WO2018118150A1

WO2018118150A1 - Multi-access point wireless networking autoconfiguration

Info

Publication number: WO2018118150A1
Application number: PCT/US2017/049109
Authority: WO
Inventors: Binita Gupta; Preston Joel HUNT; Venkata R. VALLABHU
Original assignee: Intel IP Corporation
Priority date: 2016-12-21
Filing date: 2017-08-29
Publication date: 2018-06-28
Also published as: DE112017006419T5

Abstract

In an on-boarding protocol for securely configuring access points (APs) in a multi-AP wireless local-area network (WLAN), a first, initially-configured, AP initiates an on-boarding protocol to establish an out-of-band communication channel (OOB) with at least one satellite AP. The first AP configures the at least one satellite AP via the OOB to establish at least one satellite coverage area of the WLAN.

Description

MULTI-ACCESS POINT WIRELESS NETWORKING

AUTOCONFIGURATION

PRIORITY CLAP

[0001] This Application claims the benefit of U.S. Provisional Applications No. 62/437, 132, 62/437,140, and 62/437,461, all of which were filed December 21, 2016, and the disclosures of which are incorporated by reference herein.

TECHNICAL FIELD

[0002] Aspects of the disclosure relate generally to information processing and communications and, more particularly, to wireless networking. Some embodiments relate to access point stations (APs) that operate according to the Institute of Electrical and Electronic Engineers (IEEE) 802.11 family of wireless networking standards. Some embodiments in particular relate to APs that operate in multiple-AP local area networks.

BACKGROUND

[0003] Wireless local-area networking (WLAN) has been continually growing in its ubiquity over the years. For example, access point stations (APs) that operate according to the media access control and physical layer specifications standardized in the Institute of Electrical and Electronic Engineers (IEEE) 802.11 family of wireless networking standards are presently found in homes, businesses, public facilities, transportation vehicles, and even wider areas such as being deployed to provide coverage throughout some cities. APs support client stations (STAs) that are commonly integrated into a variety of electronic devices, such as personal computers, smartphones, tablets, and other portable computing devices, televisions, media players, and other appliances, cameras and other data-gathering devices, medical equipment, and countless additional applications. [0004] Wi-Fi APs often experience gaps in their coverage area called dead zones, which result in poor network performance. This is because a single AP has a limited coverage area, which is exacerbated in larger-sized homes or buildings with many walls and obstructions. Smart-home Wi-Fi systems are being developed which include multiple APs (Multi-AP Wi-Fi system) working together to provide expanded Wi-Fi coverage for the entire home. A smart-home Wi-Fi system could include 3 or more AP devices. One challenge to the widespread adoption of multi-AP systems is the need to configure the APs to work together in a single WLAN in a process called onboarding of the AP devices. If AP device onboarding is complicated, certain segments of users might be hesitant to adopt such Multi-AP Wi-Fi systems. Also, if the onboarding and setup is not secure and imposes security risks for the home Wi- Fi network, end users will be hesitant to buy and deploy such Multiple-AP Wi-Fi systems in their homes. A solution is needed to adequately address security aspects for onboarding of AP Devices.

BRIEF DESCRIPTION OF THE DRAWINGS

[0005] In the drawings, which are not necessarily drawn to scale, like numerals may describe similar components in different views. Like numerals having different letter suffixes may represent different instances of similar components. The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed in the present document.

[0006] FIG. 1 A is a high-level system diagram illustrating a wireless local area network (WLAN) in accordance with some embodiments.

[0007] FIG. IB is a diagram depicting a multi-AP network arrangement according to an aspect of the embodiments.

[0008] FIG. 2 is a block diagram illustrating a portion of the architecture of an AP device adapted for use with multi-AP WLAN networks according to some embodiments.

[0009] FIG. 3 is a block diagram of a radio architecture in accordance with some embodiments.

[0010] FIG. 4 illustrates a front-end module circuitry for use in the radio architecture of FIG. 3 in accordance with some embodiments. [0011] FIG. 5 A illustrates a radio IC circuitry for use in the radio architecture of FIG. 3 in accordance with some embodiments.

[0012] FIG. 5B illustrates a baseband processing circuitry for use in the radio architecture of FIG.1 in accordance with some embodiments.

[0013] FIG. 6 is a diagram illustrating an on-boarding process according to an embodiment that uses a WLAN connection as an out-of-band (OOB channel).

[0014] FIG. 7 is a diagram illustrating a process for on-boarding AP devices using a wired connection as the OOB channel, according to some embodiments.

[0015] FIG. 8 is a diagram illustrating a process for on-boarding AP devices using an alternative wireless connection as the OOB channel, according to some embodiments.

[0016] FIG. 9 is a process flow diagram illustrating an example process of discovering and configuring a satellite AP according to some embodiments. DETAILED DESCRIPTION

[0017] One aspect of the embodiments is directed to providing a simple and secure onboarding solution to users for setting up AP devices that are to form a part of a Multi-AP Wi-Fi system. According to some embodiments, the first AP device is configured by the user, and given an on-boarding command to initiate an on-boarding protocol to add additional APs to the WLAN. The first AP device initiates, and carries out the on-boarding protocol with the additional AP devices (referred to herein as satellite APs). The protocol may proceed entirely autonomously, or with minimal user involvement, to securely configure the satellite APs. In the on-boarding protocol, one or more credentials, such as the WLAN SSID and passphrase, are passed securely to each of the satellite APs. In some embodiments, this is accomplished by the first AP device establishing an out-of-band (OOB) communication channel with each satellite AP, and configuring each satellite AP with the credentials to join the WLAN as a satellite AP device, over the OOB channel.

[0018] The OOB communication channel is separate from the WLAN, and may be a wireless or wired link. Examples of wireless links include a separate radio frequency-based network connection, a sonic communication channel using ultrasound for instance, or an optical connection using infrared or other light spectra. A radio frequency (RF)-based connection may be an isolated Wi- Fi network (e.g., having a separate SSID from the WLAN being set up), a personal-area network (PAN) connection (such as Bluetooth or Bluetooth Low Energy per an IEEE 802.15.1 standard), a near-field communication (NFC) connection such as ISO 13157 or the like, or home-area network (HAN) such as Zigbee or other technology based on IEEE 802.15.4.

[0019] Notably, the WLAN with multiple APs in accordance with the IEEE 802.11 family of wireless local area networking standards provide for variable and selectable channel configurations, and for the sake of brevity the present disclosure describes various embodiments in the context of certain IEEE 802.11 WLAN implementations. However, it will be understood that the principles described herein may be suitably adapted to be applied in other types of wireless communications regimes, whether presently known, or arising in the future. These other types of wireless communications regimes may be other types of WLANs, peer-to-peer arrangements, wireless ad-hoc networks, wide-area networks (WANs), universal terrestrial radio access networks (UTRAN), evolved universal mobile telecommunications system (E-UTRA), or any hybrid or various combination of these, or other, wireless communication technologies.

[0020] It will be understood that the principles described herein in the context of the illustrative examples that are provided are applicable in systems, devices, and processes that may or may not be compliant with any of the 802.11 -family standards of WLANs, whether published or under development, or other radio- access network (RAN) technologies that are mentioned herein. However, for the sake of brevity, many of the embodiments described herein are presented in the context of WLAN technology as examples of suitable settings in which the embodiments may be implemented. FIGs. 1 A and IB illustrate example network scenarios in which aspects of the embodiments are applicable. FIG. 1 A illustrates some general features of a WLAN, whereas FIG. IB illustrates relevant attributes of a multi-AP arrangement.

[0021] Referring first to FIG. 1 A, the WLAN may comprise a basic service set (BSS) 10 that may include a master station 12, which may be an AP, a plurality of high-efficiency (HE) wireless or enhanced directional multi-gigabit (EDMG) (e.g., IEEE 802.1 lax/ay) STAs 14 and a plurality of legacy (e.g., IEEE 802.1 ln/ac/g/a/b/ad/ah) devices 16. The master station 12 may be an AP using the principles of IEEE 802.11 to transmit and receive. The master station 12 may be a device using peer-to-peer communications with other devices and using 802.11 and/or 3GPP cellular standards. The master station 12 may use other communications protocols instead or in addition to aforementioned standards like Bluetooth Low Energy. The IEEE 802.11 protocol may be IEEE 802.1 lax, 802.1 lad, or the like. The IEEE 802.11 protocol may include using orthogonal frequency division multiple-access (OFDMA), time division multiple access (TDMA), and/or code division multiple access (CDMA). The IEEE 802.11 protocol may include a multiple access technique. For example, the IEEE 802.11 protocol may include space-division multiple access (SDMA) and/or multiple- user multiple-input multiple-output (MU-MFMO).

[0022] The legacy devices 16 may operate in accordance with one or more of IEEE 802.11 a/b/g/n/ac/ad/af/ah/aj, or another legacy wireless communication standard. The legacy devices 16 may be ST As or IEEE ST As. The HE STAs 14 may be wireless transmit and receive devices such as cellular telephone, smart telephone, handheld wireless device, wireless glasses, wireless watch, wireless personal device, tablet, or another device that may be transmitting and receiving using the IEEE 802.11 protocol such as IEEE 802.1 lax or another wireless protocol.

[0023] The master station 12 may communicate with legacy devices 16 in accordance with legacy IEEE 802.11 communication techniques. In some examples, the master station 12 may also be configured to communicate with HE STAs 14 in accordance with legacy IEEE 802.11 communication techniques.

[0024] In some aspects, a HE frame may be configurable to have the same bandwidth as a subchannel. The bandwidth of a subchannel may be 20MHz, 40MHz, or 80MHz, 160MHz, 320MHz contiguous bandwidths or an 80+80MHz (160MHz) non-contiguous bandwidth. In some examples, the bandwidth of a subchannel may be 1 MHz, 1.25MHz, 2.03MHz, 2.5MHz, 5MHz and 10MHz, or a combination thereof or another bandwidth that is less or equal to the available bandwidth may also be used. In some examples the bandwidth of the subchannels may be based on a number of active subcarriers. In some examples the bandwidth of the subchannels are multiples of 26 (e.g., 26, 52, 104, etc.) active subcarriers or tones that are spaced by 20 MHz. In some examples the bandwidth of the subchannels is 256 tones spaced by 20 MHz. In some examples the subchannels are multiple of 26 tones or a multiple of 20 MHz. In some examples a 20 MHz subchannel may comprise 256 tones for a 256 point Fast Fourier Transform (FFT).

[0025] A HE frame may be configured for transmitting a number of spatial streams, which may be in accordance with MU-MIMO. In some examples a HE frame may be configured for transmitting streams in accordance with antenna structures described herein and operated as one or more arrays or antenna structure(s) to generate Orbital Angular Momentum (OAM) beams of various OAM modes. In accordance with some IEEE 802.11 -family examples, a master station 12 may operate as a master station which may be arranged to contend for a wireless medium (e.g., during a contention period) to receive exclusive control of the medium for an HE control period. In some examples, the HE control period may be termed a transmission opportunity (TXOP). The master station 12 may transmit a HE master-sync transmission, which may be a trigger frame or HE control and schedule transmission, at the beginning of the HE control period. The master station 12 may transmit a time duration of the TXOP and subchannel information. During the HE control period, HE STAs 14 may communicate with the master station 12 in accordance with a non-contention based multiple access technique such as OFDMA or MU-MFMO. This is unlike conventional WLAN communications in which devices communicate in accordance with a contention-based communication technique, rather than a multiple access technique. During the HE control period, the master station 12 may communicate with HE stations 14 using one or more HE frames. During the HE control period, the HE STAs 14 may operate on a sub-channel smaller than the operating range of the master station 12. During the HE control period, legacy stations refrain from communicating.

[0026] The master station 12 may also communicate with legacy stations 16 and/or HE stations 14 in accordance with legacy IEEE 802.11 communication techniques. In some examples, the master station 12 may also be configurable to communicate with HE stations 14 outside the HE control period in accordance with legacy IEEE 802.11 communication techniques, although this is not a requirement.

[0027] FIG. IB is a diagram depicting a multi-AP network arrangement according to an aspect of the embodiments. As shown, the network comprises a tree-type architecture with root AP 20 serving as a gateway to wide-area network (WAN) 30, such as the Internet. The network arrangement also includes satellite APs 22A-22D (also referred to generally as satellite APs 22) and client stations (STAs) 24A-24L (also referred to as STAs 24). Communications between the APs 22A-22D and STAs 24A-24L may be performed according to an 802.11- based protocol. In some embodiments, a common service set ID (SSID) is provided by root AP 20 and satellite APs 22, such that the network coverage area provided by each AP 20, 22 appears as a single coverage area to a user (though there would be multiple basic service sets (BSSs) corresponding to the various AP devices.

[0028] Root AP 20 and satellite APs 22 may each be identical in terms of hardware and initial configuration, with root AP 20 taking on the root-AP role according to its connection to WAN 30 and associated in-situ configuration. Each AP 20, 22 can provides forward-feeding wireless facility 26, as illustrated in solid line, and a backward-feeding wireless facility 28, illustrated in dotted line. Forward-feeding wireless facilities 26 of each AP 20, 22 include radio and controller facilities to provide services for STAs 24 to join, and communicate over, the WLAN. The forward-feeding wireless facilities 26 are analogous to the 802.11 radio and control facilities found in traditional AP devices, which establish a WLAN coverage area associated with the WLAN's SSID.

[0029] Backward-feeding wireless facilities 28 of each AP 20, 22 include separate radio and controller facilities from those of the forward-feeding wireless facilities 26. Backward-feeding wireless facilities 28 are mainly tasked with carrying communications between AP devices 20, 22. In some embodiments, backward-feeding wireless facilities 28 of the APs 20, 22 communicate with those of other APs over a distinct backbone network that exists

contemporaneously alongside the WLAN. In other embodiments, backward- feeding wireless facilities 28 of satellite APs 22 may communicate with the forward-feeding wireless facilities 26 of one or more other satellite APs 22 that are closer to root AP 20, or with the forward-feeding wireless facilities 26 the root AP 20 itself. In such embodiments, the backward-feeding wireless facilities 28 may operate in similar fashion to a client STA device (e.g., joining the WLAN in the coverage area of a nearby AP 20, 22).

[0030] Backward-feeding wireless facilities 28 may be used to carry backhaul communications received by a satellite AP 22 from client devices 30 down to the root AP 20. Backward-feeding wireless facilities 28 nay also be used to carry control frames between APs to optimize the network throughput of the WLAN. The latter may be accomplished by exchanging relevant information regarding number of client STAs being serviced, bandwidth demand, channel utilization, interference, and the like.

[0031] It will be understood that the terms "forward-feeding" and "backward- feeding" wireless facilities denote the predominant direction, forward or backward, of information flow that is contemplated to be carried by the respective type of wireless facility. Each type of wireless facility in fact supports bi-directional flow of data. In some use cases, an AP or STA device may utilize the forward- or backward-feeding wireless facilities in a manner that contradicts this naming convention (e.g., using the backward-feeding wireless facilities 28 to send information primarily in the forward direction).

[0032] In the example network scenario depicted in FIG. IB, root AP 20 communicates with client devices 24D and 24G in addition to satellite APs 22A, 22B, and 22C. Client devices 24D and 24G are joined to the WLAN in the coverage area of root AP 20. Satellite APs 22A-22C may be outside the coverage area of root AP, but backward-feeding wireless facilities 28 may provide more directional radiation patterns through the use of higher-gain antennas to provide reliable communications between satellite APs 22A-22C and root AP 20. In various embodiments, root AP 20 may use its forward-feeding wireless facility 26 to communicate with satellite APs 22A-22C (that use their respective backward-feeding wireless facilities 28 to communicate with root AP 20). In a related embodiment, root AP 20 may use its backward-feeding wireless facility 28 to communicate with Satellite APs 22A-22C, which would free the WLAN from handling AP-AP communications. [0033] A satellite AP may have an indirect, or multi-hop, data path to root AP 20. For instance, as illustrated, satellite AP 22D connects directly with satellite AP 22B, and the latter routes communications between satellite AP 22D and root AP 20. In a related embodiment, each AP adapted for use with a multi-AP WLAN includes network-organizing functionality to form and adapt an efficient network when an AP device is on-boarded.

[0034] FIG. 2 is a block diagram illustrating a portion of the architecture of an AP device adapted for use with multi-AP WLAN networks according to some embodiments. As depicted, AP 50 may serve as a root AP or as a satellite AP, depending on its in-situ configuration. AP 50 includes forward-feeding wireless facility 52, which is coupled to antenna set 53 of at least one antenna. AP 50 also includes backward-feeding wireless facility 54, which is coupled to antenna set 55 of at least one antenna.

[0035] An example architecture of radio circuitry that may be implemented as part of forward-feeding wireless facility 52 and backward-feeding wireless facility 54 is described below with reference to FIGs. 3-5B. In a related embodiment, forward-feeding wireless facility 52 and backward-feeding wireless facility 54 have identical components. Alternatively, forward-feeding wireless facility 52 and backward-feeding wireless facility 54 may have different architectures that are each optimized for their respective operational objectives. For instance, it is contemplated that AP 50 will support many more client STA devices via the forward-feeding wireless facility 52 than connections to other AP devices via backward-feeding wireless facility 54; accordingly, the radio architecture of forward-feeding wireless facility 52 may be optimized to handle data throughput and resource contention among the STA devices, whereas backward-feeding wireless facility 54 may be optimized to handle high-data-rate communications over fewer wireless connections. Similarly, antenna sets 53 and 55 may be suitably optimized, with antenna set 53 of forward-feeding wireless facility 52 being arranged to support omnidirectional communications, whereas antenna set 55 of backward-feeding wireless facility 54 may be optimized for high-gain radiation patterns that are directional in nature.

[0036] On-boarding controller 56 coordinates on-boarding operations depending on whether the AP is set up as a root AP or satellite AP. Controller 56 includes processor 58 interfaced with memory 60, which contains instructions 62 for carrying out the on-boarding-related operations that are described below according to various embodiments. It will be understood that processor 58 and memory 60 may be configured to control a variety of other AP operations besides on-boarding.

[0037] In some embodiments, AP 50 also includes wired communication facility 66 interfaced with port 67 that accepts a wired connection, such as an Ethernet connection. Wired communication facility 67 may be configured to carry backhaul communications in some embodiments, and it may be configured to connect to a WAN such as the Internet. In a related embodiment, additional wired communication facilities may be provided (not shown) such as a network interface that uses power lines as its communication medium. As will be described in connection with some embodiments, wired communication facility 66 may also have a role in on-boarding of AP devices.

[0038] In some embodiments, close-range wireless communication facility 64 and associated transducer 65 are also provided. Examples of types of close-range wireless communication facilities 64 include ultrasonic communications, infrared or other light spectrum communications, radio-frequency-based communications, or the like. Examples of the latter include PAN, NFC, HAN, and the like. Transducer 65 in this diagram represents a suitable transducer to work with close-range wireless communication facility 64. Transducer 65 may include one or more antennas, an ultrasonic emitter/microphone pair, one or more light-emitting diode, etc. An example of a suitable radio architecture in the case of RF -based embodiments of close-range wireless communication facilities 64 are described below with reference to FIGs. 3-5B. Suitable variations to the example architecture to support sonic or light-based communications transducers are generally well-understood and are not detailed herein for the sake of brevity. As will be described in greater detail below, close-range wireless communication facility 64 may have a role in the on-boarding of AP devices.

[0039] In the example depicted in FIG. 2, AP 50 includes both, the wired communication facility 66, and close-range wireless communication facility 64. In related embodiments, AP 50 may have only one of these additional communication facilities. In another embodiment, AP 50 may simply omit wired communication facility 66 and close-range wireless communication facility 64.

[0040] On-boarding controller 56 may interact with a user interface, such as external graphical user interface (GUI) 70. In the example depicted, the hardware facilities of GUI 70 are not incorporated in AP 50. Rather, on-boarding controller 56 may provide interactive controls that are accessible via one or more of facilities 52, 54, 64, or 66. As depicted, forward-feeding wireless facility 52 provides a link to GUI 70, over which a hosted user interface may be sent to the user of GUI 70. GUI 70 may be hosted on a mobile or stationary computing device such as a smartphone or personal computer that runs a Web browser or specialized application that connects, and exchanges data, with on-boarding controller 58. In some embodiments, an on-boarding protocol is designed to simplify and limit the amount of configuring of AP devices that is required of the user. For example, the user may configure one initial AP device to define a desired multi-AP WLAN and, based on this configuration, the AP device automatically, or with minimal additional user interaction, proceeds to find, and configure, other AP devices that are made available to be on-boarded.

[0041] FIG. 3 is a block diagram of a radio architecture 100 in accordance with some embodiments, which may be included in forward-feeding wireless facility 52, backward-feeding wireless facility 54, or close-range wireless communication facility 64 (in the case of a radio-based embodiment for close- range wireless facility 64). Radio architecture 100 may include radio front-end module (FEM) circuitry 104, radio IC circuitry 106 and baseband processing circuitry 108. Radio architecture 100 as shown includes both Wireless Local Area Network (WLAN) functionality or Bluetooth (BT) functionality although embodiments are not so limited. In this disclosure, "WLAN" and "Wi-Fi" are used interchangeably.

[0042] FEM circuitry 104 may include a WLAN or Wi-Fi FEM circuitry 104 A and a Bluetooth (BT) FEM circuitry 104B. The WLAN FEM circuitry 104 A may include a receive signal path comprising circuitry configured to operate on WLAN RF signals received from one or more antennas 101, to amplify the received signals and to provide the amplified versions of the received signals to the WLAN radio IC circuitry 106 A for further processing. The BT FEM circuitry 104B may include a receive signal path which may include circuitry configured to operate on BT RF signals received from one or more antennas 101, to amplify the received signals and to provide the amplified versions of the received signals to the BT radio IC circuitry 106B for further processing. FEM circuitry 104A may also include a transmit signal path which may include circuitry configured to amplify WLAN signals provided by the radio IC circuitry 106A for wireless transmission by one or more of the antennas 101. In addition, FEM circuitry 104B may also include a transmit signal path which may include circuitry configured to amplify BT signals provided by the radio IC circuitry 106B for wireless transmission by the one or more antennas. In the embodiment of FIG. 3, although FEM 104A and FEM 104B are shown as being distinct from one another, embodiments are not so limited, and include within their scope the use of an FEM (not shown) that includes a transmit path and/or a receive path for both WLAN and BT signals, or the use of one or more FEM circuitries where at least some of the FEM circuitries share transmit and/or receive signal paths for both WLAN and BT signals.

[0043] Radio IC circuitry 106 as shown may include WLAN radio IC circuitry 106 A and BT radio IC circuitry 106B. The WLAN radio IC circuitry 106 A may include a receive signal path which may include circuitry to down-convert WLAN RF signals received from the FEM circuitry 104A and provide baseband signals to WLAN baseband processing circuitry 108 A. BT radio IC circuitry 106B may in turn include a receive signal path which may include circuitry to down-convert BT RF signals received from the FEM circuitry 104B and provide baseband signals to BT baseband processing circuitry 108B. WLAN radio IC circuitry 106A may also include a transmit signal path which may include circuitry to up-convert WLAN baseband signals provided by the WLAN baseband processing circuitry 108 A and provide WLAN RF output signals to the FEM circuitry 104A for subsequent wireless transmission by the one or more antennas 101. BT radio IC circuitry 106B may also include a transmit signal path which may include circuitry to up-convert BT baseband signals provided by the BT baseband processing circuitry 108B and provide BT RF output signals to the FEM circuitry 104B for subsequent wireless transmission by the one or more antennas 101. In the embodiment of FIG. 3, although radio IC circuitries 106 A and 106B are shown as being distinct from one another, embodiments are not so limited, and include within their scope the use of a radio IC circuitry (not shown) that includes a transmit signal path and/or a receive signal path for both WLAN and BT signals, or the use of one or more radio IC circuitries where at least some of the radio IC circuitries share transmit and/or receive signal paths for both WLAN and BT signals.

[0044] Baseband processing circuity 108 may include a WLAN baseband processing circuitry 108 A and a BT baseband processing circuitry 108B. The WLAN baseband processing circuitry 108 A may include a memory, such as, for example, a set of RAM arrays in a Fast Fourier Transform or Inverse Fast Fourier Transform block (not shown) of the WLAN baseband processing circuitry 108 A. Each of the WLAN baseband circuitry 108 A and the BT baseband circuitry 108B may further include one or more processors and control logic to process the signals received from the corresponding WLAN or BT receive signal path of the radio IC circuitry 106, and to also generate

corresponding WLAN or BT baseband signals for the transmit signal path of the radio IC circuitry 106. Each of the baseband processing circuitries 108 A and 108B may further include physical layer (PHY) and medium access control layer (MAC) circuitry, and may further interface with application processor 111 for generation and processing of the baseband signals and for controlling operations of the radio IC circuitry 106.

[0045] Referring still to FIG. 3, according to the shown embodiment, WLAN- BT coexistence circuitry 113 may include logic providing an interface between the WLAN baseband circuitry 108 A and the BT baseband circuitry 108B to enable use cases requiring WLAN and BT coexistence. In addition, a switch 103 may be provided between the WLAN FEM circuitry 104 A and the BT FEM circuitry 104B to allow switching between the WLAN and BT radios according to application needs. In addition, although the antennas 101 are depicted as being respectively connected to the WLAN FEM circuitry 104A and the BT FEM circuitry 104B, embodiments include within their scope the sharing of one or more antennas as between the WLAN and BT FEMs, or the provision of more than one antenna connected to each of FEM 104 A or 104B. [0046] In some embodiments, the front-end module circuitry 104, the radio IC circuitry 106, and baseband processing circuitry 108 may be provided on a single radio card, such as wireless radio card 102. In some other embodiments, the one or more antennas 101, the FEM circuitry 104 and the radio IC circuitry 106 may be provided on a single radio card. In some other embodiments, the radio IC circuitry 106 and the baseband processing circuitry 108 may be provided on a single chip or integrated circuit (IC), such as IC 112.

[0047] In some embodiments, the wireless radio card 102 may include a WLAN radio card and may be configured for Wi-Fi communications, although the scope of the embodiments is not limited in this respect. In some of these embodiments, the radio architecture 100 may be configured to receive and transmit orthogonal frequency division multiplexed (OFDM) or orthogonal frequency division multiple access (OFDMA) communication signals over a multicarrier communication channel. The OFDM or OFDMA signals may comprise a plurality of orthogonal subcarriers. Each carrier frequency may be further distinguishable from another channel by use of orthogonal coding techniques such as code-division multiple access (CDMA) or P-matrix code of IEEE 802.1 ln/ac/ax, for instance.

[0048] In some of these multicarrier embodiments, radio architecture 100 may be part of a Wi-Fi communication station (STA) such as a wireless access point (AP), a base station or another type of device including a Wi-Fi device. In some of these embodiments, radio architecture 100 may be configured to transmit and receive signals in accordance with specific communication standards and/or protocols, such as any of the Institute of Electrical and Electronics Engineers (IEEE) standards including, IEEE 802.1 ln-2009, IEEE 802.11-2012, IEEE

802.11-2016, , IEEE 802.1 lac, and/or IEEE 802.1 lax standards and/or proposed specifications for WLANs, although the scope of embodiments is not limited in this respect. Radio architecture 100 may also be suitable to transmit and/or receive communications in accordance with other techniques and standards.

[0049] In some embodiments, the radio architecture 100 may be configured for high-efficiency (HE) Wi-Fi (HEW) communications in accordance with the IEEE 802.1 lax standard. In these embodiments, the radio architecture 100 may be configured to communicate in accordance with an OFDMA technique, although the scope of the embodiments is not limited in this respect.

[0050] In some other embodiments, the radio architecture 100 may be configured to transmit and receive signals transmitted using one or more other modulation techniques such as spread spectrum modulation (e.g., direct sequence code division multiple access (DS-CDMA) and/or frequency hopping code division multiple access (FH-CDMA)), time-division multiplexing (TDM) modulation, and/or frequency-division multiplexing (FDM) modulation, although the scope of the embodiments is not limited in this respect.

[0051] In some embodiments, as further shown in FIG. 3, the BT baseband circuitry 108B may be compliant with a Bluetooth (BT) connectivity standard such as Bluetooth, Bluetooth 4.0 or Bluetooth 5.0, or any other iteration of the Bluetooth Standard. In embodiments that include BT functionality as shown for example in FIG. 3, the radio architecture 100 may be configured to establish a BT synchronous connection oriented (SCO) link and/or a BT low energy (BT LE) link. In some of the embodiments that include functionality, the radio architecture 100 may be configured to establish an extended SCO (eSCO) link for BT communications, although the scope of the embodiments is not limited in this respect. In some of these embodiments that include a BT functionality, the radio architecture may be configured to engage in a BT Asynchronous

Connection-Less (ACL) communications, although the scope of the

embodiments is not limited in this respect. In some embodiments, as shown in FIG. 3, the functions of a BT radio card and WLAN radio card may be combined on a single wireless radio card, such as single wireless radio card 102, although embodiments are not so limited, and include within their scope discrete WLAN and BT radio cards

[0052] In some embodiments, the radio-architecture 100 may include other radio cards, such as a cellular radio card configured for cellular (e.g., 3GPP such as LTE, LTE-Advanced or 5G communications).

[0053] In some IEEE 802.11 embodiments, the radio architecture 100 may be configured for communication over various channel bandwidths including bandwidths having center frequencies of about 900 MHz, 2.4 GHz, 5 GHz, and bandwidths of about 1 MHz, 2 MHz, 2.5 MHz, 4 MHz, 5MHz, 8 MHz, 10 MHz, 16 MHz, 20 MHz, 40MHz, 80MHz (with contiguous bandwidths) or 80+80MHz (160MHz) (with non-contiguous bandwidths). In some embodiments, a 320 MHz channel bandwidth may be used. The scope of the embodiments is not limited with respect to the above center frequencies however.

[0054] FIG. 4 illustrates FEM circuitry 200 in accordance with some embodiments. The FEM circuitry 200 is one example of circuitry that may be suitable for use as the WLAN and/or BT FEM circuitry 104A/104B (FIG. 3), although other circuitry configurations may also be suitable.

[0055] In some embodiments, the FEM circuitry 200 may include a TX/RX switch 202 to switch between transmit mode and receive mode operation. The FEM circuitry 200 may include a receive signal path and a transmit signal path. The receive signal path of the FEM circuitry 200 may include a low-noise amplifier (LNA) 206 to amplify received RF signals 203 and provide the amplified received RF signals 207 as an output (e.g., to the radio IC circuitry 106 (FIG. 3)). The transmit signal path of the circuitry 200 may include a power amplifier (PA) to amplify input RF signals 209 (e.g., provided by the radio IC circuitry 106), and one or more filters 212, such as band-pass filters (BPFs), low- pass filters (LPFs) or other types of filters, to generate RF signals 215 for subsequent transmission (e.g., by one or more of the antennas 101 (FIG. 3)).

[0056] In some dual-mode embodiments for Wi-Fi communication, the FEM circuitry 200 may be configured to operate in either the 2.4 GHz frequency spectrum or the 5 GHz frequency spectrum. In these embodiments, the receive signal path of the FEM circuitry 200 may include a receive signal path duplexer 204 to separate the signals from each spectrum as well as provide a separate LNA 206 for each spectrum as shown. In these embodiments, the transmit signal path of the FEM circuitry 200 may also include a power amplifier 210 and a filter 212, such as a BPF, a LPF or another type of filter for each frequency spectrum and a transmit signal path duplexer 214 to provide the signals of one of the different spectrums onto a single transmit path for subsequent transmission by the one or more of the antennas 101 (FIG. 3). In some embodiments, BT communications may utilize the 2.4 GHZ signal paths and may utilize the same FEM circuitry 200 as the one used for WLAN communications. [0057] FIG. 5 A illustrates radio IC circuitry 300 in accordance with some embodiments. The radio IC circuitry 300 is one example of circuitry that may be suitable for use as the WLAN or BT radio IC circuitry 106A/106B (FIG. 3), although other circuitry configurations may also be suitable.

[0058] In some embodiments, the radio IC circuitry 300 may include a receive signal path and a transmit signal path. The receive signal path of the radio IC circuitry 300 may include at least mixer circuitry 302, such as, for example, down-conversion mixer circuitry, amplifier circuitry 306 and filter circuitry 308. The transmit signal path of the radio IC circuitry 300 may include at least filter circuitry 312 and mixer circuitry 314, such as, for example, up-conversion mixer circuitry. Radio IC circuitry 300 may also include synthesizer circuitry 304 for synthesizing a frequency 305 for use by the mixer circuitry 302 and the mixer circuitry 314. The mixer circuitry 302 and/or 314 may each, according to some embodiments, be configured to provide direct conversion functionality. The latter type of circuitry presents a much simpler architecture as compared with standard super-heterodyne mixer circuitries, and any flicker noise brought about by the same may be alleviated for example through the use of OFDM

modulation. FIG. 5 A illustrates only a simplified version of a radio IC circuitry, and may include, although not shown, embodiments where each of the depicted circuitries may include more than one component. For instance, mixer circuitry 320 and/or 314 may each include one or more mixers, and filter circuitries 308 and/or 312 may each include one or more filters, such as one or more BPFs and/or LPFs according to application needs. For example, when mixer circuitries are of the direct-conversion type, they may each include two or more mixers.

[0059] In some embodiments, mixer circuitry 302 may be configured to down- convert RF signals 207 received from the FEM circuitry 104 (FIG. 3) based on the synthesized frequency 305 provided by synthesizer circuitry 304. The amplifier circuitry 306 may be configured to amplify the down-converted signals and the filter circuitry 308 may include a LPF configured to remove unwanted signals from the down-converted signals to generate output baseband signals 307. Output baseband signals 307 may be provided to the baseband processing circuitry 108 (FIG. 3) for further processing. In some embodiments, the output baseband signals 307 may be zero-frequency baseband signals, although this is not a requirement. In some embodiments, mixer circuitry 302 may comprise passive mixers, although the scope of the embodiments is not limited in this respect.

[0060] In some embodiments, the mixer circuitry 314 may be configured to up-convert input baseband signals 311 based on the synthesized frequency 305 provided by the synthesizer circuitry 304 to generate RF output signals 209 for the FEM circuitry 104. The baseband signals 311 may be provided by the baseband processing circuitry 108 and may be filtered by filter circuitry 312. The filter circuitry 312 may include a LPF or a BPF, although the scope of the embodiments is not limited in this respect.

[0061] In some embodiments, the mixer circuitry 302 and the mixer circuitry 314 may each include two or more mixers and may be arranged for quadrature down-conversion and/or up-conversion respectively with the help of synthesizer 304. In some embodiments, the mixer circuitry 302 and the mixer circuitry 314 may each include two or more mixers each configured for image rejection (e.g., Hartley image rejection). In some embodiments, the mixer circuitry 302 and the mixer circuitry 314 may be arranged for direct down-conversion and/or direct up-conversion, respectively. In some embodiments, the mixer circuitry 302 and the mixer circuitry 314 may be configured for super-heterodyne operation, although this is not a requirement.

[0062] Mixer circuitry 302 may comprise, according to one embodiment: quadrature passive mixers (e.g., for the in-phase (I) and quadrature phase (Q) paths). In such an embodiment, RF input signal 207 from FIG. 5A may be down-converted to provide I and Q baseband output signals to be sent to the baseband processor

[0063] Quadrature passive mixers may be driven by zero and ninety-degree time-varying LO switching signals provided by a quadrature circuitry which may be configured to receive a LO frequency (fLO) from a local oscillator or a synthesizer, such as LO frequency 305 of synthesizer 304 (FIG. 5 A). In some embodiments, the LO frequency may be the carrier frequency, while in other embodiments, the LO frequency may be a fraction of the carrier frequency (e.g., one-half the carrier frequency, one-third the carrier frequency). In some embodiments, the zero and ninety-degree time-varying switching signals may be generated by the synthesizer, although the scope of the embodiments is not limited in this respect.

[0064] In some embodiments, the LO signals may differ in duty cycle (the percentage of one period in which the LO signal is high) and/or offset (the difference between start points of the period). In some embodiments, the LO signals may have a 25% duty cycle and a 50% offset. In some embodiments, each branch of the mixer circuitry (e.g., the in-phase (I) and quadrature phase (Q) path) may operate at a 25% duty cycle, which may result in a significant reduction is power consumption.

[0065] The RF input signal 207 (FIG. 4) may comprise a balanced signal, although the scope of the embodiments is not limited in this respect. The I and Q baseband output signals may be provided to low-nose amplifier, such as amplifier circuitry 306 (FIG. 5A) or to filter circuitry 308 (FIG. 5A).

[0066] In some embodiments, the output baseband signals 307 and the input baseband signals 311 may be analog baseband signals, although the scope of the embodiments is not limited in this respect. In some alternate embodiments, the output baseband signals 307 and the input baseband signals 311 may be digital baseband signals. In these alternate embodiments, the radio IC circuitry may include analog-to-digital converter (ADC) and digital-to-analog converter (DAC) circuitry.

[0067] In some dual-mode embodiments, a separate radio IC circuitry may be provided for processing signals for each spectrum, or for other spectrums not mentioned here, although the scope of the embodiments is not limited in this respect.

[0068] In some embodiments, the synthesizer circuitry 304 may be a fractional -N synthesizer or a fractional N/N+1 synthesizer, although the scope of the embodiments is not limited in this respect as other types of frequency synthesizers may be suitable. For example, synthesizer circuitry 304 may be a delta-sigma synthesizer, a frequency multiplier, or a synthesizer comprising a phase-locked loop with a frequency divider. According to some embodiments, the synthesizer circuitry 304 may include digital synthesizer circuitry. An advantage of using a digital synthesizer circuitry is that, although it may still include some analog components, its footprint may be scaled down much more than the footprint of an analog synthesizer circuitry. In some embodiments, frequency input into synthesizer circuity 304 may be provided by a voltage controlled oscillator (VCO), although that is not a requirement. A divider control input may further be provided by either the baseband processing circuitry 108 (FIG. 3) or the application processor 111 (FIG. 3) depending on the desired output frequency 305. In some embodiments, a divider control input (e.g., N) may be determined from a look-up table (e.g., within a Wi-Fi card) based on a channel number and a channel center frequency as determined or indicated by the application processor 111.

[0069] In some embodiments, synthesizer circuitry 304 may be configured to generate a carrier frequency as the output frequency 305, while in other embodiments, the output frequency 305 may be a fraction of the carrier frequency (e.g., one-half the carrier frequency, one-third the carrier frequency). In some embodiments, the output frequency 305 may be a LO frequency (fLO).

[0070] FIG. 5B illustrates a functional block diagram of baseband processing circuitry 400 in accordance with some embodiments. The baseband processing circuitry 400 is one example of circuitry that may be suitable for use as the baseband processing circuitry 108 (FIG. 3), although other circuitry

configurations may also be suitable. The baseband processing circuitry 400 may include a receive baseband processor (RX BBP) 402 for processing receive baseband signals 309 provided by the radio IC circuitry 106 (FIG. 3) and a transmit baseband processor (TX BBP) 404 for generating transmit baseband signals 311 for the radio IC circuitry 106. The baseband processing circuitry 400 may also include control logic 406 for coordinating the operations of the baseband processing circuitry 400.

[0071] In some embodiments (e.g., when analog baseband signals are exchanged between the baseband processing circuitry 400 and the radio IC circuitry 106), the baseband processing circuitry 400 may include ADC 410 to convert analog baseband signals received from the radio IC circuitry 106 to digital baseband signals for processing by the RX BBP 402. In these

embodiments, the baseband processing circuitry 400 may also include DAC 412 to convert digital baseband signals from the TX BBP 404 to analog baseband signals.

[0072] In some embodiments that communicate OFDM signals or OFDMA signals, such as through baseband processor 108A„ the transmit baseband processor 404 may be configured to generate OFDM or OFDMA signals as appropriate for transmission by performing an inverse fast Fourier transform (IFFT). The receive baseband processor 402 may be configured to process received OFDM signals or OFDMA signals by performing an FFT. In some embodiments, the receive baseband processor 402 may be configured to detect the presence of an OFDM signal or OFDMA signal by performing an

autocorrelation, to detect a preamble, such as a short preamble, and by performing a cross-correlation, to detect a long preamble. The preambles may be part of a predetermined frame structure for Wi-Fi communication.

[0073] Referring back to FIG. 3, in some embodiments, the antennas 101 (FIG. 3) may each comprise one or more directional or omnidirectional antennas, including, for example, dipole antennas, monopole antennas, patch antennas, loop antennas, microstrip antennas or other types of antennas suitable for transmission of RF signals. In some multiple-input multiple-output (MFMO) embodiments, the antennas may be effectively separated to take advantage of spatial diversity and the different channel characteristics that may result.

Antennas 101 may each include a set of phased-array antennas, although embodiments are not so limited.

[0074] Although the radio-architecture 100 is illustrated as having several separate functional elements, one or more of the functional elements may be combined and may be implemented by combinations of software-configured elements, such as processing elements including digital signal processors (DSPs), and/or other hardware elements. For example, some elements may comprise one or more microprocessors, DSPs, field-programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), radio-frequency integrated circuits (RFICs) and combinations of various hardware and logic circuitry for performing at least the functions described herein. In some embodiments, the functional elements may refer to one or more processes operating on one or more processing elements. [0075] Examples, as described herein, may include, or may operate on, logic or a number of components, circuits, facilities, or engines, which for the sake of brevity may be collectively referred to as engines. Engines are tangible entities (e.g., hardware) capable of performing specified operations and may be configured or arranged in a certain manner. In an example, circuits may be arranged (e.g., internally or with respect to external entities such as other circuits) in a specified manner as an engine. In an example, the whole or part of one or more computer systems (e.g., a standalone, client or server computer system) or one or more hardware processors may be configured by firmware or software (e.g., instructions, an application portion, or an application) as an engine that operates to perform specified operations. In an example, the software may reside on a machine readable medium. In an example, the software, when executed by the underlying hardware of the engine, causes the hardware to perform the specified operations.

[0076] Accordingly, the term "engine" is understood to encompass a tangible entity, be that an entity that is physically constructed, specifically configured (e.g., hardwired), or temporarily (e.g., transitorily) configured (e.g.,

programmed) to operate in a specified manner or to perform part or all of any operation described herein. Considering examples in which engines are temporarily configured, each of the engines need not be instantiated at any one moment in time. For example, where the engines comprise a general-purpose hardware processor configured using software, the general-purpose hardware processor may be configured as respective different engines at different times. Software may accordingly configure a hardware processor, for example, to constitute a particular engine at one instance of time and to constitute a different engine at a different instance of time.

[0077] Some embodiments may be implemented using software and/or firmware in combination with execution hardware, such as the processing elements described above. This software and/or firmware may take the form of instructions contained in or on a non-transitory computer-readable storage medium. Those instructions may then be read and executed by one or more processors to enable performance of the operations described herein. The instructions may be in any suitable form, such as but not limited to source code, compiled code, interpreted code, executable code, static code, dynamic code, and the like. Such a computer-readable medium may include any tangible non- transitory medium for storing information in a form readable by one or more computers, such as but not limited to read only memory (ROM); random access memory (RAM); magnetic disk storage media; optical storage media; a flash memory, etc.

[0078] According to one aspect of the embodiments, an AP on-boarding protocol is based on an initial WLAN connection as the OOB communication channel over which the satellite AP devices are to receive the on-boarding credential. According to the on-boarding protocol, a first AP device (generally this will be the root AP device, though this is not necessarily the case) is user- configured to establish a WLAN with a corresponding SSID.

[0079] The first AP device may be configured by the user in a conventional manner (e.g. using a mobile phone app and connecting over a default SSID) to set up the user's preferred SSID and passphrase for the WLAN to be established. Once the first AP device is configured, additional AP devices can be on-boarded by operation of the first AP device by triggering the root AP device to perform the on-boarding protocol to find un-configured AP devices to be satellite APs and to configure those AP devices.

[0080] The triggering of the root AP device may be achieved by a command, or it may be implied by the circumstances or context of its use. For example, the root AP may be triggered to perform a scan to assess the presence of unconfigured AP devices periodically, or in response to a log-in by a user into the settings menu of the root AP device.

[0081] As an example, the un-configured AP devices may be found by the first AP device scanning for a default SSID that is initially broadcast by the unconfigured AP devices. The default SSID may be broadcast by the forward- feeding wireless facility of each un-configured AP device. This functionality may be factory-preset, such that no specific user involvement is needed to start the default SSID broadcast. Optionally, the un-configured AP may provide a simple pushbutton or other simple control that the user may activate to start the default SSID broadcast. [0082] The un-configured AP device broadcasts the default SSID (e.g.

MULTIAP xx SSID with a known passphrase, or unencrypted). The unconfigured AP device is now in a mode where it can be connected to and configured by the first AP device.

[0083] The user interface that may be hosted on a remote device such as a mobile phone or other computing device (e.g., via mobile phone app or Web browser) may access the first AP device via the forward-feeding wireless facilities of the first AP device. The UI may provide user-operable controls for OOB channeling the first AP to initiate the on-boarding protocol, and optionally providing additional parameters, such as specifying the quantity of satellite AP devices to be on-boarded, etc. Thus, a user may select to add new AP devices to the existing multi-AP WLAN.

[0084] The first AP device may use its backward-feeding wireless facilities to operate in a client STA-like fashion, where it scans for the known default SSID (e.g. MULTIAP xx SSID) broadcasted by each of the un-configured AP devices. Since the scanning is done by the first AP device (and not the mobile phone), the user does not need to take any action to switch Wi-Fi networks on the mobile phone to on-board new AP devices. Hence this approach provides a much more seamless experience for onboarding new AP devices to the end user. The first AP device then establishes an encrypted OOB channel with the unconfigured AP device.

[0085] In a related embodiment, to enhance security, the first AP device verifies hardware capabilities of the un-configured AP device to ensure that it has hardware capabilities of a multi-AP access point (e.g. forward-feeding wireless facilities and backward-feeding wireless facilities) by querying device level information (e.g. through communication platform used between the first AP and the un-configured AP device). This ensures that the connected device is indeed a multi-AP access point and not some other client device exposing onboarding APIs for malicious intent to steal Wi-Fi network credential, for example. The first AP device can then provision Wi-Fi SSID/passphrase credential on the un-configured AP device over the encrypted OOB channel.

[0086] In another related embodiment, the first AP device implements rules to automatically select which AP devices are to be on-boarded. For example, through the configuration UI, the user may be prompted to select the exact number of AP devices to be on-boarded and asked to push the configure button on those AP devices to put them in the configuration mode. The user is asked to have these devices near the root AP device for configuration. The first AP device then looks for the user-specified number of un-configured AP devices by performing a Wi-Fi scan. The first AP device may have a rule to select only those un-configured AP devices for which measured RSSI is above a certain predefined threshold (e.g. RSSI above 40 dBm), so that only un-configured AP devices in close proximity to the first AP device are interactively configured with the on-boarding protocol. This feature works to reduce the likelihood of inadvertently exposing the WLAN credentials to a neighboring AP device that happens to be broadcasting the same default SSID and unintentionally gets configured by the first AP device, thereby compromising home Wi-Fi network security.

[0087] In a related embodiment, additional user involvement may be solicited to further increase security. Accordingly, the first AP device may provide a prompt to the user via the UI to specifically identify one or more of the AP devices to be onboarded. The UI may display information to identify the discovered AP devices (e.g. show the MAC address). The User may then select the AP devices to be on-boarded by comparing the identifying information shown to the actual AP devices themselves. This additional verification avoids the first AP device from inadvertently providing Wi-Fi credential to a neighboring AP device or a malicious device planted to steal the WLAN credential.

[0088] FIG. 6 is a diagram illustrating an on-boarding process according to an embodiment that uses a WLAN connection as the OOB channel. At 502, the user performs an initial configuration to set up the first AP device, which may be the root AP device (though it may be a satellite AP device) with the desired personal SSID and passphrase for the WLAN network that is to be the in-band network. This initial configuration is performed via a GUI such as one hosted on a smartphone or other remote computing device, for example. At 504, using the GUI, the user may command the first AP to on-board one or more AP devices to the multi-AP WLAN as an example of triggering the AP device to start on- boarding operations.

[0089] At 506, the user powers on new AP Devices (AP devices 2 and 3). AP devices 2 and 3 may immediately begin broadcasting their default SSID. In another example, AP devices 2 and 3 may have a push-button or other simple control that the user may activate to initiate the multi-AP configuration mode in which each of these AP devices begins broadcasting their default SSIDs via their forward-feeding facilities, as indicated at 508.

[0090] At 510, the first AP device scans for the default SSID over its backward-feeding wireless facility (e.g., as a STA would) and discovers the unconfigured AP devices 2 and 3.

[0091] At 512, the first AP device automatically applies selection criteria for determining which un-configured AP devices may be on-boarded. Examples of the selection criteria include those AP devices from which the measured RSSI during the Wi-Fi scan at 510 was above a specified threshold (e.g. RSSI above - 40dBm). Additional criteria, as discussed above, may also be applied, such as querying hardware-configuration information from each un-configured AP device to determine it has suitable hardware to operate as a satellite AP device in a multi-AP WLAN, and comparing the number of AP devices found against the quantity specified by the user with the on-boarding command.

[0092] At 514, the first AP device establishes an encrypted channel with the unconfigured AP Device over the OOB channel, and the first AP device configures the WLAN SSID and passphrase of the existing WLAN, in each unconfigured AP device over the encrypted channel. At 516, AP devices 2 and 3 join the WLAN established by the first AP device. In the example depicted, AP devices 2 and 3 (now satellite APs) use their backward-feeding wireless facilities to connect with the forward-feeding wireless facility of the first AP, although in other embodiments, the backhaul communications of the satellite AP devices may be sent to the first AP via the first AP's backward-feeding wireless facilities. In a related embodiment, the on-boarding protocol includes configuration of a backhaul WLAN having a particular backhaul SSID that is distinct from the WLAN. The backhaul WLAN uses the backward-feeding wireless facilities of the satellite and root APs. The backhaul WLAN SSID and passphrase may be automatically derived based on the credentials of the user- defined WLAN and, for added security the broadcasting of the backhaul SSID may be suppressed.

[0093] In cases where the first AP device discovers (as part of the WLAN scan) and selects (based on onboarding device selection rules described above) a greater number of unconfigured AP devices than specified by the user through the device configuration command, then the first AP device can notify and prompt the user to select specific AP devices based on some device

identification information (e.g. device MAC address as provided on each of the AP devices).

[0094] Another aspect of the embodiments is directed to an automatic onboarding mechanism for onboarding new satellite AP devices into an existing multi-AP WLAN over a wired connection, such as an Ethernet connection, as the OOB channel. As in the previous example, the first AP device, which may or may not be the root AP is configured by the user in the conventional manner. The new AP devices to be on-boarded may be part of a bundle of AP devices purchased together with the first AP device, or they may have been purchased separately.

[0095] After the first AP device is configured with personal WLAN SSID and passphrase credentials, the user connects an unconfigured AP device to be a satellite AP over a short Ethernet cable to the already-configured first AP device for automatic onboarding over the wired connection. This provides improved security for AP device onboarding as compared to connecting over default SSID and onboarding the device.

[0096] The first AP device discovers an onboarding agent on the connected un-configured AP device. As a security measure, the first AP device may verify that the new AP device is indeed discovered over a wired connection based on information provided by the communication platform used between the first AP device and the un-configured AP device. This ensures that first AP device only provides credentials to another AP device connected over the wired connection with the first AP device.

[0097] As another security measure, the first AP device may verify the hardware capabilities of the un-configured AP device to ensure that it has hardware capabilities of a multi-AP access point by querying device level information through communication platform used between first AP and second AP device. This ensures that the connected device is indeed a multi-AP access point and not any other client device running onboarding agent for malicious intent to steal Wi-Fi network credential.

[0098] After performing the optional verification, the first AP device automatically configures the WLAN credentials on the second AP device over the encrypted communication channel. Notably, this operation does not require any user input for the onboarding of the new AP device.

[0099] In a related embodiment, a security enhancement may be incorporated by soliciting explicit user confirmation after verifying the hardware capabilities of the new AP device. This ensures that the user is authorizing the on-boarding and reduces the attack vector where a malicious device/client in or near the user's premises impersonates a multi-AP device to obtain the WLAN SSID and passphrase credentials.

[0100] In a related embodiment, multi-AP devices may also be pre- provisioned with a credential (e.g. a common root certificate) that can be used to mutually authenticate other participating AP devices during on-boarding operations.

[0101] In another related embodiment, multiple AP devices may be on- boarded together by connecting devices to the first AP device over a wired connection, provided that the first AP device supports multiple Ethernet ports. AP devices may be on-boarded in a daisy-chain manner such as A->B->C where A is the root AP device. In this example, AP device B gets on-boarded from root AP Device A, and AP device C is on-boarded by connecting to AP Device B over an Ethernet cable. In a sense, the daisy-chaining involves transferring onboarding authority from the first AP device to a second, already-on-boarded second AP device.

[0102] FIG. 7 is a diagram illustrating a process for on-boarding AP devices using a wired connection as the OOB channel, according to some embodiments. At 602, the user performs an initial configuration to set up the first AP device, which may be the root AP device (though it may be a satellite AP device) with the desired personal SSID and passphrase for the WLAN network that is to be the in-band network. This initial configuration is performed via a GUI such as one hosted on a smartphone or other remote computing device, for example. At 604, using the GUI, the user may command the first AP to on-board one or more AP devices to the multi-AP WLAN. In another embodiment, the first AP may begin the on-boarding autonomously (e.g., based on detection of a wired connection to one or more un-configured AP devices, or based on passage of time in embodiments where the un-configured device discovery operation is periodic)At 606 the un-configured AP devices are powered on and connected to the already-configured first AP device using an Ethernet cable.

[0103] At 608, the first AP device discovers an onboarding agent running on the second and third AP devices, and verifies for each un-configured AP device that the onboarding agent was discovered over an underlying Ethernet/wired connection (e.g., not over a wireless connection) based on the information provided by the communication platform used between the first AP device and the second AP device for on-boarding and configuration. This verification ensures that first AP device only provides WLAN credentials to another AP device connected over a wired connection with the first AP device, which is generally more secure than wireless connection between AP devices over a default SSID.

[0104] At 610, the first AP device establishes an encrypted communication channel with the each un-configured AP device via the respective wired connections, and queries hardware capabilities of the second AP device through the communication platform used between root AP and second AP device. The root AP will ensure that the second AP device has the hardware capabilities of a multi-AP access point, similar to the hardware verification discussed above.

[0105] After verifying that the hardware capabilities of the second and third AP devices match with the capabilities of a Multi-AP access point device, the first AP device automatically configures the WLAN credentials on the second and third AP devices over the respective encrypted communication channels, to enable the second and third AP devices to serve as APs in the WLAN using the WLAN's SSID, as indicated at 612.

[0106] At 614, AP devices 2 and 3 join the WLAN established by the first AP device. In the example depicted, AP devices 2 and 3 (now satellite APs) use their backward-feeding wireless facilities to connect with the forward-feeding wireless facility of the first AP, although in other embodiments, the backhaul communications of the satellite AP devices may be sent to the first AP via the first AP's backward-feeding wireless facilities. In a related embodiment, the on- boarding protocol includes configuration of a backhaul WLAN having a particular backhaul SSID that is distinct from the WLAN. The backhaul WLAN uses the backward-feeding wireless facilities of the satellite and root APs. The backhaul WLAN SSID and passphrase may be automatically derived based on the credentials of the user-defined WLAN and, for added security the broadcasting of the backhaul SSID may be suppressed.

[0107] As an optional security measure, the AP devices may be pre- provisioned with shared root-certificate information (e.g. a certificate assigned specifically for multi-AP Wi-Fi devices) and use that certificate to mutually authenticate one another to ensure that each new AP device being on-boarded is a multi-AP certified device, before providing the Wi-Fi network credentials by the first device.

[0108] FIG. 8 is a diagram illustrating a process for on-boarding AP devices using an alternative wireless connection as the OOB channel, according to some embodiments. The alternative wireless connection according to the example described in connection with FIG. 8 is an ultrasonic connection, though principles of the protocol will apply to other alternative wireless modalities, such as optical, and various RF links such as PAN, HAN, or the like. In an example embodiment, the lower ultrasound frequency range (18-21 kHz) is utilized. The first AP device (root AP or otherwise) is configured by the user via a remote UI as discussed in the examples above. For onboarding subsequent AP devices, the first AP device transmits an onboarding security credential (e.g. 6 or 8 digit PIN) over Ultrasound frequency to the un-configured AP devices. Prior to sending the ultrasonic signals, The first AP device can connect over a default SSID with each un-configured AP device and trigger these devices to listen for ultrasound transmission over device microphone.

[0109] Since ultrasound transmission is broadcasted, multiple AP devices can receive the ultrasound transmission simultaneously to obtain the onboarding security credential. This enables simultaneous onboarding of multiple AP devices into the multi-AP WLAN. The onboarding security credential can be used to perform mutual authentication between the first and un-configured AP devices and establish a secure link for secure onboarding/configuration of the new satellite AP devices. Since the ultrasound transmission can only be heard within the same room and within earshot distance, it offers a secure means for configuring a home Wi-Fi network setup, because no devices outside the home are able hear the transmission.

[0110] Once the user has completed the initial configuration of the first AP device, the user may select the option to add one or more AP devices to the multi-AP WLAN. The first AP device can perform a Wi-Fi scan to scan for all the new un-configured AP devices broadcasting a known default SSID. The first AP device can then use data transmission over the lower Ultrasound frequency range (18-21 kHz) for example, using its transducer to transmit a randomly- generated security credential (e.g. 6 or 8 digit PIN) to one or more of the un- configured multi-AP devices.

[0111] In a related embodiment, the onboarding security credential transmitted over ultrasonic frequency has a temporary validity (e.g. valid for 1 minute) and can be used only to on-board AP devices discovered via the Wi-Fi scan in the current on-boarding session by the first AP device. The un-configured AP device may use its microphone to capture the untrasonic signaling carrying the credential information.

[0112] In a related embodiment, once an un-configured AP device has received the on-boarding credential over ultrasound transmission, that security credential can be used to perform a mutual authentication between the first AP device and the new AP device. For example, the two sides can generate and exchange cryptographic hash values (generated based on the security credential and other known information) and verify that the received hash value matches the locally-generated hash value. The purpose of mutual authentication is for each AP device to verify that the other AP device is in the same room or within the earshot distance.

[0113] The onboarding security credential may be used to perform mutual authentication between the root AP device and all the other un-configured AP devices discovered as part of the Wi-Fi scan performed by the first AP device as part of the current onboarding session. In the future, if the user wishes to add another AP device to the multi-AP WLAN, a new on-boarding round may be started and the first AP device will generate a new random security credential to be used for that on-boarding round.

[0114] After mutual authentication is successfully completed between the first AP device and each un-configured AP device, the first AP establishes a secure channel over the WLAN by deriving key material from the common on-boarding security credential. The root AP device securely provisions the satellite AP device with SSID and passphrase credentials over this secure channel.

[0115] The ultrasonic-based onboarding protocol may also be used for improving the security for initial configuration of the root AP device with user's chosen WLAN SSID and passphrase. As part of the initial Ul-based setup, the UI may trigger the first AP to transmit a security credential over the ultrasonic OOB channel. The computing device that hosts the UI may capture the ultrasonic transmission to extract the security credential. The security credential can then be used for mutual authentication and trust establishment between first AP and Ul-hosting hardware setting up the root AP. This assures that the UI is in the same vicinity as the first AP.

[0116] FIG. 8 is a diagram illustrating an on-boarding protocol utilizing close- range wireless communication facilities according to some embodiments. This example is presented in the context of an ultrasonic close-range wireless modality; however, it will be understood that any other suitable modality (e.g., light, NFC, Bluetooth Low Energy, etc.) may be suitably adapted to equivalent effect as the close-range wireless communication facilities.

[00117] At 702, the user performs an initial configuration to set up the first AP device, which may be the root AP device (though it may be a satellite AP device) with the desired personal SSID and passphrase for the WLAN network that is to be the in-band network. This initial configuration is performed via a GUI such as one hosted on a smartphone or other remote computing device, for example. At 704, using the GUI, the user may command the first AP to on-board one or more additional AP devices to the multi-AP WLAN to be used as satellite AP devices. The triggering of the first AP device to begin discovery of unconfigured AP devices may also be implied by the circumstances or context of its use. For example, the first AP may be triggered to perform a scan to assess the presence of un-configured AP devices periodically, or in response to a log-in by a user into the settings menu of the root AP device.

[0118] The user places one or more of the un-configured AP devices 2 and 3 in the immediate vicinity (e.g., in the same room) as the first AP device to enable the close-range wireless communications. The user powers on the AP devices 2 and 3 so that the devices begin broadcasting a default SSID (e.g. MULTIAP XX SSID) at 706 using their forward-feeding wireless facilities. Optionally, each unconfigured AP may provide a simple pushbutton or other simple control that the user may activate to start the default SSID broadcast.

[0119] At 708, in response to the on-boarding command given by the user via the UI at 704, the first AP device performs a Wi-Fi scan using its backward- feeding wireless facility and finds all of the un-configured AP devices broadcasting the default SSID. The first AP then connects to un-configured AP devices 2 and 3 over the default SSIDs and commands those AP devices to listen for an ultrasound transmission to receive an onboarding security credential. The first AP device may generate a random onboarding security credential (e.g., a 6- or 8- digit PIN) and broadcast it over an ultrasonic frequency carrier using an ultrasonic transducer. The on-boarding security credential transmitted over ultrasound may be associated with a limited temporal validity (e.g., valid for 1 minute) and may be used only to on-board AP devices discovered via the Wi-Fi scan in the current onboarding session by the first AP device.

[0120] At 712, AP devices 2 and 3, being within earshot proximity of the first AP device, captures the ultrasonically-transmitted data using their respective microphones, and extract the on-boarding security credentials from the received signal.

[0121] At 714, the first AP device and each of AP devices 2 and 3 execute a security protocol to perform mutual authentication with each other using the default SSID connection established at 708. The security protocol establishes mutual authentication based on the common onboarding security credential. As an example, the first AP and each of the un-configured APs 2 and 3 may each generate and exchange crypto hash values (generated based on the exchanged security credential and other known information) and verify that the respective received hash values match the locally-generated hash values. Once the AP devices have mutually authenticated each other, the first AP device establishes a secure channel with each of the un-configured AP devices over the same default SSID connection by deriving key material from the common on-boarding security credential. Using the secure channel, the first AP device securely provisions each AP device 2 and 3 with SSID and passphrase credentials and any other applicable configuration settings for joining and operating in the WLAN.

[0122] At 716, AP devices 2 and 3 join the WLAN established by the first AP device. In the example depicted, AP devices 2 and 3 (now satellite APs) use their backward-feeding wireless facilities to connect with the forward -feeding wireless facility of the first AP, although in other embodiments, the backhaul communications of the satellite AP devices may be sent to the first AP via the first AP's backward-feeding wireless facilities. In a related embodiment, the on- boarding protocol includes configuration of a backhaul WLAN having a particular backhaul SSID that is distinct from the WLAN. The backhaul WLAN uses the backward-feeding wireless facilities of the satellite and root APs. The backhaul WLAN SSID and passphrase may be automatically derived based on the credentials of the user-defined WLAN and, for added security the

broadcasting of the backhaul SSID may be suppressed.

[0123] FIG. 9 is a process flow diagram illustrating an example process of discovering and configuring a satellite AP according to some embodiments. The process may be performed by root AP 20 (FIG. 1), or a satellite AP 22 (FIG. 1) that has been delegated authority to add additional satellite APs, for example. Notably, the process of FIG. 9 is a machine-implemented process that operates autonomously (e.g., without user interaction), though the operation of the process may be user initiated, or automatically initiated. In addition, it is important to note that the process is a richly-featured embodiment that may be realized as described; in addition, portions of the process may be implemented while others are excluded in various embodiments. The following Additional Notes and Examples section details various combinations, without limitation, that are contemplated. It should also be noted that in various embodiments, certain process operations may be performed in a different ordering than depicted in FIG. 9. [0124] At 902, the AP establishes a secure WLAN associated with SSID1 and access-controlled with an access credential. Once configured, the secure WLAN services a first coverage area. At 904, the AP initiates discovery of one or more un-configured satellite APs. At decision 906, the AP determines if there are any unconfigured satellite APs discovered as a result of the operation at 904. In the negative case, the process may end at 908. Otherwise, in response to discovery of at least one un-configured satellite AP, the AP executes an on-boarding protocol in which an out-of-band (OOB) channel is established with the discovered satellite AP at 910. Notably, the OOB channel is separate from the WLAN established at 902. Further, at 912, the AP exchanges a trust credential with the satellite AP over the OOB channel. At 914, based on the trust credential, the AP configures the satellite AP to establish at least one satellite coverage area of the WLAN associated with SSID1 and access controlled with the access credential. Notably, the satellite coverage area is to be established by the satellite AP. At decision 916, the AP determines if there are any additional unconfigured APs to be configured into satellite APs. In the affirmative case, the process loops to 910 to establish an OOB channel with the next discovered unfonfigured AP. Otherwise, with no further unconfigured AP devices available, the process may end at 908. The process may be re-initiated automatically after a passage of time, or in response to an event such as a user-controlled initiation or other event such as an autonomous event.

[0125] Additional Notes & Examples:

[0126] Example 1 is apparatus for an access point (AP) configurable for multiple-AP local networks, the apparatus comprising: memory, and controller circuitry interfaced with the memory, the controller circuitry to: cause the AP to establish a first secure wireless local area network (WLAN) associated with a first service set identifier (SSID) and access-controlled with an access credential, the first WLAN being established via WLAN AP radio circuitry of the AP to service a first coverage area; initiate discovery of one or more un-configured satellite APs; and in response to discovery of at least one un-configured satellite AP, execute an on-boarding protocol to: establish an out-of-band (OOB) channel with the at least one satellite AP, wherein the OOB channel is separate from the first WLAN; exchange a trust credential with the at least one satellite AP over the OOB channel; and based on the trust credential, configure the at least one satellite AP to establish at least one satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the satellite coverage area being established by the at least one satellite AP.

[0127] In Example 2, the subject matter of Example 1 optionally includes wherein the discovery of one or more un-configured satellite APs is triggered by a user-originated on-boarding command via a user interface.

[0128] In Example 3, the subject matter of Example 2 optionally includes wherein the on-boarding command is received via a user interface hosted on a remote device.

[0129] In Example 4, the subject matter of any one or more of Examples 1-3 optionally include wherein the discovery of one or more un-configured satellite APs is performed via a wired connection to one or more APs.

[0130] In Example 5, the subject matter of any one or more of Examples 1-4 optionally include wherein the discovery of one or more un-configured satellite APs is performed via a default WLAN connection.

[0131] In Example 6, the subject matter of any one or more of Examples 1-5 optionally include wherein the AP is configured as a root AP that bridges the first WLAN and a wide-area network.

[0132] In Example 7, the subject matter of any one or more of Examples 1-6 optionally include wherein the access credential includes the SSID and a passphrase of the first WLAN.

[0133] In Example 8, the subject matter of any one or more of Examples 1-7 optionally include wherein the trust credential includes at least a portion of the access credential.

[0134] In Example 9, the subject matter of any one or more of Examples 1-8 optionally include wherein the trust credential is distinct from the access credential.

[0135] In Example 10, the subject matter of any one or more of Examples 2-3 optionally include wherein the on-boarding command includes an indication of a quantity of satellite AP devices to be on-boarded.

[0136] In Example 11, the subject matter of any one or more of Examples 1- 10 optionally include wherein the on-boarding protocol includes a mutual authentication procedure to be performed over a default WLAN in response to configuration of the at least one satellite AP via the OOB channel.

[0137] In Example 12, the subject matter of any one or more of Examples 1-

11 optionally include wherein an instance of the OOB channel is individually established with each of the at least one satellite AP.

[0138] In Example 13, the subject matter of any one or more of Examples 1-

12 optionally include wherein the OOB channel is established via a second WLAN that is separate from the first WLAN.

[0139] In Example 14, the subject matter of Example 13 optionally includes wherein the AP is to join the second WLAN that is hosted by one of the at least one satellite AP.

[0140] In Example 15, the subject matter of any one or more of Examples 13-

14 optionally include wherein each of the at least one satellite AP is to host an individual instance of the second WLAN, and wherein the AP is to separately join each instance of the second WLAN.

[0141] In Example 16, the subject matter of any one or more of Examples 13-

15 optionally include wherein the AP enforces a minimum received signal strength requirement to limit a spatial range in which a connection with the second WLAN is permitted.

[0142] In Example 17, the subject matter of any one or more of Examples 1-

16 optionally include wherein the OOB channel is established via a wired connection.

[0143] In Example 18, the subject matter of Example 17 optionally includes wherein the wired connection includes an Ethernet connection.

[0144] In Example 19, the subject matter of any one or more of Examples 17-

18 optionally include wherein the wired connection includes a powerline- network connection.

[0145] In Example 20, the subject matter of any one or more of Examples 1-

19 optionally include wherein the OOB channel is established via a near-field communications (NFC) wireless connection.

[0146] In Example 21, the subject matter of any one or more of Examples 1-

20 optionally include wherein the OOB channel is established via a personal area network (PAN) wireless connection. [0147] In Example 22, the subject matter of any one or more of Examples 1- 21 optionally include wherein the OOB channel is established via a home area network (HAN) wireless connection.

[0148] In Example 23, the subject matter of any one or more of Examples 1- 22 optionally include wherein the OOB channel is established via an ultrasonic wireless connection.

[0149] In Example 24, the subject matter of any one or more of Examples 1-

23 optionally include wherein the OOB channel is established via an optical connection.

[0150] In Example 25, the subject matter of any one or more of Examples 1-

24 optionally include wherein the controller circuitry is to pass on-boarding authority from the AP to the at least one satellite AP such that the at least one satellite AP is configured to initiate an on-boarding protocol for configuring an additional satellite AP to establish an additional satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the additional satellite coverage area being established by the additional satellite AP.

[0151] In Example 26, the subject matter of any one or more of Examples 1-

25 optionally include wherein the on-boarding protocol includes configuration of the at least one satellite AP with backhaul access credentials for a third WLAN to carry backhaul communications between the at least one satellite AP and the first AP.

[0152] Example 27 is at least one machine-readable medium containing instructions that, when executed on a processor of an access point (AP), cause the AP to: establish a first secure wireless local area network (WLAN) associated with a first service set identifier (SSID) and access-controlled with an access credential, the first WLAN to service a first coverage area; initiate discovery of one or more un-configured satellite APs; and in response to discovery of at least one un-configured satellite AP, execute an on-boarding protocol to: establish an out-of-band (OOB) channel with the at least one satellite AP, wherein the OOB channel is separate from the first WLAN;

exchange a trust credential with the at least one satellite AP over the OOB channel; and based on the trust credential, configure the at least one satellite AP to establish at least one satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the satellite coverage area to be established by the at least one satellite AP.

[0153] In Example 28, the subject matter of Example 27 optionally includes wherein the discovery of one or more un-configured satellite APs is triggered by a user-originated on-boarding command via a user interface.

[0154] In Example 29, the subject matter of Example 28 optionally includes wherein the on-boarding command is received via a user interface hosted on a remote device.

[0155] In Example 30, the subject matter of any one or more of Examples 27-

29 optionally include wherein the discovery of one or more un-configured satellite APs is performed via a wired connection to one or more APs.

[0156] In Example 31, the subject matter of any one or more of Examples 27-

30 optionally include wherein the discovery of one or more un-configured satellite APs is performed via a default WLAN connection.

[0157] In Example 32, the subject matter of any one or more of Examples 27-

31 optionally include wherein the AP is configured as a root AP that bridges the first WLAN and a wide-area network.

[0158] In Example 33, the subject matter of any one or more of Examples 27- 32 optionally include wherein the access credential includes the SSID and a passphrase.

[0159] In Example 34, the subject matter of any one or more of Examples 27-

33 optionally include wherein the trust credential includes at least a portion of the access credential.

[0160] In Example 35, the subject matter of any one or more of Examples 27-

34 optionally include wherein the trust credential is distinct from the access credential.

[0161] In Example 36, the subject matter of any one or more of Examples 28- 29 optionally include wherein the on-boarding command includes an indication of a quantity of satellite AP devices to be on-boarded.

[0162] In Example 37, the subject matter of any one or more of Examples 27- 36 optionally include wherein the on-boarding protocol includes a mutual authentication procedure to be performed over a default WLAN in response to configuration of the at least one satellite AP via the OOB channel.

[0163] In Example 38, the subject matter of any one or more of Examples 27-

37 optionally include wherein an instance of the OOB channel is established individually with each of the at least one satellite AP.

[0164] In Example 39, the subject matter of any one or more of Examples 27-

38 optionally include wherein the OOB channel is established via a default WLAN that is separate from the first WLAN.

[0165] In Example 40, the subject matter of Example 39 optionally includes wherein the AP is to join the default WLAN that is hosted by one of the at least one satellite AP.

[0166] In Example 41, the subject matter of any one or more of Examples 39-

40 optionally include wherein each of the at least one satellite AP is to host an individual instance of the default WLAN, and wherein the AP is to separately join each instance of the default WLAN.

[0167] In Example 42, the subject matter of any one or more of Examples 39-

41 optionally include wherein the AP enforces a minimum signal strength requirement to limit a spatial range in which a connection with the default WLAN is permitted.

[0168] In Example 43, the subject matter of any one or more of Examples 27- 42 optionally include wherein the OOB channel is established via a wired connection.

[0169] In Example 44, the subject matter of Example 43 optionally includes wherein the wired connection includes an Ethernet connection.

[0170] In Example 45, the subject matter of any one or more of Examples 43- 44 optionally include wherein the wired connection includes a powerline- network connection.

[0171] In Example 46, the subject matter of any one or more of Examples 27-

45 optionally include wherein the OOB channel is established via a near-field communications (NFC) wireless connection.

[0172] In Example 47, the subject matter of any one or more of Examples 27-

46 optionally include wherein the OOB channel is established via a personal area network (PAN) wireless connection.

[0173] In Example 48, the subject matter of any one or more of Examples 27- 47 optionally include wherein the OOB channel is established via a home area network (HAN) wireless connection.

[0174] In Example 49, the subject matter of any one or more of Examples 27-

48 optionally include wherein the OOB channel is established via an ultrasonic wireless connection.

[0175] In Example 50, the subject matter of any one or more of Examples 27-

49 optionally include wherein the OOB channel is established via an optical connection.

[0176] In Example 51, the subject matter of any one or more of Examples 27- 50 optionally include wherein the AP is to pass on-boarding authority to the at least one satellite AP such that the at least one satellite AP is configured to initiate an on-boarding protocol for configuring an additional satellite AP to establish an additional satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential.

[0177] In Example 52, the subject matter of any one or more of Examples 27- 51 optionally include wherein the on-boarding protocol includes configuration of the at least one satellite AP with backhaul access credentials for a third WLAN to carry backhaul communications between the at least one satellite AP and the first AP.

[0178] Example 53 is apparatus for configuring a satellite access point (AP) for operation in a first multiple- AP wireless local area network (WLAN) associated with a first service set identifier (SSID) and access-controlled with an access credential, the apparatus comprising: memory, and controller circuitry interfaced with the memory, the controller circuitry to: establish a default WLAN associated with a default SSID; connect with a configuring AP via the default WLAN, wherein the configuring AP connects as a client station;

establish an out-of-band (OOB) channel, wherein the OOB channel is isolated from the default WLAN and the first WLAN; receive a trust credential from the configuring AP over the OOB channel; based on the trust credential, receive configuration information from the configuring AP specific to the first WLAN; and based on the configuration information, establish a satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the satellite coverage area being established by the at least one satellite AP.

[0179] In Example 54, the subject matter of Example 53 optionally includes wherein the access credential includes the SSID and a passphrase.

[0180] In Example 55, the subject matter of any one or more of Examples 53- 54 optionally include wherein the trust credential includes at least a portion of the access credential.

[0181] In Example 56, the subject matter of any one or more of Examples 53-

55 optionally include wherein the trust credential is distinct from the access credential.

[0182] In Example 57, the subject matter of any one or more of Examples 53-

56 optionally include wherein the apparatus is to cause the AP to perform a mutual authentication procedure over the default WLAN in response to receipt of the trust credential via the OOB channel.

[0183] In Example 58, the subject matter of any one or more of Examples 53- 57 optionally include wherein the OOB channel is established via a wired connection.

[0184] In Example 59, the subject matter of Example 58 optionally includes wherein the wired connection includes an Ethernet connection.

[0185] In Example 60, the subject matter of any one or more of Examples 58- 59 optionally include wherein the wired connection includes a powerline- network connection.

[0186] In Example 61, the subject matter of any one or more of Examples 53-

60 optionally include wherein the OOB channel is established via a near-field communications (NFC) wireless connection.

[0187] In Example 62, the subject matter of any one or more of Examples 53-

61 optionally include wherein the OOB channel is established via a personal area network (PAN) wireless connection.

[0188] In Example 63, the subject matter of any one or more of Examples 53-

62 optionally include wherein the OOB channel is established via a home area network (HAN) wireless connection.

[0189] In Example 64, the subject matter of any one or more of Examples 53-

63 optionally include wherein the OOB channel is established via an ultrasonic wireless connection. [0190] In Example 65, the subject matter of any one or more of Examples 53- 64 optionally include wherein the OOB channel is established via an optical connection.

[0191] In Example 66, the subject matter of any one or more of Examples 53- 65 optionally include wherein the controller circuitry is to receive on-boarding authority from the configuring AP that permits the AP to initiate an on-boarding protocol for configuring an additional satellite AP to establish an additional satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the additional satellite coverage area being established by the additional satellite AP.

[0192] In Example 67, the subject matter of any one or more of Examples 53- 66 optionally include wherein the controller circuitry is to receive configuration of backhaul access credentials for a third WLAN to carry backhaul

communications between the AP and the configuring AP.

[0193] Example 68 is at least one machine-readable medium containing instructions that, when executed on a processor of an access point (AP) configured for operation in a first multiple- AP wireless local area network (WLAN) associated with a first service set identifier (SSID) and access- controlled with an access credential, cause the AP to: establish a default WLAN associated with a default SSID; connect with a configuring AP via the default WLAN, wherein the configuring AP connects as a client station; establish an out-of-band (OOB) channel, wherein the OOB channel is isolated from the default WLAN and the first WLAN; receive a trust credential from the configuring AP over the OOB channel; based on the trust credential, receive configuration information from the configuring AP specific to the first WLAN; and based on the configuration information, establish a satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the satellite coverage area being established by the at least one satellite AP.

[0194] In Example 69, the subject matter of Example 68 optionally includes wherein the access credential includes the SSID and a passphrase.

[0195] In Example 70, the subject matter of any one or more of Examples 68- 69 optionally include wherein the trust credential includes at least a portion of the access credential.

[0196] In Example 71, the subject matter of any one or more of Examples 68-

70 optionally include wherein the trust credential is distinct from the access credential.

[0197] In Example 72, the subject matter of any one or more of Examples 68-

71 optionally include wherein the AP is to perform a mutual authentication procedure over the default WLAN in response to receipt of the trust credential via the OOB channel.

[0198] In Example 73, the subject matter of any one or more of Examples 68- 72 optionally include wherein the OOB channel is established via a wired connection.

[0199] In Example 74, the subject matter of Example 73 optionally includes wherein the wired connection includes an Ethernet connection.

[0200] In Example 75, the subject matter of any one or more of Examples 73- 74 optionally include wherein the wired connection includes a powerline- network connection.

[0201] In Example 76, the subject matter of any one or more of Examples 68-

75 optionally include wherein the OOB channel is established via a near-field communications (NFC) wireless connection.

[0202] In Example 77, the subject matter of any one or more of Examples 68-

76 optionally include wherein the OOB channel is established via a personal area network (PAN) wireless connection.

[0203] In Example 78, the subject matter of any one or more of Examples 68-

77 optionally include wherein the OOB channel is established via a home area network (HAN) wireless connection.

[0204] In Example 79, the subject matter of any one or more of Examples 68-

78 optionally include wherein the OOB channel is established via an ultrasonic wireless connection.

[0205] In Example 80, the subject matter of any one or more of Examples 68- 79 optionally include wherein the OOB channel is established via an optical connection.

[0206] In Example 81, the subject matter of any one or more of Examples 68- 80 optionally include AP is to receive on-boarding authority from the configuring AP that permits the AP to initiate an on-boarding protocol for configuring an additional satellite AP to establish an additional satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the additional satellite coverage area being established by the additional satellite AP.

[0207] In Example 82, the subject matter of any one or more of Examples 68- 81 optionally include wherein the AP is to receive configuration of backhaul access credentials for a third WLAN to carry backhaul communications between the AP and the configuring AP.

[0208] The above detailed description includes references to the

accompanying drawings, which form a part of the detailed description. The drawings show, by way of illustration, specific embodiments that may be practiced. These embodiments are also referred to herein as "examples." Such examples may include elements in addition to those shown or described.

However, also contemplated are examples that include the elements shown or described. Moreover, also contemplate are examples using any combination or permutation of those elements shown or described (or one or more aspects thereof), either with respect to a particular example (or one or more aspects thereof), or with respect to other examples (or one or more aspects thereof) shown or described herein.

[0209] Publications, patents, and patent documents referred to in this document are incorporated by reference herein in their entirety, as though individually incorporated by reference. In the event of inconsistent usages between this document and those documents so incorporated by reference, the usage in the incorporated reference(s) are supplementary to that of this document; for irreconcilable inconsistencies, the usage in this document controls.

[0210] In this document, the terms "a" or "an" are used, as is common in patent documents, to include one or more than one, independent of any other instances or usages of "at least one" or "one or more." In this document, the term "or" is used to refer to a nonexclusive or, such that "A or B" includes "A but not B," "B but not A," and "A and B," unless otherwise indicated. In the appended claims, the terms "including" and "in which" are used as the plain- English equivalents of the respective terms "comprising" and "wherein." Also, in the following claims, the terms "including" and "comprising" are open-ended, that is, a system, device, article, or process that includes elements in addition to those listed after such a term in a claim are still deemed to fall within the scope of that claim. Moreover, in the following claims, the terms "first," "second," and "third," etc. are used merely as labels, and are not intended to suggest a numerical order for their objects.

[0211] The above description is intended to be illustrative, and not restrictive. For example, the above-described examples (or one or more aspects thereof) may be used in combination with others. Other embodiments may be used, such as by one of ordinary skill in the art upon reviewing the above description. The Abstract is to allow the reader to quickly ascertain the nature of the technical disclosure and is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. Also, in the above Detailed Description, various features may be grouped together to streamline the disclosure. However, the claims may not set forth features disclosed herein because embodiments may include a subset of said features. Further, embodiments may include fewer features than those disclosed in a particular example. Thus, the following claims are hereby incorporated into the Detailed Description, with a claim standing on its own as a separate embodiment. The scope of the embodiments disclosed herein is to be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.

Claims

What is claimed is: 1. Apparatus for an access point (AP) configurable for multiple- AP local networks, the apparatus comprising:

memory, and controller circuitry interfaced with the memory, the controller circuitry to:

cause the AP to establish a first secure wireless local area network (WLAN) associated with a first service set identifier (SSID) and access- controlled with an access credential, the first WLAN being established via WLAN AP radio circuitry of the AP to service a first coverage area; initiate discovery of one or more un-configured satellite APs; and in response to discovery of at least one un-configured satellite AP, execute an on-boarding protocol to:

establish an out-of-band (OOB) channel with the at least one satellite AP, wherein the OOB channel is separate from the first WLAN;

exchange a trust credential with the at least one satellite AP over the OOB channel; and

based on the trust credential, configure the at least one satellite AP to establish at least one satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the satellite coverage area being established by the at least one satellite AP.

2. The apparatus of claim 1, wherein the discovery of one or more unconfigured satellite APs is triggered by a user-originated on-boarding command via a user interface.

3. The apparatus of claim 2, wherein the on-boarding command is received via a user interface hosted on a remote device.

4. The apparatus of claim 1, wherein the discovery of one or more unconfigured satellite APs is performed via a wired connection to one or more APs.

5. The apparatus of claim 1, wherein the discovery of one or more unconfigured satellite APs is performed via a default WLAN connection.

6. The apparatus of claim 1, wherein the AP is configured as a root AP that bridges the first WLAN and a wide-area network.

7. The apparatus of claim 1, wherein the on-boarding protocol includes a mutual authentication procedure to be performed over a default WLAN in response to configuration of the at least one satellite AP via the OOB channel.

8. The apparatus of claim 1, wherein the OOB channel is established via a second WLAN that is separate from the first WLAN.

9. The apparatus of claim 8, wherein the AP is to join the second WLAN that is hosted by one of the at least one satellite AP.

10. The apparatus of claim 8, wherein each of the at least one satellite AP is to host an individual instance of the second WLAN, and wherein the AP is to separately join each instance of the second WLAN.

11. The apparatus of claim 8, wherein the AP enforces a minimum received signal strength requirement to limit a spatial range in which a connection with the second WLAN is permitted.

12. The apparatus of claim 1, wherein the OOB channel is established via a wired connection.

13. The apparatus of claim 1, wherein the OOB channel is established via a near-field communications (NFC) wireless connection.

14. The apparatus of claim l,wherein the OOB channel is established via an ultrasonic wireless connection.

15. The apparatus of claim 1, wherein the OOB channel is established via an optical connection.

16. The apparatus according to any one of claims 1-15, wherein the controller circuitry is to pass on-boarding authority from the AP to the at least one satellite AP such that the at least one satellite AP is configured to initiate an on-boarding protocol for configuring an additional satellite AP to establish an additional satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the additional satellite coverage area being established by the additional satellite AP.

17. The apparatus according to any one of claims 1-15, wherein the on- boarding protocol includes configuration of the at least one satellite AP with backhaul access credentials for a third WLAN to carry backhaul

communications between the at least one satellite AP and the first AP.

18. At least one machine-readable medium containing instructions that, when executed on a processor of an access point (AP), cause the AP to:

establish a first secure wireless local area network (WLAN) associated with a first service set identifier (SSID) and access-controlled with an access credential, the first WLAN to service a first coverage area;

initiate discovery of one or more un-configured satellite APs; and in response to discovery of at least one un-configured satellite AP, execute an on-boarding protocol to:

establish an out-of-band (OOB) channel with the at least one satellite AP, wherein the OOB channel is separate from the first WLAN; exchange a trust credential with the at least one satellite AP over the OOB channel; and based on the trust credential, configure the at least one satellite AP to establish at least one satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the satellite coverage area to be established by the at least one satellite AP.

19. The at least one machine-readable medium of claim 18, wherein an instance of the OOB channel is established individually with each of the at least one satellite AP.

20. The at least one machine-readable medium of claim 18, wherein the OOB channel is established via a default WLAN that is separate from the first

WLAN.

21. The at least one machine-readable medium of claim 18, wherein the OOB channel is established via a wired connection.

22. Apparatus for configuring a satellite access point (AP) for operation in a first multiple- AP wireless local area network (WLAN) associated with a first service set identifier (SSID) and access-controlled with an access credential, the apparatus comprising:

establish a default WLAN associated with a default SSID;

connect with a configuring AP via the default WLAN, wherein the configuring AP connects as a client station;

establish an out-of-band (OOB) channel, wherein the OOB channel is isolated from the default WLAN and the first WLAN;

receive a trust credential from the configuring AP over the OOB channel;

based on the trust credential, receive configuration information from the configuring AP specific to the first WLAN; and based on the configuration information, establish a satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the satellite coverage area being established by the at least one satellite AP.

23. The apparatus of claim 22,wherein the OOB channel is established via ultrasonic wireless connection.

24. The apparatus of claim 22, wherein the controller circuitry is to receive on-boarding authority from the configuring AP that permits the AP to initiate an on-boarding protocol for configuring an additional satellite AP to establish an additional satellite coverage area of the first WLAN associated with the SSID and access controlled with the access credential, the additional satellite coverage area being established by the additional satellite AP.

25. The apparatus of claim 22, wherein the controller circuitry is to receive configuration of backhaul access credentials for a third WLAN to carry backhaul communications between the AP and the configuring AP.