REDUCED AUTHENTICATION TIMES IN CONSTRAINED COMPUTER NETWORKS
First Claim
1. A method, comprising:
- monitoring an authentication time for one or more nodes in a low power and lossy network (LLN);
dynamically correlating the authentication time with a location of the one or more nodes in the LLN to identify one or more authentication-delayed nodes;
selecting, based on the location of the one or more authentication-delayed nodes, one or more key-delegation nodes to receive one or more network keys for localized authentication of one or more of the authentication-delayed nodes; and
distributing the one or more network keys to the one or more key-delegation nodes.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a capable node in a low power and lossy network (LLN) may monitor the authentication time for one or more nodes in the LLN. The capable node may dynamically correlate the authentication time with the location of the one or more nodes in the LLN in order to identify one or more authentication-delayed nodes. The node may then select, based on the location of the one or more authentication-delayed nodes, one or more key-delegation nodes to receive one or more network keys so that the key-delegation nodes may perform localized authentication of one or more of the authentication-delayed nodes. The capable node may then distribute the one or more network keys to the one or more key-delegation nodes.
43 Citations
25 Claims
-
1. A method, comprising:
-
monitoring an authentication time for one or more nodes in a low power and lossy network (LLN); dynamically correlating the authentication time with a location of the one or more nodes in the LLN to identify one or more authentication-delayed nodes; selecting, based on the location of the one or more authentication-delayed nodes, one or more key-delegation nodes to receive one or more network keys for localized authentication of one or more of the authentication-delayed nodes; and distributing the one or more network keys to the one or more key-delegation nodes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
receiving, from a border router, one or more network keys at a dynamically selected key-delegation node in a computer network; receiving, from one or more authentication requesting nodes in the computer network, an authentication request; distributing, to the one or more authentication requesting nodes, the one or more network keys in response to the authentication request; forwarding the authentication request from the one or more authentication requesting nodes to an authentication server via the border router; and receiving, from the authentication server via the border router, an authentication reply, wherein the authentication reply is either confirmation or rejection of authentication. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. An apparatus, comprising:
-
one or more network interfaces to communicate with a low power and lossy network (LLN); a processor coupled to the network interfaces and adapted to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed operable to; monitor an authentication time for one or more nodes in a low power and lossy network (LLN); dynamically correlate the authentication time with a location of the one or more nodes in the LLN to identify one or more authentication-delayed nodes; select, based on the location of the one or more authentication-delayed nodes, one or more key-delegation nodes to receive one or more network keys for localized authentication of one or more of the authentication-delayed nodes; and distribute the one or more network keys to the one or more key-delegation nodes. - View Dependent Claims (18, 19, 20)
-
-
21. An apparatus, comprising:
-
one or more network interfaces to communicate with a computer network; a processor coupled to the network interfaces and adapted to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed operable to; receive, from a border router, one or more network keys as a dynamically selected key-delegation node; receive, from one or more authentication requesting nodes in the computer network, an authentication request; distribute, to the one or more authentication requesting nodes, the one or more network keys in response to the authentication request; forward the authentication request from the one or more authentication requesting nodes to an authentication server via the border router; and receive, from the authentication server via the border router, an authentication reply, wherein the authentication reply is either confirmation or rejection of authentication. - View Dependent Claims (22, 23, 24)
-
-
25. A method, comprising:
-
logging authentication requests received from an authentication requesting node at an authenticated node in a computer network; determining a priority level for the authentication requests based on a number of authentication requests received from the authentication requesting node, wherein a higher priority is given to the authentication requests in response to the number being greater than a threshold, and a standard priority is given to the authentication requests in response to the number being below the threshold; and forwarding the authentication requests toward an authentication server according to the determined priority level.
-
Specification