System and method for upper layer roaming authentication

US 20030084287A1
Filed: 10/25/2001
Published: 05/01/2003
Est. Priority Date: 10/25/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for authenticating a roaming device with a network, comprising the steps of:

generating, by an authentication server of the network, authentication data associated with the roaming device;

sending the authentication data to access points of the network, the access points being connected to the authentication server; and

when the roaming device roams to a particular access point of the access points, using the authentication data to locally authenticate the roaming device at the particular access point.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authenticating a roaming device with a network is described. The roaming device initially is authenticated with an authentication server that sends authentication information to remote access points. When the roaming device enters in contact with one of the access points, a local authentication is performed between the access point and the roaming device to allow the device to access the network.

118 Citations

21 Claims

1. A method for authenticating a roaming device with a network, comprising the steps of:
- generating, by an authentication server of the network, authentication data associated with the roaming device;
  
  sending the authentication data to access points of the network, the access points being connected to the authentication server; and
  
  when the roaming device roams to a particular access point of the access points, using the authentication data to locally authenticate the roaming device at the particular access point.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, further comprising the step of:
    - storing the authentication data in a memory arrangement of each of the access points.
  - 3. The method according to claim 1, wherein the sending step includes the substeps of:
    - encrypting the authentication data; and
      
      sending the encrypted authentication data to selected access points of the access points.
  - 4. The method according to claim 3, wherein the sending step includes the substeps of:
    - determining at least one access point of the access points where the roaming device is likely to roam; and
      
      sending the encrypted authentication data to the at least one access point.
  - 5. The method according to claim 3, wherein the sending step includes the substep of sending the encrypted authentication data to all the access points.
  - 6. The method according to claim 1, further comprising the preliminary steps of:
    - determining if the particular access point has authentication data associated with the roaming device;
      
      if the determination is positive, proceed to the step of using the authentication data to locally authenticate the roaming device at the particular access point; and
      
      if the determination is negative, proceed to the step of generating, by an authentication server of the network, authentication data associated with the roaming device.
  - 7. The method according to claim 6, wherein the step of using the authentication data to locally authenticate the roaming device further comprises reassociating the roaming device with the particular access point of the access points by exchanging identification information.
  - 8. The method according to claim 7, wherein the reassociating step further includes the substeps of:
    - searching a memory arrangement of the particular access point for the authentication data associated with the roaming device; and
      
      if the authentication data is found, performing a mutual authentication procedure between the roaming device and the particular access point.
  - 9. The method according to claim 1, wherein the generating step further includes the steps of:
    - receiving an encrypted authentication request from the roaming device;
      
      determining that the roaming device can be granted access to network services; and
      
      generating an encrypted session key associated with the roaming device in the authentication server.

10. A method for authenticating a roaming device with a network, comprising the steps of:
- connecting the roaming device with an authentication server upon a contact of the roaming device with a first access point of the network;
  
  authenticating the roaming device with the authentication server;
  
  generating authentication data for the roaming device;
  
  distributing the authentication data to the first access point and a second access point of the network; and
  
  locally authenticating the roaming device upon a contact with the second access point using the distributed authentication data.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method according to claim 10, further comprising the step of:
    - authenticating the roaming device with the authentication server if the local authentication of the roaming device fails.
  - 12. The method according to claim 10, wherein the distributing step further includes the substep of:
    - distributing an encrypted session key to the first and second access points.
  - 13. The method according to claim 10, wherein the locally authenticating step further includes the substeps of:
    - exchanging identification data between the roaming device and the second access point; and
      
      correlating the identification data with the distributed authentication data.
  - 14. The method according to claim 10, further comprising the step of:
    - establishing a shared secret encryption between the authentication server and the first and second access points.
  - 15. The method according to claim 10, wherein the authentication server is a remote authentication dial-in user server.

16. A system for authenticating a roaming device with a network, comprising:
- an authentication server connected to the network; and
  
  first and second access points connected to the authentication server, the first and second access points being capable of communicating with the roaming device, each of the first and second access points including a memory arrangement capable of storing authentication data corresponding to the roaming device, wherein the authentication server sends the authentication data to the first and second access points upon an initial authentication procedure of the roaming device with the first access point, and wherein the second access point locally authenticates the roaming device upon a contact of the roaming device with the second access point.
- View Dependent Claims (17, 18)
- - 17. The system according to claim 16, wherein the second access point authenticates the roaming device with the authentication server if the authentication data is not found in the memory arrangement of the second access point.
  - 18. The system according to claim 16, wherein the second access point authenticates the roaming device with the authentication server if the local authentication of the roaming device at the second access point fails.

19. A method for authenticating a roaming device with a network, comprising the steps of:
- with an authentication server, receiving an authentication request from a roaming device, the request being encrypted with a first shared code;
  
  with the authentication server, generating a session key associated with the roaming device;
  
  sending the session key to an access point of the network, the session key being encrypted with a second shared code; and
  
  utilizing the session key to authenticate the roaming device at the access point, and to encrypt data exchanged between the roaming device and the access point.
- View Dependent Claims (20, 21)
- - 20. The method according to claim 19, further comprising the step of:
    - sending the encrypted session key to a further access point of the network to authenticate the roaming device at the further access point.
  - 21. The method according to claim 19, further comprising the steps of:
    - generating a first key of the session key to perform authentication of the roaming device at the access point; and
      
      generating a second key of the session key to encrypt data exchanges between the roaming device and the access point, the second key being different from the first key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symbol Technologies, Inc. (Zebra Technologies Corporation)
Original Assignee
Symbol Technologies, Inc. (Zebra Technologies Corporation)
Inventors
Willins, Bruce, Wang, Huayan A., Vollkommer, Rich

Application Number

US10/026,043
Publication Number

US 20030084287A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/08 for authentication of entit...

System and method for upper layer roaming authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

118 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

System and method for upper layer roaming authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others