Fast authentication and access control system for mobile networking
First Claim
1. An access point having a network interface for communicating with a remote authentication server on a communications network and a network interface for communicating with a network access device, the access point comprising:
- a processor and a memory medium containing machine readable program instructions which, when executed by the processor, enable the access point to;
validate an authentication credential contained in an access request received from the network access device;
if the authentication credential is validated, grant the network access device conditional access to the network;
contact the remote authentication server to verify a status of the authentication credential for the network access device; and
suspend network access for the network access device in response to a message received from the remote authentication server that the authentication credential for the network access device has been revoked.
1 Assignment
0 Petitions
Accused Products
Abstract
A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.
216 Citations
10 Claims
-
1. An access point having a network interface for communicating with a remote authentication server on a communications network and a network interface for communicating with a network access device, the access point comprising:
-
a processor and a memory medium containing machine readable program instructions which, when executed by the processor, enable the access point to;
validate an authentication credential contained in an access request received from the network access device;
if the authentication credential is validated, grant the network access device conditional access to the network;
contact the remote authentication server to verify a status of the authentication credential for the network access device; and
suspend network access for the network access device in response to a message received from the remote authentication server that the authentication credential for the network access device has been revoked. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An access point having a network interface for communicating with a remote authentication server on a communications network and a network interface for communicating with a network access device, the access point comprising:
-
a processor and a memory medium containing machine readable program instructions which, when executed by the processor, enable the access point to;
validate an authentication credential received from the network access device, the authentication credential comprising a security certificate including a public key for the network access device and an expiration time, the security certificate being signed with a private key for the remote authentication server;
by accessing the public key of the remote authentication server from a database, and checking the signature and expiration time of the security certificate;
grant the network access device conditional access to the network by sending an access granted message to the network access device, the access granted message including a session key encrypted with a public key for the network access device;
store the session key in a database;
contact the remote authentication server to check a revocation status of the security certificate for the network access device; and
suspend network access for the network access device in response to a message received from the remote authentication server that the authentication credential for the network access device has been revoked, by destroying the session key for the network access device.
-
-
9. A remote authentication server having a network interface for communicating over a network with an access point that enables a network access device to communicate with the network, where the access point is capable of receiving an access request including an authentication credential from the network access device at the access point and locally validating the authentication credential at the access point to grant the network access device conditional access to the network, the remote authentication server comprising:
a processor and a memory medium containing machine readable program instructions which, when executed by the processor, enable the remote authentication server to determine the status of the authentication credential received in a query from the access point, to either confirm access to the network for the network access device or, if the authentication credential is revoked, send the access point a message to suspend access to the network for the network access device. - View Dependent Claims (10)
Specification