Wireless access point apparatus and method of establishing secure wireless links

US 20060200678A1
Filed: 02/16/2006
Published: 09/07/2006
Est. Priority Date: 03/04/2005
Status: Active Grant

First Claim

Patent Images

1. Wireless access point apparatus for use in each of the access points in a wireless network in which a plurality of access points communicate with each other over wireless links, the wireless network being connectable to an authentication server, the wireless access point apparatus comprising:

an authenticator processing unit for passing authentication information from a device that requests authentication and mediating authentication processing by the authentication server by a predetermined authentication method;

a supplicant processing unit for supplying authentication information to an authenticator device and requesting the authentication processing by the predetermined authentication method; and

a function selector for selecting one of the authenticator processing unit and the supplicant processing unit when an unconnected access point is detected within communication range, an unconnected access point being any one of the access points that does not yet have a secure wireless link with the access point including the function selector;

wherein the selected one of the authenticator processing unit and supplicant processing unit operates to establish a secure wireless link with the unconnected access point.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless network is connectable to an authentication server. Each access point in the wireless network includes a supplicant processing unit, an authenticator processing unit, and a function selector. When an access point is detected within communication range, the function selector selects either the supplicant processing unit or the authenticator processing unit. The selected unit operates to carry out or mediate an authentication protocol and establish a secure wireless link, protected by a pairwise encryption key, between the two access points. Because every access point can operate as either an authenticator or a supplicant, it is not necessary to invoke the services of a master authenticator. If an encryption key is compromised, the effect is limited and does not force the entire network to be shut down.

Citations

23 Claims

1. Wireless access point apparatus for use in each of the access points in a wireless network in which a plurality of access points communicate with each other over wireless links, the wireless network being connectable to an authentication server, the wireless access point apparatus comprising:
- an authenticator processing unit for passing authentication information from a device that requests authentication and mediating authentication processing by the authentication server by a predetermined authentication method;
  
  a supplicant processing unit for supplying authentication information to an authenticator device and requesting the authentication processing by the predetermined authentication method; and
  
  a function selector for selecting one of the authenticator processing unit and the supplicant processing unit when an unconnected access point is detected within communication range, an unconnected access point being any one of the access points that does not yet have a secure wireless link with the access point including the function selector;
  
  wherein the selected one of the authenticator processing unit and supplicant processing unit operates to establish a secure wireless link with the unconnected access point.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 23)
- - 2. The wireless access point apparatus of claim 1, wherein the function selector operates upon reception of a beacon signal from the unconnected access point.
  - 3. The wireless access point apparatus of claim 1, wherein the function selector selects the supplicant processing unit when the access point including the wireless access point apparatus cannot connect to the authentication server.
  - 4. The wireless access point apparatus of claim 1, wherein the function selector selects the authenticator processing unit when the access point including the wireless access point apparatus can connect to the authentication server.
  - 5. The wireless access point apparatus of claim 1, wherein the function selector selects the authenticator processing unit when the access point including the wireless access point apparatus can connect to the authentication server but lacks routing information for the unconnected access point.
  - 6. The wireless access point apparatus of claim 1, wherein the function selector selects one of the authenticator processing unit and the supplicant processing unit by comparing mutual management information exchanged with the unconnected access point.
  - 7. The wireless access point apparatus of claim 1, further comprising:
    - an encryption information generator for generating encryption information specifically for the secure wireless link with the unconnected access point if the unconnected access point is authenticated by said authentication method; and
      
      an encryption information management unit for managing the encryption information generated specifically for each of one or more wireless links linking the access point including the wireless access point apparatus to other access points in the wireless network.
  - 8. The wireless access point apparatus of claim 7, wherein the encryption information generator has a unicast communication encryption information generating section that generates encryption information for use in unicast communication with the unconnected access point.
  - 9. The wireless access point apparatus of claim 8, wherein the unicast communication encryption information generating section receives encryption-related information related to the wireless link with the unconnected access point from the authentication server and generates the encryption information specifically for the wireless link with the unconnected access point from the encryption-related information.
  - 10. The wireless access point apparatus of claim 7, wherein the encryption information generator has a broadcast communication encryption information generating section that generates encryption information for use in broadcast communication with a plurality of access points within communication range, further comprising a communication unit for transmitting the encryption information for broadcast communication to the plurality of access points within communication range.
  - 11. The wireless access point apparatus of claim 10 wherein, when the communication unit receives from another access point encryption information for broadcast communication used by said another access point for broadcast communication, the encryption information management unit also manages the received encryption information for broadcast communication specifically for said another access point.
  - 23. A wireless network connectable to an authentication server and comprising a plurality of access points having wireless access point apparatus of the type recited in claim 1.

12. A wireless access method for use at each of the access points in a wireless network in which a plurality of access points communicate with each other over wireless links, the wireless network being connectable to an authentication server, the wireless access method comprising:
- passing authentication information from a device that requests authentication and mediating authentication processing by the authentication server by a predetermined authentication method;
  
  supplying authentication information to be passed to the authentication server and requesting the authentication processing by the predetermined authentication method; and
  
  deciding whether to supply authentication information and request authentication processing, or to pass supplied authentication information and expedite authentication processing, when an unconnected access point is detected within communication range.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The wireless access method of claim 12, wherein the deciding process is carried out upon reception of a beacon signal from the unconnected access point.
  - 14. The wireless access method of claim 12, wherein the deciding process comprises deciding to supply authentication information and request authentication processing when the access point at which the wireless access method is carried out cannot connect to the authentication server.
  - 15. The wireless access method of claim 12, wherein the deciding process comprises deciding to pass supplied authentication information and mediate authentication processing when the access point at which the wireless access method is carried out can connect to the authentication server.
  - 16. The wireless access method of claim 12, wherein the deciding process comprises deciding to pass supplied authentication information and expedite authentication processing when the access point at which the wireless access method is carried out can connect to the authentication server but lacks routing information for the unconnected access point.
  - 17. The wireless access method of claim 12, wherein the deciding process comprises comparing mutual management information exchanged with the unconnected access point.
  - 18. The wireless access method of claim 12, further comprising:
    - generating encryption information specifically for a wireless link with the unconnected access point if the unconnected access point is authenticated by said authentication method; and
      
      managing the encryption information generated specifically for each of one or more wireless links linking the access point at which the wireless access method is carried out to other access points.
  - 19. The wireless access method of claim 18, wherein generating encryption information comprises generating unicast encryption information for use in unicast communication with the unconnected access point.
  - 20. The wireless access method of claim 19, wherein generating unicast encryption information comprises:
    - receiving encryption-related information related to the wireless link with the unconnected access point from the authentication server; and
      
      generating the encryption information specifically for the wireless link with the unconnected access point from the encryption-related information.
  - 21. The wireless access method of claim 18, wherein generating encryption information comprises:
    - generating broadcast encryption information for use in broadcast communication with a plurality of access points within communication range; and
      
      transmitting the encryption information for broadcast communication to the plurality of access points within communication range.
  - 22. The wireless access method of claim 21 wherein, further comprising:
    - receiving, from another access point, broadcast encryption information used by said another access point; and
      
      managing the received broadcast encryption information specifically for decrypting broadcast communications received from said another access point.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OKI Electric Industry Company Limited
Original Assignee
OKI Electric Industry Company Limited
Inventors
Yamada, Katsuhiko, Tsubota, Azuma

Granted Patent

US 7,596,368 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 9/0833   involving conference or gro...

H04L 9/0869   involving random numbers or...

H04L 9/321   involving a third party or ...

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 84/22   with access to wired networks

H04W 88/08   Access point devices

Wireless access point apparatus and method of establishing secure wireless links

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless access point apparatus and method of establishing secure wireless links

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links