Fast authentication and access control method for mobile networking
First Claim
1. A method of authenticating a network access device to a communications network having an access point communicating with a remote authentication server for the network access device, comprising the steps of:
- receiving an access request including an authentication credential from the network access device at the access point;
locally validating the authentication credential at the access point;
if the authentication credential is validated at the access point, granting the network access device conditional access to the network;
contacting the remote authentication server to verify a status of the authentication credential for the network access device;
suspending network access for the network access device in response to a message received from the remote authentication server that the authentication credential for the network access device has been revoked.
1 Assignment
0 Petitions
Accused Products
Abstract
A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.
-
Citations
10 Claims
-
1. A method of authenticating a network access device to a communications network having an access point communicating with a remote authentication server for the network access device, comprising the steps of:
-
receiving an access request including an authentication credential from the network access device at the access point; locally validating the authentication credential at the access point; if the authentication credential is validated at the access point, granting the network access device conditional access to the network; contacting the remote authentication server to verify a status of the authentication credential for the network access device; suspending network access for the network access device in response to a message received from the remote authentication server that the authentication credential for the network access device has been revoked. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of authenticating a network access device to a communications network having an access point communicating with a remote authentication server for the network access device, comprising the steps of:
-
receiving an access request including an authentication credential from the network access device at the access point, the authentication credential comprising a security certificate including a public key for the network access device and an expiration time, the security certificate being signed with a private key for the remote authentication server; locally validating the authentication credential at the access point by accessing the public key of the remote authentication server from a database, and checking the signature and expiration time of the security certificate; if the authentication credential is validated at the access point, granting the network access device conditional access to the network by sending an access granted message to the network access device, the access granted message including a session key encrypted with a public key for the network access device and storing the session key in a database; contacting the remote authentication server to check a revocation status of the security certificate for the network access device; and suspending network access for the network access device in response to a message received from the remote authentication server that the authentication credential for the network access device has been revoked, the step of suspending network access including destroying the session key for the network access device.
-
-
9. A method of authenticating a network access device to a communications network having an access point communicating with a remote authentication server for the network access device, where the access point receives an access request including an authentication credential from the network access device at the access point and locally validates the authentication credential at the access point to grant the network access device conditional access to the network, the remote authentication server capable of verifying the status of the authentication credential to either confirm or deny access, comprising the steps of:
-
receiving at the remote authentication server, a query message from the access point as to a status of the authentication credential for the network access device; determining the status of the authentication credential for the network access device; and if the authentication credential is revoked, sending the access point a message to suspend network access for the network access device. - View Dependent Claims (10)
-
Specification