Abstract: A software based wireless infrastructure system is provided. The system has a driver that communicates with the network stack and a network interface card (NIC), a station server in communication with the station driver and an 802.1X supplicant or an 802.1X authenticator. Each NIC provides station and/or access point functionality support. The driver drops packets that have been received if the packet has not been authenticated and associated. Packets that have been fragmented or encrypted are unfragmented and decrypted. An association manager is used in conjunction with a configuration table manager to associate stations and access points via management packets. A manager receives 802.1X data packets from the packet processor and sends them up to a station server that communicates with user mode applications and an 802.1X supplicant or an 802.1X authenticator that are used to authenticate and deauthenticate stations and access points. APIs are provided to enable communication between the components.

Abstract: A software based wireless infrastructure system is provided. The system has a driver that communicates with the network stack and a network interface card (NIC), a station server in communication with the station driver and an 802.1X supplicant or an 802.1X authenticator. Each NIC provides station and/or access point functionality support. The driver drops packets that have been received if the packet has not been authenticated and associated. Packets that have been fragmented or encrypted are unfragmented and decrypted. An association manager is used in conjunction with a configuration table manager to associate stations and access points via management packets. A manager receives 802.1X data packets from the packet processor and sends them up to a station server that communicates with user mode applications and an 802.1X supplicant or an 802.1X authenticator that are used to authenticate and deauthenticate stations and access points. APIs are provided to enable communication between the components.

Abstract: A software based wireless infrastructure system is provided. The system has a driver that communicates with the network stack and a network interface card (NIC), a station server in communication with the station driver and an 802.1X supplicant or an 802.1X authenticator. Each NIC provides station and/or access point functionality support. The driver drops packets that have been received if the packet has not been authenticated and associated. Packets that have been fragmented or encrypted are unfragmented and decrypted. An association manager is used in conjunction with a configuration table manager to associate stations and access points via management packets. A manager receives 802.1X data packets from the packet processor and sends them up to a station server that communicates with user mode applications and an 802.1X supplicant or an 802.1X authenticator that are used to authenticate and deauthenticate stations and access points. APIs are provided to enable communication between the components.

Abstract: A power management scheme for use in a wireless device reduces the power consumption of the network interface module of the wireless device by selectively putting the network interface module into a low-power state for an idle time. The length of the idle time is calculated such that the amount of delayed traffic data accumulated is expected to be less than or equal to a pre-selected threshold when the network interface module is put in the low-power state for the calculated idle time. The amount of delayed traffic data as a function of the idle time is modeled using average inter-arrival and service rates that are derived from traffic statistics data.

Abstract: A system and method for enabling a zero configuration nomadic wireless and wired computing environment presenting a just works experience is presented. The system examines predefined user preference or profile settings to determine to which of a competing number of wireless networks available it should connect, and what type of authentication should be used for such connection. Nomadic wireless computing between infrastructure wireless networks and ad hoc wireless networks may be accomplished without further user intervention required in an auto mode. Also, both infrastructure only and ad hoc only modes are available through the system of the invention. Further, the user may set a preference for infrastructure or ad hoc modes in the auto mode. With an infrastructure mode preference set, the system will automatically detect and transfer connectivity to a newly available infrastructure wireless network if the user was previously operating off-line or in ad hoc mode.

Abstract: Disclosed are methods for a client, having established one set of security keys, to establish a new set without having to communicate with an authentication server. When the client joins a group, master session security keys are derived and made known to the client and to the group's access server. From the master session security keys, the access server and client each derive transient session security keys, used for authentication and encryption. To change the transient session security keys, the access server creates “liveness” information and sends it to the client. New master session security keys are derived from the liveness information and the current set of transient session security keys. From these new master session security keys are derived new transient session security keys. This process limits the amount of data sent using one set of transient session security keys and thus limits the effectiveness of any statistical attacker.

Abstract: Additional data is associated with existing directory service object instances by creating instances of object classes in an Application Partition. The additional data is added to one or more attribute(s) of the created instances; the created instances are associated with existing object instances by setting the value of a backlink attribute in the created instances to be the same as a partition link value in the existing object instances. The created instances may be members of object classes which were already existing in the schema of the directory service, the created instances may be members of an existing object class which has attributes which are modified for this purpose, or the created instances may be members of a new object class created for this purpose. The additional data, backlink, and partition link values may be stored as a normal value for the chosen attribute(s) or as pseudo-values.

Abstract: Credentials are migrated into a unified identity management system which maintains existing mappings by associating the migrated credentials with existing directory service object instances. The schema of the directory service may or may not be modified.

Abstract: A software based wireless infrastructure system is provided. The system has a driver that communicates with the network stack and a network interface card (NIC), a station server in communication with the station driver and an 802.1X supplicant or an 802.1X authenticator. Each NIC provides station and/or access point functionality support. The driver drops packets that have been received if the packet has not been authenticated and associated. Packets that have been fragmented or encrypted are unfragmented and decrypted. An association manager is used in conjunction with a configuration table manager to associate stations and access points via management packets. A manager receives 802.1X data packets from the packet processor and sends them up to a station server that communicates with user mode applications and an 802.1X supplicant or an 802.1X authenticator that are used to authenticate and deauthenticate stations and access points. APIs are provided to enable communication between the components.

Abstract: A system and method for enabling a zero configuration nomadic wireless and wired computing environment presenting a just works experience is presented. The system examines predefined user preference or profile settings to determine to which of a competing number of wireless networks available it should connect, and what type of authentication should be used for such connection. Nomadic wireless computing between infrastructure wireless networks and ad hoc wireless networks may be accomplished without further user intervention required in an auto mode. Also, both infrastructure only and ad hoc only modes are available through the system of the invention. Further, the user may set a preference for infrastructure or ad hoc modes in the auto mode. With an infrastructure mode preference set, the system will automatically detect and transfer connectivity to a newly available infrastructure wireless network if the user was previously operating off-line or in ad hoc mode.

Abstract: A system and method for enabling a zero configuration nomadic wireless and wired computing environment presenting a just works experience is presented. The system examines predefined user preference or profile settings to determine to which of a competing number of wireless networks available it should connect, and what type of authentication should be used for such connection. Nomadic wireless computing between infrastructure wireless networks and ad hoc wireless networks may be accomplished without further user intervention required in an auto mode. Also, both infrastructure only and ad hoc only modes are available through the system of the invention. Further, the user may set a preference for infrastructure or ad hoc modes in the auto mode. With an infrastructure mode preference set, the system will automatically detect and transfer connectivity to a newly available infrastructure wireless network if the user was previously operating off-line or in ad hoc mode.

Abstract: A software based wireless infrastructure system is provided. The system has a driver that communicates with the network stack and a network interface card (NIC), a station server in communication with the station driver and an 802.1X supplicant or an 802.1X authenticator. Each NIC provides station and/or access point functionality support. The driver drops packets that have been received if the packet has not been authenticated and associated. Packets that have been fragmented or encrypted are unfragmented and decrypted. An association manager is used in conjunction with a configuration table manager to associate stations and access points via management packets. A manager receives 802.1X data packets from the packet processor and sends them up to a station server that communicates with user mode applications and an 802.1X supplicant or an 802.1X authenticator that are used to authenticate and deauthenticate stations and access,points. APIs are provided to enable communication between the components.

Abstract: A method of network security policy administration for a network client uses a finite state machine to maintain the security policy information of the network client. Security policy information may originate in a remote source such a directory storage as well as, or alternatively, locally in cache and local store locations. The finite state machine has four states, Initial, DS, Cache, and Local, and transitions between states responsive to the availability of security policy information from the various policy information sources. Furthermore, security policy updates occur via a differencing mechanism, wherein only filters that have changed are updated, minimizing impact on unchanged policy filters and the traffic protected by them, and minimizing lulls in policy coverage.

Abstract: A power management scheme for use in a wireless device reduces the power consumption of the network interface module of the wireless device by selectively putting the network interface module into a low-power state for an idle time. The length of the idle time is calculated such that the amount of delayed traffic data accumulated is expected to be less than or equal to a pre-selected threshold when the network interface module is put in the low-power state for the calculated idle time. The amount of delayed traffic data as a function of the idle time is modeled using average inter-arrival and service rates that are derived from traffic statistics data.

Abstract: Disclosed are methods for a client, having established one set of security keys, to establish a new set without having to communicate with an authentication server. When the client joins a group, master session security keys are derived and made known to the client and to the group's access server. From the master session security keys, the access server and client each derive transient session security keys, used for authentication and encryption. To change the transient session security keys, the access server creates “liveness” information and sends it to the client. New master session security keys are derived from the liveness information and the current set of transient session security keys. From these new master session security keys are derived new transient session security keys. This process limits the amount of data sent using one set of transient session security keys and thus limits the effectiveness of any statistical attacker.

Abstract: Disclosed are methods for an authentication client, having been authenticated by an authentication server, to leverage the effects of that authentication to implement a new communications password. The authentication client gets a new password from its user. From the new password and from information provided by the authentication server, the authentication client derives a “password verifier.” The password verifier is then shared with the authentication server. The new password itself is never sent to the authentication server, and it is essentially impossible to derive the new password from the password verifier. The authentication client and the authentication server, in parallel, derive a new set of authentication and encryption security keys from the new password and from the password verifier, respectively. This process may be repeated to limit the amount of data sent using any one particular set of security keys and thus to limit the effectiveness of any statistical attacker.

Abstract: A system and method for enabling a zero configuration nomadic wireless and wired computing environment presenting a just works experience is presented. The system examines predefined user preference or profile settings to determine to which of a competing number of wireless networks available it should connect, and what type of authentication should be used for such connection. Nomadic wireless computing between infrastructure wireless networks and ad hoc wireless networks may be accomplished without further user intervention required in an auto mode. Also, both infrastructure only and ad hoc only modes are available through the system of the invention. Further, the user may set a preference for infrastructure or ad hoc modes in the auto mode. With an infrastructure mode preference set, the system will automatically detect and transfer connectivity to a newly available infrastructure wireless network if the user was previously operating off-line or in ad hoc mode.

Abstract: The present invention provides a directory service system for accessing a plurality of directory services in a uniform manner. Each directory service manages information relating to objects of that directory service. The type of information that a directory service manages for an object is defined by the object class of the object. An object class defines the properties (i.e., information) that a directory service manages for objects of that object class. Each property has a property name and property type. A directory service has a property value for each property defined by the object class of each object. The directory service system comprises a schema browsing component, a name resolving component, a binding component, and an extending component. The schema browsing component controls the retrieving of the property name and property type of each property of each object class of each directory service.

Abstract: The present invention provides a directory service system for accessing a plurality of directory services in a uniform manner. Each directory service manages information relating to objects or that directory service. The type of information that a directory service manages for an object is defined by the object class of the object. An object class defines the properties (i.e., information) that a directory service manages for objects of that object class. Each property has a properly name and property type. A directory service has a property value for each property defined by the object class of each object. The directory service system comprises a schema browsing component, a name resolving component, a binding component, and an extending component. The schema browsing component controls the retrieving of the property name and property type of each property of each object class of each directory service.