Wireless network credential provisioning

US 20060171537A1
Filed: 01/21/2005
Published: 08/03/2006
Est. Priority Date: 01/21/2005
Status: Active Grant

First Claim

Patent Images

1. A wireless network access point (AP) configured to communicate with network nodes using a secure mode of operation, comprising:

a wireless transceiver; and

a processor configured to provide credentials to a wireless supplicant using the wireless transceiver, the processor being configured to respond to an indication that the wireless supplicant desires credential provisioning by leaving the secure mode of operation, the processor being further configured to respond to a request for credential provisioning from a wireless supplicant by supplying a password to the wireless supplicant using a first encrypted message, the processor being further configured to supply at least one credential to the wireless supplicant using a second encrypted message if a waiting period expires with the processor receiving only one request for credential provisioning.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A credential provisioning technique is provided that is secure yet easy to administer. A credential provisioner such as a network AP is configured to leave a secure mode of operation and allow open authentication with a wireless supplicant. After open authentication is established, the wireless supplicant requests credential provisioning. In response, the credential provisioner supplies the supplicant with an encrypted password. To prevent unauthorized access, the supplicant again requests credential provisioning but also proves knowledge of the encrypted password. At least one credential is supplied to the wireless supplicant in response to the proof only if a waiting period expires with just one request for credential provisioning being received by the credential provisioner.

72 Citations

View as Search Results

25 Claims

1. A wireless network access point (AP) configured to communicate with network nodes using a secure mode of operation, comprising:
- a wireless transceiver; and
  
  a processor configured to provide credentials to a wireless supplicant using the wireless transceiver, the processor being configured to respond to an indication that the wireless supplicant desires credential provisioning by leaving the secure mode of operation, the processor being further configured to respond to a request for credential provisioning from a wireless supplicant by supplying a password to the wireless supplicant using a first encrypted message, the processor being further configured to supply at least one credential to the wireless supplicant using a second encrypted message if a waiting period expires with the processor receiving only one request for credential provisioning.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The wireless network AP of claim 1, wherein the secure mode of operation includes Wifi Protected Access (WPA) operation.
  - 3. The wireless network AP of claim 1, wherein the secure mode of operation includes Wired Equivalent Privacy (WEP) operation.
  - 4. The wireless network AP of claim 1, wherein the processor is further configured to initiate the waiting period upon receipt of the request for credential provisioning.
  - 5. The wireless network AP of claim 4, wherein the processor is further configured to communicate the waiting period initiation to the wireless supplicant using the first encrypted message.
  - 6. The wireless network AP of claim 4, wherein processor is further configured to allow open authentication upon leaving the secure mode of operation.
  - 7. The wireless network AP of claim 1, wherein the encryption used for the encrypted messages is a Secure Socket Layer (SSL) encryption.
  - 8. The wireless network AP of claim 7, wherein the AP is a Dynamic Host Configuration Protocol (DHCP) server, the processor being further configured to supply the wireless supplicant with an IP address using the DHCP protocol to support the SSL encryption.
  - 9. The wireless network AP of claim 1, wherein the processor is further configured to respond to a second request for credential provisioning while the waiting period has not expired by resuming the secure mode of operation.
  - 10. The wireless network AP of claim 9, wherein the processor is further configured to respond to the second request for credential provisioning while the waiting period has not expired by notifying a network administrator of an attempted unauthorized credential provisioning.

11. A wireless supplicant, comprising:
- a wireless transceiver; and
  
  a processor configured to request credential from a network credential provisioner using the wireless transceiver, the processor being configured to request credential provisioning by associating with the network credential provisioner using open authentication, the processor being further configured to receive an encrypted password in response to the request, the processor being further configured to re-request credential provisioning using an encrypted message that also proves knowledge of the password.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The wireless supplicant of claim 11, wherein the processor is further configured to receive at least one credential from the credential provisioner that enables the wireless supplicant to gain secure network access.
  - 13. The wireless supplicant of claim 11, wherein the encryption is Secure Socket Layer (SSL) encryption.
  - 14. The wireless supplicant of claim 12, wherein the processor is further configured to respond to open authentication with the credential provisioner by issuing a DHCP discover frame to the credential provisioner, selecting its IP address by responding to a DHCP offer frame from the credential provisioner with a DHCP request frame, and determining an IP address for the credential provisioner using an DHCP ACK frame from the credential provisioner.
  - 15. The wireless supplicant of claim 12, wherein the at least one credential is a Wifi Protected Access (WPA) security parameter.

16. A wireless network access point (AP) configured to communicate with network nodes using a secure mode of operation, comprising:
- a wireless transceiver; and
  
  means for supplying at least one credential to a wireless supplicant using the wireless transceiver, the means being configured to respond to an indication that the wireless supplicant desires credential provisioning by leaving the secure mode of operation, the means being further configured to respond to a request for credential provisioning from the wireless supplicant by supplying a password to the wireless supplicant using a first encrypted message, the means being further configured to supply the at least one credential to the wireless supplicant using a second encrypted message if a waiting period expires with the AP receiving only one request for credential provisioning.

17. A method of provisioning credentials from a wireless network access point,(AP) to a wireless supplicant so that the wireless supplicant may access the network in a secure mode of operation, comprising:
- receiving an indication at the AP that the wireless supplicant desires credential provisioning;
  
  responsive to the indication, leaving the secure mode of operation and allowing open authentication at the AP;
  
  receiving a request for credential provisioning from the wireless supplicant under open authentication;
  
  initiating a waiting period;
  
  responsive to the credential provisioning request, supplying the wireless supplicant with a password using encryption;
  
  if the waiting period expires with only one request for credential provisioning being received by the AP, the method including the additional acts of;
  
  receiving an additional request for credential provisioning from the wireless supplicant under open authentication, the wireless supplicant'"'"'s additional request proving knowledge of the password using the encryption; and
  
  in response to the proof, provisioning at least one credential to the wireless supplicant using the encryption, wherein the at least one credential enables the wireless supplicant to gain secure network access.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17, wherein the encryption is SSL encryption.
  - 19. The method of claim 17, further comprising:
    - using DHCP frames to provide the wireless supplicant with an IP address.

21. A method of requesting credential provisioning for a wireless supplicant from a wireless network access point (AP) so that the wireless supplicant may access the network in a secure mode of operation, comprising:
- requesting for credential provisioning from the AP under open authentication;
  
  responsive to the credential provisioning request, receiving at the wireless supplicant a password using a first encrypted message, the first encrypted message also supplying a waiting period;
  
  after expiration of the waiting period, re-requesting for credential provisioning using a second encrypted message, the second encrypted message also proving knowledge of the password, and in response to the proof, receiving at least one credential at the wireless supplicant using a third encrypted message, wherein the at least one credential enables, the wireless supplicant to gain secure network access.
- View Dependent Claims (20, 22, 23, 24)
- - 20. The method of claim 21, further comprising:
    - using DHCP frames to provide the wireless supplicant with an IP address for the AP.
  - 22. The method of claim 21, wherein the first, second, and third encrypted messages are SSL encrypted messages.
  - 23. The method of claim 21, further comprising:
    - using DHCP frames to provide the wireless supplicant with an IP address.
  - 24. The method of claim 21, further comprising:
    - using DHCP frames to provide the wireless supplicant with an IP address for the AP.

25. A wireless supplicant, comprising:
- a wireless transceiver; and
  
  means for requesting credential provisioning using the wireless transceiver under open authentication, the means being configured to receive an encrypted password, the means being further configured to re-request credential provisioning using an encrypted request that also proves knowledge of the password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Enright, Mark

Granted Patent

US 7,555,783 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/104   Grouping of entities

H04W 12/069   using certificates or pre-s...

H04W 88/08   Access point devices

Wireless network credential provisioning

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless network credential provisioning

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links