Wireless initialization device

FIELD: engineering of telecommunication equipment.

SUBSTANCE: wireless initialization device is a system for administrating computer data traffic, capable of routing TCP/IP traffic with utilization of 2,4 GHz equipment. Aforementioned wireless initialization device, strategically, is subject to positioning in areas of logical segments of wireless network for facilitation of traffic administration. This device operates to provide for possible connection between wireless access points and main line. Device also may be positioned in client local network, providing possibility of access to global network. Wireless device has authentication means, maintaining operative connection with operation system. Wireless device is capable of filtering IP-addresses, controlling a firewall and/or router and/or bridge.

EFFECT: increased effective TCP/IP traffic capacity for global network or local network, at the same time, realization of safe administration and improved integrity.

2 cl, 3 dwg

 

The technical field to which the invention relates.

The present invention relates to telecommunications equipment and, in particular, in the preferred form, to a wireless device initialization is configured to route TCP/IP traffic using 2.4 GHz-new equipment.

The level of technology

Until recently, the possibility of the Internet connection was limited to wired connections with the cloud of the Internet. With the advent of more powerful 2.4 GHz antennas, it became more practical to provide wireless connections to computers that eventually connect back to the cloud of the Internet. With the growth rate of wireless equipment wireless connection with the user become more economical than cable. As a result, attempts were made to replace a wired wide area network (HS, WAN) high-speed wireless connections.

Currently, wireless equipment represents only the bridges. These wireless bridges contain one or two wireless cards, depending on the manufacturer, and one wired connection. In some cases, there are two wireless cards and one wired connection. However, with the rapid development of telecommunications, you may need 3 or 4 wireless connections and 3 or 4 wire what's connections. Although the bridge is well suited for connecting to each other two or three local area networks (LAN, LAN), an excessive number of bridges will not work in the long GS, because modern routing logic is theoretical limit of efficiency from 3 to 5 bridges. Thus, the modern 2.4 GHz-new wireless access points provide the bridges, which significantly restrict the ability of a user to place wireless equipment in the global network. 2.4 GHz-new wireless equipment is designed to create a LAN with hub and to connect together two or more small drug through bridges. It is not intended for operation in the environment of the HS General use.

In addition, modern wireless connections are intended for internal use, and security is linked only with the network name. Alternatively, the system can be maintained closed, using the addressing control the medium access (MAC, MAC). Despite the wireless function, such solutions HP provided that connection back to the wireless access point is relatively little and that connections are to some extent fixed. As a result, to access the access point is used constantly filtering the DCP. For the entry into force of the new access control list usually is trebuetsya reboot the access point. In addition, the access point can accommodate a finite number of the MAC addresses. This significantly limits the number of roaming users, which can be added to the system. Whenever you add a new member, it is necessary to update and restart each access point in the network.

Simple network management Protocol (SNMP), allowing you to manage the wireless access point that has become the standard method of data transfer. To modify the filter UDS, network transmit an administrative password to access the access point. This password is passed in clear text. In the absence of connections secure shell, connecting to the TOS, you can easily intercept this message in clear text. Hacking administrative password jeopardizes the entire system. In earlier systems, in order to avoid such a situation, the network name provided only to the members of the organization. Without the network name of the wireless card cannot connect to the access point. In the environment common use network name is common to all who use service that opens a relatively wide possibility of unauthorized access.

A required element of wireless equipment to effectively communicate in the big GS. You also need a wireless device initialization, which provide the t network routing node of the sender and security measures on the network. In addition, it requires 2.4 GHz-new wireless access points that act as bridges to the user to have the ability to place wireless equipment in the global network. Also require wireless connections, providing for external use and flexible protection. It also requires a system capable of providing multiple connection back to the wireless access point without the need to reboot to add new users roaming.

The invention

The present invention provides a wireless device initialization can route TCP/IP traffic using 2.4 GHz-new equipment. This device should be placed strategically in the areas of logical segments of the wireless network to facilitate the administration of the data traffic. This device is designed to provide connectivity between wireless access points to the highway. The device may also be located in the subscriber LAN, providing connectivity to the TOS. According to a preferred variant implementation, the wireless device has only seven wireless segments. The wireless device is able to filter IP addresses to monitor the needs of the firewall and/or router and/or bridge and increases effective the e transmission of TCP/IP traffic on the HS or LS, at the same time ensuring the safe administration and increased connectivity.

The main objective of the present invention is that an element of the wireless equipment to effectively communicate in the big GS.

Another objective of the present invention is to provide a wireless device initialization, which provides network routing node of the sender and security measures on the network. For this purpose it is necessary to provide a secure connection between the wireless access points and to points that require administrative connections.

Another objective of the present invention is 2.4 GHz-new wireless access points that act as bridges to the user to have the ability to place wireless equipment in the global network (HS).

Another object of the present invention is to provide wireless connections, providing for external use and flexible protection. You can offer some embodiments of the present invention, which can solve the above problem, in particular, with application authentication Protocol (RADIUS authentication service remote users dial-up communication channels). The RADIUS Protocol is an authentication method having a higher estate is steadily increasing, flexibility and security. The authentication process is performed through a secure connection to the Central server. In case of violation of protection for some reason on the server you can change the user name and password, making changes in the database, not the hardware. Using a new operating system together with modern wireless cards, wireless devices can be configured for logical administration via secure connections. In addition, the authentication Protocol RADUS it is safe to pass through a wireless device in a secure network.

An additional object of the present invention is a system configured to provide multiple connections back to the wireless access point without the need to reboot to add new users roaming.

To address these and other objectives, one aspect of the present invention provides a wireless device initialization capable of performing the function node router, providing reduced excessive network load and stabilizing the network in a reliable TOS reserve.

Other objectives, features and advantages of the invention will become apparent from the following detailed description given in conjunction with prila Emami drawings.

Brief description of drawings

Figure 1 - scheme of the wireless device initialization in accordance with the present invention.

2 is a diagram of a variant of implementation of the wireless device with two connectors in accordance with the present invention.

Figure 3 - diagram of the wireless system initialization in accordance with the present invention.

Detailed description of the invention

The system initializes the router according to the present invention, includes many wireless access points, wireless device initialization for reception, transmission and direction data from multiple networks and configured to maintain the connection between the wireless access points and the wireless device initialization, and a wireless device initialization contains chassis, at least one network card, at least one wireless card, at least one processor and at least one operating system, quickly configurable chassis and associated at least with one of the many wireless access points for sending and receiving data between the wireless access point and frequency communication system and a wireless device initialization is made with the possibility of multiple connections back to that is ke wireless access no need to reboot to add a new user roaming, the system frequency communication, positioned for communication between the wireless device initialization and multiple wireless access points for transmitting and receiving data between the wireless device initialization and multiple wireless access points via a secure connection, and the Protocol for secure authentication with authentication traffic as it passes through the system frequency communication.

In this application the following terms are used.

The access point. A network device that allows computers that are not part of the network to connect to the network and to communicate with it. The main function of the access point is to provide access points for these unconnected computers.

The authentication. The system of measures to maintain the system information that is protected from damage or prying eyes. In networks, the procedure by which the computer confirms the user's identification. In the most General form involves comparing the input name and password with stored file of approved user names and passwords. Upon detection of any differences between the user's access to information is blocked.

The axle. Links of the network so that dannielou to pass from one network to another network through another network.

The datagram. A unit of data that is transmitted over the network and contains information about the destination.

The element of service directories. Network administration, located on the same computer company. This computer maintains a database directory, which stores all the information from the rating the privileges authentication for network users. In particular, this machine records the MAC address and profiles of tariffs for users of the system. This computer is a Central repository that manages user access, system privileges, and payment status.

The dynamic host configuration Protocol (DHCP). An Internet Protocol for automating the configuration of computers that use TCP/IP. DHCP can be used to automatically assign IP addresses for delivery of the parameters of the underlying TCP/IP configuration and to provide other information, such as addresses, secondary servers.

Gateway. Complex device interconnectivity, which converts information from one Protocol to another. Gateways transfer information between networks that use different communication protocols. In fact, gateways eliminate information from one service and restore it in the format of a Protocol of the other network. Gateways include all AP is Artie and software used for linking heterogeneous network operating systems (SOS, NOS) or to link local area networks (LAN) with the main computing machine or wide area network (WAN). Gateways are also used in electronic mail (E-mail) to convert messages between services that use different e-mail protocols.

A graphical user interface (GUI GUI). To execute commands GUI uses graphic symbols called icons, and menus.

Local area network (LAN). A group of computers, usually in one building or facility is physically connected so that they can communicate and interact with each other. To operate the server, i.e. the computer that supports data, used different computers on the network. Some of the benefits of network connections include the ability to share the documentary files and expensive equipment. To implement network connections you can use various combinations of topologies, protocols, software and hardware. The network for connecting computers instead of cables used radio, you can call the local wireless network.

Access control environment (UDS, WT). The Protocol, which defines the transmission of information in the network.

Site. Any devices is, which can communicate with other computers in the group of interconnected computers. Usually under understand computer system (CS) or the terminal, which(th) is part of a network.

Package. The block of data transferred from one computer to another over a network or the Internet. The package contains three parts: data to be reported, the data necessary for the transaction packet to the destination, and the data and fix errors on the way. Normal transmission consists of several packages. The computer produces a breakdown of the transmission at the point of transfer and re-assembles it in the destination.

Protocol. A set of rules and procedures for exchanging data between computers on a network or over the Internet. Protocols usually include a check of information or errors, data compression, and sending and receiving messages.

A router. The element of the communication network, which accepts transmission and forwards them to their destination using the shortest available route. On the way to the destination data may pass through several routers.

Simple network management Protocol (SNMP). He carries out the exchange of network information through messages, known in the art as Protocol data units (PBB, PDU).

Telnet. Terminal emulation, in Motorostroitel connects to a remote host using Internet accounts, as in the case of direct user connection to the host, so that the communication session continues as if the user were at the terminal connected to the host, even though the user actually connects to another website, using the Internet to connect to the host.

The topology. Physical network configuration, which determines how interconnected computers on the network.

The transmission control Protocol/Internet Protocol (TCP/IP) Language, controls communication between all the computers on the Internet. TCP/IP consists of two separate Protocol, TCP and IP are used together. Section of the standard, meets the Internet Protocol, specifies how to transmit packets of information over networks. IP provides a method of addressing packets, which allows any computer on the Internet to forward a packet to another computer, which is at the distance of a step or more closer to the recipient of the package. The transmission control Protocol ensures reliable data transmission over networks that are connected to the Internet. TCP checks the packet for errors and issues requests for retransmission in case of error detection, it also restores many packages the message in the correct, original sequence when the message reaches its final destination.

Global network (HS). Sosaku the efficiency of computers, interconnected or networked in a geographic area. GS usually require special agreements with telephone companies, since data transfer between districts (called sites) is carried out over telephone lines.

A computer network is simply a collection of Autonomous computers, connected to each other to provide access to shared hardware and software resources and to improve overall reliability. The distinctive term "local" is usually applied to computer networks in which computers are in the same building or nearby buildings, such as a campus or corporate website. When computers are removed to a greater extent uses the term "global network", but the difference between them is purely quantitative and definitions sometimes overlap.

Bridge a device that connects at least two drugs and servers to transmit frames or packets of messages between the LAN that allows the station to the sender in one LAN to transmit data to the station receiver to another drug, regardless of the location of the recipient. Bridges, in principle, are useful network components, because the total number of stations in the same LAN is limited. Bridges can be implemented so that they work on the selected browsecatalog Protocol.

At the heart of any computer network is the communication Protocol. A Protocol is a set of conventions or rules that govern the transfer of data between computer devices. The simplest protocols specify only the hardware configuration, while more complex protocols specify bronirovanie, data formats, detection and methods of bug fixes and software patterns.

Computer networks almost always use multiple layers of protocols. The Protocol of the lowest, physical layer provides the transmission and reception of data flow between two devices. The construction of the data packets is performed at the data link layer. The protocols for the network and transport layers, which are located above the physical level, manage the transmission of data over the network, thereby ensuring reliable delivery of data.

Was proposed and widely spread model of the network architecture. It is known as the reference model of the interaction of the open systems interconnection (OSI)approved by the International organization for standardization (ISO). Itself OSI reference model is not a network architecture. It only specifies a hierarchy of Protocol layers and defines the functions of each level in the network. Each level on the same computer network communicates with the corresponding layer on another computer with which communication is carried out soo is required by the Protocol, defines the rules for the implementation of this communication. In fact, on the same computer is the transfer of information down from level to level, and then through the channel environment and up again on successive levels on another computer. However, in order to examine the construction of various levels and functions easier to believe that the computers are connected with each other at each of the levels in "horizontal" direction.

Lower level stipulated in the OSI model, called the physical layer and refers to the transfer of raw data bits over the communication channel. The design of the physical layer is based on such techniques as electricity, mechanics or optics, depending on the media used for the communication channel. Level, the next physical level, is called the link layer. The main task of the data link layer is to transform the physical layer, which is directly connected with a channel environment in a communication line, which is the network layer, the following in order of increasing level, perceived as free from errors. The link layer performs functions such as structuring the data into packets and attaching control information to the packet.

Although the link layer largely depends on the nature of the physical transmission media, in some aspects, the work ur channel is una largely depends on the transmission media. For this reason, the link layer in some network architectures is divided into two sublayers: sublevel control logical channel that carries out all the functions of the channel, independent of the environment, and sublevel UDS. This sublayer determines which stations should have access to the communication channel in the presence of conflicting access requests. Level functions DCP usually depend on the nature of the medium of transmission.

The main function of the bridge is to listen in promiscuous mode, i.e. all traffic messages on any drug to which it is connected, and to forward each message, which he hears, drug, other than the one where the received message. Bridges also maintain a database of the locations of the stations, extracted from the contents of messages to be forwarded. Bridges connected to the LAN via paths, referred to as "channels". After some time, the bridge can associate almost every station with one or another channel that connects the bridge with drugs, and then to forward messages in a more efficient manner, passing only through proper channel. The bridge can also recognize the message, does not require the shipment, when the sender and receiver are one and the same channel. In addition to the "study" of the locations of the stations or at least directions of the stations, the bridge functions mainly as retranslate the message.

As the complexity of network topologies with a large number of drugs and numerous bridges connecting them, you may experience a problem when there is a possible bridge connection LS. In particular, if multiple drugs are connected by bridges with the formation of a closed loop, the message can circulate back to LS, where it was originally transmitted, resulting generated multiple copies of the same message. In the worst case, the message is duplicated to the extent that the network is essentially driven by these messages and are unable to handle them all.

The Internet is a collection of networks, including ARPANET, NSFnet, regional networks, local networks in various educational and scientific institutions, and various military networks. Protocols, commonly referred to as TCP/IP, were originally developed for use only in the ARPANET and then became widespread in the field of communications. Protocols provide a set of services that allow users to communicate with each other across the Internet. The specific services that represent these protocols include file transfer, remote recording, remote execution, remote printing, mail and computer access to network file systems.

The main function of the transmission control Protocol (TCP) is t the m to ensure that commands and messages from the application layer Protocol, for example, computer mail, delivered to the destination. TCP keeps track of departure and re-transmits everything that was not properly delivered to the recipient. If any message is so long that it cannot be delivered in a single datagram, TCP divides it into several datagrams, and ensures that they are properly delivered and reassembled for the application program at the point of reception. Because these features are required for many applications, they are collected in a separate Protocol (TCP), and is not included as an integral part of each application. TCP is implemented at the transport level of the OSI reference model.

Internet Protocol (IP) is implemented at the network layer OSI reference model and TCP provides basic services, namely, delivery of datagrams to the destination. TCP simply passes the IP datagram to the specified destination; IP has no information about the relationship between successive datagrams, and simply routes each datagram on its destination address. If the destination station is connected to another LAN, the IP uses routers to forward the message. TCP/IP often uses a small deviation from the seven-layer OSI model, which consists in reducing the number of levels. The category is slim these seven levels:

Level 7 - level applications. Identifies the communication parameters, user security and authentication, as well as specific details of the transfer syntax. Examples of protocols layer 7 are file transfer Protocol (FTP), simple Protocol for sending electronic mail (SMTP) and Telnet.

Level 6 Executive level. Is responsible for converting the transmission of the data in the text depending on the application program. Management, in General, is passed to the operating system that works with specific aspects of the data through protocols such as the Expert group on moving images (MPEG) and joint group of experts in the field of photography.

Level 5 - level communication session. Establishes a connection between the parties in both directions, it stops when the transfer is done via protocols such as AppleTalk and control Protocol session (SCP).

Layer 4 - transport layer. At this level, the transmission control Protocol (TCP)Protocol user datagram (UDP) and the communication Protocol names (NBP) add transport data in the packet and pass it to level 3.

Level 3 - firewall level. When the local host (or host sender) initiates the action that should be performed or which must meet remotely with the host (or the host recipient), this level takes the package with level 4 and adds the IP information, and then transmits it to level 2. Through protocols such as border Internet Protocol (Protocol edge routing (BGP) or the Protocol exchange routing information (RIP), level 2 identifies the recipient of the transfer on the basis of specific network protocols and manages the route each data packet in all the gear, all the way.

Level 2 - level network interface. Is that "sees" the network device, such as a host or a local computer, and the medium over which data is being received at level 1. Adds, through protocols such as the management of logical connection (ULS, LLC) or control access to the environment (UDS), the specific code required to take the data packets on their way using the information from level 3. For example, if the network standard requires that each data packet is started with a line from a particular binary digits, you can add them at level 2.

Level 1 - the physical layer. This is literally Ethernet (Ethernet) or Internet Protocol for serial channel (SLIP). Specifies the physical interface required for delivery of information from point a to point b, and includes various technical terms LS and GS.

On the receiving host, the levels break down the queue, what their information is passed to the next, a higher level once more until you reach level applications. If you have a gateway between the host sender and the destination host gateway takes the packet from the physical layer, passes it through a data transmission channel at the physical layer IP to continue. When sending messages from the first host to the second gateway transmits the package, tearing the underlying levels, forwarding the underlying level, and then pass the package to the final destination.

Router as a bridge is a device that is connected to two or more networks. However, unlike a bridge, a router operates at the network level, not at the data link layer. When addressing at the network layer uses the 32-bit address field for each host, and the address includes the network ID and the host ID within the network. Routers use the destination network identifier in the message to determine the optimal path from the network the sender to the network destination. To determine the optimal paths routers may use different routing algorithms. Usually the routers exchange information about the identity of the networks to which they are connected.

When the message reaches the destination network to complete the shipment at destination host requires link-layer address. Link-layer addresses have size is 48 bits, and no two hosts, wherever they are located, do not have the same address channel level. There is a Protocol called ARP (resolution Protocol IP address conflict network layer to the physical address of the connection level (Protocol address rewrite))that receives a link-layer address of the corresponding network layer address (the address that uses IP). Typically, each router maintains a table of the database in which you can find the link-layer address, but if the destination host is not in the database ARP, the router may send an ARP request. Answers only addressed to the destination host, and then the router is able to insert in the forwarded message, the correct link-layer address and send a message to the final destination.

IP routing specifies that the IP datagram is spread through the United network step by step on the basis of the destination address in the IP header. The entire route is not known at the initial stage of propagation. On the contrary, in each intermediate point is calculated next destination by comparing the destination address with the IP datagram header with routing table entry for the current node.

The contribution of each node in the routing process consists in forwarding packets based on internally the information present in the router, regardless of whether the packets to the final destination. In order to promote this explanation one step forward IP routing does not change the original datagram. In particular, the address of the sender and recipient of the datagram remains unchanged. The IP header is always specifies the IP address of the original sender and the IP address of the final recipient.

When IP performs the routing algorithm, it calculates the new address, the IP address of the device to which you should then send the datagram. This algorithm uses information from the routing table entry, as well as any cached information that is local to the router. This new address, most likely, is the address of another router/gateway. If the datagram can be delivered directly, the new address will be the same as the destination address in the IP header.

Next, the address specified above not stored in the IP datagram. No back seat, where his keep, and he did not "stored". After executing a routing algorithm for specifying the address of the next step to your final destination. Software IP Protocol transmits the datagram and the address of the next stage software network interface that is responsible for the physical network, which now need re is the substance of the datagram.

Software network interface connects the address of the next step with a physical address, forms the package using physical addresses, places the datagram in the data area of the packet and passes the result on a physical network interface, which is achieved through the gateway of the next step. The next step takes the datagram, and the above process is repeated. In addition, IP does not provide an error message back to the sender when there are anomalies in routing. This mission is another Internet Protocol, namely the control message Protocol Internet (ICMP).

The router converts the Protocol. One example is present at levels 1 and 2. If a datagram is received via the interface Ethernet and be output on a serial link, for example, the router picks the header and tail of the message of Ethernet and replaces them with the appropriate header and tail parts for specific network environments, for example, SMDS (Switched Multimegabit Data Service) service (high-speed circuit switched data channels).

To retrieve the address of the next step, instead of routing table entries you can use the routing strategy. The system and methodology that meets the present invention, test the sender's address, to view the th, what is the range of addresses of Internet service provider (ISP) it is. Defining a range of addresses of the ISP, the service route to the address of the next step associated with a particular Internet service provider.

It should be noted, however, that the routing of wireless networks on the access nodes is the most effective means of data transmission on the Internet. One aspect of this wireless device initialization is to provide routing at each point of access nodes. This provides a stronger network and provides flexibility in network design. This flexibility allows us to better administer the network graph and adds to the total bandwidth by reducing network latency by optimizing routes and administration of data packets. Although the wireless device initialization can act as a bridge, the decision to use initiating wireless router as a bridge to the network or router on the network must take network engineer. This feature allows the network engineer more flexibility in determining the design of the network. In addition, the flexible nature of the device allows the user to change the regional node, which serves as a bridge to the node in the underlying network, which routes the application code modifications without the need to restart.

Then, as the growth of the host, the network engineer can update the site to meet the needs of the network without affecting existing clients. Inserting the card into the connectors of the chassis, which the operating system (OS) contains open source code, preferably, LINUX, wireless device initialization can be configured as a router or bridge. The routing module of the LINUX system is not part of the main operational kernel. As a subcomponent of the OS, the routing module allows updating and modification without rebooting the system. Restart advanced LINUX block can take up to 30 minutes. Updating the routing module in LINUX can take less than 2 seconds to re-initialize. This reinitialization is transparent to the subscribers connected to this unit. The routing module allows the replacement of the bridge module, if the access node does not require routing. Routing in the access point allows you to filter IP address or for all subscribers attached to this node, or for a single IP address, attached to this node. In addition, the routing module contains the routing logic is able to improve throughput. Only this process allows you to transfer certain amounts of data on a specific IP address of the subscriber and/or the it.

The present invention develops the prior art due to the additional access points. With flexible configurations, preferably, eight ports, wireless device initialization can contain up to seven wireless and one wired connection wired or seven connections and one wireless connection, or any combination that is suitable for the network. This reduces costs and reduces the demand for space. Thanks to the replacement of this system at a faster chipset, equipment effectively handle more data from the same point. In addition, this feature allows you to expand the system to develop from the outer boundary of the site with a small load to a node of the core network with multiple redundant without affecting existing subscribers. The user can also increase the number of potential subscribers to the access point in the network, adding the card and the antenna without having to modify the chassis. Since the physical configuration of the system is housed in a chassis of a personal computer, containing, preferably, eight possible network Jack, wireless device initialization can be configured in various quantities wireless cards and network cards. Chassis can contain up to two processors. The operating system is LINUX we in single or dual configuration provides powerful data administration. This configuration of processors and a significant amount of RAM that the operating system can significantly manipulate large volumes of information than traditional wireless access points.

Device initialization, according to the present invention also solves the security issues of wireless equipment. By connecting a network of remote access secure shell to the wireless device initialization, other users on the network can not catch the message traffic and administrative information. Thanks to this feature, wireless equipment for General use can become widespread. This feature uses a more universal scheme administration network remote access. Thus, the administrator can write graphical user interfaces (GUI) or can be controlled by the node using the screen command-line plain text. Connecting to these nodes can be limited to authorized IP addresses and domain names that reduces the risk of unauthorized entry into the network. Currently, wireless equipment uses simple network management Protocol version 1 (SNMPV-1) for administration of the access device. SNMPV-1 limited traffic text messages. Any connection with this point to blunt is in the same logical segment, that and those which produce the administrative work to the access device. In each network solution logical segments contain all the information that is transmitted within a segment. Traffic on this logical segment is a long-standing problem of cyclic networks. The Protocol SNMPV-6 is a typical solution to this problem when using the SNMP Protocol. However, SNMPV-6 is a Protocol that requires intensive CPU processing, providing significant excess burden of an extensive network. Through the use of a secure connection network remote access, excessive network load is reduced, and the security of the system increases. Only a secure connection network remote access allows certain IP to connect to certain ports of data. This structure is a limited connection, essentially, creates a different logical segments in the same physical network segment. The newly created logical segment does not give a standard user to intercept administrative traffic.

According to a preferred variant implementation of this wireless device initialization, limited static MAC addressing is replaced by the RADIUS authentication or combined with it. RADIUS authentication can be attached to the UDS-addressing in conjunction with the user name and the by a password. This authentication method significantly reduces the likelihood of theft of services and provides the user of the mobile solution between cellular compartments. In addition, this feature is suitable to the method of service directory, which provides the user with a more specialized interface. Through the use of IP filtering, authorization levels and administration of users within the enterprise, the initiating wireless router in conjunction with a directory service manages the consumption of bandwidth and provides the user with a more specialized service. In the absence of a RADIUS authentication users connect to the network without any control from the Central server. By providing RADIUS authentication, one server controls the user's ability to enter into certain parts of the network.

Various embodiments of the present invention provide a firewall and mediation service. The mediation service is a combination of positional filtering packet content inspection. Essentially, Firebox intercepts traffic destined for other destinations (for example, a web server or mail server) and applies strict rules of access and routing for the protection of internal networks and servers. Dangerous Proc. of the FIC is discarded, and the normal schedule is passed to a specified destination. In other words, the application switching network traffic, which is trusted, usually local customers when they access the resources of the unknown network is often used to protect local corporate LAN from potentially hostile external hosts. Wireless device initialization can provide both of these services on the user's terminal. These services provide the user with an additional level of protection without the need for security administration. In addition, the mediator will provide the conversion of IP addresses to allow users to maintain a network outside the entry point into the network.

Wireless device initialization, which meets the present invention, provide connections from cards, personal computers, and other wireless devices initialization. So the same wireless HS can contain individual users and large drug. In the traditional configuration of wireless equipment, the user must choose to provide the service or a personal computer containing a card, or a wireless bridge access. Commercial users select the bridge access, while resident user when selecting the AET use of the personal computer. In the absence of the wireless device initialization, you would have to create two separate wireless infrastructure to satisfy all types of customers. Wireless device initialization allows the user to connect to the wireless infrastructure using either a separate personal computer or other wireless device initialization. As a result, you can create a single wireless infrastructure that meets all possible types of subscribers.

It is obvious that the components of the present invention, are described in General and illustrated in the figures, it is possible to build and build in a wide range of different configurations. Thus, the following more detailed description of embodiments of the system and method of the present invention, are presented in figures 1-3 are not intended to limit the claimed scope of the invention, but are preferred in the present embodiments of the invention.

To provide a better understanding of the preferred in the present embodiments of the invention given with reference to the drawings figure 1-3, where similar parts are denoted by similar positions.

In General, figures 1-3 show the Autonomous wireless system. Figure 3 shows that the wireless cloud 300 connected boundary m is Scrutineer 310 in each access point. According to a preferred variant implementation of the present invention, the boundary router 310 is a regular wired router. One level clouds 300 connected element 320 service directory. This device can be configured to manage objects, authentication, which carried all the computers on the client side. Cloud 300, connected to the mast 330 passes through a wireless router 340. This router 340 serves as a router and server dynamic host configuration Protocol (DHCP). All other connections on the mast also use wireless routers to connect the Central wireless router.

Each time a wireless router 340 is located on the mast 330, the router acts as its own DHCP server. The mast 330 assigned to a specified set of IP addresses. All authentication DHCP returns the element 320 service directory the correct account. In neighborhoods with a large load, for example, factories 350, the wireless router 340 is placed in the output access point 360. This wireless router 340 acts as an internal router for all equipment at the enterprise edge router for a neighborhood. Wireless router 340 required welcoem customers, which have a large number of computers connected to the wireless network. Home users and small businesses 370, which have one or two PC 380, can directly connect back to the wireless router 340 on the mast 330. In addition, users of small computers may have bridged the connection back to the mast 330 and then not get the route until you reach the edge router 310 at the output of the clouds 300 Internet.

In particular, according to figure 1, illustrating a variant implementation of the wireless device initialization, according to the present invention may contain chassis 100 that is properly configured with the operating system 110 based on UNIX, for example, the LINUX operating system running on CPU 120 Intel. 2.4GHz s wireless card 130 is equipped with a conventional PCMCIA connectors 140. This connector is adapted to the structure 150 bus PC via adapter from the PCMCIA to PCI. The bus interface PC is PCI. The information is transferred to the wireless card and deduced from them over the PCI bus in the TCP stack (not shown) LINUX OS 110. The TCP stack on a LINUX system configured to either forward or transmit data through the corresponding interface. In many cases, the data received in the wireless device initialization via map network interface/100 (NIC) 160 by standard methods wired IP 170. When the information comes via a wired connection 170, the configuration of the TCP stack in the module stack LINUX directs traffic from the corresponding compounds. The configuration of the TCP stack in LINUX optimizes the flow of network traffic data.

In figure 2, where in General depicts a typical configuration for 2.4 GHz-new bridge 200, shown 1 and 2 wireless card 210 with PCMCIA connectors 220. These cards 210 connected to the bus bridge via a PCMCIA connection 230. The output of the wireless bridge 200 is either Ethernet 10/100 or another wireless card 210. Wireless card 210 has an adapter 240 for a higher gain antenna. These connectors lead to bit device 250 to prevent damage from electrical discharges. These arrestors 250 is connected to a special antenna cables 260 with low losses. Antenna cables 260 with low losses connected to the antennas with higher gain global variables chart orientation and intensity. In some cases, these antennas require splitters 270 and amplifier 280 to optimize the global charts the direction for the field.

The device and system that meets the present invention work well in many cases and do not block and will not affect future improvements of network protocols and operating systems. To ensure that OPE the situation at the application and transport layers are quickly becoming known address changes, the device and system can exclude the scene of a single point of failure, to eliminate or reduce suboptimal routing for all applications that provide enhanced security for secure communication in wireless environments and allow users to switch network adapter cards, at the same time keeping all connections, such as application programs and network administration, transparently to the user.

The present invention can be implemented in other specific forms not departing from its essence or essential characteristics. Describes the different ways of implementation should be considered in all respects only as illustration and not as limitation. Scope of the invention, therefore, indicated in the accompanying claims, and not in the above description. All changes, which correspond to the meaning and range of equivalency of the claims are to be included in its scope.

1. Wireless device initialization for use in public networks available to the user of the mobile computing device, characterized in that it includes a chassis, at least one network card, at least one wireless card, at least one processor, operating system, quickly configurable chassis to control at least one network card, by at least one wireless card and at least one processor that is operatively associated with the chassis, packet-switched interface, configured to receive the aggregate incoming cropped packet data to ensure incoming packets and transmitting the aggregate outgoing cropped packet data, including outgoing packets, the controller channel translating, connected to the packet-dial-up interface, which it channels the incoming packets based on the incoming address information and which builds outgoing packets and it channels outgoing packets with outgoing address information, and the controller channel translating contains software network interface configured to receive incoming packets from the packet-dial-up interface, the formation of outgoing packets using physical addresses of the package and with the ability to effectively connect at least one network through the operating system to resolve software network interface to transmit outgoing packets to the network, and the authenticator operative supporting connection with the operating system to provide authentication of the wireless device initialization, allowing the user of the mobile computing device is VA is connected to the wireless device initialization without the need of initial access.

2. Wireless device initialization according to claim 1, characterized in that the controller channel translating serves as a router for inbound packets.

3. Wireless device initialization according to claim 2, characterized in that the controller channel translating serves as a router for outgoing packets.

4. Wireless device initialization according to claim 1, characterized in that the controller channel translating serves as a bridge for incoming packets.

5. Wireless device initialization according to claim 4, characterized in that the controller channel translating serves as a bridge for outgoing packets.

6. Wireless device initialization according to claim 1, characterized in that the operating system of the wireless device initialization is a UNIX-based platform with open source.

7. Wireless device initialization according to claim 1, characterized in that the system is UNIX-based open source is a LINUX.

8. Wireless device initialization according to claim 1, characterized in that it further comprises a second processor that is managed by the operating system and coupled with the chassis.

9. Wireless device initialization according to claim 1, characterized in that it further comprises a memory device and the storage device.

10. Wireless device initialization according to claim 1, characterized in that the set is the first card, wireless card, processor, operating system, packet-switched interface and controller channel translating promptly are located in the chassis of the wireless device initialization.

11. Wireless device initialization of claim 10, wherein the authenticator operative is located in the chassis of the wireless device initialization.

12. Wireless device initialization according to claim 1, characterized in that the operating system of the wireless device initialization is executed with the ability to control bandwidth for a single user.

13. Wireless device initialization according to claim 1, characterized in that the operating system of the wireless device initialization is made with the possibility of control type of Protocol dedicated user.

14. System, providing users with secure access to public networks via mobile computing devices, characterized in that it contains a lot of wireless access points; at least one wireless device initialization to receive, authenticate, transfer and direction data from multiple networks, are designed to maintain the connection between the wireless access points and the wireless device initialization, and the wireless device is STV initialization contains chassis, at least one network card, at least one wireless card, at least one processor and at least one operating system, quickly configurable chassis and being in operative communication with at least one network card, with at least one wireless card, with at least one processor and configured to control at least one network interface card, at least one wireless card, at least one processor, and operating the system is connected at least with one of the many wireless access points for transmitting and receiving data between the wireless access point and the high-frequency component and a wireless device initialization is made with the possibility of multiple connections back to the wireless access point without the need to reboot to add a new user roaming; high-frequency structural element that is positioned for communication between the wireless device initialization and multiple wireless access points for transmitting and receiving data between the wireless device initialization and multiple wireless access points via a secure connection; secure SMTP authentic the tion, initiated by a wireless device initialization, with the possibility of authentication traffic as it passes through the high-frequency structural element.

15. System 14, characterized in that the high frequency component represents a respective antenna made with the possibility of a bridge solutions that provide the user the ability to place wireless equipment in the global network.

16. The system of clause 15, wherein the secure authentication Protocol is a Protocol RADIUS authentication.

17. The system of clause 15, wherein the wireless device initialization provides an intermediary service.

18. The system of clause 15, wherein the wireless device initialization provides a firewall service.

19. The system of 14, wherein the secure authentication Protocol is a Protocol RADIUS authentication.

20. System 14, characterized in that the wireless device initialization provides an intermediary service.

21. System 14, characterized in that the wireless device initialization provides a firewall service.

22. The system of 14, wherein the secure connection of the high-frequency structural element isone connection secure shell network remote access.

23. System 14, characterized in that it further comprises at least one antenna.

24. System 14, characterized in that the at least one antenna is a 2.4 GHz-th antenna.

25. System 14, characterized in that the operating system of the wireless device initialization is a UNIX-based platform with open source.

26. System 14, characterized in that the system is UNIX-based open source is a LINUX.

27. The system according to item 23, characterized in that it contains more than one antenna and a user registration in the system and maintain the connection with the system when switching from one antenna to another.

28. The system according to item 23, wherein the user registration in the system and maintain the connection with the system when moving from one access point to another.



 

Same patents:

FIELD: mobile communication systems.

SUBSTANCE: proposed method used for Internet protocol (IP) mobile centers in heterogeneous networks with real-time applications includes following procedures: module 134 designed for managing interfaces of mobile center 10 checks mobile center for available network interfaces 14 - 17, generates recoding table with available and configurable interfaces 14 - 17, and communicates with applications 11 of interfaces 14 - 17. Applications 11 of IP mobile center 10 are given access to heterogeneous networks through virtual network IP interface 133 organized in mobile center 10; this IP interface 133 communicates with current network 21 - 24 through interface management module 134. Changing interface 14 - 17 of mobile center 10 updates communications of IP permanent virtual network interface with network 21 - 24 basing on recoding table by means of interface management module 134.

EFFECT: ability of change-over from one network connection to other in heterogeneous networks without interrupting internet protocol applications.

16 cl, 9 dwg

FIELD: computer science.

SUBSTANCE: device has programmable controller with software integrated in random-access and hard memory for functions of gathering and processing of information about peripheral devices of segment, buffer memory, output register, input register, clock generator, power block, buffer output cascade of force outputs ad buffer input cascade for inputs.

EFFECT: higher efficiency, broader functional capabilities.

4 cl, 6 dwg

FIELD: wireless communications.

SUBSTANCE: estimate of time needed for transfer and confirmation of receipt is synchronized by both sides of radio communication line protocol without necessity for three-side synchronization of communication establishing process usually necessary for said synchronization. Method includes procedures used by both sides of communication line to dynamically renew and correct their starting estimates of time needed for transfer and confirmation of receipt.

EFFECT: higher efficiency, broader functional capabilities.

7 cl, 8 dwg

FIELD: wireless interface technology.

SUBSTANCE: one protocol of network messaging is a control protocol for NDIS device. Also, multiple software products for operation in circuit-based, i.e. bus-connected, network, can also be used for any wireless Bluetooth network.

EFFECT: broader functional capabilities.

3 cl, 3 dwg, 1 tbl

The invention relates to the field of computer management remote access networks

The invention relates to a two-way multimedia services

The invention relates to a system for creating messages e-mail

The invention relates to wireless local area networks (WLAN) consisting of a set of transceiver devices (SRD), is able to communicate with each other-type operating in a peer-to-peer"

The invention relates to wireless local area networks (WLAN) consisting of a set of transceiver devices (SRD) users and enables simultaneous scanning of the antenna beam in different directions PPU, in the reception mode, and transmission omnidirectional signal as the calibration signal and the data packet is one of the PPU, in the transfer mode detection signal PPU, in the reception mode, and the subsequent orientation of their antenna beams per source

The invention relates to a radio system and radio communications, and more particularly to a device and method for transmitting and receiving multimedia data including video data, via the packet radio communication system, radio transmission and radio reception

FIELD: wireless interface technology.

SUBSTANCE: one protocol of network messaging is a control protocol for NDIS device. Also, multiple software products for operation in circuit-based, i.e. bus-connected, network, can also be used for any wireless Bluetooth network.

EFFECT: broader functional capabilities.

3 cl, 3 dwg, 1 tbl

FIELD: wireless communications.

SUBSTANCE: estimate of time needed for transfer and confirmation of receipt is synchronized by both sides of radio communication line protocol without necessity for three-side synchronization of communication establishing process usually necessary for said synchronization. Method includes procedures used by both sides of communication line to dynamically renew and correct their starting estimates of time needed for transfer and confirmation of receipt.

EFFECT: higher efficiency, broader functional capabilities.

7 cl, 8 dwg

FIELD: computer science.

SUBSTANCE: device has programmable controller with software integrated in random-access and hard memory for functions of gathering and processing of information about peripheral devices of segment, buffer memory, output register, input register, clock generator, power block, buffer output cascade of force outputs ad buffer input cascade for inputs.

EFFECT: higher efficiency, broader functional capabilities.

4 cl, 6 dwg

FIELD: mobile communication systems.

SUBSTANCE: proposed method used for Internet protocol (IP) mobile centers in heterogeneous networks with real-time applications includes following procedures: module 134 designed for managing interfaces of mobile center 10 checks mobile center for available network interfaces 14 - 17, generates recoding table with available and configurable interfaces 14 - 17, and communicates with applications 11 of interfaces 14 - 17. Applications 11 of IP mobile center 10 are given access to heterogeneous networks through virtual network IP interface 133 organized in mobile center 10; this IP interface 133 communicates with current network 21 - 24 through interface management module 134. Changing interface 14 - 17 of mobile center 10 updates communications of IP permanent virtual network interface with network 21 - 24 basing on recoding table by means of interface management module 134.

EFFECT: ability of change-over from one network connection to other in heterogeneous networks without interrupting internet protocol applications.

16 cl, 9 dwg

FIELD: engineering of telecommunication equipment.

SUBSTANCE: wireless initialization device is a system for administrating computer data traffic, capable of routing TCP/IP traffic with utilization of 2,4 GHz equipment. Aforementioned wireless initialization device, strategically, is subject to positioning in areas of logical segments of wireless network for facilitation of traffic administration. This device operates to provide for possible connection between wireless access points and main line. Device also may be positioned in client local network, providing possibility of access to global network. Wireless device has authentication means, maintaining operative connection with operation system. Wireless device is capable of filtering IP-addresses, controlling a firewall and/or router and/or bridge.

EFFECT: increased effective TCP/IP traffic capacity for global network or local network, at the same time, realization of safe administration and improved integrity.

2 cl, 3 dwg

FIELD: mobile electronic commerce.

SUBSTANCE: method includes receipt by operations execution system of request for operation from operation requester, and identification of operation requester. After identification of requester of operation, code of operation is transferred from operations executing system to wireless communication device of requester. After receiving operation code, operation code is optically scanned from video terminal of wireless communication device of requester by the system for executing operations.

EFFECT: improved comfort of commercial operations performed over wireless electronic commerce network while providing for safety of these.

5 cl, 10 dwg

FIELD: systems and methods for advancing traffic streams with guaranteed quality of service in network.

SUBSTANCE: proposed method involves use of dispatch network resource managers to execute service function ensuring desired quality of service (QoS) similar to and separated from route choice function for IP bursts in Internet Protocol dispatch networks at transfer channel control level. Upon completion of route choice dispatch network resource managers control routers so as to enable traffic streams to run on the way assigned by resource manager in dispatch network with aid of multilayer label stack technology. Proposed system implements this method.

EFFECT: enhanced reliability of system.

14 cl, 12 dwg

FIELD: computer science, possible use for constructing multiple protected virtual networks.

SUBSTANCE: source IP packet of protected virtual network is encoded, network consisting of separately standing computers or portion of computers from local area network or computers of several local networks, output packet is formed including encoded packet (encapsulation), while at each computer, which can be utilized in several protected virtual networks, for each created protected virtual network separate long-term memory block is assigned, wherein separate operation system is recorded, adjusted for current virtual network, and access to long-term memory block and loading of operation system of each protected virtual network is performed after checking user rights, while access to memory blocks of each protected virtual network from other virtual networks is blocked by means of limiting access.

EFFECT: expanded functional capabilities.

2 cl, 11 dwg

FIELD: technology for providing centralized remote control over digital television systems.

SUBSTANCE: interface of global WAN network is emulated for IP datagram over original remote interface of adapter and simple IP datagram transfer function is added between global WAN network interface and original Ethernet network interface in accordance to protocols stack. Therefore, system for controlling local network of digital television system performs IP connection to systems for controlling local area networks LANs of other digital television systems, then datagram is transformed to transport packets and transferred jointly with other transport packets via one and the same channel.

EFFECT: possible exchange of control data via network without mounting an additional commutation network.

9 cl, 8 dwg

FIELD: mobile electronic commerce.

SUBSTANCE: method for realization of wireless operation includes placing an order for operation from wireless communication device to operation device and transfer of spoken operation authentication code from wireless communication device to operation device. After authentication of spoken authentication code wireless communication device receives code of operation. After receiving operation code, operation code is displayed on video terminal of wireless communication device and optically scanned from it for providing a legal commercial operation.

EFFECT: increase comfort of commercial operation in wireless electronic commerce network while providing for safety of said operations.

3 cl, 11 dwg

Up!