throbber
(12) United States Patent
`Brockmann
`
`I lllll llllllll Ill lllll lllll lllll lllll lllll 111111111111111111111111111111111
`US006487657Bl
`US 6,487,657 Bl
`Nov. 26, 2002
`
`(10) Patent No.:
`(45) Date of Patent:
`
`(54) DATA COMMUNICATION NETWORK
`
`(75)
`
`Inventor: Ronald Alexander Brockmann,
`Utrecht (NL)
`
`(73) Assignee: No Wires Needed, B.V., Bitthoven
`(NL)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.: 09/252,308
`
`(22) Filed:
`
`Feb. 18, 1999
`
`(30)
`
`Foreign Application Priority Data
`
`Feb. 19, 1998
`
`(NL) ............................................. 1008351
`
`(51)
`
`Int. Cl.7 ............................. H04L 9/36; H04L 9/32;
`H04K 1/10; H04H 1/12
`(52) U.S. Cl. ....................... 713/154; 713/155; 713/201;
`380/33; 380/270; 380/271; 455/3.05
`(58) Field of Search .......................... 380/33, 270, 271,
`380/277, 279; 713/154, 155, 163, 201;
`455/3.01, 3.02, 3.05, 3.06
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`5/1994 Takaragi et al. .............. 380/45
`5,309,516 A
`5,539,824 A * 7/1996 Bjorklind et al. ............. 380/21
`5,668,880 A * 9/1997 Alajajian ..................... 380/49
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`
`WO 95/12942 Al
`WO 96/04734 Al
`
`5/1995
`2/1996
`
`........... H04L/12/44
`........... H04L/12/28
`
`* cited by examiner
`
`Primary Examiner-Justin T. Darrow
`(74) Attorney, Agent, or Firm-St. Onge Steward Johnston
`& Reens LLC
`
`(57)
`
`ABSTRACT
`
`The invention relates to a data communication network
`suitable for the exchange of data between computers, which
`network comprises at least one substantially wireless LAN
`(Local Area Network) and access points distributed over an
`area of coverage for linking the computers comprised in the
`minimally one LAN, with the network. The minimally one
`wireless LAN is virtual and the data traffic with the com(cid:173)
`puters belonging to that particular LAN is individualized by
`encoding the data exchanged between the computers and the
`access points by using for each LAN a unique key.
`
`5,199,072 A
`
`3/1993 White et al. .................. 380/44
`
`7 Claims, 1 Drawing Sheet
`
`Cell A
`
`Cell B
`
`~\
`(o":,....;..)
`\ \
`\ \
`\~
`
`\ \ J
`
`wired backbone
`
`PayPal Ex. 1039, p. 1
`PayPal v. IOENGINE
`
`

`

`U.S. Patent
`US. Patent
`
`Nov. 26, 2002
`Nov. 26, 2002
`
`US 6,487,657 Bl
`US 6,487,657 B1
`
`m=mO
`
`N25>
`
`Eonwmwoom1.,.
`
`i.
`
`~t:/)
`·0· \ £ '\\£
`• ~ \~ ,----,~~---4---1
`""~·-.:.:·---...
`---........
`
`9.09.03USE
`
`
`
`~---' 0
`
`:
`
`<=mo
`
`.....
`
`z :s >
`
`539.",
`
`no..9mm
`
`cocflm
`
`PayPal Ex. 1039, p. 2
`PayPal Ex. 1039, p. 2
`PayPal v. IOENGINE
`N INE
`PayPal v. IOE
`
`
`

`

`US 6,487,657 Bl
`
`1
`DATA COMMUNICATION NETWORK
`
`FIELD OF THE INVENTION
`
`The invention relates to a data communication network
`suitable for the exchange of data between computers, which
`network comprises at least one substantially wireless LAN
`(Local Area Network) and access points distributed over an
`area of coverage for linking the computers comprised in the
`minimally one LAN, with the network.
`
`BACKGROUND OF THE INVENTION
`
`2
`wireless LAN is controlled by the control module and for
`each user module a unique identification number is
`employed, which information is stored in the memory of the
`control module. Prior to permitting network access the
`5 control module verifies the identification of the requesting
`user module. The users that are active in a certain geographi(cid:173)
`cal area, form part of a group sharing the same control
`module and when the mobile users are roaming, a transfer of
`the user concerned from one user group to the next is
`10 required, necessitating the assignment of a new password
`into the user module seeking access into the next user group.
`According to U.S. Pat. No. 5,199,072 a particular user is,
`however, not able to roam from one area to the other whilst
`maintaining membership to one particular virtual LAN.
`
`SUMMARY OF THE INVENTION
`
`It is the object of the invention to provide a system in
`which the data communication network can be used whilst
`being able to encompass several wireless LANs, without
`unduly aggravating the control problem with respect to the
`data traffic in the system, and without requiring concessions
`with regard to the mobility of the various computer users
`who are part of a wireless LAN.
`According to the invention the data communication net(cid:173)
`work is therefore equipped such that the minimally one
`wireless LAN is virtual and that the data traffic with the
`computers belonging to that particular LAN is individual(cid:173)
`ized by encoding the data exchanged between the computers
`and the access points by using for each LAN a unique key.
`In one preferred embodiment therefore every computer is
`provided with its own unique key. In this manner point-to(cid:173)
`point data links can be established between the various
`computers wirelessly encompassed in the network and the
`access points. To this end, data encoding techniques may be
`applied that are generally known from the literature. The
`only prerequisite being, that the keys applied are capable of
`distinguishing the individual data links between the respec(cid:173)
`tive computers and the access points. By providing said
`keys, the respective access points can be equipped such that
`they recognize to which virtual LAN or virtual LANs they
`belong and also, to which LAN the computers sending
`and/or receiving data to and from said access points, belong.
`The various keys may be determined beforehand for each
`LAN.
`In one particular embodiment, however, it is advanta(cid:173)
`geous that the data communication network is equipped to
`generate the unique key the moment that data traffic between
`one or more computers from a LAN and the network is
`established. This is advantageous with regard to controlla(cid:173)
`bility.
`One suitable embodiment endowed with the necessary
`guarantees regarding authentication of the data traffic, is
`characterized in that the generation of the unique key occurs
`with the public-key algorithm, which is known as such; see
`W. Diffie and M. E. Hellman, "New Directions in
`Cryptography", IEEE Transactions on Information Theory,
`v.IT-22, n. 6, November 1976, pp. 644-654.
`Advantageously, the access points are among themselves
`linked to wired network connections that are known as such.
`However, this is not a prerequisite; the network connections
`may also be wireless.
`In order to restrict the load constituted by the data traffic
`in the data communication network according to the
`invention, it is desirable that every access point possesses a
`filter unit for deleting data destined for a computer belong(cid:173)
`ing to a LAN other than the one present in the area of
`
`PayPal Ex. 1039, p. 3
`PayPal v. IOENGINE
`
`15
`
`20
`
`25
`
`30
`
`Such a data communication network has been known in
`practice for years. The wireless local area network (LAN)
`comprised in such a data communication network is
`designed to provide a great degree of flexibility, mobility
`and to lower the otherwise necessary costs for infrastructure
`and control. Such a wireless LAN may include a laptop
`computer equipped for wireless communication. In order to
`provide the communication function, the network is
`equipped with so-called access points which are set up in the
`geographical area served by the wireless LAN. Usually an
`access point serves a small area called Cell, having a radius
`of between 10 an 100 metres. Therefore, for serving a
`somewhat extensive area of coverage, the application of
`several access points is required. Among themselves, these
`access points are linked by means of network techniques
`which are known as such, and which may or may not be
`wired, such as for example, the ethernet infrastructure.
`The data communication network forming the object of
`the present invention, comprises at least one wireless local
`area network, and may otherwise be wired for linking with
`possibly further virtual local area networks, for example, in
`accordance with the IEEE 802.lQ standard for virtual LANs 35
`or, similarly, as known from W096/04734. When such a data
`communication network provides the possibility of applying
`several wireless local area networks, a problem arises that is
`intrinsic to the type of wireless communication. When
`computers from different local area networks operate in the 40
`same geographical area it is, in view of the fact that wireless
`communication takes place via the ether, very difficult to
`maintain the integrity of the data traffic in the respective
`local area networks according to the prior art.
`There are various solutions to this problem. On the one 45
`hand, the number of access points may be enlarged in
`concurrence with the number of local area networks present
`in a certain area of coverage; however, this is very costly and
`with respect to the utilization of the available transmitter
`frequencies, very inefficient. Another solution is not to 50
`increase the number of access points, but to restrict the
`mobility of the computers in local area networks. However,
`instead of solving a problem it merely avoids a problem.
`Another possibility is to abandon the idea of the smaller
`local area networks and to equip the system as one integral 55
`network. This would indeed avoid the indicated problem,
`but would create problems relating to the security of the data
`traffic, and will produce an exponential increase of the
`control problem. Accordingly, the performance of the sys(cid:173)
`tem will deteriorate because data which is destined for a 60
`limited number of computers, will be sent to every-one.
`U.S. Pat. No. 5,199,072 concerns wireless local area
`networks and means for restricting access within such
`networks. The wireless LAN according to this publication
`utilizes a control module to control communication with 65
`user modules that are linked with such devices as terminals,
`personal computers and similar equipment. Access to the
`
`

`

`US 6,487,657 Bl
`
`3
`coverage of that particular access point, or which stems from
`a computer of a first LAN while being destined for a
`computer of a second LAN. In addition, this guarantees the
`virtual star structure of the network.
`With a view to data traffic security it is desirable that the
`filter unit be equipped to delete from the data traffic prede(cid:173)
`termined types of data, for example, data that could be
`classified as infringing the security or integrity of a network
`or a part thereof. This may be of particular importance with
`regard to data exchange in a WINDOWS-NT environment.
`To further serve the controllability of the system, every
`computer in a wireless LAN is provided with a device for
`rejecting messages sent by other computers. This procedure
`effectively provides a star structure between the various
`access points and the computers communicating with said
`access points.
`It is further desirable that each computer be provided with
`one or more additional keys for encoding and decoding the
`data traffic destined for a group of computers, or for all
`computers in the same virtual LAN. In addition to the
`point-to-point data message communication on an indi(cid:173)
`vidual basis, the virtual LAN would then also provide the
`possibility of multipoint message communication and
`broadcast message communication.
`Application of the invention is possible by using the
`standard IEEE 802.11 technology for wireless local area
`networks. By applying the invention, the respective wireless
`virtual local area networks are distinguished and separated
`from each other, without the risk of data traffic arriving at
`any other than the intended destination. The invention
`enables the computer users within the various local area
`networks to move about freely within the area served by the
`various access points.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The FIGURE is a representative block diagram of a data
`communication network in accordance with the invention.
`The invention will now be further elucidated with refer(cid:173)
`ence to a single drawing which schematically shows the data
`communication network according to the invention.
`The data communication network shown is suitable for
`data exchange between computers, each of which is indi(cid:173)
`cated by the term "station". The data communication net(cid:173)
`work shown comprises, at least in the portion shown, two
`virtual local area networks indicated by VLAN 1 and VLAN
`2. The virtual local area networks VLAN 1 and VLAN 2 are
`linked with the network via data traffic through the ether,
`taking place with the aid of an access point, indicated as such
`in the FIGURE. According to the invention, the data traffic
`between such an access point and the computers "station" is
`encoded by means of a key code which, in the case
`illustrated, is unique for each computer, whereby an indi(cid:173)
`vidualized link is provided between each computer "station"
`and the respective access point. Another possibility is to
`apply such a unique key code only per LAN, so that all
`computers of that particular LAN are able to participate in
`the data traffic. The unique key is, for example, determined
`for each LAN or computer before-hand. Another possibility
`is to postpone the determination of the unique key until the
`moment that data traffic between one or more computers
`from a LAN and the network is imminent. Generation may
`then be effected by means of a public-key algorithm. Such
`public-key algorithms are known to the expert and require
`no further explanation.
`The FIGURE shows further that the respective access
`points are interlinked by means of wired network links
`which are known as such, and called "wired backbone". To
`make effective use of the data communication network
`
`30
`
`4
`without over-loading by excessive data traffic, each access
`point is provided with a filter unit for deleting any data
`destined for a computer of LAN VLAN 1 or VLAN 2
`respectively, other than the one present in the respective area
`5 of coverage (Cell Aor Cell B) of that particular access point.
`The filter unit is also equipped to delete data sent from a first
`LAN and destined for a computer of a second LAN. The
`result is a logical separation of the VLANS. Said filter unit
`can also delete specific types of data. Furthermore, every
`computer "station" is equipped with an element for rejecting
`10 data sent by another computer "station". In this manner the
`data network acquires a star structure.
`Thanks to the virtual and wireless character of the local
`area networks applied in the network according to the
`invention, a computer station forming part of local area
`15 network VLAN 2, may be moved from the one area of
`coverage Cell A to an area of coverage Cell B, served by
`another access point, without losing the integrity of a local
`area network. Thus the advantage of the invention is that,
`despite the use of wireless computers "station" together with
`20 virtual local area networks, the advantages associated with
`said latter technique, namely improved controllability of the
`data traffic in the data communication network is realized
`without conceding anything to the mobility of the computers
`used in the network. Thanks to the filter units provided in the
`25 various access points forming part of the network, the speed
`of the data traffic in this network, and the logical separation
`of the LANs is guaranteed.
`What is claimed is:
`1. A data communication network suitable for the
`exchange of data between computers, which network com(cid:173)
`prises at least one substantially wireless LAN (Local Area
`Network) and access points distributed over an area covered
`by the network for linking the computers with the network,
`wherein the data traffic with the computers belonging to the
`wireless LAN is individualized by encoding data exchanged
`35 between a computer and its access point with a unique data
`key that defines the wireless LAN within the network,
`characterized in that the wireless LAN is virtual, and that
`every access point possesses a filter unit applied to unique
`keys associated with data traffic for excluding data destined
`40 for a computer belonging to a LAN other than computers
`that are a part of the virtual LAN accessible through the
`particular access point associated with the filter unit.
`2. A data communication network according to claim 1,
`characterized in that the filter unit is equipped to delete from
`45 the data traffic predetermined types of data.
`3. A data communication network according to claim 1,
`characterized in that every computer in a wireless LAN is
`provided with a device for rejecting messages sent by other
`computers.
`4. A data communication network according to claim 1,
`characterized in that each computer is provided with one or
`more additional keys for encoding and decoding the data
`traffic destined from a group of computers, or for all
`computers in the same virtual LAN.
`5. A data communication network according to claim 1,
`55 characterized in that every computer is provided with its
`own unique key for data communication with an access
`point.
`6. Adata communication network according to claim 1 or
`2, characterized in that the data communication network is
`60 equipped to generate the unique key at a time when data
`traffic between one or more computers from a LAN and the
`network is established.
`7. A data communication network according to claim 6,
`characterized I that the generation of the unique key occurs
`65 with a public key algerithm.
`
`50
`
`* * * * *
`
`PayPal Ex. 1039, p. 4
`PayPal v. IOENGINE
`
`

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket