Method and system for inter-subnet pre-authentication

US 20060179307A1
Filed: 02/04/2005
Published: 08/10/2006
Est. Priority Date: 02/04/2005
Status: Active Grant

First Claim

Patent Images

1. A method for performing inter-subnet pre-authentication, comprising receiving a pre-authentication request by a first access point associated with a first subnet from a mobile node requesting pre-authentication with a second access point on a second subnet;

forwarding the pre-authentication request to a first authenticator, wherein the first authenticator is the authenticator for the first access point;

obtaining from a root infrastructure node, an address for a second authenticator that is the authenticator for the second access point by the first authenticator; and

pre-authenticating the mobile node with the second authenticator by the first access point.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for performing pre-authentication across inter-subnets. A pre-authentication request is received by a first access point associated with a first subnet from a mobile node requesting that is requesting pre-authentication with a second access point associated with a second subnet. The request is forwarded by the access point to a first authenticator that is the authenticator for the first subnet. The first authenticator obtains from a root infrastructure node the address for a second authenticator that is the authenticator for the second access point. The first authenticator then pre-authenticates the mobile node with the second authenticator by sending a message to the address for the second authenticator.

Citations

21 Claims

1. A method for performing inter-subnet pre-authentication, comprising receiving a pre-authentication request by a first access point associated with a first subnet from a mobile node requesting pre-authentication with a second access point on a second subnet;
- forwarding the pre-authentication request to a first authenticator, wherein the first authenticator is the authenticator for the first access point;
  
  obtaining from a root infrastructure node, an address for a second authenticator that is the authenticator for the second access point by the first authenticator; and
  
  pre-authenticating the mobile node with the second authenticator by the first access point.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the root infrastructure node is a wireless location register, the wireless location register comprising an infrastructure authenticator.
  - 3. The method of claim 2, wherein the first authenticator is co-located with a first wireless domain server and the second authenticator is co-located with a second wireless domain server, further comprising:
    - establishing a trust relation between the first wireless domain server and the second wireless domain server.
  - 4. The method of claim 1, wherein:
    - the authenticator for the first subnet is co-located with a first wireless domain server; and
      
      the authenticator for the second subnet is co-located with a second wireless domain server.
  - 5. The method of claim 1, the pre-authenticating step further comprising forwarding the mobile node'"'"'s association context information to the second authenticator by the first authenticator.
  - 6. The method of claim 5, the pre-authenticating step further comprising establishing a forwarding path between the mobile node and the second access point.
  - 7. The method of claim 6, the pre-authenticating step further comprising:
    - wherein the forwarding path is secure.
  - 8. The method of claim 1, the obtaining from a root infrastructure node the address for the second authenticator further comprises looking up the address for the second authenticator using a table associated with the root infrastructure node.
  - 9. The method of claim 1, the obtaining from a root infrastructure node the address for the second authenticator further comprises broadcasting a message requesting the identity of the authenticator for the second access point.
  - 10. The method of claim 1, the pre-authenticating step further comprising the first wireless domain server securely forwarding the mobile node'"'"'s authentication context information to the second wireless domain server.
  - 11. The method of claim 1, further comprising:
    - establishing a secure routing path between the first authenticator to the second authenticator to enable the mobile node to pre-authenticate with the second authenticator.

12. A method for performing pre-authentication, comprising:
- authenticating a first authenticator for a first subnet by an infrastructure authenticator associated with a wireless location register;
  
  authenticating a second authenticator for a second subnet by the infrastructure authenticator associated with the wireless location register;
  
  authenticating a first access point associated with the first subnet by the infrastructure authenticator associated with the wireless location register, wherein the first authenticator is the authenticator for the first access point;
  
  authenticating a second access point associated with the second subnet by the infrastructure authenticator associated with the wireless location register, wherein the second authenticator is an authenticator for the second access point;
  
  receiving a pre-authentication request by the first access point from a mobile node requesting pre-authentication with the second access point;
  
  forwarding the pre-authentication request to the first authenticator;
  
  obtaining from the wireless location register the address for the authenticator for the second access point by the first authenticator; and
  
  pre-authenticating the mobile node with the second authenticator via the first access point.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein:
    - the authenticator for the first subnet is co-located with a first wireless domain server; and
      
      the authenticator for the second subnet is co-located with a second wireless domain server.
  - 14. The method of claim 13, the pre-authenticating step further comprising securely forwarding the mobile node'"'"'s association context information to the second authenticator by the first authenticator.
  - 15. The method of claim 12, the pre-authenticating step further comprising:
    - establishing a forwarding path between the mobile node and the second access point.

16. A system for performing pre-authentication, comprising means for receiving a pre-authentication request by a first access point associated with a first subnet from a mobile node requesting pre-authentication with a second access point on a second subnet;
- means for forwarding the pre-authentication request to a first authenticator, wherein the first authenticator is an authenticator for the first subnet;
  
  means for obtaining from a root infrastructure node, an address for a second authenticator that is an authenticator for the second access point by the first authenticator; and
  
  means for pre-authenticating the mobile node with the second authenticator by the first authenticator.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein:
    - the root infrastructure node is a wireless location register, the wireless location register comprising an infrastructure authenticator;
      
      the authenticator for the first subnet is co-located with a first wireless domain server; and
      
      the authenticator for the second subnet is co-located with a second wireless domain server.
  - 18. The system of claim 16, further comprising:
    - means for authenticating the first authenticator with the root infrastructure node;
      
      means for authenticating the second authenticator with the root infrastructure node;
      
      means for authenticating the first access point with root infrastructure node; and
      
      means for authenticating the second access point associated with the second subnet with the root infrastructure node.
  - 19. The system of claim 16, the means for pre-authenticating further comprising means for forwarding the mobile node'"'"'s authentication context information to the second authenticator by the first authenticator.
  - 20. The system of claim 19, the means for pre-authenticating further comprising:
    - means for establishing a secure forwarding path between the mobile node and the second access point.

21. A hierarchical network, comprising:
- a root infrastructure node, the root infrastructure node comprising a wireless location register and an associated infrastructure authenticator;
  
  an authentication server coupled to the root infrastructure node via a first communication interface;
  
  a first subnet comprising a first wireless domain server coupled to the root infrastructure node via a second communication interface, the first wireless domain server being co-located with the authenticator for a first subnet;
  
  a second subnet comprising a second wireless domain server coupled to the root infrastructure node via the second communication interface, the second wireless domain server being co-located with the authenticator for the second subnet;
  
  a first wireless access point associated with the first subnet communicatively coupled to the first wireless domain server; and
  
  a second wireless access point associated with the second subnet communicatively coupled to the second wireless domain server;
  
  wherein the infrastructure authenticator is responsive to authenticate the first wireless domain server, the second wireless domain servers, the first access point and the second access point enabling the first wireless domain server, the second wireless domain servers, the first access point and the second access to securely communicate with each other;
  
  wherein the first wireless access point is responsive to receipt of a pre-authentication request from a mobile node that has been previously authenticated by the authentication server attempting to pre-authenticate with the second wireless access point to forward the pre-authentication request to the first wireless domain server;
  
  wherein the first wireless domain server is responsive to obtain the address for the second wireless domain server from the wireless location register; and
  
  wherein the first wireless domain server is responsive to securely communicate the pre-authentication request with the second wireless domain server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Stieglitz, Jeremy, Cam Winget, Nancy

Granted Patent

US 7,477,747 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/08   for authentication of entit...

H04W 12/062   Pre-authentication

H04W 88/08   Access point devices

Method and system for inter-subnet pre-authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for inter-subnet pre-authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links