METHOD AND SYSTEM FOR AUTHENTICATING PEER DEVICES USING EAP
First Claim
1. A method for authenticating a peer device onto a network having an authenticator and an authentication server, the authentication server supporting modifications to Extensible Authentication Protocol (EAP), the network being accessible through an access point associated with the authenticator, the method including steps of:
- exchanging EAP-specific authentication messages between the peer device and the authentication server via the authenticator;
generating keying material in the peer device, wherein the authentication server generates said keying material and an associated key lifetime in the authentication server, and communicates said keying material and said associated key lifetime from the authentication server to the authenticator;
receiving an EAP Success packet from the authenticator to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success packet contains said associated key lifetime, to complete authentication to grant the peer device unblocked access to the network; and
detecting an active media session on the peer device, waiting for termination of the active media session, and in response to said termination, establishing re-authentication with the authentication server via the authenticator prior to expiration of the associated key lifetime.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authenticating a peer device onto a network using Extensible Authentication Protocol (EAP). The key lifetime associated with the keying material generated in the peer device and the authentication server is communicated from the authenticator to the peer device within the EAP Success message. The peer device, having been provided with the key lifetime, can anticipate the termination of its authenticated session and initiate re-authentication prior to expiry of the key lifetime.
23 Citations
23 Claims
-
1. A method for authenticating a peer device onto a network having an authenticator and an authentication server, the authentication server supporting modifications to Extensible Authentication Protocol (EAP), the network being accessible through an access point associated with the authenticator, the method including steps of:
-
exchanging EAP-specific authentication messages between the peer device and the authentication server via the authenticator; generating keying material in the peer device, wherein the authentication server generates said keying material and an associated key lifetime in the authentication server, and communicates said keying material and said associated key lifetime from the authentication server to the authenticator; receiving an EAP Success packet from the authenticator to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success packet contains said associated key lifetime, to complete authentication to grant the peer device unblocked access to the network; and detecting an active media session on the peer device, waiting for termination of the active media session, and in response to said termination, establishing re-authentication with the authentication server via the authenticator prior to expiration of the associated key lifetime. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A peer device for communicating with a communications system including a network having an access point, an authenticator associated with the access point, and an authentication server connected to the network and configured to communicate with the authenticator, the authentication server being configured to support modifications to Extensible Authentication Protocol (EAP), the peer device comprising:
-
a processor configured to connect to said access point and exchange EAP-specific authentication messages with the authentication server via the authenticator, and configured to generate keying material, wherein the authentication server is configured to generate said keying material and an associated key lifetime, and to communicate said keying material and said associated lifetime to the authenticator; the processor configured to receive an EAP Success packet to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success packet contains said associated key lifetime, to complete authentication to grant the peer device unblocked access to the network, and wherein the processor is further configured to detect an active media session on the peer device, wait for termination of the active media session, and in response to said termination, establish re-authentication with the authentication server via the authenticator prior to expiration of the associated key lifetime. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. An access point in a network for permitting access by a peer device onto the network, the network including an authentication server supporting modifications to Extensible Authentication Protocol (EAP), the access point comprising:
an authenticator configured to exchange EAP-specific authentication messages between the authentication server and the peer device, and being configured to receive keying material and an associated key lifetime from the authentication server, the authenticator comprising a component for generating an EAP Success packet and transmitting the EAP Success packet to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success packet contains said associated key lifetime, wherein the authenticator is configured to complete authentication to grant the peer device unblocked access to the network, and wherein the authenticator is configured to establish re-authentication with the authentication server and the peer device prior to expiration of the associated key lifetime initiated by the peer device in response to the peer device waiting for and detecting termination of an active media session on the peer device. - View Dependent Claims (17, 18, 19, 20)
-
21. A method at an access point in a network for permitting access by a peer device onto the network, the network comprising an authentication server supporting modifications to Extensible Authentication Protocol (EAP), the method comprising:
-
exchanging EAP-specific authentication messages between the authentication server and the peer device; receiving keying material and an associated key lifetime from the authentication server; generating an EAP Success packet; transmitting the EAP Success packet to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success packet contains said associated key lifetime; completing authentication to grant the peer device unblocked access to the network; and establishing re-authentication with the authentication server and the peer device prior to expiration of the associated key lifetime initiated by the peer device in response to the peer device waiting for and detecting termination of an active media session on the peer device. - View Dependent Claims (22)
-
-
23. A non-transitory computer readable medium comprising program code executable by a processor of a peer device for authenticating the peer device onto a network having an authenticator and an authentication server, the authentication server supporting modifications to Extensible Authentication Protocol (EAP), the network being accessible through an access point associated with the authenticator, the code comprising:
-
computer executable instructions for exchanging EAP-specific authentication messages between the peer device and the authentication server via the authenticator; computer executable instructions for generating keying material in the peer device, wherein the authentication server generates said keying material and an associated key lifetime in the authentication server, and communicates said keying material and said associated key lifetime from the authentication server to the authenticator; computer executable instructions for receiving an EAP Success packet from the authenticator to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success packet contains said associated key lifetime, to complete authentication to grant the peer device unblocked access to the network; and computer executable instructions for detecting an active media session on the peer device, waiting for termination of the active media session, and in response to said termination, establishing re-authentication with the authentication server via the authenticator prior to expiration of the associated key lifetime.
-
Specification