| 发明名称 |
Method and apparatus for local area networks |
| 摘要 |
A mechanism for segregating traffic amongst STAs that are associated with a bridge, referred to herein as the personal virtual bridged local area network (personal VLAN), is based upon the use of a VLAN to segregate traffic. The IEEE 802.1Q-1998 (virtual bridged LANs) protocol provides a mechanism that is extended by the invention to partition a LAN segment logically into multiple VLANs. One embodiment of the invention extends the standard VLAN bridge model to provide a mechanism that is suitable for use within an AP. In a preferred embodiment, the Personal VLAN bridge extends the standard VLAN bridge in at least any of the following ways: VLAN discovery in which a personal VLAN bridge provides a protocol for VLAN discovery; VLAN extension in which a Personal VLAN allows a station to create a new port that serves a new VLAN, or to join an existing VLAN via an authentication protocol. |
| 申请公布号 |
US8966611(B2) |
申请公布日期 |
2015.02.24 |
| 申请号 |
US201213589678 |
申请日期 |
2012.08.20 |
| 申请人 |
Mircosoft Technology Licensing, LLC |
发明人 |
Volpano Dennis Michael |
| 分类号 |
H04L29/06;H04L9/00;G06F15/16;H04K1/00;H04L12/46 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
Jardine John;Corie Alin;Minhas Micky |
| 主权项 |
1. An access point for segregating traffic among a plurality of end stations, comprising:
a plurality of virtual Basic Service Sets (BSS), wherein each BSS has a unique security association with a set of end stations, wherein each BSS sends frames between the set of end stations; a frame having a cryptographic authentication code; the frame having a source media access control (MAC) address to determine a preliminary virtual local area network (VLAN) classification when the frame carries a null virtual LAN ID; the frame having a virtual LAN ID (VID) as the preliminary VLAN classification when the frame carries the VID; a table of security associations providing a cryptographic authentication code key based on the preliminary VLAN classification, wherein the cryptographic authentication code key is used to recompute a new cryptographic authentication code over a payload of the frame; the new cryptographic authentication code compared with the cryptographic authentication code; the preliminary VLAN classification implemented as a final VLAN classification when the new cryptographic authentication code and the cryptographic authentication code match, wherein the frame is decrypted; and the preliminary VLAN classification not implemented as the final VLAN classification when the new cryptographic authentication code and the cryptographic authentication code do not match, wherein the frame is discarded. |
| 地址 |
Redmond WA US |
