Caching a pairwise master key for dropped wireless local area network (WLAN) connections to prevent re-authentication

US 10,111,095 B2
Filed: 03/14/2016
Issued: 10/23/2018
Est. Priority Date: 03/14/2016
Status: Active Grant

First Claim

Patent Images

1. A device, comprising:

a memory storing instructions; and

one or more processors to execute the instructions to;

determine that a first wireless local area network (WLAN) connection, established with a first WLAN access point using an extensible authentication protocol, has been dropped;

store, at the device, a pairwise master key identifier based on determining that the first WLAN connection has been dropped,the pairwise master key identifier being associated with the first WLAN access point and a WLAN controller,the pairwise master key identifier identifying a pairwise master key stored at the WLAN controller, andthe device being different from the first WLAN access point and the WLAN controller;

detect a WLAN signal, associated with a second WLAN access point, after determining that the first WLAN connection has been dropped,the first WLAN access point and the second WLAN access point being controlled by the WLAN controller, andthe first WLAN access point being different from the second WLAN access point;

provide the pairwise master key identifier to the second WLAN access point based on detecting the WLAN signal;

establish a second WLAN connection with the second WLAN access point based on providing the pairwise master key identifier and without re-authenticating using the extensible authentication protocol;

determine that a threshold amount of time has elapsed since storing the pairwise master key identifier; and

delete the pairwise master key identifier from the device based on determining that the threshold amount of time has elapsed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device may determine that a first wireless local area network (WLAN) connection, established with a first WLAN access point using an extensible authentication protocol, has been dropped. The device may store a pairwise master key identifier, associated with the first WLAN access point, based on determining that the first WLAN connection has been dropped. The device may detect a WLAN signal, associated with the first WLAN access point or a second WLAN access point, after determining that the first WLAN connection has been dropped. The device may provide the pairwise master key identifier to the first WLAN access point or the second WLAN access point based on detecting the WLAN signal. The device may establish a second WLAN connection with the first WLAN access point or the second WLAN access point based on providing the pairwise master key identifier and without re-authenticating using the extensible authentication protocol.

18 Citations

20 Claims

1. A device, comprising:
- a memory storing instructions; and
  
  one or more processors to execute the instructions to;
  
  determine that a first wireless local area network (WLAN) connection, established with a first WLAN access point using an extensible authentication protocol, has been dropped;
  
  store, at the device, a pairwise master key identifier based on determining that the first WLAN connection has been dropped,the pairwise master key identifier being associated with the first WLAN access point and a WLAN controller,the pairwise master key identifier identifying a pairwise master key stored at the WLAN controller, andthe device being different from the first WLAN access point and the WLAN controller;
  
  detect a WLAN signal, associated with a second WLAN access point, after determining that the first WLAN connection has been dropped,the first WLAN access point and the second WLAN access point being controlled by the WLAN controller, andthe first WLAN access point being different from the second WLAN access point;
  
  provide the pairwise master key identifier to the second WLAN access point based on detecting the WLAN signal;
  
  establish a second WLAN connection with the second WLAN access point based on providing the pairwise master key identifier and without re-authenticating using the extensible authentication protocol;
  
  determine that a threshold amount of time has elapsed since storing the pairwise master key identifier; and
  
  delete the pairwise master key identifier from the device based on determining that the threshold amount of time has elapsed.
- View Dependent Claims (2, 3, 4, 15, 16, 19)
- - 2. The device of claim 1, where the WLAN signal is a first WLAN signal;
    - andwhere the one or more processors are further to;
      
      detect a second WLAN signal associated with the first WLAN access point;
      
      provide, based on detecting the second WLAN signal, the pairwise master key identifier to the first WLAN access point; and
      
      establish, based on providing the pairwise master key identifier to the first WLAN access point, a third WLAN connection with the first WLAN access point.
  - 3. The device of claim 1, where the one or more processors are further to:
    - prevent storage, by the device, of an additional pairwise master key identifier while the pairwise master key identifier is stored by the device.
  - 4. The device of claim 1, where the one or more processors, when providing the pairwise master key identifier, are to:
    - provide the pairwise master key identifier in an 802.11 Association Request message.
  - 15. The device of claim 1, where the one or more processors are further to:
    - determine that the threshold amount of time has not elapsed for storing the pairwise master key identifier; and
      
      where the one or more processors, when providing the pairwise master key identifier, are to;
      
      provide the pairwise master key identifier based on determining that the threshold amount of time has not elapsed.
  - 16. The device of claim 1, where a copy of the pairwise master key identifier is stored in the first WLAN access point.
  - 19. The device of claim 1, where the one or more processors, when determining that the first WLAN connection has been dropped, are to:
    - determine that a WLAN signal, associated with the first WLAN connection, is not being detected.

5. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors of a device, cause the one or more processors to;
  
  determine that a first wireless local area network (WLAN) connection, established with a first WLAN access point using an 802.11X extensible authentication protocol, has been dropped;
  
  store, at the device, a pairwise master key identifier, based on determining that the first WLAN connection has been dropped,the pairwise master key identifier being associated with the first WLAN access point and a WLAN controller,the pairwise master key identifier identifying a pairwise master key stored at the WLAN controller, andthe device being different from the first WLAN access point and the WLAN controller;
  
  receive a message, associated with a second WLAN access point, after determining that the first WLAN connection has been dropped,the first WLAN access point and the second WLAN access point being controlled by the WLAN controller, andthe first WLAN access point being different from the second WLAN access point;
  
  provide the pairwise master key identifier to the second WLAN access point based on receiving the message;
  
  establish a second WLAN connection with the second WLAN access point based on providing the pairwise master key identifier and without performing re-authentication using the 802.11X extensible authentication protocol;
  
  determine that a threshold amount of time has elapsed since storing the pairwise master key identifier; and
  
  delete the pairwise master key identifier from the device based on determining that the threshold amount of time has elapsed.
- View Dependent Claims (6, 7, 8, 9, 10, 17)
- - 6. The non-transitory computer-readable medium of claim 5, where providing the pairwise master key identifier prevents the re-authentication using the 802.11X extensible authentication protocol.
  - 7. The non-transitory computer-readable medium of claim 5, where determining that the first WLAN connection has been dropped does not include detecting a handover from the first WLAN access point to the second WLAN access point.
  - 8. The non-transitory computer-readable medium of claim 5, where the first WLAN connection and the second WLAN connection are established according to an 802.11r protocol.
  - 9. The non-transitory computer-readable medium of claim 5, where the pairwise master key identifier includes a pairwise master key.
  - 10. The non-transitory computer-readable medium of claim 5, where the one or more instructions, that cause the one or more processors to provide the pairwise master key identifier, cause the one or more processors to:
    - provide the pairwise master key identifier in association with an Association Request message.
  - 17. The non-transitory computer-readable medium of claim 5, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - generate the pairwise master key identifier based on the first WLAN connection being authenticated; and
      
      where the one or more instructions, that cause the one or more processors to store, at the device, the pairwise master key identifier, further cause the one or more processors to;
      
      store, at the device, the pairwise master key identifier based on generating the pairwise master key identifier.

11. A method, comprising:
- determining, by a device, that a first wireless local area network (WLAN) connection, established between the device and a first WLAN access point using an extensible authentication protocol, has been dropped;
  
  caching, by the device, a pairwise master key identifier associated with the first WLAN access point and a WLAN controller,the pairwise master key identifier identifying a pairwise master key stored at the WLAN controller, andthe device being different from the first WLAN access point and the WLAN controller;
  
  detecting, by the device, a WLAN signal, associated with a second WLAN access point, after determining that the first WLAN connection has been dropped,the first WLAN access point and the second WLAN access point being controlled by the WLAN controller, andthe first WLAN access point being different from the second WLAN access point;
  
  providing, by the device, the pairwise master key identifier to the second WLAN access point based on detecting the WLAN signal;
  
  causing, by the device, a second WLAN connection to be established between the device and the second WLAN access point based on providing the pairwise master key identifier and without causing the device to be re-authenticated using the extensible authentication protocol;
  
  determining, by the device, that a threshold amount of time has elapsed since caching the pairwise master key identifier; and
  
  deleting, by the device, the pairwise master key identifier from the device based on determining that the threshold amount of time has elapsed.
- View Dependent Claims (12, 13, 14, 18, 20)
- - 12. The method of claim 11, where the threshold amount of time is greater than or equal to a Dynamic Host Configuration Protocol (DHCP) lease timer.
  - 13. The method of claim 11, where providing the pairwise master key identifier comprises:
    - providing the pairwise master key identifier in an Association Request message associated with an 802.11 protocol.
  - 14. The method of claim 11, where providing the pairwise master key identifier prevents the device from being re-authenticated using the extensible authentication protocol.
  - 18. The method of claim 11, further comprising:
    - discard the pairwise master key identifier based on determining that an IP address associated with the device for the first WLAN connection expired.
  - 20. The method of claim 11, further comprising:
    - determining that a WLAN signal, that satisfies a threshold and is associated with the first WLAN connection, is not detected; and
      
      where determining that the first WLAN connection has been dropped comprises;
      
      determining, based on the WLAN signal satisfying the threshold, being associated with the first WLAN connection, and not being detected, that the first WLAN connection has been dropped.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Patel, Pritesh, Xu, Youjian, Ten Eyck, David H., Gamboa, Aldrich
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Champakesan, Badri

Application Number

US15/068,965
Publication Number

US 20170265070A1
Time in Patent Office

953 Days
Field of Search

726 4
US Class Current
CPC Class Codes

H04W 12/041   Key generation or derivation

H04W 12/062   Pre-authentication

H04W 84/12   WLAN [Wireless Local Area N...

H05K 999/99   dummy group

Caching a pairwise master key for dropped wireless local area network (WLAN) connections to prevent re-authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Caching a pairwise master key for dropped wireless local area network (WLAN) connections to prevent re-authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links