Wireless access point apparatus and method of establishing secure wireless links
First Claim
1. Wireless access point apparatus for use in each of the access points in a wireless network in which a plurality of access points communicate with each other over wireless links, the wireless network being connectable to an authentication server, the wireless access point apparatus comprising:
- an authenticator processing unit for passing authentication information from a device that requests authentication and mediating authentication processing by the authentication server by a predetermined authentication method;
a supplicant processing unit for supplying authentication information to an authenticator device and requesting the authentication processing by the predetermined authentication method; and
a function selector for selecting one of the authenticator processing unit and the supplicant processing unit when an unconnected access point is detected within communication range, an unconnected access point being any one of the access points that does not yet have a secure wireless link with the access point including the function selector;
wherein the selected one of the authenticator processing unit and supplicant processing unit operates to establish a secure wireless link with the unconnected access point.
1 Assignment
0 Petitions
Accused Products
Abstract
A wireless network is connectable to an authentication server. Each access point in the wireless network includes a supplicant processing unit, an authenticator processing unit, and a function selector. When an access point is detected within communication range, the function selector selects either the supplicant processing unit or the authenticator processing unit. The selected unit operates to carry out or mediate an authentication protocol and establish a secure wireless link, protected by a pairwise encryption key, between the two access points. Because every access point can operate as either an authenticator or a supplicant, it is not necessary to invoke the services of a master authenticator. If an encryption key is compromised, the effect is limited and does not force the entire network to be shut down.
-
Citations
23 Claims
-
1. Wireless access point apparatus for use in each of the access points in a wireless network in which a plurality of access points communicate with each other over wireless links, the wireless network being connectable to an authentication server, the wireless access point apparatus comprising:
-
an authenticator processing unit for passing authentication information from a device that requests authentication and mediating authentication processing by the authentication server by a predetermined authentication method;
a supplicant processing unit for supplying authentication information to an authenticator device and requesting the authentication processing by the predetermined authentication method; and
a function selector for selecting one of the authenticator processing unit and the supplicant processing unit when an unconnected access point is detected within communication range, an unconnected access point being any one of the access points that does not yet have a secure wireless link with the access point including the function selector;
whereinthe selected one of the authenticator processing unit and supplicant processing unit operates to establish a secure wireless link with the unconnected access point. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 23)
-
-
12. A wireless access method for use at each of the access points in a wireless network in which a plurality of access points communicate with each other over wireless links, the wireless network being connectable to an authentication server, the wireless access method comprising:
-
passing authentication information from a device that requests authentication and mediating authentication processing by the authentication server by a predetermined authentication method;
supplying authentication information to be passed to the authentication server and requesting the authentication processing by the predetermined authentication method; and
deciding whether to supply authentication information and request authentication processing, or to pass supplied authentication information and expedite authentication processing, when an unconnected access point is detected within communication range. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification