Technique to establish wireless session keys suitable for roaming
First Claim
Patent Images
1. A method for establishing secured roaming among a wireless station, a first and a second access points, comprising:
- the first access point requesting a first ticket including a first session key from an authentication server at a first time and using the first ticket to establish a first secured session with the first session key between the first access point and the wireless station; and
in response to a second ticket request from the wireless station through the first secured session when the wireless station attempts to communicate with the second access point at a second time after the first time, the first access point forwarding the second ticket request to the authentication server and relaying through the first secured session a resulting second ticket including a second session key with a predefined lifetime starting from after the second time, from the authentication server to the wireless station, the second ticket being different than the first ticket, the second key being different than the first key, wherein the second ticket is used to establish a second secured session with the second session key between the wireless station and the second access point.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and an apparatus for establishing secured roaming among wireless devices are disclosed. In one embodiment, a first access point requests a first ticket from an authentication server and uses that first ticket to establish a first secured session with a wireless station. In response to a second ticket request from the wireless station through the first secured session, the first access point forwards the second ticket request to the authentication server and also relays a resulting second ticket from the authentication server back to the wireless station.
69 Citations
27 Claims
-
1. A method for establishing secured roaming among a wireless station, a first and a second access points, comprising:
-
the first access point requesting a first ticket including a first session key from an authentication server at a first time and using the first ticket to establish a first secured session with the first session key between the first access point and the wireless station; and in response to a second ticket request from the wireless station through the first secured session when the wireless station attempts to communicate with the second access point at a second time after the first time, the first access point forwarding the second ticket request to the authentication server and relaying through the first secured session a resulting second ticket including a second session key with a predefined lifetime starting from after the second time, from the authentication server to the wireless station, the second ticket being different than the first ticket, the second key being different than the first key, wherein the second ticket is used to establish a second secured session with the second session key between the wireless station and the second access point. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An access point in a secured wireless roaming system, comprising:
-
an antenna; a filter coupled to the antenna; a receiver and a transmitter coupled to the filter; and a control unit coupled to the receiver and the transmitter and coupled to a wired-network connection interface, wherein the control unit further comprises an authentication protocol engine that requests a first ticket including a first session key from an authentication server at a first time and uses the first ticket to establish a first secured session with the first session key with a wireless station; and in response to a second ticket request from the wireless station through the first secured session when the wireless station attempts to communicate with a second access point at a second time after the first time, forwards the second ticket request to the authentication server and relays through the first secured session a resulting second ticket including a second session key with a predefined lifetime starting from after the second time, from the authentication server to the wireless station, the second ticket being different than the first ticket, the second key being different than the first key, wherein the second ticket is used to establish a second secured session with the second session key between the wireless station and the second access point. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A wireless station in a secured wireless roaming system having a first access point and a second access point, comprising:
-
an antenna; a filter coupled to the antenna; a receiver and a transmitter coupled to the filter; and a control unit coupled to the receiver and the transmitter, wherein the control unit further comprises an authentication protocol engine that requests at a second time, when the wireless station attempts to communicate with the second access point, a second ticket including a second session key with a predefined lifetime starting from after the second time from an authentication server via a first secured session with a first session key established with a first access point using a first ticket at a first time before the second time, the second ticket being different than the first ticket, and the first session key being different than the second session key; and establishes a second secure session with the second session key with a second access point using the second ticket received via the first secured session. - View Dependent Claims (19)
-
-
20. A secured wireless roaming system, comprising:
-
a wired medium; a wireless medium; an authentication server coupled to the wired medium; a wireless station coupled to the wireless medium; and an access point coupled to the wireless medium and the wired medium, wherein the access point comprises; a first control unit, comprising a first authentication protocol engine to request a first ticket including a first session key from the authentication server at a first time and use the first ticket to establish a first secured session with the first session key with the wireless station; and in response to a second ticket request from the wireless station through the first secured session when the wireless station attempts to communicate with a second access point coupled to the wired and wireless mediums at a second time after the first time, to forward the second ticket request to the authentication server and relays through the first secured session a resulting second ticket including a second session key with a predefined lifetime starting from after the second time, from the authentication server to the wireless station, the second ticket being different than the first ticket, the second session key being different than the first session key, and wherein the second ticket is used by the wireless station to establish a second secured session with the second session key with the second access point. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
27. A computer-readable medium having executable code to cause a machine to perform a method for establishing secured roaming among a wireless station, a first and a second access points, the method comprising:
-
the first access point requesting a first ticket including a first session key from an authentication server at a first time and using the first ticket to establish a first secured session with the first session key with the wireless station; and in response to a second ticket request from the wireless station through the first secured session when the wireless station attempts to communicate with the second access point at a second time after the first time, the first access point forwarding the second ticket request to the authentication server and relaying through the first secured session a resulting second ticket including a second session key with a predefined lifetime starting from after the second time, from the authentication server to the wireless station, the second ticket being different than the first ticket, the second key being different than the first key, wherein the second ticket is used to establish a second secured session with the second session key between the wireless station and the second access point.
-
Specification