Abstract: A power-save system for a network with an access point and an associated power-save client. The access point buffers wireless data that includes a unicast frame and a multicast frame. A periodic scheduled beacon message is transmitted with a unicast indication element and a multicast indication element. The unicast element instructs a client to remain awake to receive a buffered unicast frame, which includes a destination MAC address. The multicast element instructs a client to remain awake following the beacon to receive a buffered multicast frame, which includes a destination multicast address designating a multicast group of which the client is a member. At least one beacon message is designated as a multicast delivery beacon. The buffered multicast frame is transmitted following the designated multicast beacon. The multicast element contains a list of entries, each entry corresponding to either a multicast MAC address, multicast IP address, or client identifier.

Abstract: A method for providing private sidestream transmissions between a first and second client in a wireless network generally includes sending a location discovery request from a first client to an access point and receiving a location discovery response from the access point. The response includes a ticket encrypted with a session key of the second client and containing a sidestream key. The method further includes sending a direct communication request from the first client to the second client. The request includes the ticket and an authenticator encrypted with the sidestream key. A direct communication response including an updated authenticator is received from the second client. A method and apparatus for secure context transfer during client roaming are also disclosed.

Abstract: A power-save system for a network with an access point and an associated power-save client. The access point buffers wireless data that includes a unicast frame and a multicast frame. A periodic scheduled beacon message is transmitted with a unicast indication element and a multicast indication element. The unicast element instructs a client to remain awake to receive a buffered unicast frame, which includes a destination MAC address. The multicast element instructs a client to remain awake following the beacon to receive a buffered multicast frame, which includes a destination multicast address designating a multicast group of which the client is a member. At least one beacon message is designated as a multicast delivery beacon. The buffered multicast frame is transmitted following the designated multicast beacon. The multicast element contains a list of entries, each entry corresponding to either a multicast MAC address, multicast IP address, or client identifier.

Abstract: A power-save method for a network with an access point and an associated power-save client. The access point buffers wireless data that includes a unicast frame and a multicast frame. A periodic scheduled beacon message is transmitted with a unicast indication element and a multicast indication element. The unicast element instructs a client to remain awake to receive a buffered unicast frame, which includes a destination MAC address. The multicast element instructs a client to remain awake following the beacon to receive a buffered multicast frame, which includes a destination multicast address designating a multicast group of which the client is a member. At least one beacon message is designated as a multicast delivery beacon. The buffered multicast frame is transmitted following the designated multicast beacon. The multicast element contains a list of entries, each entry corresponding to either a multicast MAC address, multicast IP address, or client identifier.

Abstract: A method wherein an access point authenticates itself with neighboring access points and establishes secure and mutually authenticated communication channels with its neighboring access points. When an access point learns of a neighboring access point, it initiates an authentication with an authentication server through the neighboring access point. Once access points have mutually authenticated each other, whenever a station authenticates itself with a first access point, the first access point communicates the station's authentication context information, for example session key and session identifier, to each neighboring access point. Thus, when the station roams to a neighboring access point, the neighboring access point presents the station with a reauthentication protocol, for example LEAP reauthentication, and if the reauthentication is successful, communication between the station and the neighboring access point takes place immediately and no new EAP authentication needs to occur.

Abstract: A method for reauthentication during client roaming in a wireless network system. The network has at least one access server and a plurality of access points registered with the access server. The method includes receiving a registration request at the access server from a new access point for a roaming client registered with the access server and sending a client's session key to the new access point in a registration reply upon authentication of the registration request. The client's session key is configured for use by the new access point to authenticate the client and establish keys for the client. A method for secure context transfer during client roaming is also disclosed.

Abstract: A method and system for handling roaming mobile nodes in a wireless network. The system uses a Subnet Context Manager to store current Network session keys, security policy and duration of the session (e.g. session timeout) for mobile nodes, which is established when the mobile node is initially authenticated. Pairwise transit keys are derived from the network session key. The Subnet Context Manager handles subsequent reassociation requests. When a mobile node roams to a new access point, the access point obtains the network session key from the Subnet Context Manager and validates the mobile node by computing a new pairwise transient key from the network session key.

Abstract: In an example embodiment, a system for providing a Virtual Local Area Network (VLAN) by use of encryption states or encryption keys for identifying a VLAN. A table of data including a VLAN and an associated encryption state or key is provided for assignment of encryption states or keys, for devices in a wireless local area network.

Abstract: A power-save method for a network with an access point and an associated power-save client. The access point buffers wireless data that includes a unicast frame and a multicast frame. A periodic scheduled beacon message is transmitted with a unicast indication element and a multicast indication element. The unicast element instructs a client to remain awake to receive a buffered unicast frame, which includes a destination MAC address. The multicast element instructs a client to remain awake following the beacon to receive a buffered multicast frame, which includes a destination multicast address designating a multicast group of which the client is a member. At least one beacon message is designated as a multicast delivery beacon. The buffered multicast frame is transmitted following the designated multicast beacon. The multicast element contains a list of entries, each entry corresponding to either a multicast MAC address, multicast IP address, or client identifier.

Abstract: A Wireless LAN Context Control Protocol (WLCCP) is used to establish and manage a wireless network topology and securely manages the “operational context” for mobile stations in a campus network. The WLCCP registration protocol can automatically create and delete links in the network, securely distribute operational context, and reliably establish Layer 2 forwarding paths on wireless links. A single infrastructure node is established as the central control point for each subnet, and enables APs and MNs to select the parent node that provides the “least-cost path” to a backbone LAN. Context messages provide a general-purpose transport for context and management information. WLCCP “Trace” messages facilitate network diagnostic tools. Ethernet or UDP/IP encapsulation can be used for WLCCP messages. Ethernet encapsulation is employed for intra-subnet (e.g. AP-to-AP or AP-to-SCM) WLCCP messages. IP encapsulation is used for inter-subnet WLCCP messages and may also be used for intra-subnet WLCCP messages.

Abstract: A method for an access point to provide immediate delivery of low-latency data packets to one virtual local area network when there are one or more associated stations operating in Power-Save-Protocol on another virtual local area network. The access point observes all the virtual local area networks to which it provides access to associated stations. The access point then determines which of the virtual local area networks contains only active stations. The access point then tracks the virtual local area network having only active stations and immediately transmits to the network incoming multicast/broadcast data packets.

Abstract: A method for associating a WSTA to a service set, wherein the service set is configurable at the AP. Each service set is an arbitrary grouping of one or more network service parameters, and is typically configured for either VLAN or proxy mobile IP host. When a wireless station desires to associate with an access point, the wireless station sends a message to the access point, the message containing a SSID. The access point then matches the SSID to a service set and associates the WSTA to either a home subnet or a VLAN based on the SSID. By locally configuring the service set, the default VLAN and home subnet for a WSTA may be different at each AP the WSTA encounters. A security server is configured with a list of allowed SSIDs for each wireless station to prevent unauthorized access to a VLAN or home subnet.

Abstract: A method for providing a superior quality of service for multicast data streams delivered over a wireless local area network. As Internet Protocol multicast data streams are received by an access point, the access point observes Internet Group Multicast Protocol registration messages to determine which of its associated stations subscribe to each multicast data stream. The access point then determines which of the multicast data streams it receives have only active subscribing stations as opposed to those data streams having at least one associated station operating in power-save mode. The access point will automatically transmit each multicast data stream having only active subscribers immediately to the associated active stations, while buffering the multicast data stream for which there is at least one associated station operating in power-save mode.