Abstract: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.

Abstract: A computer system that can configure itself to establish a network connection. Configuration is performed by identifying a connection profile with information from a combination of sources. Information may be obtained from user input, network traffic monitoring and a discovery process involving attempts to establish a connection with different profiles. The computer system may perform the configuration process under the control of software that performs an automated configuration process is adapted to receive extensions for operation on computers with hardware components that have non-standardized configuration options. Extensions for networks operating according to non-standardized security protocol extensions are also possible.

Abstract: In embodiments of registration and network access control, an initially unconfigured network interface device can be registered and configured as an interface to a public network for a client device. In another embodiment, a network interface device can receive a network access request from a client device to access a secure network utilizing extensible authentication protocol (EAP), and the request is communicated to an authentication service to authenticate a user of the client device based on user credentials. In another embodiment, a network interface device can receive a network access request from a client device to access a Web site in a public network utilizing a universal access method (UAM), and the request is redirected to the authentication service to authenticate a user of the client device based on user credentials.

Abstract: A method and apparatus for managing simultaneous virtual connections with multiple wireless networks. A plurality of ports in a hardware driver may be each associated with a corresponding wireless network and maintain a unique MAC state relative to other ports. Each port may have a corresponding virtual NIC that communicates directly with the radio hardware via a hardware virtualization layer that multiplexes communication between the virtual NICs and the radio hardware. Simultaneous virtual connections may be made with one or more infrastructure networks or adhoc networks, and/or the computer may function as an access point for one or more of the networks.

Abstract: Systems and methods for handling a transition of a roaming mobile user device (i.e., a roaming client) from one access point (AP) to a target AP, referred to herein as soft inter-AP handoff. This technique involves a second mobile user device that is already connected with the target AP, called a roaming coordinator, assisting in handoff coordination between the APs. This coordination includes assisting the roaming client in establishing a client-to-client connection to relay data traffic during the handoff, while the roaming client establishes a connection with the target AP using traditional techniques. Soft inter-AP handoff allows a faster hand-off between APs than traditional techniques, and may reduce jitter in communications with the roaming device during the transition.

Abstract: A system and method for carrying out network and interface selections across multiple media is disclosed. The disclosed system facilitates automated network interface configuration decision-making that spans a set of networks supporting communications via differing media. A set of media specific modules associated with differing communications media acquire network interface status/capabilities information. A rules engine thereafter applies a designated network selection rule(s) to the acquired network interface status/capabilities information, and any other appropriate parameters attributable to either an interface or network, to select one or more networks and interfaces with which to establish/maintain a connection.

Abstract: A network enabled computer receives connection profile information in a generic form and creates one or more native mode profiles to establish connections. By accepting profile information in a generic form, profile information can be readily provided from one or more ways, including from a policy server, through a user interface or from a third party application. The profile information can be provided with an order of precedence so that profile information from different sources may be combined appropriately. Additionally, the profile information may be provided in an extensible format to allow profile information to be distributed to multiple computers, even if some have different hardware or software configurations and are not programmed to recognize extensions of the profile information.

Abstract: A networked computer with a networking framework that can operate in accordance with a standard protocol or may be configured to perform one or more functions that alter or extend processing according to the standard. The framework includes extensibility points and a mechanism to receive plug-ins that may perform extensibility functions. Network profile information indicates configuration of the extensibility points, including specific extensibility functions to be executed at the extensibility points. This information may be used to configure the extensibility points so that, as the computer operates, the extensibility functions are selectively executed instead of or in addition to standard functions.

Abstract: A system and method for carrying out network and interface selections across multiple media is disclosed. The disclosed system facilitates automated network interface configuration decision-making that spans a set of networks supporting communications via differing media. A set of media specific modules associated with differing communications media acquire network interface status/capabilities information. A rules engine thereafter applies a designated network selection rule(s) to the acquired network interface status/capabilities information, and any other appropriate parameters attributable to either an interface or network, to select one or more networks and interfaces with which to establish/maintain a connection.

Abstract: A framework is provided that decouples credential acquisition from authentication processes using those credentials in a way that facilitates dynamic update of credential information. An authentication component may receive credential information for authentication of a user or a device for access to a resource. During interactions with an external authenticator, the authentication component may identify that updated credential information is required and issue a request to the application including credential parameters defining the updated credential information. An application component receiving the request may acquire updated credential information from a user or another entity. In addition, the authentication method may issue notifications to the application. The framework enables the application to update credentials in a context specific way.

Abstract: Methods and systems are provided for an event-based configuration interface between a service supporting mobile connectivity and device drivers exposing WWAN data services. Object identifiers (OIDs) are passed between the service and the device drivers. Asynchronous communication is enabled. Methods and systems for using OIDs to negotiate configuration, including PINs, SIMs and signal strength, of WWAN devices such as GSM and CDMA-based devices are provided.

Abstract: A method is provided to facilitate compliance with wireless communication regulations for a regulatory domain when creating or joining an ad hoc network. The method can include interacting with a driver of a wireless communication device to facilitate compliance. Another method is provided to offer an option to enable or disable prompting to verify a regulatory domain to use to create or join an ad hoc network. Another method is provided for facilitating compliance with wireless communication regulations for a plurality of regulatory domains. The method includes using a common channel as a communication channel for a wireless communication device when joining or creating an ad hoc network, wherein the common channel is common to the plurality of regulatory domains.

Abstract: A computing environment containing a mesh network that is adapted to provide a reliable transport mechanism over which services may be delivered. Nodes of the mesh can automatically select routable addresses without conflicts, which allows nodes of the mesh to be accessed, even as the mesh changes through the addition or deletion of nodes. Also, nodes communicate with a protocol that supports service advertisements. These advertisements can identify mesh nodes that supply services, such as file or print servers, for which devices that have not yet connected to the network may be searching. Advertisements can also identify services to be used by nodes in the network, allowing, for example, a node to select a gateway providing a reliable connection to an external network. The mesh network can be used as a transport for communication using protocols, such as TCP/IP, that generally exhibit poor performance when using unreliable transports.

Abstract: A computing environment containing a mesh network that is adapted to provide a reliable transport mechanism over which services may be delivered. Nodes of the mesh can automatically select routable addresses without conflicts, which allows nodes of the mesh to be accessed, even as the mesh changes through the addition or deletion of nodes. Also, nodes communicate with a protocol that supports service advertisements. These advertisements can identify mesh nodes that supply services, such as file or print servers, for which devices that have not yet connected to the network may be searching. Advertisements can also identify services to be used by nodes in the network, allowing, for example, a node to select a gateway providing a reliable connection to an external network. The mesh network can be used as a transport for communication using protocols, such as TCP/IP, that generally exhibit poor performance when using unreliable transports.

Abstract: A computing environment containing a mesh network that is adapted to provide a reliable transport mechanism over which services may be delivered. Nodes of the mesh can automatically select routable addresses without conflicts, which allows nodes of the mesh to be accessed, even as the mesh changes through the addition or deletion of nodes. Also, nodes communicate with a protocol that supports service advertisements. These advertisements can identify mesh nodes that supply services, such as file or print servers, for which devices that have not yet connected to the network may be searching. Advertisements can also identify services to be used by nodes in the network, allowing, for example, a node to select a gateway providing a reliable connection to an external network. The mesh network can be used as a transport for communication using protocols, such as TCP/IP, that generally exhibit poor performance when using unreliable transports.

Abstract: A network and connection provisioning framework for configuring and provisioning multiple aspects of network connectivity (e.g., multiple networks, media types, and/or connections). The framework may comprise a unified configuration interface that enables an administrator to configure multiple different types of network connectivity. A single configuration file comprising settings for multiple aspects of network connectivity may be generated based on preferences entered by a system administrator, or by exporting current settings from a particular computing device. Global configuration policies or other configuration settings that span multiple types of network connectivity may be also created and stored in one or more configuration files. Stand-alone media managers and/or plug-in modules may implement one or more standardized application programming interface functions so that they may interoperate with the network and connection provisioning framework.

Abstract: A network and connection provisioning framework for configuring and provisioning multiple aspects of network connectivity (e.g., multiple networks, media types, and/or connections). The framework may comprise a unified configuration interface that enables an administrator to configure multiple different types of network connectivity. A single configuration file comprising settings for multiple aspects of network connectivity may be generated based on preferences entered by a system administrator, or by exporting current settings from a particular computing device. Global configuration policies or other configuration settings that span multiple types of network connectivity may be also created and stored in one or more configuration files. Stand-alone media managers and/or plug-in modules may implement one or more standardized application programming interface functions so that they may interoperate with the network and connection provisioning framework.

Abstract: A network and connection provisioning framework for configuring and provisioning multiple aspects of network connectivity (e.g., multiple networks, media types, and/or connections). The framework may comprise a unified configuration interface that enables an administrator to configure multiple different types of network connectivity. A single configuration file comprising settings for multiple aspects of network connectivity may be generated based on preferences entered by a system administrator, or by exporting current settings from a particular computing device. Global configuration policies or other configuration settings that span multiple types of network connectivity may be also created and stored in one or more configuration files. Stand-alone media managers and/or plug-in modules may implement one or more standardized application programming interface functions so that they may interoperate with the network and connection provisioning framework.

Abstract: A method of operating an access point (AP) configured to support multiple pre-shared keys at a given time to authenticate its associated client devices. Each client device associated with the AP is provisioned with a key. To authenticate the client device tat attempts to connect to the AP, the AP determines which pre-shared key (PSK) of the multiple supported pre-shared keys (PSKs). if any, matches information including the key received from the client device. When the information matches, the client device is allowed to connect to the AP. Provisioning the AP with multiple PSKs allows selectively disconnecting associated client devices from the AP. The AP may be configured to support PSKs of different lifetime and complexity. Removing a PSK of the multiple PSKs supported by the AP and disconnecting a client device that uses this PSK does not disconnect other client devices using different keys to access the AP.

Abstract: A wireless device that utilizes a single network interface to simultaneously connect to an infrastructure network and a mesh network. The device has a driver layer with a media access control module for each network type. A multiplexing module and transceiver module within the driver can direct received information associated with one of the networks to an appropriate media access control and then to an appropriate network adapter. For transmitted data, the multiplexing module can receive data from the application layer through an appropriate network adapter and route it to an appropriate media access control module for processing. The processed data can be interleaved by the transceiver for transmission.