Scheme for authentication and dynamic key exchange
First Claim
Patent Images
1. A method for generating a security key for a mobile node, said method comprising the steps of:
- generating an authenticator as a function of a first random number; and
generating said security key for said mobile node as a function of a second random number indicative of a validity of said authenticator.
4 Assignments
0 Petitions
Accused Products
Abstract
A scheme for authentication, dynamic key generation and exchange provides means for authentication of mobile nodes (22) and generation of per session, per node, encryption keys for encrypting/decrypting communications between a mobile node (22) and an access point (24) in wireless local area networks (50). The scheme utilizes the same infrastructure and authentication information for both data link layers (layer 2) and network layers (layer 3). This scheme is particularly applicable to networks adhering to the IEEE 802 LAN family of standards.
-
Citations
23 Claims
-
1. A method for generating a security key for a mobile node, said method comprising the steps of:
-
generating an authenticator as a function of a first random number; and
generating said security key for said mobile node as a function of a second random number indicative of a validity of said authenticator. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for generating a security key for an access point, said method comprising the steps of:
-
generating a first random number;
providing a signal indicative of said first random number;
receiving a signal indicative of an authenticator being a function of said first random number;
providing a signal indicative of said authenticator and said first random number;
receiving a signal indicative of a second random number and said security key, wherein;
said second random number is indicative of a validity of said authenticator; and
said security key is a function of said second random number; and
providing a signal indicative of said second random number. - View Dependent Claims (8, 9, 10, 11, 13, 15, 19)
-
-
12. A method for generating a security key for a network, said method comprising the steps of:
-
receiving a signal indicative of a first authenticator, a first random number, and a network access identifier;
generating a second authenticator as a function of said first random number and said network access identifier as obtained from said signal, and a predetermined security key;
comparing said first authenticator with said second authenticator; and
if said first authenticator matches said second authenticator, generating a second random number;
generating said security key as a function of said second random number, said network access identifier as obtained from said signal, and said predetermined security key; and
providing a signal indicative of said second random number and said predetermined security key.
-
-
14. A method for authenticating a mobile node and establishing a data link layer security association between said mobile node and a network, said method comprising the steps of:
-
generating a first random number;
conveying a signal indicative of said first random number from said network to said mobile node;
generating a first authenticator as a function of said first random number, a mobile node network access identifier, and a predetermined security key;
conveying a signal indicative of said first authenticator from said mobile node to said network;
generating a second authenticator as a function of said first random number, said mobile node network access identifier, and said predetermined security key;
comparing said first authenticator with said second authenticator;
if said first authenticator matches said second authenticator, generating a second random number;
generating a security key at said network, wherein;
said security key is generated as a function of said second random number, said network access identifier, and said predetermined security key; and
said security key is configured to encrypt and decrypt communications between said mobile node and said network for a current session;
conveying a signal indicative of said second random number from said network to said mobile node; and
generating said security key at said mobile node.
-
-
16. A mobile node for generating a security key, said mobile node comprising:
a mobile node transmitter/receiver portion configured to;
receive at least one signal indicative of at least one of a first random number and a second random number; and
provide a signal indicative of a first authenticator;
a mobile node authenticator processor configured to generate said first authenticator as a function of said first random number, a network access identifier for said mobile node, and a predetermined security key; and
a mobile node key generator configured to generate said security key as a function of said second random number, said network access identifier, and said predetermined security key.
-
17. A network for generating a security key, said network comprising:
-
a network transmitter/receiver portion configured to;
receive a signal indicative of a first authenticator being a function of a first random number, a network access identifier, and a predetermined security key, and provide at least one signal respectively indicative of at least one of said first random number and a second random number;
a network authenticator processor configured to;
generate a second authenticator as a function of said first random number, said network access identifier, and said predetermined security key; and
compare said first authenticator with said second authenticator; and
a network key generator configured to generate said security key as a function of said second random number, said network access identifier, and said predetermined security key for a current session.
-
-
18. A system for authenticating a mobile node and establishing a data link layer security association between said mobile node and a network, said system comprising:
-
a mobile node comprising;
a mobile node transmitter/receiver portion configured to;
receive at least one signal indicative of at least one of a first random number and a second random number; and
provide a signal indicative of a first authenticator;
a mobile node authenticator processor configured to generate said first authenticator as a function of said first random number; and
a mobile node key generator configured to generate a security key as a function of said second random number; and
a network comprising;
a network transmitter/receiver portion configured to;
receive a signal indicative of said first authenticator, and provide at least one signal respectively indicative of at least one of said first random number and said second random number;
a network authenticator processor configured to;
generate a second authenticator as a function of said first random number; and
compare said first authenticator with said second authenticator; and
a network key generator configured to generate said security key as a function of said second random number for a current session.
-
-
20. A computer readable medium encoded with a computer program code for directing a processor to generate a security key for a mobile node, said program code comprising:
-
a first code segment for causing said processor to receive a signal indicative of a first random number;
a second code segment for causing said processor to generate an authenticator as a function of said first random number;
a third code segment for causing said processor to provide a signal indicative of said authenticator;
a fourth code segment for causing said processor to receive a signal indicative of a second random number indicative of a validity of said authenticator; and
a fifth code segment for causing said processor to generate said security key for said mobile node as a function of said second random number.
-
-
21. A computer readable medium encoded with a computer program code for directing a processor to generate a security key for a network, said program code comprising:
-
a first code segment for causing said processor to generate a first random number;
a second code segment for causing said processor to provide a signal indicative of said first random number;
a third code segment for causing said processor to receive a signal indicative of an authenticator being a function of said first random number;
a fourth code segment for causing said processor to provide a signal indicative of said authenticator and said first random number;
a fifth code segment for causing said processor to receive a signal indicative of a second random number and said security key, wherein;
said second random number is indicative of a validity of said authenticator; and
said security key is a function of said second random number; and
a sixth code segment for causing said processor to provide a signal indicative of said second random number.
-
-
22. A computer readable medium encoded with a computer program code for directing a processor to generate a security key for a network, said program code comprising:
-
a first code segment for causing said processor to receive a signal indicative of a first authenticator, a first random number, and a network access identifier;
a second code segment for causing said processor to generate a second authenticator as a function of said first random number and said network access identifier as obtained from said signal, and a predetermined security key;
a third code segment for causing said processor to compare said authenticator with said second authenticator;
a fourth code segment for causing said processor to generate a second random number, if said first authenticator matches said second authenticator;
a fifth code segment for causing said processor to generate said first security key as a function of said second random number, said network access identifier as obtained from said signal, and said predetermined security key, if said first authenticator matches said second authenticator; and
a sixth code segment for causing said processor to provide a signal indicative of said second random number and said predetermined security key if said first authenticator matches said second authenticator.
-
-
23. A computer readable medium encoded with a computer program code for directing a processor to authenticate a mobile node and establish a data link layer security association between said mobile node and a network, said program code comprising:
-
a first code segment for causing said processor to generate a first random number;
a second code segment for causing said processor to convey a signal indicative of said first random number from said network to said mobile node;
a third code segment for causing said processor to generate a first authenticator as a function of said first random number;
a fourth code segment for causing said processor to convey a signal indicative of said first authenticator from said mobile node to said network;
a fifth code segment for causing said processor to generate a second authenticator as a function of said first random number, a mobile node network access identifier, and a predetermined security key;
a sixth code segment for causing said processor to compare said first authenticator with said second authenticator;
a seventh code segment for causing said processor to generate a second random number if said first authenticator matches said second authenticator;
an eighth code segment for causing said processor to generate an encryption key at said mobile node if said first authenticator matches said second authenticator, wherein;
said encryption key is generated as a function of said second random number, said network access identifier, and said predetermined security key; and
said encryption key is configured to encrypt and decrypt communications between said mobile node and said network for a current session;
a ninth code segment for causing said processor to convey a signal indicative of said second random number from said network to said mobile node if said first authenticator matches said second authenticator; and
a tenth code segment for causing said processor to generate said encryption key at said mobile node if said first authenticator matches said second authenticator.
-
Specification