Offloading cryptographic processing from an access point to an access point server using Otway-Rees key distribution

US 7,073,066 B1
Filed: 08/28/2001
Issued: 07/04/2006
Est. Priority Date: 08/28/2001
Status: Expired due to Term

First Claim

Patent Images

1. In a network access point, a method of processing encrypted communication, according to an encryption/decryption process, said method comprising:

receiving a first message from a wireless client, said first message comprising first values for a first random number and information identifying said wireless client and said access point and a first message authentication code of said information in said first message signed using a first signing key;

generating a second message comprising second values for a second random number and information identifying said access point and said wireless client and a second message authentication code of said information in said second message signed using a second signing key; and

sending a combined said first values and said second values to an access point server, wherein said access point server generates a session key using said first values and said second values and also third values provided by said access point server, such that processing is shared by said access point and said access point server.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a network access point, a method of processing encrypted communication. In one embodiment, the method comprises receiving from a wireless client a first message comprising first values for a first random number and information identifying the wireless client and the access point. In one embodiment, the method further comprises generating a second message comprising second values for a second random number and information identifying the access point and the wireless client. In one embodiment, the method further comprises sending the first values and the second values to an access point server, and subsequently the access point server generates a session key using the first and second values and third values provided by the access point server, such that the processes are shared by the access point and the access point server. The method further comprises distributing the session key to the wireless client and the access point.

62 Citations

View as Search Results

25 Claims

1. In a network access point, a method of processing encrypted communication, according to an encryption/decryption process, said method comprising:
- receiving a first message from a wireless client, said first message comprising first values for a first random number and information identifying said wireless client and said access point and a first message authentication code of said information in said first message signed using a first signing key;
  
  generating a second message comprising second values for a second random number and information identifying said access point and said wireless client and a second message authentication code of said information in said second message signed using a second signing key; and
  
  sending a combined said first values and said second values to an access point server, wherein said access point server generates a session key using said first values and said second values and also third values provided by said access point server, such that processing is shared by said access point and said access point server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as recited in claim 1 further comprising:
    - receiving a third message conveying said session key from said access point server, said third message having a first portion and a second portion; and
      
      verifying said second portion of said third message against said second values.
  - 3. The method as recited in claim 2 further comprising:
    - sending said first portion of said third message to said wireless client, wherein said wireless client verifies said first portion of said third message against said first value, such that said session key is shared between said wireless client and said access point and said access point server.
  - 4. The method as recited in claim 2 wherein said first portion of said third message further comprises data for ensuring validity of said first portion and wherein said second portion of said third message further comprises data for ensuring validity of said second portion.
  - 5. The method as recited in claim 1 wherein said third value is correct for said encryption/decryption process.
  - 6. The method as recited in claim 1 wherein said network is a wireless network.
  - 7. The method as recited in claim 1 wherein said encrypting/decrypting process comprises a distributed symmetric key distribution process.
  - 8. The method as recited in claim 7 wherein said distributed symmetric key distribution process is Otway-Rees key cryptography.

9. A computer system in a computer system network, said computer system comprising:
- a bus;
  
  a memory unit coupled to said bus;
  
  a processor coupled to said bus for executing a method of processing encrypted communication comprising;
  
  receiving a first message from a wireless client, said first message comprising first values for a random number and information identifying said wireless client and an access point and a message authentication code of said information in said first message signed using a first signing key;
  
  generating a second message comprising second values for a second random number and information identifying said access point and said wireless client and a message authentication code of said information in said second message signed using a second signing key; and
  
  sending a combined said first values and said second values to an access point server, wherein said access point server generates a session key using said first values and said second values and also third values provided by said access point server, such that said processing is shared by said access point and said access point server.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer system of claim 9 wherein said method further comprises:
    - receiving a third message conveying said session key from said access point server, said third message having a first portion and a second portion; and
      
      verifying said second portion of third message against said second values.
  - 11. The computer system of claim 10 wherein said method further comprises:
    - sending said first portion of said third message to said wireless client, wherein said wireless client verifies said first portion of said third message key against said first value, such that said session key is shared between said wireless client and said access point and said access point server.
  - 12. The computer system of claim 10 wherein said first portion of said third message further comprises data for ensuring validity of said first portion and wherein said second portion of said third message further comprises data for ensuring validity of said second portion.
  - 13. The computer system of claim 9 wherein said third values are correct for said encryption/decryption process.
  - 14. The computer system of claim 9 wherein said network is a wireless network.
  - 15. The computer system of claim 9 wherein said encrypting/decrypting process comprises a distributed symmetric key distribution process.
  - 16. The computer system of claim 15 wherein said distributed symmetric key distribution process is Otway-Rees key cryptography.

17. A computer-usable medium having computer-readable program code embodied therein for causing a computer system to perform:
- receiving a first message from a wireless client, said first message comprising first values for a random number and information identifying said wireless client and an access point and a message authentication code of said information in said first message signed using a first signing key;
  
  generating a second message comprising second values for a second random number and information identifying said wireless client and said access point and a message authentication code of said information in said second message signed using a second signing key; and
  
  sending a combined said first values and said second values to an access point server, wherein said access point server generates a session key using said first values and said second values and also third values provided by said access point server, such that processing of encrypted communication is shared by said access point and said access point server.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
- - 18. The computer-usable medium of claim 17 wherein said computer-readable program code embodied therein causes a computer system to perform:
    - receiving a said third message conveying said session key from said access point server, said third message having a first portion and a second portion; and
      
      verifying said second portion of said third message against said second values.
  - 19. The computer-usable medium of claim 18 wherein said computer-readable program code embodied therein causes a computer system to perform:
    - sending said first portion of said third message to said wireless client, wherein said wireless client verifies said first portion of said third message against said first values, such that said session key is shared between said wireless client and said access point and said access point server.
  - 20. The computer-usable medium of claim 18 wherein said first portion of said third message further comprises data for ensuring validity of said first portion and wherein said second portion of said third message further comprises data for ensuring validity of said second portion.
  - 21. The computer-usable medium of claim 17 wherein said computer system is an access point in a network.
  - 22. The computer-usable medium of claim 21 wherein said third values are correct according to an encryption/decryption process implemented in said network.
  - 23. The computer-usable medium of claim 18 wherein said network is a wireless network.
  - 24. The computer-usable medium of claim 22 wherein said encryption/decryption process comprises a distributed symmetric key distribution process.
  - 25. The computer-usable medium of claim 24 wherein said distributed symmetric key distribution process is Otway-Rees key cryptography.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valtrus Innovations Limited (f/k/a Dolya Holdco 9 Limited) (Key Patent Innovations Limited)
Original Assignee
3Com Corporation (HP Inc.)
Inventors
Nessett, Danny M.
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
Ho, Thomas

Application Number

US09/942,176
Time in Patent Office

1,771 Days
Field of Search

380/229, 380277-279, 380/44, 380/45, 705/67, 713/181, 713/170
US Class Current

713/181
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/083   involving central third par...

H04L 9/0844   with user authentication or...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

Offloading cryptographic processing from an access point to an access point server using Otway-Rees key distribution

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Offloading cryptographic processing from an access point to an access point server using Otway-Rees key distribution

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links