PROACTIVE CREDENTIAL CACHING

US 20090300740A1
Filed: 05/30/2008
Published: 12/03/2009
Est. Priority Date: 05/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

publishing at least a portion of a first credential as a global credential for use by access nodes to use in admitting a station to a wireless network;

publishing at least a portion of a second credential as a global credential for use by the access nodes in admitting the station to the wireless network;

receiving a request from the station for admission to the wireless network using the first credential;

automatically republishing at least a portion of the first credential as the global credential for use by the access nodes in admitting the station to the wireless network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In wireless networking, such as per the IEEE 802.11 standard, a technique automatically republishes an authentication credential to a global credential repository. A station can have a first credential, as is created when the station connects to a first access node of a wireless network. Upon trying and failing to connect to a second access node of the wireless network, the station can have a second credential created and published to the global credential repository. In some situations, the station then roams back to the first access node using the first credential. Efficiently, when the station uses the first credential at the first access node, the first credential can be automatically republished as a global credential. The automatic republishing of the first credential can ensure that the station is able to access the wireless network via various access nodes when roaming.

Citations

20 Claims

1. A method comprising:
- publishing at least a portion of a first credential as a global credential for use by access nodes to use in admitting a station to a wireless network;
  
  publishing at least a portion of a second credential as a global credential for use by the access nodes in admitting the station to the wireless network;
  
  receiving a request from the station for admission to the wireless network using the first credential;
  
  automatically republishing at least a portion of the first credential as the global credential for use by the access nodes in admitting the station to the wireless network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the first credential includes a pair-wise master key (PMK).
  - 3. The method of claim 1 further comprising transmitting a transient key associated with the first credential to a first of the access nodes and the first of the access nodes identifies a master key associated with the transient key.
  - 4. The method of claim 1 further comprising republishing the first credential to the access nodes.
  - 5. The method of claim 1 further comprising republishing the first credential by overwriting the second credential with the first credential.
  - 6. The method of claim 1 further comprising storing the first credential as one or more identical copies on one or more wireless switches coupling the access nodes.
  - 7. The method of claim 1 further comprising storing the global credential as a copy in each of the access nodes.

8. A system comprising:
- a first access node associated with a wireless network and a global credential repository; and
  
  a second access node associated with the wireless network and the global credential repository;
  
  wherein, in operation,the first access node associates a station using a first credential, publishes at least a portion of the first credential to the global credential repository, and uses the first credential to send and receive data with the station;
  
  the second access node attempts and fails to associate the station using the first credential, associates the station using a second credential, and publishes the second credential to the credential cache;
  
  the first access node receives a request from the station to associate using the first credential, associates the station using the first credential and automatically re-publishes the first credential to the cache;
  
  wherein the first access node and the second access node use the first credential to associate the station associates with the wireless network.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8 wherein the global credential repository includes a cache.
  - 10. The system of claim 8 further comprising a wireless switch;
    - wherein the credential is published to the credential cache by combining changes to the cache received at each access node.
  - 11. The system of claim 8 wherein a copy of the credential cache is stored on a first wireless switch connected to the first access node and a copy is stored on a second wireless switch connected to the second access node.
  - 12. The system of claim 8 further comprising a controller, wherein the controller makes changes to the global credential repository by overwriting the first credential with the second credential.
  - 13. The system of claim 8 wherein the first credential includes a pair-wise master key (PMK).

14. A method comprising:
- transmitting a request to a credential creator in response to a request for a credential from a station received at a first authenticator;
  
  receiving a first credential from the credential creator authorizing the station to transmit and receive data with a plurality of authenticators;
  
  publishing at least a portion of the first credential as a global credential shared with the plurality of authenticators;
  
  receiving a request at a second authenticator from the station for an authentication credential;
  
  requesting and receiving a second authentication credential for the station from the credential creator;
  
  publishing at least a portion of the second authentication credential as the global credential;
  
  receiving a request from the station to associate at the first authenticator using the first authentication credential;
  
  automatically republishing at least a portion of the first authentication credential as the global credential.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14 wherein the credential creator is coupled to the first authenticator and the second authenticator;
    - and when a credential is created, the credential creator transmits the credential to each of the first authenticator and the second authenticator.
  - 16. The method of claim 14 wherein the first authenticator and the second authenticator each store a copy of the credential cache.
  - 17. The method of claim 14 wherein the authentication credential is a pair-wise master key (PMK).
  - 18. The method of claim 14 wherein the station transmits a transient key identifier associated with the first authentication credential to gain access to the network and in automatically republishing the first authentication credential, the first authenticator republishes a PMK associated with the first credential.
  - 19. The method of claim 14 wherein changes to the credential cache are transmitted from the first authenticator to the second authenticator and the changes are stored in a copy of the credential cache at the second authenticator.
  - 20. The method of claim 14 wherein automatically republishing the first authentication credential includes overwriting the second authentication credential with the first authentication credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trapeze Networks Incorporated (Juniper Networks Incorporated)
Original Assignee
Trapeze Networks Incorporated (Juniper Networks Incorporated)
Inventors
Matta, Sudheer P., Verma, Vineet

Granted Patent

US 8,474,023 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04W 12/041   Key generation or derivation

H04W 36/0038   of security context informa...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/02   Terminal devices

PROACTIVE CREDENTIAL CACHING

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PROACTIVE CREDENTIAL CACHING

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links