Managed access point protocol

US 10,009,833 B2
Filed: 10/01/2015
Issued: 06/26/2018
Est. Priority Date: 03/21/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

in a wireless local area network including at least one central control element and a plurality of access elements, when a new central control element has been installed for the wireless local area network to replace a failed central control element, configuring the new central control element with a central control element identifier that is the same as a central control element identifier of the failed central control element;

the new central control element receiving from an access element a discovery request message at the new central control element;

the new central control element sending a discovery response to the access element, the discovery response including the central control element identifier of the failed central control element;

the new central control element receiving a join request from the access element, the join request including an access element identifier, a digital certificate and a session identifier; and

the new central control element authenticating the digital certificate contained in the join request, and if authenticated, generating secret shared cryptographic keys used to encrypt and authenticate messages exchanged between the new central control element and the access element.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses and systems facilitating deployment and configuration of managed access points in hierarchical wireless network systems. An embodiment of the invention facilitates deployment and configuration of conventional, substantially autonomous access points operating in connection with a central management node, such as a server or appliance. In another embodiment, the present invention facilitates deployment and configuration of light-weight access points in a hierarchical wireless network system. In one embodiment, the present invention also provides a streamlined encryption key exchange protocol adapted to hierarchical wireless network system architectures.

27 Citations

20 Claims

1. A method comprising:
- in a wireless local area network including at least one central control element and a plurality of access elements, when a new central control element has been installed for the wireless local area network to replace a failed central control element, configuring the new central control element with a central control element identifier that is the same as a central control element identifier of the failed central control element;
  
  the new central control element receiving from an access element a discovery request message at the new central control element;
  
  the new central control element sending a discovery response to the access element, the discovery response including the central control element identifier of the failed central control element;
  
  the new central control element receiving a join request from the access element, the join request including an access element identifier, a digital certificate and a session identifier; and
  
  the new central control element authenticating the digital certificate contained in the join request, and if authenticated, generating secret shared cryptographic keys used to encrypt and authenticate messages exchanged between the new central control element and the access element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising the new central control element sending a join response to the access element, the join response including the cryptographic keys and a digital certificate of the new central control element.
  - 3. The method of claim 2, wherein the join response further includes a software image version supported and implemented by the new central control element.
  - 4. The method of claim 2, wherein the digital certificate of the new central control element includes a name or other identifier of the new central control element, a serial number of the new central control element, a media access control address associated with the new central control element, a copy of the public key of the new central control element, and a digital signature of a certificate-issuing authority so that access elements can verify that the digital signature of the new central control element is authentic.
  - 5. The method of claim 4, further comprising encrypting the cryptographic keys with the public key of an access element using an asymmetric encryption algorithm, adding a session identifier to the enciphered cryptographic keys, and digitally signing a resulting string with a private key of the new central control element.
  - 6. The method of claim 1, further comprising receiving, via a configuration interface of the new central control element, overriding parameters of the new central control element that cannot be changed and a new access element identifier for one of the plurality of access elements.
  - 7. The method of claim 1, further comprising storing an image of access element software accessible to the plurality of access elements.
  - 8. The method of claim 7, further comprising receiving a configuration request from an access element and generating operational parameters for the access element, taking into account overriding parameters contained in the configuration request, which overriding parameters indicate parameters of the access element that cannot be changed.
  - 9. The method of claim 1, wherein the discovery response further includes a load parameter associated with the new central control element, the load parameter indicating a number of one or more access elements under management and control of the new central control element.
  - 10. The method of claim 1, wherein the new central control element generates the secret shared cryptographic keys using a random number generator.

11. A system comprising:
- at least one central control element and a plurality of access elements in a wireless local area network;
  
  a new central control element being installed for the wireless local area network to replace a failed central control element, wherein the new central control element is configured with a central control element identifier that is the same as a central control element identifier of the failed central control element;
  
  wherein the new central control element is configured to;
  
  receive from a particular access element of the plurality of access elements a discovery request message;
  
  send a discovery response to the particular access element, the discovery response including the central control element identifier of the failed central control element;
  
  receive a join request from the particular access element, the join request including an access element identifier, a digital certificate and a session identifier; and
  
  authenticate the digital certificate contained in the join request, and if authenticated, generate secret shared cryptographic keys used to encrypt and authenticate messages exchanged between the new central control element and the particular access element.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the new central control element is further configured to send a join response to the particular access element, the join response including the cryptographic keys, and a digital certificate of the new central control element.
  - 13. The system of claim 12, wherein the join response further includes a software image version supported and implemented by the new central control element.
  - 14. The system of claim 12, wherein the digital certificate of the new central control element includes a name or other identifier of the new central control element, a serial number of the new central control element, a media access control address associated with the new central control element, a copy of the public key of the new central control element, and a digital signature of a certificate-issuing authority so that access elements can verify that the digital signature of the new central control element is authentic.
  - 15. The system of claim 14, wherein the new central control element is further configured to encrypt the cryptographic keys with the public key of an access element using an asymmetric encryption algorithm, add a session identifier to the enciphered cryptographic keys, and digitally sign a resulting string with a private key of the new central control element.
  - 16. The system of claim 11, wherein the new central control element is further configured to receive, via a configuration interface, overriding parameters of the new central control element that cannot be changed and a new access element identifier for one of the plurality of access elements.
  - 17. The system of claim 11, wherein the new central control element is configured to store an image of access element software accessible to the plurality of access elements.
  - 18. The system of claim 11, wherein the new central control element is configured to receive a configuration request from an access element and generating operational parameters for the access element, taking into account overriding parameters contained in the configuration request, which overriding parameters indicate parameters of the access element that cannot be changed.
  - 19. The system of claim 11, wherein the discovery response further includes a load parameter associated with the new central control element, the load parameter indicating a number of one or more access elements under management and control of the new central control element.
  - 20. The system of claim 11, wherein the new central control element generates the secret shared cryptographic keys using a random number generator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Calhoun, Patrice R., Kelly, Scott G., Suri, Rohit Kumar
Primary Examiner(s)
Huq, Obaidul

Application Number

US14/872,222
Publication Number

US 20160029301A1
Time in Patent Office

999 Days
Field of Search

370310, 370328, 370338
US Class Current
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04W 12/02   Protecting privacy or anony...

H04W 12/037   of the control plane, e.g. ...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 24/02   Arrangements for optimising...

H04W 40/246   Connectivity information di...

H04W 48/16   Discovering, processing acc...

H04W 8/005   Discovery of network device...

H04W 84/12   WLAN [Wireless Local Area N...

Managed access point protocol

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Managed access point protocol

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links