FAST RE-AUTHENTICATION WITH DYNAMIC CREDENTIALS
First Claim
1. An apparatus, comprising:
- a proxy authentication server configured to be in communication with a network access server and an authentication server;
wherein the proxy authentication server is configured to intercept a first authentication request from the network access server for a supplicant;
wherein the proxy authentication server is configured to forward the first authentication request to the authentication server responsive to determining the proxy authentication server does not have authentication data for the supplicant;
wherein the proxy authentication server is configured to intercept a response to the first authentication request from the authentication server, the response comprising authentication data for the client; and
wherein the proxy authentication server is configured to store the authentication data for the supplicant and to forward the authentication data for the supplicant to the network access server
0 Assignments
0 Petitions
Accused Products
Abstract
A proxy server that is inserted between a plurality of network access servers, typically an access points, and an authentication server. When an original authentication request is received by a network access server, the network access server forwards the request to the proxy server which forwards the request to an authentication server. The authentication server then sends the session information to the proxy server which stores the keying material as a dynamic credentials. When the client re-authenticates with one of the plurality of access servers, the re-authentication request is handled by the proxy server using the dynamic credentials. The proxy server may re-authenticate the client using a different method than the method that was originally used. For example, the original authentication may be by Extensible Authentication Protocol—Transport Layer Security (EAP-TLS) and subsequent re-authentications may use Wi-Fi Protected Access (WPA).
-
Citations
20 Claims
-
1. An apparatus, comprising:
-
a proxy authentication server configured to be in communication with a network access server and an authentication server; wherein the proxy authentication server is configured to intercept a first authentication request from the network access server for a supplicant; wherein the proxy authentication server is configured to forward the first authentication request to the authentication server responsive to determining the proxy authentication server does not have authentication data for the supplicant; wherein the proxy authentication server is configured to intercept a response to the first authentication request from the authentication server, the response comprising authentication data for the client; and wherein the proxy authentication server is configured to store the authentication data for the supplicant and to forward the authentication data for the supplicant to the network access server - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
intercepting a first request to authenticate a supplicant from a first network access server; determining whether authentication credentials are available for the supplicant; forwarding the first request to authenticate a supplicant from to an authentication server responsive to determining authentication credentials are not available for the supplicant; intercepting a response to the first request to authenticate from the authentication server, the response comprising authentication data; storing the authentication data; and forwarding the response to the first request to the first network access server. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. An apparatus, comprising:
-
a proxy authentication server configured to be in communication with a network access server and an authentication server; wherein the proxy authentication server is configured to receive a first authentication request from the network access server for a supplicant; wherein the proxy authentication server is configured to forward the first authentication request to the authentication server responsive to determining the proxy authentication server does not have authentication data for the supplicant; wherein the proxy authentication server is configured to receive a response to the first authentication request from the authentication server, the response comprising authentication data for the client; and wherein the proxy authentication server is configured to store the authentication data for the supplicant and to forward the authentication data for the supplicant to the network access server - View Dependent Claims (17)
-
-
18. A method, comprising:
-
receiving a first request to authenticate a supplicant from a first network access server; determining whether authentication credentials are available for the supplicant; forwarding the first request to authenticate a supplicant from to an authentication server responsive to determining authentication credentials are not available for the supplicant; receiving a response to the first request to authenticate from the authentication server, the response comprising authentication data; storing the authentication data; and forwarding the response to the first request to the first network access server. - View Dependent Claims (19, 20)
-
Specification