Wireless network credential provisioning
First Claim
1. A wireless network access point (AP) configured to communicate with network nodes using a secure mode of operation, comprising:
- a wireless transceiver; and
a processor configured to provide credentials to a wireless supplicant using the wireless transceiver, the processor being configured to respond to an indication that the wireless supplicant desires credential provisioning by leaving the secure mode of operation, the processor being further configured to respond to a request for credential provisioning from a wireless supplicant by supplying a password to the wireless supplicant using a first encrypted message, the processor being further configured to supply at least one credential to the wireless supplicant using a second encrypted message if a waiting period expires with the processor receiving only one request for credential provisioning.
2 Assignments
0 Petitions
Accused Products
Abstract
A credential provisioning technique is provided that is secure yet easy to administer. A credential provisioner such as a network AP is configured to leave a secure mode of operation and allow open authentication with a wireless supplicant. After open authentication is established, the wireless supplicant requests credential provisioning. In response, the credential provisioner supplies the supplicant with an encrypted password. To prevent unauthorized access, the supplicant again requests credential provisioning but also proves knowledge of the encrypted password. At least one credential is supplied to the wireless supplicant in response to the proof only if a waiting period expires with just one request for credential provisioning being received by the credential provisioner.
72 Citations
25 Claims
-
1. A wireless network access point (AP) configured to communicate with network nodes using a secure mode of operation, comprising:
-
a wireless transceiver; and
a processor configured to provide credentials to a wireless supplicant using the wireless transceiver, the processor being configured to respond to an indication that the wireless supplicant desires credential provisioning by leaving the secure mode of operation, the processor being further configured to respond to a request for credential provisioning from a wireless supplicant by supplying a password to the wireless supplicant using a first encrypted message, the processor being further configured to supply at least one credential to the wireless supplicant using a second encrypted message if a waiting period expires with the processor receiving only one request for credential provisioning. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A wireless supplicant, comprising:
-
a wireless transceiver; and
a processor configured to request credential from a network credential provisioner using the wireless transceiver, the processor being configured to request credential provisioning by associating with the network credential provisioner using open authentication, the processor being further configured to receive an encrypted password in response to the request, the processor being further configured to re-request credential provisioning using an encrypted message that also proves knowledge of the password. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A wireless network access point (AP) configured to communicate with network nodes using a secure mode of operation, comprising:
-
a wireless transceiver; and
means for supplying at least one credential to a wireless supplicant using the wireless transceiver, the means being configured to respond to an indication that the wireless supplicant desires credential provisioning by leaving the secure mode of operation, the means being further configured to respond to a request for credential provisioning from the wireless supplicant by supplying a password to the wireless supplicant using a first encrypted message, the means being further configured to supply the at least one credential to the wireless supplicant using a second encrypted message if a waiting period expires with the AP receiving only one request for credential provisioning.
-
-
17. A method of provisioning credentials from a wireless network access point,(AP) to a wireless supplicant so that the wireless supplicant may access the network in a secure mode of operation, comprising:
-
receiving an indication at the AP that the wireless supplicant desires credential provisioning;
responsive to the indication, leaving the secure mode of operation and allowing open authentication at the AP;
receiving a request for credential provisioning from the wireless supplicant under open authentication;
initiating a waiting period;
responsive to the credential provisioning request, supplying the wireless supplicant with a password using encryption;
if the waiting period expires with only one request for credential provisioning being received by the AP, the method including the additional acts of;
receiving an additional request for credential provisioning from the wireless supplicant under open authentication, the wireless supplicant'"'"'s additional request proving knowledge of the password using the encryption; and
in response to the proof, provisioning at least one credential to the wireless supplicant using the encryption, wherein the at least one credential enables the wireless supplicant to gain secure network access. - View Dependent Claims (18, 19)
-
-
21. A method of requesting credential provisioning for a wireless supplicant from a wireless network access point (AP) so that the wireless supplicant may access the network in a secure mode of operation, comprising:
-
requesting for credential provisioning from the AP under open authentication;
responsive to the credential provisioning request, receiving at the wireless supplicant a password using a first encrypted message, the first encrypted message also supplying a waiting period;
after expiration of the waiting period, re-requesting for credential provisioning using a second encrypted message, the second encrypted message also proving knowledge of the password, and in response to the proof, receiving at least one credential at the wireless supplicant using a third encrypted message, wherein the at least one credential enables, the wireless supplicant to gain secure network access. - View Dependent Claims (20, 22, 23, 24)
-
-
25. A wireless supplicant, comprising:
-
a wireless transceiver; and
means for requesting credential provisioning using the wireless transceiver under open authentication, the means being configured to receive an encrypted password, the means being further configured to re-request credential provisioning using an encrypted request that also proves knowledge of the password.
-
Specification