Method and apparatus for communicating credential information within a network device authentication conversation
First Claim
1. An apparatus for communicating a security credential within a network device authentication conversation, comprising:
- a network interface that is coupled to the data network for receiving one or more packet flows therefrom;
a processor;
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
performing, at an authenticator that is communicatively coupled to a supplicant through a network, a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant;
initiating a second message conversation between the authenticator and the supplicant, wherein the second message conversation is cryptographically protected using the same security context that was created in the first message conversation;
providing a security credential to the supplicant in the second message conversation; and
concluding the second message conversation and the first message conversation.
0 Assignments
0 Petitions
Accused Products
Abstract
A method is disclosed for communicating a security credential within a network device authentication conversation. An authenticator that is coupled to a supplicant through a network performs a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant. A second message conversation is initiated. The second message conversation is cryptographically protected using the same security context. A security credential is provided to the supplicant in the second message conversation. The second message conversation and first message conversation are then concluded. Specific embodiments can bootstrap digital certificates, public/private key pairs, and other credentials to supplicants, in-band, within an EAP-SIM or EAP-AKA conversation and without initiating a new session or exchanging special-purpose keys to protect distribution of the credentials.
-
Citations
20 Claims
-
1. An apparatus for communicating a security credential within a network device authentication conversation, comprising:
-
a network interface that is coupled to the data network for receiving one or more packet flows therefrom;
a processor;
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
performing, at an authenticator that is communicatively coupled to a supplicant through a network, a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant;
initiating a second message conversation between the authenticator and the supplicant, wherein the second message conversation is cryptographically protected using the same security context that was created in the first message conversation;
providing a security credential to the supplicant in the second message conversation; and
concluding the second message conversation and the first message conversation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for communicating a security credential within a network device authentication conversation, comprising:
-
means for performing, at an authenticator that is communicatively coupled to a supplicant through a network, a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant;
means for initiating a second message conversation between the authenticator and the supplicant, wherein the second message conversation is cryptographically protected using the same security context that was created in the first message conversation;
means for providing a security credential to the supplicant in the second message conversation; and
means for concluding the second message conversation and the first message conversation. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification