WO2004100425A2 - Commande inter-couche dynamique et adaptative de reseaux informatiques de radiocommunication - Google Patents

Commande inter-couche dynamique et adaptative de reseaux informatiques de radiocommunication Download PDF

Info

Publication number
WO2004100425A2
WO2004100425A2 PCT/US2004/012953 US2004012953W WO2004100425A2 WO 2004100425 A2 WO2004100425 A2 WO 2004100425A2 US 2004012953 W US2004012953 W US 2004012953W WO 2004100425 A2 WO2004100425 A2 WO 2004100425A2
Authority
WO
WIPO (PCT)
Prior art keywords
network
service
spn
layer
communication
Prior art date
Application number
PCT/US2004/012953
Other languages
English (en)
Other versions
WO2004100425A3 (fr
Inventor
Keith Stuart Klemba
Isaac Robert Nassi
David Neil Cornejo
Lawrence Alan Rosenthal
Original Assignee
Firetide, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/426,125 external-priority patent/US7305459B2/en
Application filed by Firetide, Inc. filed Critical Firetide, Inc.
Publication of WO2004100425A2 publication Critical patent/WO2004100425A2/fr
Publication of WO2004100425A3 publication Critical patent/WO2004100425A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/02Communication route or path selection, e.g. power-based or shortest path routing
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Definitions

  • This invention relates to wireless telecommunication networks, including particularly ad hoc mesh wireless networks.
  • Wireless Local Area Network (WLAN) technologies are rapidly making their way into all types of networks (e.g., home, SOHO, education, enterprise). Nearly all networking companies have been rapidly adding WLAN components to their product portfolio. Governing this technology expansion are the IEEE 802.11 standards, currently the industry's choice for WLAN architecture compliance. While the standard defines alternative modes of operation, today it is the Infrastructure Mode that is most commonly deployed. In this mode a wireless Access Point (“AP”) is attached to the LAN via an Ethernet cable and wireless Utilizing Devices associate with the AP to gain wireless access to the LAN. The wireless clients must be within radio range of an Access Point and be capable of passing any authentication screening the AP may deploy.
  • AP wireless Access Point
  • FIG. 1 thus illustrates I how access to LAN server 100 and its services is extended one wireless radio hop to Utilizing Devices 120 by the deployment of APs 110.
  • Deploying a WLAN in this manner can require extensive site evaluation, security planning, and - as illustrated in Figure 1 - lots of wire.
  • each of AP's 110(a)-(c) are connected via corresponding wires 105(a)-(c) to LAN 100.
  • the present invention provides method apparatus for accessing resources via a wireless communication network.
  • the network is known as a Service Point Network ("SPN") and is a wireless network comprising multiple Service Points, each potentially connected to a Utilizing Device.
  • SPN Service Point Network
  • Utilizing Devices are not part of the SPN, but connect to one or more Service Points and thereby access or provide resources via the SPN.
  • a first of the Utilizing Devices accesses a second via packets sent through the SPN between the Service Points connected to the two Utilizing Devices.
  • the Service Points preferably communicate with each other using an ad hoc mesh network protocol that supports routing via unicast, multi-cast and/or broadcast.
  • the SPN is ad hoc with respect to the number, location, environment surrounding the Service Points and connection of Utilizing Devices to the Service Points which are embodied in physically mobile nodes.
  • the protocol employs an on-demand or proactive routing algorithm. Utilizing Devices are connected to the corresponding Service Points via wired or wireless connection.
  • Methods of the invention preferably include providing a first Utilizing Device access to a second Utilizing Device, without revealing to the Utilizing Devices the addresses of the connected Service Points. Instead, the Utilizing Device originating the message specifies the address of the intended destination Utilizing Device, and the SPN automatically maps the address to an identifier for the corresponding Service Point connected to the destination Utilizing Device. Aspects of the invention further include mapping the identifier to a network address of the Service Point, and dynamically remapping it to reflect any change of network address in the course of communication transmission.
  • the wireless SPN includes providing at least one private sub-net comprising a selected subset of the Service Points, each configured to only forward communications traffic that is either to or from other Service Points within the private sub-net.
  • the method further includes automatic reorganization of the Service Point Network into sub-nets based on one or more of the following factors: routing, routing management, security management, frequency, authentication, density, identification, age and technologies.
  • Utilizing Devices connected to Service Points provide a set of resources consisting of applications, printing, network gateway, DHCP, SMTP, vending/e-commerce, audio, imaging, lighting, utility, appliances, travel, communications, telematics and/or emergency safety.
  • a first Utilizing Device may access a second Utilizing Device selected, in part, based upon a topological relationship between the Service Points connected to the Utilizing Devices, and/or the physical location of the Service Point connected to the second Utilizing Device.
  • the Service Points each include a Networking Port to wirelessly route multi-hop traffic to other Service Points, and a Service Port configured to communicate with one or more Utilizing Devices.
  • a Utilizing Device in communication with a first Service Port can access another Utilizing Device communicating with different Service Ports via the SPN, without configuring the Utilizing Devices to communicate with the Networking Ports of the Service Points.
  • Utilizing Devices preferably address all Service Points of the network using a single common IP address.
  • the invention further provides a method for providing access to resources via a secure wireless communication network by providing a self -configuring Service Point Network (SPN) of multiple Service Points.
  • SPN Service Point Network
  • each Service Point Upon joining the SPN, each Service Point is dynamically assigned an SPN-unique identifier.
  • Utilizing Devices are each connected to one or more Service Points, providing first and second Utilizing Devices access to each other via secure communication through the SPN between the corresponding Service Points connected to the Utilizing Devices, using an asymmetric public-private encryption key pair that is at least partially based on the Service Point unique identifiers.
  • providing first and second Utilizing Devices access to each other through the SPN further includes encrypting communications at the Service Point connected to the first Utilizing Device and further encrypting the key needed to decrypt the communications using a public encryption key of the Service Point connected to the second Utilizing Device.
  • secure communication proceeds through the SPN between an Entry Service Point connected to the first Utilizing Device and a Terminal Service Point connected to the second Utilizing Device, and is encrypted by the Entry Service Point in such a manner that it can only be decrypted by the Terminal Service Point.
  • the encryption key is employed to send a recipient Service Point one or more management directives in a secure and authenticated manner.
  • the management directive incorporates a "liveness" value public key challenge for purposes of authentication.
  • Management directives used in SPN formation include one or more of the following: hello, welcome, join, accept, leave, or goodbye.
  • the recipient Service Point is associated with multiple encryption key pairs (e.g., Manufacturer, Owner, Operator), and the different encryption keys are utilized corresponding to different classes of management directives.
  • FIG. 1 illustrates a prior art wireless local area network (WLAN).
  • WLAN wireless local area network
  • FIG. 2a illustrates a Service Point (SP) device, including Service Port and
  • Figure 2b illustrates an SP with multiple Service Ports and Networking Ports.
  • Figure 3 depicts a plurality of SP's forming a Service Point Network (SPN) via Networking Ports, and connected to a plurality of Utilizing Devices via Service
  • SPN Service Point Network
  • Figure 4 illustrates a WLAN augmented by an SPN.
  • Figure 5 diagrams network address and port identification for SP's.
  • FIG. 6a diagrams a secure communication process via an SPN.
  • Figure 6b is a flow diagram for a secure communication process via an SPN.
  • Figure 7 illustrates an SPN comprising public and private sub-nets.
  • Figure 8 is a flow diagram outlining a secure process for sending authenticated management directives to SP's.
  • Figure 9 diagrams the internal architecture for an SP.
  • Figure 10 shows an architectural overview for the integration of an SP device with a Utilizing Device.
  • Figure 11 illustrates a mobile SPN embodiment.
  • Service Points cooperate with one another like building blocks to form a network using a shared wireless communication protocol.
  • the resulting wireless network is referred to herein as a "Service Point Network” or “SPN,” and we refer herein to an SP's communication interface with other members of an SPN as the SP's "Networking Port.”
  • SPN Service Point Network
  • Each Service Point also provides a (logically) separate interface (a "Service Port") for connection with one or more devices (“Utilizing Devices”) utilizing the communication services of the SPN, whether as sender or recipient of information, resources, and/or requests thereof.
  • Utilizing Devices are not part of the SPN, and need not necessarily support or recognize the shared wireless networking protocol(s) of the Networking Ports used for communication among SP's within the SPN; provided that each Utilizing Device does support protocol(s) sufficient for communication with the corresponding Service Port to which it is connected.
  • Figure 2a illustrates basic logical features of Service Point 200 in one embodiment, including Networking Port 210 and Service Port 220. SP 200 interfaces with Utilizing Device 230 by means of Service Port 220. Using Networking Port 210, SP 200 can communicate with other SP's to form an SPN, as discussed below in more detail.
  • Figure 3 shows a plurality of SP's 300(x) forming SPN 350 via their wireless Networking Ports 310(x), and connected to a plurality of Utilizing Devices 330(x) via their Service Ports 320(x).
  • Connected Utilizing Devices 330(x) are not considered a part of Service Point Network 350, and need not contain any custom software or hardware related to the operations of the SPN Networking Ports. Consequently, the wireless networking technology used by Networking Ports 310(x) to form Service Point Network 350 (e.g., 802.11 DSSS, 3G CDMA, or Ultra- Wideband) can be independent of the technology used for connecting Utilizing Devices to Service Points (e.g. USB, TR, Serial, Ethernet, Parallel).
  • Service Port 220 may or may not be physically (hardware) distinct from Networking Port 210 - provided they perform logically distinct roles, as described.
  • SP 200 can optionally include multiple Networking Ports, e.g., 210(a) and 210(b), and/or multiple Service Ports, e.g., 220(a) and 220(b).
  • FIG. 4 illustrates a WLAN augmented by SPN 470 in accordance with a preferred embodiment of the present invention.
  • access to WLAN resources can be provided for wireless mobile clients 420(x)(i) without requiring wired connections running from each of AP's 410(x) to LAN server 400. Instead, each of AP's 410(x) is connected locally to a corresponding SP 415(x) of SPN 470.
  • Access Points 410(x) connected to Service Points 415(x) form an extensive WLAN network accessible to mobile clients, utilizing SPN 470 as the backhaul.
  • Service Points differ from (and are complementary to) Access Points, in that an SPN offers a connection to communications and services (including, for example, wireless client access via Access Points) anywhere that is desired, without having to run wires for the communications infrastructure.
  • SPN offers a connection to communications and services (including, for example, wireless client access via Access Points) anywhere that is desired, without having to run wires for the communications infrastructure.
  • network designers can freely locate network services so as to provide true location-dependent services and even systems where the entire network can be mobilized (the latter is discussed below in connection with Figure 11), without the need for wired connections between the locations where services are accessed and the location where services or resources are originated.
  • An SPN is preferably, but not necessarily, self -configured by the SP's as an ad hoc mesh network.
  • Ad hoc is used here in the broad spirit of: (1) formed or used for specific or immediate problems or needs, and/or (2) fashioned from whatever is immediately available.
  • the ad-hoc character of an SPN is preferably with respect to at least one or more of the following: network membership, time, location, and environment (the latter including, for example, line-of -sight, low humidity, elevation, metallic vs. non-metallic partitions, indoors, outdoors).
  • the SP's collaborate opportunistically with any available SP's in radio contact (and meeting threshold criteria, such as the authentication and privacy criteria discussed below) to form an SPN, with the premise that each of the member SP's may independently leave over time and that new member SP's may independently join over time.
  • the SPN's topology is preferably a "mesh", meaning that there are multiple alternative paths through the network between at least some pairs of member SP's. Mesh topology is considered preferable due to the relatively high number of connected systems made possible by omni-directional radio transmissions: LAN segments are segregated by wiring and network design, whereas WLAN segments tend to have more indeterminate integration with other WLAN devices due to the broadcast characteristic of their medium.
  • SP Networking Ports are implemented using IEEE 802.11 compliant wireless broadband radios operating in "Ad-Hoc Mode" to build a self-configuring SPN.
  • the SPN is preferably an IP network supporting multi-hop point-to-point and multi-cast routing, as will be discussed at greater length below.
  • Service Point into a specified state (e.g., Active, Standby, Shutdown, Maintenance).
  • the initialization is designed to be automated and to provide plug & go usage.
  • Table 1 illustrates the processes a Service Point sequences through to initialize itself into the Active State.
  • the progression of a Service Point through these processes is meant to be independent of, and cooperative with, the chosen routing protocol (e.g., TBRPF) and the specific communications technologies (e.g., 802.11 MAC).
  • the initialization activities may also include security initialization processes, such as those of well established network security standards (e.g., 802. lx Security).
  • Each Service Point preferably carries a unique, manufacturer-installed digital identifier that can be used to uniquely authenticate each Service Point and its resident software.
  • an SP is challenged and not accepted into the SPN if it lacks the requisite digital identifier.
  • This authentication capability can similarly be employed in the course of various Service Point activities; for example, authentication can be tested and required in connection with management functions such as in-field product software upgrades, hi addition, during the SPN formation process, unique names and addresses are preferably assigned to each SP 550 in the network, as shown in Figure 5.
  • each Service Port 545 within a Service Point 550 is given a globally unique port identifier 525 which is the result of a function of (hardware identifier(s), time-of-day, network identifiers, and port number). Although this function is applied during initial startup of Service Points it may be rerun as needed during the operational stage of the Service Point.
  • Port ID 525 is used to generate a public/private encryption key pair, for encrypted communication as described in the next section.
  • Networking Port 540 e.g., 802.11 radio
  • each SP 550 is also given an internal IP address 510, unique to SPN 500 and utilized for addressing and routing of traffic within the SPN, as will also be described in the next section.
  • Originator Utilizing Device 600 preferably complies with standard IP network addressing requirements and addresses a communication packet 610 to be sent with the destination IP address of the Destination Utilizing Device, the ultimate intended recipient of that packet.
  • IP packet 610 is delivered from Utilizing Device 600 to its connected Service Point 605, the Entry SP. Entry SP 605 performs a series of transformations 615 as follows.
  • the destination address of packet 610 (which is the IP address of the Destination) is used by the Entry SP to retrieve the Port ID of the Terminal SP, i.e. the SP connected to the Destination Utilizing Device.
  • mappings are preferably maintained, in internal tables, between each Port ID and the IP address of any Utilizing Devices connected to the SP assigned that Port ID.
  • the Terminal SP's Port ID is in turn used by the Entry SP, at 653, to retrieve from tables the associated public cryptographic key for that port and the internal IP address of the Terminal SP.
  • Practitioners will readily recognize many equivalent ways to structure and implement such tables, effectively representing the logical relationships described. Those tables are preferably stored locally or otherwise available to each SP.
  • the Entry Service Point can determine the Port ID, internal IP address, and public key of the Terminal SP port to whom the packet should be delivered.
  • the steps of the method may be carried out for more than one Destination Utilizing Device and correspondingly for more than one Terminal SP Port ID, encryption key, and/or internal IP address.
  • the Entry SP 605 encrypts the original message packet 610 using the
  • This new IP header preferably contains the Entry SP's internal IP address, Entry SP Port ID, Terminal SP's internal IP address, and Terminal SP's Port ID.
  • this process is akin to IPSEC tunneling, but is preferably stateless.
  • the packet 620 is routed at 655-656, in a multi-hop manner through the Ad- hoc Mesh Network 625 toward the Terminal SP 630 (preferably in accordance with the routing algorithm and protocol described below in Section E).
  • the Terminal SP will perform several transformations 635 to restore the original packet.
  • the packet 620 is decrypted by Terminal SP 630 using its private key, and the fully transformed packet 640 (identical to original Packet 610) is delivered to Destination Utilizing Device 645 via the Service Port of the Terminal SP.
  • the packet 620 may encounter reassignment of the Terminal SP's internal IP address, or newly formed IP subnets within the Ad-hoc mesh network (subnets are discussed below in Section D).
  • SPNs form dynamically, and by nature are subject to changes in connectivity and membership. For this reason an SPN will typically need to reissue updated internal IP addresses to Service Points from time to time.
  • Port ID numbers and the associated PKI encryption keys for each SP remain constant, whereas the internal IP addresses for each SP may change to reflect changes in network formation. Nevertheless, mapping of the current internal IP address to each Port ID number is maintained dynamically in tables distributed in each SP, as indicated above at 652-653.
  • each Service Point is capable of using the Terminal Port ID at 657-658 to make any transformations necessary to find the new IP address of the Terminal SP and to continue the packet along its way, for example by using a mechanism such as Internet Port Address Translation (PAT).
  • PAT Internet Port Address Translation
  • changes to the internal IP address of a SP from time to time have no effect on the directory of devices and networks attached to the SP's (indexed by constant Port ID's, as noted above) or their connections to each other.
  • the packet is decrypted at the Terminal Service
  • user data moving in the body of IP messages within the SPN is preferably encrypted edge-to-edge - i.e., from the Service Port of the Entry SP that is connected to the Originator Utilizing Device, to the Service Port of the Terminal SP connected to the Destination Utilizing Device. Consequently, SPNs themselves do not increase the exposure of user data per se.
  • Entry SP may advantageously be driven in part by location-sensitive considerations. For example, the needs of a Utilizing Device (such as a client computer user) seeking access to the printer located nearest to that Utilizing Device might be best served by routing the communication to the Terminal SP that is connected to the "nearest" printer as determined by the SPN topology map maintained throughout the network in each SP. This approach uses network topology as a proxy measure for physical proximity. Alternatively, if current physical locations of each SP in the SPN are known and maintained in a table or other storage available to the SP's, then in the previous example the Entry SP can inspect the location table and identify which one of the SP's that is connected to a printer is located physically closest to the Entry SP itself.
  • the SPN is preferably an IP network operating within its own domain.
  • Devices connecting to a Service Point see the SPN as a virtual switch with a single IP address for management.
  • Within the SPN Service Points are assigned internal (hidden) IP addresses. These SPN IP addresses are not accessible from outside the SPN.
  • Management applications (as discussed below in Section F) can obtain an identifier for each Service Point by contacting SPN management handler (SNMP) 942 within any Service Point (see Figure 9, discussed below), and the handler will translate requests as necessary so they are internally routed within the SPN to the desired Service Point.
  • SNMP SPN management handler
  • SPN formation and internal IP addressing preferably takes full advantage of subnets and subnet routing as is done in the Internet today, in order to optimize routing and network management considerations. For example, when a new SP acts to join a public SPN, if multiple public SPNs or subnets are available within radio contact, one possible strategy is for the SP to join the smallest such SPN or subnet. (Different considerations and constraints apply with respect to Private SPNs, discussed below.) Moreover, as an SPN grows in size and complexity it may partition itself into subnets as necessary to optimize routing and security management. Similarly, smaller SPNs may be merged in an attempt to optimize routing and security management.
  • An SPN is preferably formed according to one of two construction principles,
  • Node A 715 can talk to Nodes B 735 or C 725, however, as those nodes are endpoints within their respective Private SPNs 730 and 720.
  • Public construction allows Service Points to be added to a Public SPN by anyone. Hence, large communities can create an SPN rather dynamically as each new Service Point is openly accepted into the Service Point Network.
  • Private construction preferably requires authentication and authorization for each Service Point to be added to a Private SPN.
  • a customer-specific digital certificate is deposited into each Service Point within a Private SPN as it is accepted into a Private SPN. Thereafter, the customer/owner has the ability to perform optional management functions on Service Points using SPN management software as discussed in Section F below.
  • TBRPF Topic Broadcast based on Reverse-Path Forwarding
  • the routing algorithm is an important core element of an operational SPN.
  • TBRPF has been submitted to the IETF for consideration in the Mobile Ad- hoc Network (MANET) working group as a proactive category candidate (see http://www.erg.sri.com/proiects/tbrpf/docs/draft07.txt, Mobile Ad-Hoc Networks Working Group Internet-Draft, "Topology Dissemination Based on Reverse-Path Forwarding (TBRPF) " SRI International, dated March 3, 2003).
  • Mesh networks present a number of technical challenges (e.g., hidden and blocked terminals, channel capture, overhead traffic, and propagation delays) and TBRPF is a mature and well- tested protocol that helps overcome such challenges in a scalable fashion.
  • the question of a destination's existence and how to get to it may be generalized. For example, in some nodes the answer may be, "I don't know if the destination exists, but if it does it would be in that direction.” Similarly, the complete path to a destination may not be known in a given node but the answer may be, "I don't know the full path to this destination, but I am on the path and I should forward this message along.” It is generalizations such as these that allow the management of distributed algorithms to be conservative on sending out costly routing information. It also illustrates how an algorithm might take advantage of combining both proactive and on demand characteristics.
  • Internet Messaging Protocols are employed to provide Security and Quality-of- Service options.
  • an SP's encryption key is employed to send management directives to the SP in a secure and authenticated manner, as shown in the flow diagram of Figure 8.
  • Management directives are special communication messages that effect network formation and/or SP configuration, such as: hello, welcome, join, accept, leave or goodbye. It is important to authenticate the identity of the SP's with whom such messages are exchanged, in order to protect the integrity of the SPN from being damaged such as by spurious devices joining the SPN or falsely asserting that a genuine SP is leaving the SPN.
  • a management directive is composed for a selected
  • the sender preferably augments the directive message by embedding in it a fresh key (or "nonce” value), as a protection against "replay” attack by unauthorized eavesdroppers.
  • a fresh key or "nonce” value
  • practitioners may reference Intrusion-Tolerant Group Management in Enclaves, by B. Dutertre and H. Sa ⁇ di and V. Stavridou, from International Conference on Dependable Systems and Networks, Goteborg, Sweden (July, 2001).
  • the augmented message is then encrypted by the sender at 830 using the public key of the recipient SP.
  • practitioners may find it preferable to associate each SP with multiple encryption key pairs (e.g., associated with manufacturer, owner, and owner of the SPN, respectively) corresponding to different classes of management directives or other authenticated communication, and to utilize each of the different encryption keys depending on the specific communication being sent.
  • multiple encryption key pairs e.g., associated with manufacturer, owner, and owner of the SPN, respectively
  • an ID of the recipient SP is used to obtain the SP's internal IP address.
  • the original sender of the directive is a member SP of the network, and sender SP preferably performs 840 directly referencing internal tables as discussed earlier in connection with Figure 6; whereas if the original sender is external to the SPN (e.g. a centralized management entity) then it may indirectly cause 840 to be carried out, such as via contacting an SNMP handler of a member SP as described above at the end of Section C.
  • the directive message is ultimately routed via the SPN to the recipient SP, and at 860 the recipient SP decrypts the message using its appropriate private key.
  • Unintended recipients of the message (such as unauthorized eavesdropper) will not be able to decrypt the message, since they will lack the requisite private key.
  • the genuine recipient SP is able to extract the embedded fresh key, and utilizes that key to generate a response (e.g., encrypted with the extracted key) that can be authenticated by the sender at 880. If the recipient has failed to properly decrypt the message and extract the embedded key, the recipient will fail to respond properly, will fail the authentication test, and consequently its spurious request e.g. to join or leave the SPN can properly be rejected.
  • the embedded key's "freshness" or “liveness” insures that this protocol cannot be deceived by simple replay attack, as illustrated in the above- referenced publication Intrusion-Tolerant Group Management in Enclaves within the context of "enclave” groups and virtual private networks.
  • Service Points are designed to auto configure and self heal in the face of changing radio connectivity, there can arise the need to inspect a Service Point for configuration, logs, or diagnostic information.
  • a Service Point Management Handler (SNMP 942, see Fig. 9 below) is preferably employed to make these administration tasks simple and SNMP compatible.
  • the Service Point Network management protocol is distributed and does not require a central management service.
  • a central management service can optionally be used to either view or manipulate various Service Point operating parameters.
  • a view-only manager can optionally be provided to allow general viewing (but not modification) of performance and wellbeing operating parameters within SP's.
  • This information may preferably be correlated across multiple SP's as well, in order to provide a more comprehensive understanding of how the SP's view the SPN at any given time.
  • network information of this nature can be viewed without compromising the security or privacy of SPN traffic.
  • a more aggressive management application can also optionally be provided, allowing authenticated network operators to manipulate parameters within SP's so as to cause them to alter their behavior and independent decision logic. For example, using network management utilities, specific Service Ports can be locked in to receive certain classes of traffic so that all such traffic would be sent to a specified Service Port without regard to other considerations for choosing the destination Service Port.
  • Another example of the Manager Point Application would be to provide an accounting application with access to billing information that it has activated within the SP's.
  • FIG. 9 diagrams the internal architecture for an SP 900, in a preferred embodiment.
  • SP 900 includes hardware interface 910, which in turn includes wireless interface 9 ⁇ 2 (e.g. based on 802.11 standards) for use by Networking Port
  • SP 900 further includes standard IP networking stack 920, and standard operating system computing environment 940, involving inter alia support for networking protocols SNMP 942, ICMP 944, DCHP 946, and routing tables 948.
  • SP standard IP networking stack 920
  • standard operating system computing environment 940 involving inter alia support for networking protocols SNMP 942, ICMP 944, DCHP 946, and routing tables 948.
  • SP networking protocols SNMP 942, ICMP 944, DCHP 946, and routing tables 948.
  • PwrCntl module 938 provides logic for dynamic adjustment of low-layer (e.g., physical or Media Access Control) network control parameters such as transmission power and frequency, in response to higher layer (link/routing) network conditions such as connectivity and topology.
  • low-layer e.g., physical or Media Access Control
  • Each SP as a member of the SPN, implements a lower layer (e.g., a physical communication layer and/or a Media Access Control layer, as represented by hardware interface 910 shown in Figure 9), and a higher layer of communication functionality (e.g., IP Networking 920, along with the relevant elements of OS environment 940 and SPN Support 930).
  • a lower layer e.g., a physical communication layer and/or a Media Access Control layer, as represented by hardware interface 910 shown in Figure 9
  • a higher layer of communication functionality e.g., IP Networking 920, along with the relevant elements of OS environment 940 and SPN Support 930.
  • PwrCntl logic 938 determines the SP's current environmental status at the higher layer - including, for example, the current specifics of connectivity/neighborhood, routing information, and topology information.
  • logic 938 dynamically adjusts one or more communication parameters pertaining to the lower layer such as channel selection, transmission power, signal processing gain, selection among diverse antennas or antenna modes, coding rates, and the contention resolution table. For example, in highly connected networks fair access to a common channel presents a problem of resolving interference/collisions; as well, it is desirable to increase data throughput, and/or reduce traffic congestion and queuing delays. Thus, if high connectivity (e.g., above certain thresholds as determined by the practitioner) and/or excessive levels of network performance measures (such as throughput or delay) are observed by PwrCntl logic 938 at the higher networking layer, logic 938 can trigger a request to reduce transmission power in the physical layer.
  • one or more communication parameters pertaining to the lower layer such as channel selection, transmission power, signal processing gain, selection among diverse antennas or antenna modes, coding rates, and the contention resolution table. For example, in highly connected networks fair access to a common channel presents a problem of resolving interference/collisions; as well
  • PwrCntl logic 983 might intervene to switch the transmitting frequency of the SP, or to adjust the MAC-layer contention resolution table, in order to mitigate the problems of collisions and interference indicated by the higher-layer networking environment conditions.
  • physical layer communication parameters for one or more members of a Service Point Network may be dynamically and intelligently adjusted based on current environmental conditions at the higher networking layer (e.g., topology and routing considerations).
  • SP's forming an SPN can preferably provide access to a potentially broad range of communication or networking services, such as: distributed applications, printing, gateways, DHCP, SMTP, vending, audio, imaging, lighting, utilities, appliances, travel, communications, telematics, and location-based services.
  • communication or networking services such as: distributed applications, printing, gateways, DHCP, SMTP, vending, audio, imaging, lighting, utilities, appliances, travel, communications, telematics, and location-based services.
  • These functional services and others may be delivered advantageously through deployment of Service Points within ubiquitous devices such as light fixtures, phones, monitors, parking meters, signal lights, and vending machines.
  • Mobile Service Points change the way wireless networking can be designed, enabling the mobility of entire networks as opposed to the mobility of solely client-utilizing nodes.
  • mobile SPN 1100 includes and opportunistically leverages a combination of independently deployed SP's including: mobile SP nodes 1120(a)-(n) deployed in moving automobiles; mobile SP nodes 1110(a)-(c) deployed in a moving train; mobile SP node 1130 deployed in a currently parked car; and fixed SP nodes 1150, 1160 and 1170(a)-(c) that have been deployed in the area e.g., by a local merchant (gas station, motel, and utilities).
  • a local merchant gas station, motel, and utilities
  • Mobile SPN 1100 is opportunistically formed by the ad hoc, self-configured networking of these nodes. As the vehicles hosting the various mobile nodes move away in various directions, SPN 1100 will be reformed in an ad hoc manner, and may be replaced by multiple distinct mobile NPNs depending on where groups of active SP's congregate and organize themselves at any given time. In light of the teachings herein, practitioners will recognize and can develop a wide range of services designed to exploit Service Point mobility.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne des systèmes, appareils et procédés avec lesquels un groupe de terminaux de réacheminement radio indépendants, connus sous le nom de Points de Service, coopèrent pour former un réseau de communication maillé adéquat. Le réseau à points de service ainsi réalise sert à fournir des services de communication s'appuyant sur des adresses fiables entre des terminaux reliés par des moyens conventionnels (radio ou câble) aux ports de services correspondants de l'un quelconque des points de service. Les terminaux utilisateurs rattachés ne sont pas considérés comme faisant partie du réseau à points de service. Ils n'ont donc pas besoin de posséder de logiciel ou de matériel adapté pour le fonctionnement du réseau à points de service. Cela fait que la technologie de mise en réseau utilisée pour la mise en oeuvre du réseau à points de service est indépendante de celle utilisée pour la connexion des terminaux aux points de service. Les services destinés aux terminaux utilisateurs couvrent aussi bien le point à point que le point à multipoint. Pour protéger la sécurité des communications par le réseau et l'intégrité du réseau, des adresses IP internes et des identifiants uniques sont affectés aux points de services, et ils n'ont pas à être connus des terminaux utilisateurs. En ce qui les concerne, les identifiants uniques sont utilisés pour dériver des couples de clés publiques et privées de cryptage pour chaque point de service.
PCT/US2004/012953 2003-04-28 2004-04-27 Commande inter-couche dynamique et adaptative de reseaux informatiques de radiocommunication WO2004100425A2 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US10/426,125 2003-04-28
US10/426,125 US7305459B2 (en) 2003-04-28 2003-04-28 Wireless service point networks
US10/438,144 US20040225740A1 (en) 2003-04-28 2003-05-15 Dynamic adaptive inter-layer control of wireless data communication networks
US10/438,144 2003-05-15

Publications (2)

Publication Number Publication Date
WO2004100425A2 true WO2004100425A2 (fr) 2004-11-18
WO2004100425A3 WO2004100425A3 (fr) 2005-02-10

Family

ID=33436676

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/012953 WO2004100425A2 (fr) 2003-04-28 2004-04-27 Commande inter-couche dynamique et adaptative de reseaux informatiques de radiocommunication

Country Status (1)

Country Link
WO (1) WO2004100425A2 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7305459B2 (en) 2003-04-28 2007-12-04 Firetide, Inc. Wireless service point networks
US7522731B2 (en) 2003-04-28 2009-04-21 Firetide, Inc. Wireless service points having unique identifiers for secure communication
US8559447B2 (en) 2005-07-30 2013-10-15 Firetide, Inc. Utilizing multiple mesh network gateways in a shared access network
US8737920B2 (en) 2004-11-10 2014-05-27 Interdigital Technology Corporation Method and apparatus for managing wireless communication network radio resources
US8948015B2 (en) 2005-07-21 2015-02-03 Firetide, Inc. Method for enabling the efficient operation of arbitrarily interconnected mesh networks

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5371734A (en) * 1993-01-29 1994-12-06 Digital Ocean, Inc. Medium access control protocol for wireless network
US6349210B1 (en) * 1999-11-12 2002-02-19 Itt Manufacturing Enterprises, Inc. Method and apparatus for broadcasting messages in channel reservation communication systems
US6721805B1 (en) * 1998-11-12 2004-04-13 International Business Machines Corporation Providing shared-medium multiple access capability in point-to-point communications
US6754188B1 (en) * 2001-09-28 2004-06-22 Meshnetworks, Inc. System and method for enabling a node in an ad-hoc packet-switched wireless communications network to route packets based on packet content

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5371734A (en) * 1993-01-29 1994-12-06 Digital Ocean, Inc. Medium access control protocol for wireless network
US6721805B1 (en) * 1998-11-12 2004-04-13 International Business Machines Corporation Providing shared-medium multiple access capability in point-to-point communications
US6349210B1 (en) * 1999-11-12 2002-02-19 Itt Manufacturing Enterprises, Inc. Method and apparatus for broadcasting messages in channel reservation communication systems
US6754188B1 (en) * 2001-09-28 2004-06-22 Meshnetworks, Inc. System and method for enabling a node in an ad-hoc packet-switched wireless communications network to route packets based on packet content

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7305459B2 (en) 2003-04-28 2007-12-04 Firetide, Inc. Wireless service point networks
US7522731B2 (en) 2003-04-28 2009-04-21 Firetide, Inc. Wireless service points having unique identifiers for secure communication
US8737920B2 (en) 2004-11-10 2014-05-27 Interdigital Technology Corporation Method and apparatus for managing wireless communication network radio resources
US9125203B2 (en) 2004-11-10 2015-09-01 Interdigital Technology Corporation Method and apparatus for managing wireless communication network radio resources
US8948015B2 (en) 2005-07-21 2015-02-03 Firetide, Inc. Method for enabling the efficient operation of arbitrarily interconnected mesh networks
US8559447B2 (en) 2005-07-30 2013-10-15 Firetide, Inc. Utilizing multiple mesh network gateways in a shared access network
US9602399B2 (en) 2005-07-30 2017-03-21 Firetide, Inc. Utilizing multiple mesh network gateways in a shared access network

Also Published As

Publication number Publication date
WO2004100425A3 (fr) 2005-02-10

Similar Documents

Publication Publication Date Title
CA2523543C (fr) Reseaux a points de service radio
US7522731B2 (en) Wireless service points having unique identifiers for secure communication
JP4696149B2 (ja) クライアント認証方法及びノード
US8630275B2 (en) Apparatus, method, and medium for self-organizing multi-hop wireless access networks
US7706776B2 (en) Scheme for MAC address privacy in infrastructure-based multi-hop wireless networks
US7082114B1 (en) System and method for a wireless unit acquiring a new internet protocol address when roaming between two subnets
Binkley et al. Authenticated ad hoc routing at the link layer for mobile systems
WO2006124938A2 (fr) Systeme et procede de communication dans un reseau mobile ad hoc sans fil
JP4578917B2 (ja) 自己組織化マルチホップ無線アクセスネットワーク用の装置、方法及び媒体
WO2002078272A1 (fr) Procede et systeme de fourniture de reseaux speciaux mobiles pontes
WO2004100425A2 (fr) Commande inter-couche dynamique et adaptative de reseaux informatiques de radiocommunication
KR100684306B1 (ko) 무선 휴대 인터넷 시스템에서의 서비스별 트래픽 암호화키 요청과 생성 및 분배 방법 및 그 장치와, 그 프로토콜구성 방법
JP4603445B2 (ja) マルチファセットアンテナを使用する伝送の方向を決定する方法とシステム
Mynampati et al. Performance and Security of Wireless Mesh Networks
Sathyam Analysis of a Key Management Scheme for Wireless Mesh Networks
Gupta et al. Survey on Security Mechanisms in Wireless Mesh Networks
Islam et al. Location Based Computation Sharing Framework for Mobile Devices
Sarao et al. Analyzing the Challenges for Enhancement/Efficiency in Wireless Mesh Networks (WMNs)

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)