METHOD AND SYSTEM FOR AUTHENTICATING PEER DEVICES USING EAP
First Claim
1. A method for authenticating a peer device onto a network having an authenticator and an authentication server, the authentication server supporting Extensible Authentication Protocol (EAP), the network being accessible through an access point associated with the authenticator, the method including steps of:
- exchanging EAP-specific authentication messages between the peer device and the authentication server via the authenticator;
generating keying material in the peer device;
generating said keying material and an associated key lifetime in the authentication server, and communicating said keying material and said associated key lifetime from the authentication server to the authenticator; and
communicating an EAP Success message from the authenticator to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success message contains said associated key lifetime.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authenticating a peer device onto a network using Extensible Authentication Protocol (EAP). The key lifetime associated with the keying material generated in the peer device and the authentication server is communicated from the authenticator to the peer device within the EAP Success message. The peer device, having been provided with the key lifetime, can anticipate the termination of its authenticated session and initiate re-authentication prior to expiry of the key lifetime.
-
Citations
21 Claims
-
1. A method for authenticating a peer device onto a network having an authenticator and an authentication server, the authentication server supporting Extensible Authentication Protocol (EAP), the network being accessible through an access point associated with the authenticator, the method including steps of:
-
exchanging EAP-specific authentication messages between the peer device and the authentication server via the authenticator; generating keying material in the peer device; generating said keying material and an associated key lifetime in the authentication server, and communicating said keying material and said associated key lifetime from the authentication server to the authenticator; and communicating an EAP Success message from the authenticator to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success message contains said associated key lifetime. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A communications system, comprising:
-
a network having an access point; an authenticator associated with the access point; an authentication server connected to the network and configured to communicate with the authenticator, the authentication server being configured to support Extensible Authentication Protocol (EAP); and a peer device configured to connect to said access point and exchange EAP-specific authentication messages with the authentication server via the authenticator, the peer device being further configured to generate keying material, wherein the authentication server is configured to generate said keying material and an associated key lifetime, and to communicate said keying material and said associated lifetime to the authenticator, and wherein the authenticator is configured to communicate an EAP Success message to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success message contains said associated key lifetime. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. An access point in a network for permitting access by a peer device onto the network, the network including an authentication server supporting Extensible Authentication Protocol (EAP), the access point comprising:
an authenticator configured to exchange EAP-specific authentication messages between the authentication server and the peer device, and being configured to receive keying material and an associated key lifetime from the authentication server, the authenticator comprising a component for generating an EAP success message and transmitting the EAP Success message to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success message contains said associated key lifetime. - View Dependent Claims (17, 18, 19)
-
20. A method at an access point in a network for permitting access by a peer device onto the network, the network comprising an authentication server supporting Extensible Authentication Protocol (EAP), the method comprising:
-
exchanging EAP-specific authentication messages between the authentication server and the peer device; receiving keying material and an associated key lifetime from the authentication server; generating an EAP success message; and transmitting the EAP Success message to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success message contains said associated key lifetime.
-
-
21. A computer readable medium comprising program code executable by a processor of a computing device to configure an access point in a network for permitting access by a peer device onto the network, the network comprising an authentication server supporting Extensible Authentication Protocol (EAP), the code comprising:
-
computer executable instructions for exchanging EAP-specific authentication messages between the authentication server and the peer device; computer executable instructions for receiving keying material and an associated key lifetime from the authentication server; computer executable instructions for generating an EAP success message; and computer executable instructions for transmitting the EAP Success message to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success message contains said associated key lifetime.
-
Specification