Method and apparatus for communicating credential information within a network device authentication conversation
First Claim
1. A method of communicating a security credential within a network device authentication conversation, the method comprising the computer-implemented steps of:
- performing, at an authenticator that is communicatively coupled to a supplicant through a network, a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant;
initiating a second message conversation between the authenticator and the supplicant, wherein the second message conversation is cryptographically protected using the same security context that was created in the first message conversation;
providing a security credential to the supplicant in the second message conversation;
concluding the second message conversation and the first message conversation;
wherein the first message conversation and the second message conversation are for granting initial network access.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is disclosed for communicating a security credential within a network device authentication conversation. An authenticator that is coupled to a supplicant through a network performs a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant. A second message conversation is initiated. The second message conversation is cryptographically protected using the same security context. A security credential is provided to the supplicant in the second message conversation. The second message conversation and first message conversation are then concluded. Specific embodiments can bootstrap digital certificates, public/private key pairs, and other credentials to supplicants, in-band, within an EAP-SIM or EAP-AKA conversation and without initiating a new session or exchanging special-purpose keys to protect distribution of the credentials.
-
Citations
47 Claims
-
1. A method of communicating a security credential within a network device authentication conversation, the method comprising the computer-implemented steps of:
-
performing, at an authenticator that is communicatively coupled to a supplicant through a network, a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant; initiating a second message conversation between the authenticator and the supplicant, wherein the second message conversation is cryptographically protected using the same security context that was created in the first message conversation; providing a security credential to the supplicant in the second message conversation; concluding the second message conversation and the first message conversation; wherein the first message conversation and the second message conversation are for granting initial network access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of distributing a security credential to a network device within an extensible authentication protocol (EAP) authentication conversation, the method comprising the computer-implemented steps of:
-
performing, at an authenticator that is communicatively coupled to a supplicant through a network, an EAP-SIM message conversation resulting in creating a security context that is known to the authenticator and the supplicant; during the EAP-SIM message conversation, receiving a request for the security credential, wherein the request is formatted as a first EAP message; providing the security credential to the supplicant in a second EAP message, wherein the security credential is cryptographically protected using the security context; providing to the supplicant in the second EAP message, verification information based on the security credential; wherein the EAP-SIM message conversation is for granting initial network access. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A computer-readable medium carrying one or more sequences of instructions for communicating a security credential within a network device authentication conversation, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
performing, at an authenticator that is communicatively coupled to a supplicant through a network, a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant; initiating a second message conversation between the authenticator and the supplicant, wherein the second message conversation is cryptographically protected using the same security context that was created in the first message conversation; providing a security credential to the supplicant in the second message conversation; concluding the second message conversation and the first message conversation; wherein the first message conversation and the second message conversation are for granting initial network access. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An apparatus for communicating a security credential within a network device authentication conversation, comprising:
-
means for performing, at an authenticator that is communicatively coupled to a supplicant through a network, a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant; means for initiating a second message conversation between the authenticator and the supplicant, wherein the second message conversation is cryptographically protected using the same security context that was created in the first message conversation; means for providing a security credential to the supplicant in the second message conversation; and means for concluding the second message conversation and the first message conversation; wherein the first message conversation and the second message conversation are for granting initial network access. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. An apparatus for communicating a security credential within a network device authentication conversation, comprising:
-
a network interface that is coupled to the data network for receiving one or more packet flows therefrom; a processor; one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; performing, at an authenticator that is communicatively coupled to a supplicant through a network, a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant; initiating a second message conversation between the authenticator and the supplicant, wherein the second message conversation is cryptographically protected using the same security context that was created in the first message conversation; providing a security credential to the supplicant in the second message conversation; concluding the second message conversation and the first message conversation; wherein the first message conversation and the second message conversation are for granting initial network access. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47)
-
Specification