| 摘要 |
Secure hotspot roaming in wireless networks. An enterprise works with one or more hotspot providers to provide secure access to its clients through hotspot locations. The enterprise provides the hotspot provider, or service provider (SP), with the addresses of enterprise controllers used for client authentication. The SP maintains a database for its controllers which maps the enterprise realm to the address of the enterprise controller. When a client connects to a hotspot access point (AP), the hotspot AP sends client information such as MAC address to a SP controller. The SP controller determines if this is a new or a known client by looking up the client information in a local client to realm database. If the client is known and the realm associated with the client has an entry in the realm to enterprise controller database, the hotspot AP is instructed to begin client authentication with the specified enterprise controller. If the client is not known, authentication begins with the SP controller, and the client is queried for realm information. An entry is made in the SP controller's client to realm database for the client. If a corresponding record is present in the realm to enterprise database, the SP controller instructs the hotspot AP to dynamically switch authentication from the SP controller to the enterprise controller. The realm to enterprise database may also be placed on the hotspot AP, so that the hotspot AP may determine if the client should be passed to an enterprise controller and begin authentication with the enterprise controller directly.
|
