Pre-authentication of mobile clients by sharing a master key among secured authenticators
First Claim
1. A wireless network, comprising an authentication server disposed in a secured environment;
- a plurality of authenticators coupled to the authentication server and disposed in the secured environment, at least two of said plurality of authenticators configured to share a master key; and
a plurality of access points coupled to the plurality of authenticators, one or more of the access points configured to store a session specific key.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for pre-authenticating a mobile client in a wireless network. Authenticators in a secured section of the wireless network share a master key generated during an authentication session between a mobile client and an authentication server. The shared master key is not allowed to reside on any devices located outside the secured section of the network. Accordingly, the likelihood that the master key may be hijacked is essentially eliminated. A first session encryption key is derived from the master key and used by the mobile client and a first access point during a first communications session. When the mobile client roams to a second access point, a fast authentication process is performed. The fast authentication process retrieves the shared master key and generates a second session encryption key. A full authentication process between the authentication server and the mobile client is not required. The second session encryption key is used by the mobile client and a second access point during a second communications session.
100 Citations
30 Claims
-
1. A wireless network, comprising
an authentication server disposed in a secured environment; -
a plurality of authenticators coupled to the authentication server and disposed in the secured environment, at least two of said plurality of authenticators configured to share a master key; and
a plurality of access points coupled to the plurality of authenticators, one or more of the access points configured to store a session specific key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of establishing a communications session in a wireless network, comprising:
-
performing an authentication session between an authentication server disposed within a secured section of the wireless network and a mobile client located outside the secured section;
storing a master key on an authenticator disposed within the secured section; and
generating a first temporary encryption key for use by the mobile client and a first access point during a first communications session. - View Dependent Claims (10, 11, 12, 13, 14, 15, 27, 28, 29, 30)
-
-
16. A system, comprising:
-
an authentication server disposed within a secured section of a wireless network;
one or more authenticators within the secured section coupled to the authentication server; and
one or more wireless access points located outside the secured section and coupled to said one or more authenticators, wherein said one or more authenticators and a properly authenticated mobile client are configured to store a master key, and the mobile client and an access point of the plurality of access points are configured to store a temporary encryption key for use in a current communications session. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. A system, comprising:
-
an authentication server disposed in a secured section of a network; and
an authenticator disposed in the secured section of the network, said authenticator configured to store a master key resulting from an authentication process, wherein said master key is used to generate a first session specific key for use by an authenticated mobile client and an access point coupled to the authenticator during a first communications session. - View Dependent Claims (25, 26)
-
Specification