Administration of wireless local area networks
First Claim
1. A method for managing access to a wireless network by a terminal device, comprising steps of:
- a) the terminal device receiving a first key from a trusted device of the wireless network via a first communication channel;
b) executing a key agreement protocol between the terminal device and the wireless network via a second communication channel to determine a second key corresponding to the terminal device authenticated using the first key;
c) authenticating the terminal device by the wireless network using the second key; and
d) authorizing the terminal to access the wireless network using the second communication channel upon successful completion of step c).
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for managing access to a wireless local area network are provided. A wireless access point (AP) may use a unified approach that utilizes an out-of-band channel to communicate authentication key and network address information to a guest device, and utilizes an in-band channel to establish communications with the guest device, and also provides support for in-band setup on all devices. The ability to use out-of-band where possible provides for an increase to security and usability, and the possibility of delegating access from one device to another. The unified approach thereby also provides easy management of guest access to the WLAN.
260 Citations
68 Claims
-
1. A method for managing access to a wireless network by a terminal device, comprising steps of:
-
a) the terminal device receiving a first key from a trusted device of the wireless network via a first communication channel;
b) executing a key agreement protocol between the terminal device and the wireless network via a second communication channel to determine a second key corresponding to the terminal device authenticated using the first key;
c) authenticating the terminal device by the wireless network using the second key; and
d) authorizing the terminal to access the wireless network using the second communication channel upon successful completion of step c). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A system, comprising:
-
a first device trusted by a wireless network, said first device storing executable instructions to transmit a first key to a second device via a first communication channel;
the second device untrusted by the wireless network, said second device storing executable instructions to execute via a second communication channel a key agreement protocol with an access controller of the wireless network to determine a second key corresponding to the second device, wherein the key agreement protocol authenticates the second key using the first key;
the access controller storing executable instructions to authenticate the second device using the second key, and to authorize the second device to access the wireless network upon successful authentication. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. A method for managing access to a wireless network by a terminal device, wherein the wireless network includes an in-band communication channel, comprising steps of:
-
a) executing a key agreement protocol between the terminal device and the wireless network via the in-band communication channel to determine a first key corresponding to the terminal device and authenticated by comparing at least one part of a checksum corresponding to the first key;
b) authenticating the terminal device by the wireless network using the first key; and
c) authorizing the terminal to access the wireless network upon successful completion of step b). - View Dependent Claims (51, 52, 53, 54, 55, 56)
-
-
57. A method for managing access to a wireless network by a terminal device, comprising steps of:
-
a) the terminal device receiving a first key from a trusted device of the wireless network via a first communication channel;
b) sending a request for a key agreement protocol to the wireless network;
c) executing the key agreement protocol to determine a second key corresponding to the wireless network authenticated using the first key;
e) transmitting a request for joining the wireless network wherein the request comprises authentication information based on the second key; and
f) receiving confirmation for the joining request. - View Dependent Claims (58)
-
-
59. A mobile terminal, comprising:
a memory storing computer executable instructions for performing a method of accessing a wireless network, said method comprising steps of;
a) the terminal device receiving a first key from a trusted device of the wireless network via a first communication channel;
d) sending a request for a key agreement protocol to the wireless network;
e) executing the key agreement protocol to determine a second key corresponding to the wireless network authenticated using the first key;
g) transmitting a request for joining the wireless network wherein the request comprises authentication information based on the second key; and
h) receiving confirmation for the joining request.
-
60. A method for managing access to a wireless network by an access controller, comprising steps of:
-
a) transmitting a first authentication key to a terminal device via a first communication channel;
b) receiving a request for a key agreement protocol from the terminal device;
c) executing the key agreement protocol to determine a second key corresponding to the terminal device and authenticated using the first key;
d) receiving a request from the terminal device to join the wireless network;
e) authenticating the request using the second key; and
f) authorizing the terminal to access the wireless network using a second communication channel upon successful completion of step e). - View Dependent Claims (61)
-
-
62. An access control device, comprising:
-
a memory storing computer executable instructions for performing a method of managing access to a wireless network by the access controller, said method comprising steps of;
a) transmitting a first authentication key to a terminal device via a first communication channel;
b) receiving a request for a key agreement protocol from the terminal device;
c) executing the key agreement protocol to determine a second key corresponding to the terminal device and authenticated using the first key;
d) receiving a request from the terminal device to join the wireless network;
e) authenticating the request using the second key; and
f) authorizing the terminal to access the wireless network using a second communication channel upon successful completion of step e).
-
-
63. A method for a trusted device to manage access to a wireless network by an untrusted terminal device, comprising steps of:
-
a) sharing a first key with a wireless network having an access controller;
b) choosing a value for at least one variable;
c) generating a second key based on a function of the first key and at least one variable; and
d) transmitting the second key to the untrusted terminal device via a first communication channel. - View Dependent Claims (64)
-
-
65. A mobile terminal, comprising:
-
a memory storing computer executable instructions for performing a method to manage access to a wireless network by an untrusted terminal device, said method comprising steps of;
a) sharing a first key with a wireless network having an access controller;
b) choosing a value for at least one variable;
c) generating a second key based on a function of the first key and at least one variable; and
d) transmitting the second key to the untrusted terminal device via a first communication channel.
-
-
66. A method for managing access to a wireless network by an access controller, comprising steps of:
-
a) sharing a first key with a trusted device;
b) receiving a request for a key agreement protocol from an untrusted terminal device;
c) executing the key agreement protocol to determine a second key corresponding to the terminal device, said key agreement protocol comprising i. receiving one or more variables from the terminal device, ii. generating the second key based on a function of the first key and at the one or more variables, and iii. authenticating the determined second key using the first key;
d) receiving a request from the terminal device to join the wireless network;
e) authenticating the request of step d) using the second key;
f) authorizing the terminal device to access the wireless network upon successful completion of step e). - View Dependent Claims (67)
-
-
68. An access control device, comprising:
-
a memory storing computer executable instructions for performing a method of managing access to a wireless network, said method comprising steps of;
a) sharing a first key with a trusted device;
b) receiving a request for a key agreement protocol from an untrusted terminal device;
c) executing the key agreement protocol to determine a second key corresponding to the terminal device, said key agreement protocol comprising i. receiving one or more variables from the terminal device, ii. generating the second key based on a function of the first key and at the one or more variables, and iii. authenticating the determined second key using the first key;
d) receiving a request from the terminal device to join the wireless network;
e) authenticating the request of step d) using the second key;
f) authorizing the terminal device to access the wireless network upon successful completion of step e).
-
Specification