as) United States
`a2) Patent Application Publication 0) Pub. No.: US 2002/0136226 Al
`(43) Pub. Date: Sep. 26, 2002
`
`Christoffel et al.
`
`US 20020136226A1
`
`(54) METHODS AND SYSTEMS FOR ENABLING
`SEAMLESS ROAMING OF MOBILE
`DEVICES AMONG WIRELESS NETWORKS
`
`(60) Provisional application No. 60/278,450, filed on Mar.
`26, 2001. Provisional application No. 60/300,531,
`filed on Jun. 25, 2001.
`
`(75)
`
`Inventors: Thomas W.Christoffel, Concord, MA
`(US); David N. Juitt, Arlington, MA
`(US); Geoff Crawshaw, Needham, MA
`(US); David B. Crosbie, Somerville,
`MA(US)
`
`Correspondence Address:
`HAMILTON, BROOK, SMITH & REYNOLDS,
`PC.
`530 VIRGINIA ROAD
`P.O. BOX 9133
`
`CONCORD, MA 01742-9133 (US)
`
`(73) Assignee: Bluesocket, Inc., Burlington, MA (US)
`
`(21) Appl. No.:
`
`10/055,028
`
`(22)
`
`Filed:
`
`Jan. 23, 2002
`
`Related U.S. Application Data
`
`(63) Continuation-in-part of application No. 09/911,092,
`filed on Jul. 23, 2001.
`
`Publication Classification
`
`Inte C17 cocecccccsecscsensee HO4L 12/28; HO4I 1/16
`(51)
`(52) US. Ch.
`cecescssesssssnstsssnstntensssen 370/401; 370/230
`
`(57)
`
`ABSTRACT
`
`A mobile device roams between homogenous or heterog-
`enous wireless networks while maintaining a communica-
`tion connection with a home network server for the mobile
`
`device. A gateway system for a wireless local area network
`(WLAN)includes gateway servers and manages roaming of
`a mobile device between homogenous wireless networks.
`The gateway system maintains a secure connection to a
`home gatewayserver for the mobile device while the mobile
`device roams between homogenous WLAN’s. A network
`gateway manages roaming of a mobile device between
`heterogenous network systems. The network gateway
`obtains an access identifier from another heterogenousnet-
`work system so the mobile device can roam to the other
`heterogenous network system while maintaining its connec-
`tion to the home network gateway for the mobile device.
`
`70—N
`
`GENERAL ACCESS
`NETWORK(E.G.,
`INTERNET) 38
`
`
`PROTECTED
`NETWORK36
`
` 78AUTHENTICATION
`
`SERVER
`
`44-4
`
`
`
`
`
`
`40-1 GATEWAY
`62
`40-2 GATEWAY
`SERVER Le=e“SERVER
`NN42-4
` NN
`
`MANAGED
`NETWORK 28-1
`
`1
`
`MANAGED
`NETWORK 28-2
`
`
`
`
`6-4 MOBILE DEVICE
`
`30-1 NET ADDR.
`
`APPLE 1025
`
`TUNNEL
`SHIFT 30
`
`|tI|
`
`4B
`
`
`: 34-1Aal
`
`
`
`
`26-1 MOBILE DEVICE
`30-1 NET ADDR.
`
`
`APPLE 1025
`
`1
`
`

`

`Patent Application Publication
`
`Sep. 26,2002 Sheet 1 of 21
`
`US 2002/0136226 Al
`
`90
`
`~
`
`GENERAL ACCESS
`NETWORK(E.G.,
`INTERNET) 38
`
`PROTECTED
`NETWORK36
`
`44-3
`
`:
`
`
`78AUTHENTICATION
`SERVER
`
`
`44-4
`
`44-2
`
`40-1 GATEWAY
`SERVER
`
`é
`
`40-2 GATEWAY
`
`SERVER
`
`I
`
`MANAGED
`NETWORK 28-2
`
`I
`|
`|
`
`|
`
`|I
`
`29-1
`
`MANAGED
`NETWORK28-1
`
`|
`
`TUNNEL
`SHIFT 30
`
`341A
`|
`AB
`NL oR.
`t
`
`34-1B
`[
`
`48
`
`
`
`26-1 MOBILE DEVICE
`
`30-1NET ADDR.
`
`
`
`26-1 MOBILE DEVICE
`
`30-1NET ADDR.
`
`FIG. 1
`
`2
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002
`
`Sheet 2 of 21
`
`US 2002/0136226 Al
`
`180
`
`.
`
`szB-
`‘Y
`
`182
`
`40-1 GATEWAY SERVER
`
`40-2 GATEWAY SERVER
`
`52-2 GATEWAY
`52-1 GATEWAY
`APPLIGATION{30-4
`APPLICATION|90-2
`
`\
`
`
`
`
`
`
`55-2 COMM. INTERFACE
`
`
`
`55-1 COMM. INTERFACE
`
`28-3
`
`FIG. 2
`
`3
`
`

`

`Patent Application Publication
`
`Sep. 26,2002 Sheet 3 of 21
`
`US 2002/0136226 Al
`
`202 ESTABLISH A SECURE CONNECTION FROMA
`MOBILE DEVICE THROUGH AN INITIAL ACCESS POINT
`TO AN INITIAL GATEWAY SERVER.
`
`
`
`
`
`200
`
`204 DETERMINE THAT A TRIGGERING EVENT HAS
`OCCURRED THATINITIATES A TRANSFER OF THE
`MOBILE DEVICE FROM THE INITIAL ACCESS POINT TO
`A TARGET ACCESS POINT ASSOCIATED WITH THE
`TARGET GATEWAY SERVER.
`
`206 PROVIDE CONNECTION INFORMATION TOA
`TARGET GATEWAY SERVER FROM THE INITIAL
`GATEWAY SERVER ABOUT THE SECURE
`CONNECTION.
`
`INITIAL GATEWAY SERVER.
`
`208 RECEIVE CONNECTION INFORMATION AT THE
`TARGET GATEWAY SERVER TO MAINTAIN THE
`SECURE CONNECTION FROM THE MOBILE DEVICE
`THROUGH THE TARGET ACCESS POINT BACK TO THE
`
`FIG. 3
`
`4
`
`

`

`Patent Application Publication
`
`Sep. 26,2002 Sheet 4 of 21
`
`US 2002/0136226 Al
`
`
`
`
` 40-1 GATEWAY
`
`
`
`
`40-2 GATEWAY
`SERVER
`
`
`
`
`30-5 10.0.2.1
`
`SERVER
`
`30-1 10.0.1.1
`
`28-1 ~
`
`30-2 10.0.1.N
`
`30-4 10.0.2.N
`
`
`
`28-2
`
`
`34-1A ff. |
`Qo
`I~
`
`
`
`
`26-1 MOBILE DEVICE
`
`26-1 MOBILE DEVICE
`
`30-3 10.0.1.2
`
`TUNNEL
`SHIFT 30
`
`FIG. 4
`
`5
`
`

`

`Patent Application Publication
`
`Sep. 26,2002 Sheet 5 of 21
`
`US 2002/0136226 Al
`
`40-1 GATEWAY SERVER
`
`
`
`
`40-2 GATEWAY SERVER
`
`30-5 10.0.2.1
`
`
`
`
`
`
`56VIRTUAL
`NETWORK
`INTERFACE
`
`30-1 10.0.1.1
`
`
`
`
`
`
`30-6 10.0.1.1
`
`FIG. 5
`
`6
`
`

`

`Patent Application Publication
`
`Sep. 26,2002 Sheet 6 of 21
`
`US 2002/0136226 Al
`
`FIG. 6
`
`7
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 7 of 21
`
`US 2002/0136226 Al
`
`26l4
`
`qool
`
`“——-8Z10€'0'O1
`
`
`
`
`
`INIOdSSSO0OVLb-ve
`
`“Roeaeeeital{SnfheJSaRhoiapastasom/
`maeiaeaSyrmae!
`wae®hPah
`
`
`
`CbL-9¢
`
`GL0e001
`
`
`
`9001—LSNagns)
`
`(LOO'OL
`
`YaAYaS
`
`
`
`AYMALYD2-0PFOOL
`
`©
`
`8
`
`
`
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 8 of 21
`
`US 2002/0136226 Al
`
`9001-LaNans)
`
`(L'0¢0'OL
`
`YSAYRS
`
`AYMALYD2-07
`EOOL/GL0e'0'01
`
`ZL-9SN
`
`9Bis
`
`goOol
`
`“~~8210001
`
`
`
`LNIOdSSSHOOVLI
`
`“ve
`
`9
`
`
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 9 of 21
`
`US 2002/0136226 Al
`
`6‘bi-]
`
`qooL
`
`“~~BZO€'0'OL
`
`
`
`
`
`INIOdSSAQO0VLE-re
`
`nfSad
`IPRCeG2WBASbo
`
`taeeaSSey,ot“nggunastyee9GL-9S
`
`9001-TSNgns)
`
`(L°0¢'0'0!
`
`YSANgS
`
`AYVMALV®Z-0F
`
`10
`
`10
`
`
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 10 of 21
`
`US 2002/0136226 Al
`
`oe
`Janans)
`
`YSANSS
`
`
`
`AYMALYV®D6-07
`
`Dy,.SeaAseit
`
`L-S0L
`
`POOL
`
`ee
`(L0z'0'0L
`
`900—{SNans)
`
`(L000
`
`AYMALYDL-07
`
`YdaAuas
`
`
`
`e001—Bel02001
`
`
`
`INIOdSSA0OVEb-e
`
`11
`
`OL“biz
`
`
`400}snans)
`_SL01001
`
`YaAUaS
`
`
`
`AVMALY98-OPva8ZL'01001
`
`
`
`
`
`ébL-veLNIOdSSADOV
`
`11
`
`
`
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 11 of 21
`
`US 2002/0136226 Al
`
`e001—8c0c001
`
`
`
`
`
`INIOdSSHADO0VEL-¥e
`
`0z
`
`
`
`POOL-11'02'0'01
`
`iANnans)
`
`AAMASAAVMALV96-0PZ1-92
`
`
`
`
`2-16
`
`LL64
`
`4001
`
`_AVOL'0'0L
`LSNans)
`
`YSaANsaS
`
`AYMALY9D8-0F
`
`szi-64-0'01
`
`5001
`
`9001-1aNans)
`
`(L0€'0'OL
`
`YMAAYaS
`
`
`
`AYMALYS2-07
`
`12
`
`
`
`
`
`cl-véLNIOdSSHOOV
`
`12
`
`
`
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 12 of 21
`
`cbYAANaS AYMALVS
`
`US 2002/0136226 Al
`
`rae
`
`
`
`
`
`_ALOL0'0L#001LaNans)
`
`8-07
`ezi-o(-0'01
`
`Boor
`
`
`
`
`
`INIOdSS3OOVE1-7Z
`
`o00l-faNans)
`
`
`
`AYMALVS2-07
`
`YSANSS
`
`on7
`
`900)—8z!020'0L
`
`POOL—(1'02'0'0F
`
`YSANaS
`
`J3nans)
`
`
`
`AYMALYS6-07
`
`FOOL
`
`13
`
`
`
`
`
`Zb-¥eLNIOdSSADOV
`
`13
`
`
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 13 of 21
`
`US 2002/0136226 Al
`
`7
`
`8001—8z!'0z'0'0L
`
`
`
`AVMALVSD6-07
`
`YsaAdss
`
`
`
`
`
`INIOdSSHOOV€1-¥Z
`
`
`
`Pool—t1'02'0°0L
`
`
`
`1aNans)Sout’Slgyoe00L
`
`9001-TSNans)
`
`
`
`(LOSO'OLN,
`
`AYMALVDL-0F
`
`MAANSS
`
`e001
`
`14
`
`e}6i4
`
`
`
`_ALOL0°01#00)anans)
`
`
`
`MAANgS
`
`LNIOdSSADOV AYMALY98-07mma8ZLOL'0'OLNNél-ve
`
`
`
`
`
`
`
`14
`
`
`
`
`

`

`Patent Application Publication
`
`Sep. 26,2002 Sheet 14 of 21
`
`US 2002/0136226 A1
`
` y”
`78AUTHENTICATION
`
` 74 INTERMEDIARY
`
` 72-2 NETWORK SYSTEM
` 72-1 NETWORK SYSTEM
`
`
`
`Q-3
`
`504
`
`76-1 NETWORK
`GATEWAY
`
`
`
`
`
`76-2 NETWORK
`GATEWAY
`
`
`
`
`52-3 GATEWAY
`APPLICATION
`
`52-4 GATEWAY
`APPLICATION
`
`55-3 COMM.
`
`
`
`55-4 COMM.
`INTERFACE
`
`NETWORK
`
`
`
`
`INTERFACE
`
`
`
`
`
`26-16 MOBILE DEVICE
`
`84 IDENTIFIER
`
`84 IDENTIFIER
`
`
`
`
`88 DEVICE TRANSFER
`
`26-16 MOBILE DEVICE
`
`
`
`FIG. 14
`
`15
`
`15
`
`

`

`Patent Application Publication
`
`Sep. 26,2002 Sheet 15 of 21
`
`US 2002/0136226 Al
`
`302DETECT A TRIGGERING EVENTTHAT INDICATES
`
`THAT A MOBILE DEVICE WILL TRANSFER FROM AN
`INITIAL WIRELESS NETWORK TO ANOTHER TARGET
`
`300
`
`J
`
`WIRELESS NETWORK.
`
`
`
`304 RECEIVE A REQUESTAT THE INITIAL WIRELESS
`NETWORKON BEHALF OF THE MOBILE DEVICE,
`INDICATING A NETWORK SYSTEM SPECIFYING THE
`TARGET WIRELESS NETWORK THAT THE MOBILE
`DEVICE IS TRANSFERRING TO.
`
`
`
`
`
`306 OBTAIN AN ACCESS IDENTIFIER FOR THE TARGET
`WIRELESS NETWORK THROUGH AN INTERMEDIARY
`NETWORK(E.G., INTERNET). THE IDENTIFIER IS FOR
`THE MOBILE DEVICE TO USE WHEN ACCESSING THE
`TARGET WIRELESS NETWORK.
`
`ACCESSES BY USING THE IDENTIFIER.
`
`308 PROVIDE THE IDENTIFIER TO THE MOBILE
`DEVICE.
`
`310 TRANSFER THE MOBILE DEVICE FROM THE
`INITIAL WIRELESS NETWORK TO THE TARGET
`WIRELESS NETWORK, WHICH THE MOBILE DEVICE
`
`FIG. 15
`
`16
`
`16
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 16 of 21
`
`US 2002/0136226 Al
`
`gL
`
`boor-—(1'0'0'r
`
`
`
`MYOMLAN€-92
`
`AYMALYS
`
`LANaNs)
`
`(LLS91'Z6L
`
`OL-OF=ZL-za7,
`duw91BYJ-0o)(FOL-O'OL6acisan
`
`
`re.YAMSaeAVMALYS u_—O01J3ANans)
`
`
`AVMALYSbL-0F|\z-9%oy,|sdesssccccesece
`1aNans)‘aGFFOVSEND
`uaANaSS
`
`8L-7z
`
`Co§4Qasuue
`
`woesnnA
`
`
`
`Ec’b'BOl'Z6L
`
`L
`
`17
`
`17
`
`
`
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 17 of 21
`
`US 2002/0136226 Al
`
`
`MYOMLAN2-92
`AYMALV9
`(1'0Z'0'OL
`Lanans)
`Zo
`100L=BL.
`a7
`
`
`
`
`
`LANIOdSSADOV2-v~
`
`8dozo01
`
`SOO}
`
`\b+
`86/9-cL
`
`ASVaVINT1s9
`
`NOULVLS
`
`Z|‘bl
`
`18
`
`18
`
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 18 of 21
`
`US 2002/0136226 Al
`
`
`
`
`
`pa]ailfenndAYMIALYS
`
`ZZLg‘OO!Z
`
`(LOLOr/LANans)
`
`91‘b+
`
`|_|ENNMYHOMILAN8-92
`
`
`“SANOLLWLS
`
`
`
`‘ASVEYVINTID
`
`86
`
`9-¢L
`
`19
`
`GL'OLOPNOOL
`
`19
`
`
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 19 of 21
`
`US 2002/0136226 Al
`
`au
`
`
`
`
`
`LNIOdSSS99V¢¢-72
`
`Lanans)
`
`
`
`YaANaS_7AYMALVS2-92
`
`8cMoz-0-01
`
`SOOL
`
`GOLopM00!
`
`1001wyJ(L°0Z°0'0L
`
`
`
`MYOMILAN8-92
`
`AYMALYS
`
`(voro'r7Lanans)
`
`AQOL
`
`6}“Bly
`
`/=Ne-“ 7 f
`
`86
`
`
`aeASVEYVINTISO
`JNOILVLS
`
`20
`
`20
`
`
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 20 of 21
`
`US 2002/0136226 Al
`
`
`
`
`
`LNIOdSSSDOV22-¥2
`
`
`
`AYMALYD2-92
`
`YSaANgS
`
`LSNans)
`
`(10Z'0'OL
`100k=v/Zo
`
`uw
`
`8¢Kozo
`
`S001
`
`ZZg)SLLADOL
`
`
`
`MYOMLAN8-92
`
`AYMALVYD
`
`(Voor713aNans)
`
`02‘Bis
`
`
`
`ASVEYVINTISO
`
`NOILLVLS
`
`86
`
`9-CL
`
`21
`
`21
`
`
`
`

`

`Patent Application Publication
`
`Sep. 26, 2002 Sheet 21 of 21
`
`US 2002/0136226 Al
`
`
`AVMALVS2-92
`OLyAeze0z'0'0!
`100==vL/Z(f°0Z'0'OL
`
`=}“\_HHOMLAN8°92
`SNNOILVLS
`
`
`LNIOdSSSOOVcc-ve
`AYVMALVYS
`(voor7J3anans)
`
`pasasvayvaIntnao
`
`YaANaS-
`
`
`
`
`
`Janagns)/GL'OL'O'F_-NOOL
`
`SOOL
`
`AOOL
`
`Lz“Bl
`
`:869-22
`
`22
`
`22
`
`
`

`

`US 2002/0136226 Al
`
`Sep. 26, 2002
`
`METHODS AND SYSTEMS FOR ENABLING
`SEAMLESS ROAMING OF MOBILE DEVICES
`AMONG WIRELESS NETWORKS
`
`RELATED APPLICATIONS
`
`[0001] This application claims the benefit of U.S. Provi-
`sional Application No. 5 60/278,450, filed Mar. 26, 2001,
`and U.S. Provisional Application No. 60/300,531, filed Jun.
`25, 2001. This application is a continuation-in-part of appli-
`cation Ser. No. 09/911,092, filed Jul. 23, 2001. The entire
`teachings of the above applications are incorporated herein
`by reference.
`
`BACKGROUND OF THE INVENTION
`
`[0002] Networked desktop computing is typical in both
`the office and home. Networking of mobile devices, such as
`mobile telephones, laptop computers, headsets, and PDAs
`(Personal Digital Assistants),
`is more difficult. Wireless
`standards, such as IEEE 802.11 and Bluetooth (BT) are
`designed to enable these devices to communicate with each
`other and a wired LAN (Local Area Network). Such mobile
`devices are capable of transferring between wireless LANs
`(WLANs), and some mobile devices can transfer between
`different types of wireless networks (e.g., a WLAN and a
`cellular mobile telecommunications network). Such trans-
`fers typically require establishing a new connection with the
`new WLAN for the mobile device making the transfer.
`
`[0003] These technologies provide for a common attach-
`ment approach for different devices, and so enables mobile
`phones,laptops, headsets, and PDAs to be easily networked
`in the office and eventually in public locations. The Blue-
`tooth technologyis described in the Bluetooth specification,
`available from Bluetooth SIG,Inc.(see also the www.blue-
`tooth.com website), the entire teachings of which are herein
`incorporated by reference. Other standards, such as the IEEE
`802.11 (Institute of Electrical & Electronics Engineers) and
`ETSI (European Telecommunications Standards Institute)
`HIPERLAN/2,provide a generally similar wireless connec-
`tion function as Bluetooth and may be used to support
`WLAN (wireless LAN) communications. See the TEEE
`802.11 “Wireless LAN Medium Access Control (MAC) and
`Physical Layer Specifications,” the entire teachings of which
`are herein incorporated by reference. See also the ETSI
`specifications for HIPERLAN/2, such as ETSI document
`number TR 101 683, “Broadband Radio Access Networks
`(BRAN); HIPERLAN Type 2; System Overview,”the entire
`teachings of which are herein incorporated by reference.
`
`[0004] The IEEE 802.11 Wireless LAN standard focuses
`on access points on the same subnet. Security is handled via
`WEP (Wireless Equivalent Protocol). This sets up an
`encrypted link (data, not headers) between the mobile device
`and the access point. If a mobile device decides to associate
`itself with a new access point on the same subnetthen it uses
`a series of Associate and Disassociate commands defined
`
`slow process and hencetransferring the entire connection to
`the new access point, so that if the old access point was no
`longer involved at all, would result
`in a break in the
`communication. If a mobile device transfers to a new subnet,
`a new secure (WEP)sessionis typically established between
`the mobile device and the new access point with a new
`encryption link.
`
`[0005] WLAN access points (LAP’s) such as those used
`by 802.11 and Bluetooth are part of an IP subnet; thatis, a
`range of IP addresses that are normally used by all the
`devices connected to a section of the network delineated by
`a router (which mayalso be knownas a gateway) that directs
`packets to and from devices that are outside the subnet.
`
`In one conventional approach, devices (e.g., a
`[0006]
`router, gateway, or mobile devices) inside the subnet for a
`WLAN are primarily identified by their MAC address. This
`is a fixed address tied to the Ethernet card. IP addresses are
`associated with MACaddresses. There can be multiple IP
`addresses associated with a single MAC address. Each
`router or gateway device on the subnet maintains a cache
`which mapsIP addresses within the subnet to the associated
`MACaddresses. Data packets are sent to the MAC address
`associated with the IP address by the cache. (For destinations
`outside the sub-net the data is sent to the router which then
`forwards them.)
`
`In order for a device (e.g., router or gateway) to
`[0007]
`find the MAC address associated with a particular IP
`address, an ARP (address resolution protocol) is used. The
`device (e.g., router or gateway) follows the ARP and sends
`out a broadcast message asking for the device associated
`with the included IP address to respond with its MAC
`address. Once received it is added to the cache.
`
`[0008] For a situation where there are mobile devices
`attached to an access point then the mobiles MAC address
`is associated with an IP address from within the subnet IP
`address space. If the mobile device moves to another access
`point that is in the same subnetthenall that is required is for
`the new access pointto realize that it must respond to the
`MACaddress of the mobile device that has just associated
`itself, and the previous access point to cease to respond to
`that MAC address. The MACto IP address cache does not
`
`need to be changed.
`
`If, however, the mobile device moves to an access
`[0009]
`point connected to another subnet
`then the original IP
`address will be unusable. The mobile device would typically
`be required to obtain a new IP address and so break the
`previous connection. The user of the mobile device is
`typically required to re-establish a stateful end-to-end con-
`nection such as IPSec (IP Security Protocol, an encryption
`protocol from the Internet Engineering Task Force (IETF),
`an organizedactivity of the Internet Society), and so the user
`may be required to re-register with the WLAN.For example,
`the user may be required to re-enter a PIN (personal iden-
`tification number) or some other password when connecting
`to a new subnet.
`
`within the IEEE 802.11 specification to signal its move from
`the old to the new access point. The new access point then
`uses its DS (distribution system) layer to route the encrypted
`[0010] Thus, in order for mobile clients to roam from one
`subnet
`to another, one connection (and all
`its attributes
`data back to the original access point (as 802.3 frames) in
`including security) must be dropped and then re-established
`order to be encrypted and decrypted. Hence the unencrypted
`in the other subnet. In other words, seamless hand-offs can
`data enters and leaves the original access point irrespective
`of the actual access point that the mobile is using. This is
`only be done within a subnet and not across different
`subnets.
`done because setting up a new encryptedlink isarelatively
`
`23
`
`23
`
`

`

`US 2002/0136226 Al
`
`Sep. 26, 2002
`
`[0011] Some mobile devices also have the capability of
`moving among different types of wireless communication
`networks, such as between a WLAN network (Bluetooth or
`IEEE 802.11, as described above) and a mobile telecommu-
`nications network, such as one based on a mobile telephone
`communication protocol (e.g., CMTS or cellular mobile
`telephone system, GSM or Global System for Mobile com-
`munications, PCS or Personal Communications Services, or
`UMTSor Universal Mobile Telecommunications System).
`For example, the mobile device (e.g., laptop computer or
`PDA) includes communications interfaces (e.g., communi-
`cations hardware and software) that allow the mobile device
`to communicate with two (or more) different
`types of
`wireless networks. Typically, when the mobile device moves
`to access a different type of wireless network, the current
`communication session with the current wireless network
`terminates, and the mobile device establishes a new com-
`munication session (new communication) with the newly
`accessed wireless network.
`
`SUMMARYOF THE INVENTION
`
`[0012] To be truly effective, mobile users must be able to
`move their mobile devices freely from location to location.
`For example, users must be able to move their mobile
`devices from the office to their own conference room to the
`airport
`lounge to their client’s conference room, while
`maintaining access to the same set of resources without
`manually registering anew in each location. They should
`also be able to send and receive messages and voice calls,
`wherever they are located. Connection servers, such as
`routers, WLAN gateways, and security servers, should be
`able to handle a mobile device that movesits connection to
`the network from access point to access point, from public
`to private networks, or from one wireless network system to
`a different type of wireless network system.
`
`[0013] Wireless networks, such as two wireless networks
`that a mobile device roams between, can be characterized as
`homogenous networks or heterogenous networks, based on
`whether or not
`they follow the same (or very similar)
`wireless communications protocols for communicating with
`a roaming mobile device. To roam between homogenous
`networks, the mobile device need have only one wireless
`communication interface that supports the same wireless
`communication protocol as used by the homogenous net-
`works. To roam between two heterogenous networks, the
`mobile device must have two corresponding wireless com-
`munications interfaces that support two different wireless
`communication protocols. By using these two interfaces, the
`mobile device can communicate over the two heterogenous
`networks and roam between them.
`
`In conventional approaches, mobile devices have
`[0014]
`difficulties in roaming among networks in a seamless man-
`ner that does not require the termination and establishment
`of communication session with a home network server for
`
`the mobile device when leaving one network and accessing
`another network.
`
`[0015] For homogenousnetworks, the mobile device typi-
`cally has difficulties maintaining a secure connection(e.g.,
`WEPbased session) that was established in one network
`when moving to another homogenous network, even if there
`are no access problems in accessing the other homogenous
`network. For an IEEE 802.11 based secure wireless connec-
`
`tion using WEP, the mobile device must establish a new
`secure connection when moving to another homogenous
`network. In addition, a related problem is that IP (Internet
`Protocol) Layer HI security associations exist only with one
`server and cannot easily or quickly be transferred. In order
`to roam between subnets (homogenous networks), a mobile
`device (client for that server) would have to break down one
`security association and rebuild it for the new association
`with another subnet. The approach of the present invention
`avoids subnets by creating one logical server (a gateway
`system composed of gateway servers intercommunicating
`with each other) from a collection of servers.
`[0016] For heterogenous networks, the mobile device typi-
`cally has difficulties in accessing a second heterogenous
`network after roaming from a first heterogeneous network.
`In traditional approaches the mobile device requires reau-
`thentication that leads to establishing a new connection with
`the second heterogenous network,and to losing concurrently
`the previous connection to the first heterogenous network.
`The present
`invention describes an approach by which
`mobile stations can roam between one type of wireless
`network (e.g., a WLAN) and another (e.g., a cellular net-
`work) without having to reauthenticateitself.
`[0017]
`Thus,the present invention provides techniques for
`maintaining connections (such as to a home network server
`for the mobile device) during a seamless transfer of a mobile
`device between wireless networks, for both homogenous
`wireless networks and heterogenous wireless networks.
`
`In one aspect of the present invention related to
`[0018]
`homogenous networks,
`the present
`invention provides a
`method and gateway system (e.g., two or more gateway
`servers associated with two or more homogenouswireless
`networks) for enabling a mobile device to roam among
`access points in a wireless local area network, the mobile
`device capable of communicating with the access points.
`The gateway system includes an initial gateway server for
`establishing a secure connection (e.g.,
`tunnel) from the
`mobile device through an initial access point to the initial
`gateway server, and a target gateway server in communica-
`tion with the initial gateway server. The initial gateway
`server provides connection informationto the target gateway
`server about the secure connection, based on a triggering
`event that initiates a transfer of the mobile device from the
`initial access point to a target access point associated with
`the target gateway server. The target gateway server receives
`the connection information to maintain the secure connec-
`tion from the mobile device through the target access point
`back to the initial gateway server.
`
`In another aspect, the mobile device is assigned an
`[0019]
`internet protocol address by the initial gateway server. The
`secure connection is based on the internet protocol address
`and standard authenticating credentials. The initial gateway
`server maintains the connection based on the internet pro-
`tocol address assigned to the mobile device.
`[0020]
`Ina further aspect, the initial gateway server and
`the target gateway server are coupled by a nested tunnel
`between the initial gateway server and the target gateway
`server. The nested tunnel serves to maintain the secure
`connection from the mobile device back to the initial gate-
`wayserver.
`
`[0021] The nested tunnel between the initial gateway
`server and the target gateway server, in another aspect, is
`
`24
`
`24
`
`

`

`US 2002/0136226 Al
`
`Sep. 26, 2002
`
`based on a hard wired connection between the initial gate-
`way server and the target gateway server.
`
`cations interface an authentication request based on the
`request to a dynamic host configuration server.
`
`In one aspect, the triggering event is a movement
`[0022]
`of the mobile device out of range of the initial access point
`and within range of the target access point.
`
`[0023] The triggering event, in another aspect, is a deter-
`mination that the target access point has a preferable level of
`congestion compared to a level of congestion for the initial
`access point.
`
`the target gateway server
`In a further aspect,
`[0024]
`extends the secure connection from the target gateway
`server to the initial gateway server, so that
`the initial
`gateway server decrypts secure messages originating from
`the mobile device.
`
`[0025] The target gateway server, in another aspect, estab-
`lishes a virtual representation of the initial gateway serverat
`the target gateway server.
`
`In another aspect related to heterogenous networks,
`[0026]
`the present invention provides a method and network gate-
`way (e.g., computer system serving as a gateway to a
`network system composed of network devices, mobile
`devices, one or more wireless networks, and communication
`links) for enabling a mobile device to roam betweena first
`wireless network and a second wireless network. The first
`
`wireless network is substantially heterogeneous with the
`second wireless network. Both the first wireless network and
`
`the second wireless network are capable of communicating
`with an intermediary network. The mobile device is capable
`of accessing the first wireless network and the second
`wireless network. The network gateway includes a digital
`processor coupled with a communications interface. The
`digital processor hosts and executes a gateway application
`that configures the digital process to receive a request to
`access the second wireless network. The gateway applica-
`tion and the mobile device are associated with the first
`wireless network. The request is on behalf of the mobile
`device and indicates a network system specifying the second
`wireless network. For example, the mobile device makes a
`request to the network gateway through the first wireless
`network and the communications interface for the mobile
`device to gain access to the second wireless network(e.g.,
`if the mobile device is moving out of range of the first
`wireless network and into range of the second wireless
`network). The gateway application also configures the digi-
`tal processorto obtain through the communications interface
`and through the intermediary network an access identifier
`for the second wireless network and to provide the access
`identifier to the mobile device to use when accessing the
`second wireless network.
`
`In another aspect, the first wireless network is a
`[0027]
`wireless local area network, the second wireless network is
`a cellular telecommunications network, and the mobile
`device is a personal digital assistant.
`
`the request includes a user
`In a further aspect,
`[0028]
`identification of a user of the mobile device. The gateway
`application configures the digital processor to determine the
`identity of the network system as a function of the user
`identification.
`
`In another aspect, the gateway application config-
`[0029]
`ures the digital processor to provide through the communi-
`
`[0030] The access identifier, in one aspect, is an internet
`protocol address and the intermediary networkis the inter-
`net.
`
`In a further aspect, the gateway application con-
`[0031]
`figures the digital processor to request through the commu-
`nications interface the access identifier from a second net-
`
`work gateway for the second wireless network. The second
`network gateway provides the access identifier from a
`predefined range of access identifiers allocated to the second
`wireless network.
`
`In another aspect, the gateway application config-
`[0032]
`ures the digital processor to store the access identifier in a
`device database that includes a device identification for the
`mobile device.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`features and
`[0033] The foregoing and other objects,
`advantages of the invention will be apparent from the
`following more particular description of preferred embodi-
`ments of the invention, as illustrated in the accompanying
`drawings in which like reference characters refer to the same
`parts throughout the different views. The drawings are not
`necessarily to scale, emphasis instead being placed upon
`illustrating the principles of the invention.
`
`[0034] FIG. 1 is a block diagram of a homogenous net-
`work environmentincluding a gateway system according to
`the present invention.
`
`[0035] FIG. 2 is a block diagram of one example of the
`physical connections for the homogenous network environ-
`ment of FIG.1.
`
`[0036] FIG. 3 is a flow chart of a procedure for transfer-
`ring a secure connection for a mobile device from one access
`point to another access point for FIG.2.
`
`[0037] FIG. 4 is a block diagram of an example of a
`portion of the homogenous network environment with
`sample network addresses.
`
`[0038] FIG. 5 is a block diagram of a virtual network
`interface in a gateway server in the gateway system of FIG.
`4.
`
`[0039] FIG. 6 is a block diagram of a gateway system,
`multiple gateway servers, and multiple mobile devices,
`configured according to the present invention.
`
`FIG.7 is a schematic diagram illustrating an initial
`[0040]
`IP assignmentfor a mobile device in a homogenous network
`environment according to the present invention.
`
`[0041] FIG. 8 is a schematic diagram illustrating an
`authentication request made on behalf of a mobile device in
`the homogenous network environment 20 of FIG.7.
`
`[0042] FIG. 9 is a schematic diagram illustrating a third-
`party IP address request made on behalf of the mobile device
`in the homogenous network environment of FIG. 7.
`
`[0043] FIG. 10 is a schematic diagram illustrating an ARP
`(address resolution protocol) request made on behalf of a
`mobile device in a homogenous network environment
`according to the present invention.
`
`25
`
`25
`
`

`

`US 2002/0136226 Al
`
`Sep. 26, 2002
`
`[0044] FIG. 11 is a schematic diagram illustrating a loca-
`tion update message madeon behalf of the mobile device in
`the homogenous network environment of FIG. 10.
`
`[0045] FIG. 12 is a schematic diagram illustrating an
`information message made on behalf of the mobile device in
`the homogenous network environment of FIG. 10.
`
`[0046] FIG. 13 is a schematic diagram illustrating a
`nested tunnel for the mobile device in the homogenous
`network environmentof FIG. 10.
`
`[0047] FIG. 14 is a block diagram of a heterogenous
`network environmentillustrating a device transfer between
`two heterogenous network systems according to the present
`invention.
`
`[0048] FIG. 15 isa flow chart of a procedure for providing
`an access identifier to the mobile device to enable the device
`transfer of FIG. 14.
`
`[0049] FIG. 16 is a schematic diagram illustrating a
`WLAN gatewayand a mobile telephone network gateway in
`a heterogenous network environment according to the
`present invention.
`
`[0050] FIG. 17 is a schematic diagram illustrating a
`heterogenous network environment with two heterogenous
`network systems and a mobile device, according to the
`present invention.
`
`[0051] FIG. 18 is a schematic diagram illustrating a
`mobile device connected to a cellular network system,
`according to the present invention.
`
`[0052] FIG. 19 is a schematic diagram illustrating an ARP
`request made on behalf of a mobile device in a heterogenous
`network environment, according to the present invention.
`
`[0053] FIG. 20 is a schematic diagram illustrating an
`authentication query made on behalf of the mobile device in
`the heterogenous network environment of FIG. 19.
`
`[0054] FIG. 21 is a schematic diagram illustrating an
`internetwork tunnel for the mobile device in the heterog-
`enous network environmentof FIG. 19.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`[0055] The present invention is directed to techniques for
`enabling the seamless transfer of mobile devices between
`wireless communication networks. Such networks may be
`homogenous,that is, based on the same or similar wireless
`communication protocols that allow for the transfer of
`mobile devices between the homogenous wireless networks.
`FIGS. 1-13 are directed to preferred embodiments of the
`present invention for the seamless transfer of mobile devices
`between homogenous networks. Other networks are heter-
`ogenous, that is, based on dissimilar wireless communica-
`tion protocols that do not allow for (or readily allow for) the
`transfer of mobile devices between the heterogenous net-
`works. FIGS. 14-21 are directed to preferred embodiments
`of the present invention for the seamless transfer of mobile
`devices between heterogenous wireless networks.
`
`[0056] FIG. 1 is a block diagram of a homogenousnet-
`work environment 20 including a gateway system 22 that
`includes two gateway servers 40-1 and 40-2 according to the
`present
`invention. The network environment 20 also
`
`includes a mobile device 26-1, homogenous managed net-
`works 28-1, 28-2, a protected network 36, and a general
`access network 38. The protected network 36 connects to the
`gateway system 22 by network connections 44-1 and 44-2,
`and the general access network 38 connects to the protected
`network 36 by network connection 44-3. The gateway
`system 22 connects to managed networks 28-1, 28-2 by
`managed network connections 29-1 and 29-2. A mobile
`device 26-1 connects to the managed network 28-1 by
`wireless connection 48, and the same mobi