DISTRIBUTED GROUP TEMPORAL KEY (GTK) STATE MANAGEMENT
First Claim
1. A method, comprising:
- determining, by a particular security protocol supplicant in a computer network, a group temporal key (GTK) state at the particular supplicant;
exchanging, by the particular supplicant, the GTK state with one or more neighbor supplicants in the computer network;
determining whether any inconsistencies exist in the GTK state at the particular supplicant based on the exchange; and
in response to determining that any inconsistencies exist in the GTK state, performing, by the particular supplicant, a GTK state synchronization with a security protocol authenticator by indicating to the authenticator what is needed to resolve the inconsistent GTK state at the particular supplicant.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, each security protocol supplicant in a computer network determines its group temporal key (GTK) state, and exchanges the GTK state with one or more neighbor supplicants in the computer network. Based on the exchange, a supplicant may determine whether any inconsistencies exist in its GTK state, and in response to any inconsistencies in the GTK state, may perform a GTK state synchronization with a security protocol authenticator by indicating to the authenticator what is needed to resolve the inconsistent GTK state at the particular supplicant. In another embodiment, the authenticator, which is configured to not store per-supplicant GTK state, may transmit beacons containing GTK identifiers (IDs) of GTKs currently enabled on the authenticator, and also responds to supplicants having inconsistent GTK states with one or more needed GTKs as indicated by the supplicants.
-
Citations
20 Claims
-
1. A method, comprising:
-
determining, by a particular security protocol supplicant in a computer network, a group temporal key (GTK) state at the particular supplicant; exchanging, by the particular supplicant, the GTK state with one or more neighbor supplicants in the computer network; determining whether any inconsistencies exist in the GTK state at the particular supplicant based on the exchange; and in response to determining that any inconsistencies exist in the GTK state, performing, by the particular supplicant, a GTK state synchronization with a security protocol authenticator by indicating to the authenticator what is needed to resolve the inconsistent GTK state at the particular supplicant. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, comprising:
-
transmitting at least one beacon comprising a group temporal key (GTK) identifier (ID) of each GTK currently enabled on a security protocol authenticator configured to not store per-supplicant GTK state; receiving a GTK state synchronization request from a particular security protocol supplicant with an inconsistent GTK state; determining, from the request, what one or more GTKs are needed to resolve the inconsistent GTK state at the particular supplicant; and replying to the particular supplicant with the one or more needed GTKs. - View Dependent Claims (13, 14, 15)
-
-
16. An apparatus, comprising:
-
one or more network interfaces to communicate within a computer network; a processor coupled to the network interfaces and adapted to execute one or more processes; and a memory configured to store a supplicant process executable by the processor, the process when executed operable to; determine a group temporal key (GTK) state of the supplicant process; exchange the GTK state with one or more neighbor supplicants in the computer network; determine whether any inconsistencies exist in the GTK state of the supplicant process based on the exchange; and in response to determining that any inconsistencies exist in the GTK state, perform a GTK state synchronization with a security protocol authenticator by indicating to the authenticator what is needed to resolve the inconsistent GTK state of the supplicant process. - View Dependent Claims (17, 18, 19)
-
-
20. An apparatus, comprising:
-
one or more network interfaces to communicate within a computer network; a processor coupled to the network interfaces and adapted to execute one or more processes; and a memory configured to store an authenticator process executable by the processor, the process when executed operable to; transmit at least one beacon comprising a group temporal key (GTK) identifier (ID) of each GTK currently enabled by the authenticator process, the authenticator process configured to not store per-supplicant GTK state; receive a GTK state synchronization request from a particular security protocol supplicant with an inconsistent GTK state; determine, from the request, what one or more GTKs are needed to resolve the inconsistent GTK state at the particular supplicant; and reply to the particular supplicant with the one or more needed GTKs.
-
Specification