Shared network access using different access keys

US 20040068653A1
Filed: 10/07/2003
Published: 04/08/2004
Est. Priority Date: 10/08/2002
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a computing device on a Wi-Fi communications network comprising the steps of:

obtaining an access point identifier at a computing device, wherein said access point identifier identifies an access point of a Wi-Fi communications network;

selecting, at said computing device, a set of authentication parameters associated with said access point identifier; and

implementing an authentication process employing said set of authentication parameters.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a secure Wi-Fi communications method and system to enable automatic network roaming without requiring any back-end authentication servers and alleviating the need to handle large numbers of network parameters. In an embodiment of the invention, a client device listens for a “beacon frame” broadcast from a Wi-Fi access point. The beacon frame identifies the basic service set identifier (BSSID) of the access point. A tamper-resistant token, or client key, installed at the client device stores a set of authentication parameters, e.g., cryptographic keys, for each Wi-Fi network the client is permitted to access. Each set of authentication parameters is associated with a particular BSSID. Using the BSSID received from the access point, the client device identifies and implements the appropriate set of authentication parameters necessary to authenticate the client device according to an authentication process generally accepted by all the Wi-Fi networks potentially servicing the client. Accordingly, a consistent authentication and security mechanism is provided to enable a client device to easily roam from one network to another without requiring the client to manually change network configurations.

260 Citations

22 Claims

1. A method of authenticating a computing device on a Wi-Fi communications network comprising the steps of:
- obtaining an access point identifier at a computing device, wherein said access point identifier identifies an access point of a Wi-Fi communications network;
  
  selecting, at said computing device, a set of authentication parameters associated with said access point identifier; and
  
  implementing an authentication process employing said set of authentication parameters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein said access point identifier is a basic service set identifier (BSSID).
  - 3. The method of claim 2, wherein said step of obtaining an access point identifier, comprises the step of receiving said basic service set identifier from said access point.
  - 4. The method of claim 1, wherein said set of authentication parameters are pre-stored in a tamper-resistant physical token.
  - 5. The method of claim 4, further comprising the step of installing said tamper-resistant physical token at said computing device.
  - 6. The method of claim 5, wherein said tamper-resistant physical token is adapted to be inserted into a communications port at said computing device.
  - 7. The method of claim 4, wherein said tamper-resistant physical token further comprises one or more additional sets of authentication parameters, wherein each set of authentication parameters is associated with a unique access point identifier.
  - 8. The method of claim 7, wherein each of said unique access point identifiers is stored in said tamper-resistant physical token and in relation to its associated set of authentication parameters.
  - 9. The method of claim 1, further comprising the step of permitting said computing device to access said Wi-Fi communications network via said access point if said authentication process results in a successful authentication of said computing device.
  - 10. The method of claim 5, wherein said set of authentication parameters comprises a first secret cryptographic key.
  - 11. The method of claim 10, wherein said authentication process comprises the steps of:
    - transmitting a first challenge, wherein said first challenge comprises an encrypted first random number and a unique identifier associated with said computing device, said encrypted first random number being encrypted with said first secret cryptographic key; and
      
      receiving a second challenge, wherein said second challenge comprises an encrypted second random number, said second random number generated at said access point and encrypted with said a secret cryptographic key stored at said access point and associated with said unique identifier.
  - 12. The method of claim 11, wherein said unique identifier is a serial number of said tamper-resistant physical token.
  - 13. The method of claim 11, wherein said set of authentication parameters further comprises:
    - a network receive cryptographic key, and a network send cryptographic key.
  - 14. The method of claim 13, further comprising the steps of:
    - encrypting said first challenge with said network send cryptographic key; and
      
      decrypting said second challenge with said network receive cryptographic key.

15. A communications system comprising:
- one or more authentication devices, one or more client devices, wherein each client device includes a unique tamper-resistant physical token comprising;
  
  one or more unique sets of authentication parameters, wherein each set of authentication parameters is associated with one or more of said one or more authentication devices;
  
  a random number generator; and
  
  a unique serial number.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The system of claim 15, wherein each client device further includes a wireless communications transceiver to communicate with one of said one or more authentication device via a wireless channel.
  - 17. The system of claim 16, wherein said wireless channel is an IEEE 802.11 wireless channel.
  - 18. The system of claim 15, wherein one or more authentication devices are Wi-Fi access points.
  - 19. The system of claim 18, wherein at least two Wi-Fi access points are associated with different Wi-Fi networks.
  - 20. The system of claim 19, wherein each of said one or more unique sets of authentication parameters is associated with an access point identifier.
  - 21. The system of claim 20, wherein said access point identifier is a basic service set identifier (BSSID).
  - 22. The system of claim 15, wherein each tamper-resistant physical token is adapted to be installed via a communications port at said computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
KoolSpan, Inc.
Original Assignee
KoolSpan, Inc.
Inventors
Fascenda, Anthony C.

Granted Patent

US 7,607,015 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 2221/2153   Using hardware token as a s...

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 63/104   Grouping of entities

H04L 63/205   involving negotiation or de...

H04L 9/0844   with user authentication or...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/50   Secure pairing of devices

H04W 12/73   Access point logical identity

H04W 84/04   Large scale networks; Deep ...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/08   Access point devices

Shared network access using different access keys

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

260 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Shared network access using different access keys

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

260 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links