Security system for wireless networks

US 20060059538A1
Filed: 09/13/2004
Published: 03/16/2006
Est. Priority Date: 09/13/2004
Status: Abandoned Application

First Claim

Patent Images

1. A security procedure for communications between a wireless local area network and a client device, the wireless local area network having access points connected to an authentication server, said procedure comprising the steps of:

identifying, by a client device, an access point of the wireless local area network; and

performing an authentication process for authenticating the client device by exchanging management frames between the client device and the authentication server through the access point, wherein IPsec security is invoked for communications between the client device and the authentication server during the authentication process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security procedure for invoking IPsec security for communication of a packet in a network includes the steps of generating a message to be sent at the transport layer, building Internet Protocol and Transport Control Protocol headers for the message, selecting a security policy in accordance with a security policy database after the step of building Internet Protocol and Transport Control Protocol headers, and processing the packet according to the selected security policy.

Citations

24 Claims

1. A security procedure for communications between a wireless local area network and a client device, the wireless local area network having access points connected to an authentication server, said procedure comprising the steps of:
- identifying, by a client device, an access point of the wireless local area network; and
  
  performing an authentication process for authenticating the client device by exchanging management frames between the client device and the authentication server through the access point, wherein IPsec security is invoked for communications between the client device and the authentication server during the authentication process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The security procedure of claim 1, wherein IPsec security for each packet is invoked according to the following procedure:
    - generating a message to be sent at the transport layer;
      
      building Internet Protocol and Transport Control Protocol headers for the message;
      
      selecting an IPsec security policy in accordance with a security policy database after the step of building Internet Protocol and Transport Control Protocol headers; and
      
      processing the packet according to the selected security policy.
  - 3. The security procedure of claim 2, further comprising the step of generating a send socket buffer after said step of building Internet Protocol and Transport Control Protocol headers and before said step of selecting an IPsec security policy.
  - 4. The security procedure of claim 2, further comprising the step of locating a security association for the packet if IPsec security is to be applied to the packet in accordance with the selected security policy.
  - 5. The security procedure of claim 4, further comprising the step of performing IPsec encryption in a tunnel mode in accordance with the located security association.
  - 6. The security procedure of claim 2, wherein all steps in the transport layer required for processing a packet to be sent between the access point and the authentication server are performed before the step of selecting an IPsec security policy.
  - 7. The security procedure of claim 6, wherein said step of selecting an IPsec security policy and all steps required for processing the packet to be sent between the access point and the authentication server performed after the step of selecting an IPsec security policy are performed in the network layer.
  - 8. The security procedure of claim 1, wherein said step of performing an authentication process for authenticating the client device invokes IPSec security using a first security association and said security procedure further comprises the step of implementing an IPSec security for communication through the wireless local area network between the client device and the network element in a virtual private network using a second security association.
  - 9. The security procedure of claim 8, wherein the IPSec security for communication between the client device and the network element is implemented in a tunnel mode.
  - 10. The security procedure of claim 8, wherein the virtual private network is a wireless virtual private network.

11. A security procedure for invoking IPsec security for communication of a packet in a network, comprising the steps of:
- generating a message to be sent at the transport layer;
  
  building Internet Protocol and Transport Control Protocol headers for the message;
  
  selecting an IPsec security policy in accordance with a security policy database after the step of building Internet Protocol and Transport Control Protocol headers; and
  
  processing the packet according to the selected IPsec security policy.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The security procedure of claim 11, further comprising the step of generating a send socket buffer after said step of building Internet Protocol and Transport Control Protocol headers and before said step of selecting an IPsec security policy.
  - 13. The security procedure of claim 11, further comprising the step of locating a security association for the packet if IPsec security is to be applied to the packet in accordance with the selected IPsec security policy.
  - 14. The security procedure of claim 13, further comprising the step of performing IPsec encryption in a tunnel mode in accordance with the located security association.
  - 15. The security procedure of claim 11, wherein all steps in the transport layer required for processing a packet to be sent between the access point and the authentication server are performed before the step of selecting an IPsec security policy.
  - 16. The security procedure of claim 15, wherein said step of selecting an IPsec security policy and all steps required for processing the packet to be sent between the access point and the authentication server performed after the step of selecting an IPsec security policy are performed in the network layer.

17. A wireless network comprising a plurality of interconnected components, said wireless network allowing access by wireless clients, said plurality of interconnected components comprising:
- at least one access point through which client devices are connectable to the wireless network; and
  
  an authentication server connected to said at least one access point, said authentication server and said at least one access point being operatively arranged for performing an authentication process for authenticating client devices desiring access to said wireless network, and said authentication server and said access points being operatively arranged for communicating using IPsec encrypted communications during the authentication process.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The wireless network of claim 17, wherein said plurality of interconnected components further comprises a router connected to a wide area network.
  - 19. The wireless network of claim 17, wherein each of said at least one access point and said authentication server comprise a computer readable memory storing computer-executable instructions for invoking IPsec security for each packet to be sent between said access point and said authentication server, said memory comprising instructions for:
    - generating a message to be sent at the transport layer;
      
      building Internet Protocol and Transport Control Protocol headers for the message;
      
      selecting an IPsec security policy in accordance with a security policy database after the step of building Internet Protocol and Transport Control Protocol headers; and
      
      processing the packet according to the selected IPsec security policy.
  - 20. The wireless network of claim 19, said memory further comprising instructions for generating a send socket buffer after said step of building Internet Protocol and Transport Control Protocol headers and before said step of selecting an IPsec security policy.
  - 21. The wireless network of claim 19, said memory further comprising instructions for locating a security association for the packet if IPsec security is to be applied to the packet in accordance with the selected IPsec security policy.
  - 22. The wireless network of claim 21, said memory further comprising instructions for performing IPsec encryption in a tunnel mode in accordance with the located security association.
  - 23. The security procedure of claim 19, wherein all instructions which are performed in the transport layer required for processing a packet to be sent between the access point and the authentication server are performed before selecting an IPsec security policy.
  - 24. The security procedure of claim 23, wherein said instructions for selecting an IPsec security policy and all instructions required for processing the packet to be sent between the access point and the authentication server performed after the selection of an IPsec security policy are performed in the network layer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xcomm Box, Inc.
Original Assignee
Xcomm Box, Inc.
Inventors
Lee, Sung Joon

Application Number

US10/939,663
Publication Number

US 20060059538A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/083 using passwords cryptograph...

H04L 63/164 at the network layer

Security system for wireless networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Security system for wireless networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links