Terminal authentication in a wireless network
First Claim
1. A method performed by a user terminal of a wireless access network, the method comprising:
- generating a shared secret to be provided to an access point of the wireless access network;
encrypting the shared secret with an access point public key;
generating an authenticator string, the authenticator string demonstrating possession of a user terminal private key;
sending a message to the access point, the message including the encrypted shared secret, a user terminal certificate, and the authenticator string.
4 Assignments
0 Petitions
Accused Products
Abstract
A user terminal can be authenticated by an access point based on one message. In one embodiment, the present invention includes the access point receiving a message containing a shared secret encrypted with an access point public key, a user terminal certificate, and an authenticator string demonstrating possession by the user terminal of a user terminal private key. The access point can decrypt the shared secret using the private key of the access point paired with its private key. The access point can then authenticate the user terminal by checking the authenticator string using a user terminal public key included in the user terminal certificate to verify possession of the user terminal private key by the user terminal.
-
Citations
48 Claims
-
1. A method performed by a user terminal of a wireless access network, the method comprising:
-
generating a shared secret to be provided to an access point of the wireless access network;
encrypting the shared secret with an access point public key;
generating an authenticator string, the authenticator string demonstrating possession of a user terminal private key;
sending a message to the access point, the message including the encrypted shared secret, a user terminal certificate, and the authenticator string. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method performed by an access point of a wireless access network, the method comprising:
-
receiving a message from a user terminal of the wireless access network, the message containing a shared secret encrypted with an access point public key, a user terminal certificate, and an authenticator string demonstrating possession by the user terminal of a user terminal private key;
decrypting the shared secret using an access point private key;
authenticating the user terminal by checking the authenticator string using a user terminal public key included in the user terminal certificate to verify possession of the user terminal private key by the user terminal. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A user terminal comprising:
-
a memory to store a user terminal certificate and a shared secret to be provided to an access point;
a processor coupled to the memory to encrypt the shared secret with an access point public key, and to generate an authenticator string demonstrating possession of a user terminal private key;
a transmitter coupled to the processor to send a message to the access point, the message including the encrypted shared secret, the user terminal certificate, and the authenticator string. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. An access point comprising:
-
a receiver to receive a message from a user terminal, the message containing a shared secret encrypted by the user terminal with an access point public key, a user terminal certificate including a user terminal public key, and an authenticator string demonstrating possession by the user terminal of a user terminal private key corresponding with the user terminal public key; and
a processor coupled to the receiver to decrypt the shared secret using an access point private key, and to authenticate the user terminal by verifying possession by the user terminal of the user terminal private key. - View Dependent Claims (27, 28, 29, 30, 31, 32)
-
-
33. A machine-readable medium storing data representing instructions that, when executed by a processor of a user terminal, cause the processor to perform operations comprising:
-
generating a shared secret to be provided to an access point of the wireless access network;
encrypting the shared secret with an access point public key;
generating an authenticator string, the authenticator string demonstrating possession of a user terminal private key;
sending a message to the access point, the message including the encrypted shared secret, a user terminal certificate, and the authenticator string. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A machine-readable medium storing data representing instructions that, when executed by a processor of an access point, cause the processor to perform operations comprising:
-
receiving a message from a user terminal of the wireless access network, the message containing a shared secret encrypted with an access point public key, a user terminal certificate, and an authenticator string demonstrating possession by the user terminal of a user terminal private key;
decrypting the shared secret using an access point private key;
authenticating the user terminal by checking the authenticator string using a user terminal public key included in the user terminal certificate to verify possession of the user terminal private key by the user terminal. - View Dependent Claims (43, 44, 45, 46, 47, 48)
-
Specification