer-to-peer communication groups are disclosed. A wireless device determines if it is simultaneously connected to a plurality of peer-to-peer communication groups and instantiates a bridge interface at the wireless device (e.g., TRILL RBridge) for communications between each peer-to-peer communication group. The wireless device also determines if it is simultaneously connected to at least one peer-to-peer communication device and an access point. In such an instance, the wireless device determines if the access point also includes a bridge interface. If the access point does not include a bridge interface, the wireless device instantiates/runs the bridge interface at the wireless device for communications between the at least one peer-to-peer communication device and the access point.

Abstract: Methods and apparatus for transmitting service information in a neighborhood of peer-to-peer communication groups are disclosed. A peer-to-peer client device connects to a peer-to-peer communication group via a peer-to-peer group owner. The peer-to-peer client generates a service notification including a category and a sub-category and transmits the service notification to the first peer-to-peer group owner. The first peer-to-peer group owner then forwards the service notification (a) to a first group member that is associated with the category and the sub-category, and (b) to a second group member that is identified as a first bridge and is associated with the category.

Abstract: Methods and apparatus for transmitting data between different peer-to-peer communication groups are disclosed. A wireless device determines if it is simultaneously connected to a plurality of peer-to-peer communication groups and instantiates a bridge interface at the wireless device (e.g., TRILL RBridge) for communications between each peer-to-peer communication group. The wireless device also determines if it is simultaneously connected to at least one peer-to-peer communication device and an access point. In such an instance, the wireless device determines if the access point also includes a bridge interface. If the access point does not include a bridge interface, the wireless device instantiates/runs the bridge interface at the wireless device for communications between the at least one peer-to-peer communication device and the access point.

Abstract: Embodiments of the present invention provide a system and method that provides a user within a P2P network the ability to discover other devices in their vicinity, but under control of the network operator.

Abstract: A proxy server that is inserted between a plurality of network access servers, typically an access points, and an authentication server. When an original authentication request is received by a network access server, the network access server forwards the request to the proxy server which forwards the request to an authentication server. The authentication server then sends the session information to the proxy server which stores the keying material as a dynamic credentials. When the client re-authenticates with one of the plurality of access servers, the re-authentication request is handled by the proxy server using the dynamic credentials. The proxy server may re-authenticate the client using a different method than the method that was originally used. For example, the original authentication may be by Extensible Authentication Protocol—Transport Layer Security (EAP-TLS) and subsequent re-authentications may use Wi-Fi Protected Access (WPA).

Abstract: A method of detecting a rogue access point is disclosed. A message is directed from a supplicant to a network through a first access point. A response message is received by the supplicant from the first access point. The supplicant can determine the first access point is a rogue access point based on whether the response message from the first access point is in nonconformity with a predetermined expectation. After the access point is determined to be a rogue access point, it is reported to the network through a valid network access point, after the supplicant is authenticated to the network.

Abstract: In an example embodiment, a system for providing a Virtual Local Area Network (VLAN) by use of encryption states or encryption keys for identifying a VLAN. A table of data including a VLAN and an associated encryption state or key is provided for assignment of encryption states or keys, for devices in a wireless local area network.

Abstract: Architecture for providing access to an IEEE 802.1x network. A trust relationship is created between a switch of the network and an access point of the network such that the access point is authorized to communicate over the network. The trust relationship is then extended from the access point to a wireless client requesting connection to the network such that access to the network by said wireless client is authorized.

Abstract: A system for automatically selecting communication frequencies for wireless communication devices (e.g., base unit, access point, and controller) being added to an existing wireless network. The operating frequencies, evaluated signal strength, and loads are used in determining the most suitable operating frequency. This automatic selection process eliminates the problems inherent in manual frequency selection.

Abstract: Determining the location of a radio tag or client station of a wireless network, and the location of coverage holes by receiving from a plurality of wireless stations of the wireless network path loss information of the path loss of one or more location frames received at the respective wireless stations. The location frames transmitted by the radio tag or client station having a pre-defined frame structure. The radio tags and client stations use a common infrastructure for transmitting a location frame configured for radiolocation by path loss measurement. The common infrastructure includes a pre-defined protocol common for both radio tags and client stations for transmitting information for reception by the plurality of stations of the wireless network for radiolocation. The pre-defined protocol includes using the location frame having the pre-defined frame structure.

Abstract: A proxy server that is inserted between a plurality of network access servers, typically an access points, and an authentication server. When an original authentication request is received by a network access server, the network access server forwards the request to the proxy server which forwards the request to an authentication server. The authentication server then sends the session information to the proxy server which stores the keying material as a dynamic credentials. When the client re-authenticates with one of the plurality of access servers, the re-authentication request is handled by the proxy server using the dynamic credentials. The proxy server may re-authenticate the client using a different method than the method that was originally used. For example, the original authentication may be by Extensible Authentication Protocol—Transport Layer Security (EAP-TLS) and subsequent re-authentications may use Wi-Fi Protected Access (WPA).

Abstract: A wireless station prepares to roam by pre-authenticating itself with a neighboring access point. The wireless station sends a rekey request, which can include an incremented rekey number. The wireless station receives a rekey response. The rekey response can include the incremented rekey number. Because the wireless station is pre-authenticated, after it roams it only needs to perform a two-way handshake with a new access point to establish secure communications with the new access point. The two-way handshake starts by the wireless station sending a reassociation request to the neighboring access point, the reassociation request comprising the incremented rekey number established during pre-authentication. The wireless station receives a reassociation response from the neighboring access point. To protect against replay attacks, the neighboring access point can verify the rekey number sent in the reassociation request matches the rekey number sent in the rekey response.

Abstract: A proxy server that is inserted between a plurality of network access servers, typically an access points, and an authentication server. When an original authentication request is received by an network access server, the network access server forwards the request to the proxy server which forwards the request to an authentication server. The authentication server then sends the session information to the proxy server which stores the keying material as a dynamic credentials. When the client re-authenticates with one of the plurality of access servers, the re-authentication request is handled by the proxy server using the dynamic credentials. The proxy server may re-authenticate the client using a different method than the method that was originally used. For example, the original authentication may be by Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) and subsequent reauthentications may use Wi-Fi Protected Access (WPA).

Abstract: Architecture for providing access to an IEEE 802.1x network. A trust relationship is created between a switch of the network and an access point of the network such that the access point is authorized to communicate over the network. The trust relationship is then extended from the access point to a wireless client requesting connection to the network such that access to the network by said wireless client is authorized.

Abstract: Architecture for providing access to an IEEE 802.1x network. A trust relationship is created between a switch of the network and an access point of the network such that the access point is authorized to communicate over the network. The trust relationship is then extended from the access point to a wireless client requesting connection to the network such that access to the network by said wireless client is authorized.

Abstract: Determining the location of a radio tag or client station of a wireless network, and the location of coverage holes by receiving from a plurality of wireless stations of the wireless network path loss information of the path loss of one or more location frames received at the respective wireless stations. The location frames transmitted by the radio tag or client station having a pre-defined frame structure. The radio tags and client stations use a common infrastructure for transmitting a location frame configured for radiolocation by path loss measurement. The common infrastructure includes a pre-defined protocol common for both radio tags and client stations for transmitting information for reception by the plurality of stations of the wireless network for radiolocation. The pre-defined protocol includes using the location frame having the pre-defined frame structure.

Abstract: A system for automatically selecting communication frequencies for wireless communication devices (e.g., base unit, access point, and controller) being added to an existing wireless network. The operating frequencies, evaluated signal strength, and loads are used in determining the most suitable operating frequency. This automatic selection process eliminates the problems inherent in manual frequency selection.

Abstract: A system for providing a Virtual Local Area Network (VLAN) by use of an encryption states or encryption keys for identifying a VLAN. A table of data including a VLAN and an associated encryption state or key is provided for assignment of encryption states or keys, for devices in a wireless local area network.