Method and system for secure authentication in a wireless network

US 20070162958A1
Filed: 04/24/2006
Published: 07/12/2007
Est. Priority Date: 12/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method for secure authentication in a wireless network, comprising:

a network device and a client device of a wireless network authenticating each other with EAP-TLS, wherein the network device is a gateway or an access point; and

the network device and the client device generating a TLS master secret jointly.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for secure authentication in a wireless network are provided. The method comprises the following steps. First, a network device and a client device of a wireless network authenticate each other with EAP-TLS. Wherein, the network device mentioned above is a gateway or an access point. Then, the network device and the client device generate a TLS master secret jointly. In addition, the method uses a distributed mechanism to prevent the consequences of the failure of a single AAA server, and to alleviate the consequences resulting from a violated network device. Furthermore, the method includes a multiple time digital signature mechanism achieved by performing multiple times of one-way hash operation to enable verification and revocation of certificate.

23 Citations

View as Search Results

20 Claims

1. A method for secure authentication in a wireless network, comprising:
- a network device and a client device of a wireless network authenticating each other with EAP-TLS, wherein the network device is a gateway or an access point; and
  
  the network device and the client device generating a TLS master secret jointly.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method for secure authentication in the wireless network of claim 1, wherein the wireless network has a plurality of network devices, and the method for secure authentication in the wireless network further comprises:
    - using KIS to generate a plurality of sub-private keys according to a private key of a key pair; and
      
      distributing each of the sub-private keys to one of the network devices for the authentication with EAP-TLS.
  - 3. The method for secure authentication in the wireless network of claim 1, wherein the network device is a gateway.
  - 4. The method for secure authentication in the wireless network of claim 3, further comprising the network device transmitting the TLS master secret to an access point used by the client device.
  - 5. The method for secure authentication in the wireless network of claim 1, wherein the network device is an access point.
  - 6. The method for secure authentication in the wireless network of claim 1, further comprising:
    - calculating {H(r₁), H(r₂), . . . , H(r_n)}{H²(r₁), H²(r₂), . . . , H²(r_n)}, . . . , to {H^N(r₁), H^N(r₂), . . . , H^N(r_n)} according to a set of numbers {r₁, r₂, . . . , r_n} and an asymmetric one-way hash function H, wherein n and N are integers;
      
      publishing {H^N(r₁), H^N(r₂), . . . , H^N(r_n)};
      
      assigning a set of index values {s₁, s₂, . . . , s_k} to the network device, wherein {s₁, s₂, . . . , s_k}⊂
      
      {1, 2, . . . , n};
      
      in the beginning of one cycle, using {Hⁱ(r_s₁), Hⁱ(r_s₂), . . . , Hⁱ(r_s_k)} as a multiple time digital signature of the network device, wherein i is an integer smaller than N;
      
      after the network device and the client device authenticating each other with EAP-TLS, the client device receiving the multiple time digital signature of the network device;
      
      if, after performing (N−
      
      i) times of hash operation on the multiple time digital signature of the network device with the asymmetric one-way hash function H, {H^N(r_s₁), H^N(r_s₂), . . . , H^N(r_s_k)} is obtained, the multiple time digital signature is determined as legitimate; and
      
      in the beginning of a next cycle, decreasing the value of i by a positive integer and updating the multiple time digital signature of the network device according to the new value of i.
  - 7. The method for secure authentication in the wireless network of claim 6, wherein the set of numbers {r₁, r₂, . . . , r_n} is generated randomly.
  - 8. The method for secure authentication in the wireless network of claim 6, wherein the set of index values {s₁, s₂, . . . , s_k} is generated according to an identification (id) code of the network device.
  - 9. The method for secure authentication in the wireless network of claim 6, wherein i is equal to N−
    - 1, and i is decreased by one in the beginning of the next cycle.
  - 10. The method for secure authentication in the wireless network of claim 6, wherein if the wireless network has a plurality of network devices, the combination of the index values corresponding to each of the network devices is not the same.

11. A system for secure authentication in a wireless network, comprising:
- a client device; and
  
  a network device, wherein the network device and the client device authenticate each other with EAP-TLS, and generate a TLS master secret jointly after the authentication, moreover the network device is a gateway or an access point.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system for secure authentication in the wireless network of claim 11, wherein the system for secure authentication in the wireless network has a plurality of network devices, and each of the network devices uses one of a plurality of sub-private keys to perform the authentication with EAP-TLS, wherein the sub-private keys are generated by using KIS according to a private key of a key pair.
  - 13. The system for secure authentication in the wireless network of claim 11, wherein the network device is a gateway.
  - 14. The system for secure authentication in the wireless network of claim 13, wherein the network device transmits the TLS master secret to an access point used by the client device.
  - 15. The system for secure authentication in the wireless network of claim 11, wherein the network device is an access point.
  - 16. The system for secure authentication in the wireless network of claim 11, wherein after the client device and the network device authenticate each other with EAP-TLS, the client device receives a multiple time digital signature of the network device, meanwhile if {H^N(r_s₁), H^N(r_s₂), . . . , H^N(r_s_k)} is obtained after performing (N−
    - i) times of hash operation on the multiple time digital signature with an asymmetric one-way hash function H, the client device determines the multiple time digital signature in the present cycle is legitimate, and the multiple time digital signature of the network device is updated in the beginning of the next cycle;
      
      wherein n and N are integers, and i is an integer smaller than N;
      
      {H^N(r_s₁), H^N(r_s₂), . . . , H^N(r_s_k)} is one part of a hash chain, and the hash chain comprises {H(r₁), H(r₂), . . . , H(r_n)}{H²(r₁), H²(r₂), . . . , H²(r_n)}, . . . , to {H^N(r₁), H^N(r₂), . . . , H^N(r_n)}, the hash chain is calculated according to a set of numbers {r₁, r₂, . . . , r_n} and an asymmetric one-way hash function H, wherein {H^N(r₁), H^N(r₂), . . . , H^N(r_n)} is published as a public key;
      
      {s₁, s₂, . . . , s_k} is a set of index values that is assigned to the network device, and {s₁, s₂, . . . , s_k}⊂
      
      {1, 2, . . . , n};
      
      in the beginning of the present cycle, the multiple time digital signature of the network device is configured as {Hⁱ(r_s₁), Hⁱ(r_s₂), . . . , Hⁱ(r_s_k)}; and
      
      in the beginning of the next cycle, the value of i is decreased by a positive integer, and then the multiple time digital signature {Hⁱ(r_s₁), Hⁱ(r_s₂), . . . , Hⁱ(r_s_k)} of the network device is updated according to the new value of i.
  - 17. The system for secure authentication in the wireless network of claim 16, wherein the set of numbers {r₁, r₂, . . . , r_n} is generated randomly.
  - 18. The system for secure authentication in the wireless network of claim 16, wherein the set of index values {s₁, s₂, . . . , s_k} is generated according to an identification (id) code of the network device.
  - 19. The system for secure authentication in the wireless network of claim 16, wherein i is equal to N−
    - 1, and i is decreased by one in the beginning of the next cycle.
  - 20. The system for secure authentication in the wireless network of claim 16, wherein if the wireless network has a plurality of network devices, the combination of the index values corresponding to each of the network devices is not the same.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Industrial Technology Research Institute
Original Assignee
Industrial Technology Research Institute
Inventors
Song, Chen-Hwa, Kao, Min-Chih, Lee, Ya-Wen, Yeh, Yi-Shiung

Granted Patent

US 7,849,314 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0869   for achieving mutual authen...

H04L 63/166   at the transport layer

H04L 9/083   involving central third par...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

Method and system for secure authentication in a wireless network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure authentication in a wireless network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links