Method and Apparatus for Authenticating Nodes in a Wireless Network
First Claim
1. A method for authenticating a wireless node requesting to join a wireless network, comprising:
- receiving, at an authentication server node, an authentication request from the wireless node;
negotiating at least one authentication parameter with the wireless node;
deriving a first encryption key using the at least one authentication parameter, wherein the first encryption key is independently derived at the wireless node;
encrypting a second encryption key using the first encryption key; and
propagating the encrypted second encryption key toward the wireless node.
13 Assignments
0 Petitions
Accused Products
Abstract
The invention includes a method and apparatus for authenticating a wireless node requesting to join a network. A method includes receiving an authentication request from the wireless node, negotiating at least one authentication parameter with the wireless node, deriving a first encryption key using the at least one authentication parameter, encrypting a second encryption key using the first encryption key, and propagating the encrypted second encryption key toward the wireless node, wherein the wireless node independently derives the first encryption key for use in decrypting the encrypted second encryption key received from the authentication server node. The wireless node decrypts the encrypted second encryption key and stores the second encryption key for use to securely communicate with other wireless nodes of the network. In one embodiment, the present invention may be implemented using a modified version of the EAP-TLS protocol, in which rather than a Pairwise Master Key (PMK) being sent from the authentication server node to the wireless node, the authentication server node and the wireless node each derive the PMK and the authentication server node securely provides a group encryption key to the wireless node by encrypting the group encryption key using the PMK.
-
Citations
20 Claims
-
1. A method for authenticating a wireless node requesting to join a wireless network, comprising:
-
receiving, at an authentication server node, an authentication request from the wireless node; negotiating at least one authentication parameter with the wireless node; deriving a first encryption key using the at least one authentication parameter, wherein the first encryption key is independently derived at the wireless node; encrypting a second encryption key using the first encryption key; and propagating the encrypted second encryption key toward the wireless node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus for authenticating a target node requesting to join a network, comprising:
-
means for receiving, at an authentication server node, an authentication request from the wireless node; means for negotiating at least one authentication parameter with the wireless node; means for deriving a first encryption key using the at least one authentication parameter, wherein the first encryption key is independently derived at the wireless node; means for encrypting a second encryption key using the first encryption key; and means for propagating the encrypted second encryption key toward the wireless node.
-
-
10. A method for authenticating a wireless node requesting to join a network, comprising:
-
negotiating at least one authentication parameter with an authentication server node; deriving, at the wireless node, a first encryption key, wherein the first encryption key is derived using the at least one authentication parameter, wherein the first encryption key is independently derived at the authentication server node; and receiving, from the authentication server node, a message including an encrypted second encryption key, wherein the encrypted second encryption key is encrypted using the first encryption key, wherein the second encryption key is adapted for use by the node in communicating with at least one other node of the network. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An apparatus for authenticating a wireless node requesting to join a network, comprising:
-
means for negotiating at least one authentication parameter with an authentication server node; means for deriving, at the wireless node, a first encryption key, wherein the first encryption key is derived using the at least one authentication parameter, wherein the first encryption key is independently derived at the authentication server node; and means for receiving, from the authentication server node, a message including an encrypted second encryption key, wherein the encrypted second encryption key is encrypted using the first encryption key, wherein the second encryption key is adapted for use by the node in communicating with at least one other node of the network.
-
Specification