LOCALIZED NETWORK AUTHENTICATION AND SECURITY USING TAMPER-RESISTANT KEYS
First Claim
1. A master key system for managing secure communications on a communications network including a master computing device, an access point computing device operatively coupled to the master computing device and to a key database comprising at least one client key stored in association with at least one client identifier, the communications network also including at least one client computing device associated with the at least one client identifier and operatively coupled to the access point computing device, the master computing device being configured to manage the client computing device and the access point computing device, the master key system comprising:
- a master key adapted to be operatively coupled to the master computing device and to manage the key database to provide secure communications between the client computing device and the access point computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two.
58 Citations
15 Claims
-
1. A master key system for managing secure communications on a communications network including a master computing device, an access point computing device operatively coupled to the master computing device and to a key database comprising at least one client key stored in association with at least one client identifier, the communications network also including at least one client computing device associated with the at least one client identifier and operatively coupled to the access point computing device, the master computing device being configured to manage the client computing device and the access point computing device, the master key system comprising:
- a master key adapted to be operatively coupled to the master computing device and to manage the key database to provide secure communications between the client computing device and the access point computing device.
- View Dependent Claims (2, 3, 4)
-
5. A computer readable medium of a host computing device on a communications network having one or more client computing devices and one or more access point computing devices configured to communicate with the host computing device, the computer readable medium comprising a cryptographic key database including one or more records of cryptographic keys associated with the one or more client computing devices and the one or more access point computing devices.
- 6. A computer readable medium of a host computing device operably coupled to a first cryptographic key and having a processor, the computer readable medium comprising instructions stored on the computer readable medium, the instructions being configured to be executed by the processor to cause the host computing device to create and store one or more cryptographic key databases on the host computing device.
-
9. A method for remote provisioning of a cryptographic key database file on an access point computing device on a communications network also including a host computing device having a cryptographic key database stored thereon and one or more client computing devices, the method comprising the steps of:
-
selecting the access point computing device; authenticating the selected access point computing device; obtaining an access point identifier associated with the selected access point computing device; obtaining from the cryptographic key database, an access point cryptographic secret key associated with said access point identifier and the cryptographic key database; constructing the cryptographic key database file, wherein the cryptographic key database file comprises one or more client identifiers associated with the respective one or more client computing devices, and one or more client key cryptographic secret keys associated with cryptographic keys of the respective client computing devices; encrypting the cryptographic key database file using the access point cryptographic secret key; and receiving the encrypted cryptographic key database file at the selected access point computing device. - View Dependent Claims (10)
-
-
11. An access point computing device of a communications network having one or more client computing device, the access point computing device being configured to store information indicative of selected ones of the one or more client computing devices that are not authorized to communicate on the communications network.
-
12. A method of management for an access point computing device key by a network administrator, the access point computing device key comprising a first portion and a second portion and being associated with an access point computing device of a first communications network including a host computing device or a second communications network, the method comprising the steps of:
-
reading the access point computing device key by the host computing device; determining whether the access point computing device key is initialized; in response to determining that the access point computing device key is initialized, determining whether the access point computing device key is associated with the first communications network or the second communications network; and in response to determining that the access point computing device key is associated with the first communications network, displaying parameters of the first portion of the access point computing device key while maintaining as secret the second portion of the access point computing device key and never allowing the network administrator to view or modify the second portion, the second portion comprising information indicative of one or more cryptographic keys.
-
- 13. A physical key adapted to be used with a computing device on one or more networks, the physical key comprising a memory card adapted to store information, perform security provisioning and execute applications on the memory card, wherein the applications are executed independent of the computing device with which the physical key is used.
-
15. A physical key for use with a computing device, the physical key being configured to generate a cryptographic key from a token within the physical key and store the generated cryptographic key inside the token, wherein the generated cryptographic key is never exposed outside of the physical key.
Specification
-
- Resources
-
Current AssigneeKoolSpan, Inc.
-
Original AssigneeKoolSpan, Inc.
-
InventorsFASCENDA, Anthony C.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/172
-
CPC Class CodesH04L 2209/80 Wireless network architectu...H04L 63/0428 wherein the data content is...H04L 63/061 for key exchange, e.g. in p...H04L 63/08 for authentication of entit...H04L 9/0897 involving additional device...H04L 9/3234 involving additional secure...H04L 9/3271 using challenge-responseH04W 12/04 Key management, e.g. using ...H04W 12/06 AuthenticationH04W 12/50 Secure pairing of devices
