Offloading cryptographic processing from an access point to an access point server using Otway-Rees key distribution
First Claim
1. In a network access point, a method of processing encrypted communication, according to an encryption/decryption process, said method comprising:
- receiving a first message from a wireless client, said first message comprising first values for a first random number and information identifying said wireless client and said access point and a first message authentication code of said information in said first message signed using a first signing key;
generating a second message comprising second values for a second random number and information identifying said access point and said wireless client and a second message authentication code of said information in said second message signed using a second signing key; and
sending a combined said first values and said second values to an access point server, wherein said access point server generates a session key using said first values and said second values and also third values provided by said access point server, such that processing is shared by said access point and said access point server.
7 Assignments
0 Petitions
Accused Products
Abstract
In a network access point, a method of processing encrypted communication. In one embodiment, the method comprises receiving from a wireless client a first message comprising first values for a first random number and information identifying the wireless client and the access point. In one embodiment, the method further comprises generating a second message comprising second values for a second random number and information identifying the access point and the wireless client. In one embodiment, the method further comprises sending the first values and the second values to an access point server, and subsequently the access point server generates a session key using the first and second values and third values provided by the access point server, such that the processes are shared by the access point and the access point server. The method further comprises distributing the session key to the wireless client and the access point.
-
Citations
25 Claims
-
1. In a network access point, a method of processing encrypted communication, according to an encryption/decryption process, said method comprising:
-
receiving a first message from a wireless client, said first message comprising first values for a first random number and information identifying said wireless client and said access point and a first message authentication code of said information in said first message signed using a first signing key; generating a second message comprising second values for a second random number and information identifying said access point and said wireless client and a second message authentication code of said information in said second message signed using a second signing key; and sending a combined said first values and said second values to an access point server, wherein said access point server generates a session key using said first values and said second values and also third values provided by said access point server, such that processing is shared by said access point and said access point server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system in a computer system network, said computer system comprising:
-
a bus; a memory unit coupled to said bus; a processor coupled to said bus for executing a method of processing encrypted communication comprising; receiving a first message from a wireless client, said first message comprising first values for a random number and information identifying said wireless client and an access point and a message authentication code of said information in said first message signed using a first signing key; generating a second message comprising second values for a second random number and information identifying said access point and said wireless client and a message authentication code of said information in said second message signed using a second signing key; and sending a combined said first values and said second values to an access point server, wherein said access point server generates a session key using said first values and said second values and also third values provided by said access point server, such that said processing is shared by said access point and said access point server. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-usable medium having computer-readable program code embodied therein for causing a computer system to perform:
-
receiving a first message from a wireless client, said first message comprising first values for a random number and information identifying said wireless client and an access point and a message authentication code of said information in said first message signed using a first signing key; generating a second message comprising second values for a second random number and information identifying said wireless client and said access point and a message authentication code of said information in said second message signed using a second signing key; and sending a combined said first values and said second values to an access point server, wherein said access point server generates a session key using said first values and said second values and also third values provided by said access point server, such that processing of encrypted communication is shared by said access point and said access point server. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
Specification