Methods and apparatus for secure wireless networking

US 20020090089A1
Filed: 01/05/2001
Published: 07/11/2002
Est. Priority Date: 01/05/2001
Status: Abandoned Application

First Claim

Patent Images

1. A wired network for providing secure, authenticated access to wireless network clients, comprising:

a server connected to a wireless network access point, the server being operative to perform authentication for wireless clients establishing a connection to the server through the wireless network access point, the server being operative to establish a connection session upon authentication of a client, the server being also operative to provide the client with a wired network address valid for the connection session upon authentication of the client, the server being further operative to encrypt communications with the wireless network access point, the server being further operative to provide a cryptographic key valid for the connection session to the client upon authentication of the client; and

a user database accessible to the server for use in validating wireless clients.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for secure connections between wireless network clients and wired network resources are described. An insecure wireless network comprising a plurality of wireless access points provides a connection for wireless network clients to a wired network server which in turn provides controlled access to a wired network. When a wireless network user wishes to connect to the wired network, the user provides authentication information to the wired network server through the wireless network client and the wireless network access point. Once the wired network server has verified the authentication information, the wired network server provides the wireless network client with a temporary wired network address as well as a unique session encryption key, which is used to encrypt all data transferred between the wireless network client and the wired network server during a connection session.

156 Citations

15 Claims

1. A wired network for providing secure, authenticated access to wireless network clients, comprising:
- a server connected to a wireless network access point, the server being operative to perform authentication for wireless clients establishing a connection to the server through the wireless network access point, the server being operative to establish a connection session upon authentication of a client, the server being also operative to provide the client with a wired network address valid for the connection session upon authentication of the client, the server being further operative to encrypt communications with the wireless network access point, the server being further operative to provide a cryptographic key valid for the connection session to the client upon authentication of the client; and
  
  a user database accessible to the server for use in validating wireless clients.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The wired network according to claim 1 and also including a network hub providing connections between the server and additional resources on the wired network.
  - 3. The wired network according to claim 1 and also including a router providing connections between the server and additional resources on the wired network as well as a connection to an additional wired network.
  - 4. The wired network according to claim 2 wherein the server is operative to provide addresses to clients through dynamic host control protocol.
  - 5. The wired network according to claim 4 wherein the server is operative to communicate with a wireless network client using point to point tunneling protocol.
  - 6. The wired network according to claim 5 wherein the server employs 128-bit cryptoprocessing to communicate with the wireless network client.

7. A wireless network for providing secure authenticated communication between clients of the wireless network and a wired network, comprising:
- a wireless network access point operative to establish a connection with a server operating as a portal between the wireless network and a wired network, the wireless network access point being operative to conduct communications with the server, the wireless network access point being further operative to receive authentication information from clients and transfer the authentication information to the server and to receive a cryptoprocessing key from the server and transfer the key to each of the clients; and
  
  a plurality of wireless network clients operative to establish connections with the wireless network access point, each client being operative to conduct encrypted communications with the server through the access point, to pass authentication information to the network access point and receive address information and cryptoprocessing data from the network access point to allow communication with the wired network, each client being operative to conduct encrypted transfer of data to and from the wired network through the access point upon receiving the address and cryptoprocessing information.
- View Dependent Claims (8, 9)
- - 8. The wireless network of claim 7 wherein the access point communicates with the server using point to point tunneling protocol.
  - 9. The wireless network of claim 8, also including a hub connecting the wireless network access point and a plurality of additional network access points, each additional network access point communicating with a plurality of additional wireless network clients, the wireless network access point and the additional network access points being operative to establish connections with the server through the network hub.

10. A method of secure communication between wireless network clients and a wired network, comprising the steps of:
- establishing a connection between an SB server connected to the wired network and a wireless network access point;
  
  establishing a connection between the SB server and a network client communicating with the SB server through the wireless network access point;
  
  exchanging encryption keys between the SB server and the wireless network client;
  
  performing authentication for the wireless network client;
  
  if authentication fails, rejecting connection to the wired network; and
  
  if authentication passes, accepting connection to the wired network, providing a temporary wired network address and a unique session encryption key to the wireless network client and providing access to wired network resources in response to requests by the wireless network client.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10 wherein the step of rejecting connection to the wired network is accompanied by a step of logging the rejection and wherein the step of accepting the connection is accompanied by a step of logging the acceptance.
  - 12. The method of claim 11 wherein the step of providing a temporary wired network address to the wireless network client includes using dynamic host control protocol to provide the address.
  - 13. The method of claim 12 wherein communication between the wireless network client and the wired network server is performed using point to point tunneling protocol.
  - 14. The method of claim 13 wherein the step of performing authentication for the wireless network client includes transferring authentication information between the wireless network client and the SB server and wherein the authentication information is encrypted using public key cryptography.
  - 15. The method of claim 14 wherein the step of providing a unique session encryption key includes encrypting the unique session encryption key using public key cryptography.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Cheswick, William Roberts, Branigan, Steven

Application Number

US09/755,470
Publication Number

US 20020090089A1
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

Methods and apparatus for secure wireless networking

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

156 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for secure wireless networking

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

156 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links