Method for fast roaming in a wireless network

US 7,263,357 B2
Filed: 01/08/2004
Issued: 08/28/2007
Est. Priority Date: 01/14/2003
Status: Active Grant

First Claim

Patent Images

1. A method of supporting a roaming service in a wireless network having an authentication server and a plurality of access points (APs) connected to the authentication server, the method comprising:

deriving from a known master key a first-level security key to be shared between a station STA and an AP with which the STA attempts to associate when the STA attempts to associate with one of the plurality of APs;

deriving from the first-level security key a second-level security key to be shared between the STA and at least one neighbor AP, the at least one neighbor AP neighboring to the AP with which the STA attempts to associate; and

providing the second-level security key to the at least one neighbor AP,wherein when the STA attempts to roam to the at least one neighbor AP, the at least one neighbor AP pre-authenticates the STA with the second-level security key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A roaming service method for a fast and secure wireless network is provided. In an embodiment of the present invention, an AP, which an STA associates with, transmits security keys needed for roaming to neighbor APs of the AP. When the STA moves to one of the neighbor APs, a reassociation is carried out between the STA and the neighbor AP using the already provided security key. In another embodiment of the present invention, an authentication server transmits security keys needed for roaming to neighbor APs to which the STA is likely to move, so that when the STA moves to one of the neighbor APs, a reassociation is carried out between the STA and the neighbor AP using the already provided security key.

Citations

27 Claims

1. A method of supporting a roaming service in a wireless network having an authentication server and a plurality of access points (APs) connected to the authentication server, the method comprising:
- deriving from a known master key a first-level security key to be shared between a station STA and an AP with which the STA attempts to associate when the STA attempts to associate with one of the plurality of APs;
  
  deriving from the first-level security key a second-level security key to be shared between the STA and at least one neighbor AP, the at least one neighbor AP neighboring to the AP with which the STA attempts to associate; and
  
  providing the second-level security key to the at least one neighbor AP,wherein when the STA attempts to roam to the at least one neighbor AP, the at least one neighbor AP pre-authenticates the STA with the second-level security key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first-level security key is a first-level pairwise master key and the second-level security key is a second-level pairwise master key.
  - 3. The method of claim 2, further comprising deriving from the first-level pairwise master key in the AP with which the STA attempts to associate a pairwise transient key.
  - 4. The method of claim 2, further comprising deriving from the second-level pairwise master key in the at least one neighbor AP a pairwise transient key.
  - 5. The method of claim 2, wherein deriving a second-level security key to be shared between the STA and at least one neighbor AP from the first-level security key comprises deriving from the first-level pairwise master key the second-level pairwise master key, considering a Medium Access Control (MAC) address of the STA.
  - 6. The method of claim 1, wherein the at least one neighbor AP is an AP to which the STA can roam without passing through a coverage area of another AP.
  - 7. The method of claim 6, wherein the STA attempts to associate with the AP by roaming from the at least one neighbor AP.

8. In a wireless network having an authentication server and a plurality of access points (APs) connected to the authentication server, a method of supporting a roaming service in one of the plurality of APs, comprising:
- receiving from the authentication server a first-level security key derived from a known master key when a station (STA) attempts to associate with an AP;
  
  deriving from the first-level security key a second-level security key for at least one neighbor AP, the at least one neighbor AP neighboring to the AP with which the STA attempts to associate; and
  
  providing to the at least one neighbor AP the second-level security key,wherein when the STA attempts to roam to the at least one neighbor AP, the at least one neighbor AP pre-authenticates the STA with the second-level security key.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the first-level security key is a first-level pairwise master key and the second-level security key is a second-level pairwise master key.
  - 10. The method of claim 9, further comprising deriving from the first-level pairwise master key a pairwise transient key.
  - 11. The method of claim 9, further comprising deriving from the second-level pairwise master key in the at least one neighbor AP a pairwise transient key.
  - 12. The method of claim 9, wherein deriving a second-level security key for at least one neighbor AP from the first-level security key comprises deriving from the first-level pairwise master key the second-level pairwise master key, considering a Medium Access Control (MAC) address of the STA.
  - 13. The method of claim 8, wherein the at least one neighbor AP is an AP to which the STA can roam without passing through a coverage area of another AP.
  - 14. The method of claim 13, wherein the STA attempts to associates with the AP by roaming from the at least one neighbor AP.

15. A method of generating a security key in a wireless network having an authentication server and a plurality of access points (APs) connected to the authentication server, the method comprising:
- receiving from the authentication server a first-level pairwise master key derived from a known master key;
  
  deriving from the first-level pairwise master key a pairwise transient key; and
  
  deriving from the first-level pairwise master key a second-level pairwise master key for at least one neighbor AP.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, further comprising deriving from the second-level pairwise master key in the at least one neighbor AP a pairwise transient key.
  - 17. The method of claim 16, wherein the deriving a second-level pairwise master key for at least one neighbor AP from the first-level pairwise master key comprises deriving from the first-level pairwise master key the second-level pairwise master key, considering a Medium Access Control (MAC) address of a station (STA).

18. In a wireless network having an authentication server and a plurality of access points (APs) connected to the authentication server, a method of generating a security key in a target AP to which a station (STA) associated with a serving AP attempts to roam, the method comprising:
- receiving from the serving AP a second-level pairwise master key;
  
  deriving from the second-level pairwise master key a pairwise transient key; and
  
  deriving from the second-level pairwise master key a new second-level master key for at least one neighbor AP.
- View Dependent Claims (19)
- - 19. The method of claim 18, further comprising deriving a new second-level master key for at least one neighbor AP from the second-level pairwise master key comprises deriving from the second-level pairwise master key the new second-level pairwise master key, considering a Medium Access Control (MAC) address of the STA.

20. A method of supporting a roaming service for a station (STA) in a wireless network having a server for authenticating the STA and managing accounting for the STA and a plurality of access points (APs) connected to the authentication server, the method comprising:
- receiving from a first AP association information regarding association in the server of the STA with the first AP;
  
  notifying by the server at least one neighbor AP that the STA has completely associated with the first AP, the at least one neighbor AP neighboring to the first AP and when the STA attempts to roam to the at least one neighbor AP;
  
  sending to the at least one neighbor AP a security key generated based on the association information when the at least one neighbor AP requests the security key for the STA,wherein the at least one neighbor AP authenticates the STA using the security key received from the server.
- View Dependent Claims (21, 22, 23)
- - 21. The method of claim 20, wherein the association information includes a first-level pairwise master key and a Medium Access Control (MAC) address of the STA.
  - 22. The method of claim 21, wherein the first-level pairwise master key is derived from a master key by the first AP.
  - 23. The method of claim 21, wherein the security key that the server sends to the at least one neighbor AP is a second-level pairwise master key derived from the first-level pairwise master key.

24. A method of supporting a roaming service for a station (STA) in a wireless network having a server for authenticating the STA and managing accounting for the STA and a plurality of access points (APs) connected to the authentication server, the method comprising:
- deriving a first-level pairwise master key to be shared between the STA and a first AP by the server when the STA attempts to associate with the first AP being one of the plurality of APs;
  
  deriving from the first-level pairwise master key a second-level pairwise master key; and
  
  providing to at least one neighbor AP neighboring to the first AP the second-level pairwise key,wherein when the STA attempts to roam to the at least one neighbor AP, the at least one neighbor AP authenticates the STA with the second-level pairwise master key.
- View Dependent Claims (25, 26, 27)
- - 25. The method of claim 24, wherein the first AP sends a Medium Access Control (MAC) address of the STA to the server, for generation of the first-level pairwise master key.
  - 26. The method of claim 25, wherein deriving a first-level pairwise master key further comprises deriving from a master key known to the server by the server the first-level pairwise master key.
  - 27. The method of claim 24, wherein deriving a second-level pairwise master key from the first-level pairwise master key comprises deriving from the first-level pairwise master key the second-level pairwise master key, considering a MAC address of the at least one neighbor AP by the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd., University of Maryland, College Park
Original Assignee
Samsung Electronics Co. Ltd., University of Maryland
Inventors
Jang, Kyung-Hun, Shin, Min-Ho, Arbaugh, William Albert, Lee, In-Sun, Mishra, Arunesh
Primary Examiner(s)
Mehrpour; Naghmeh

Application Number

US10/752,675
Publication Number

US 20040242228A1
Time in Patent Office

1,328 Days
Field of Search

455/432.1, 455/4, 455/6, 455/436, 455/410, 455/435.1, 713/156, 713/158, 713/175, 713/150, 370/331, 370/338
US Class Current

455/432.1
CPC Class Codes

H04L 2209/80   Wireless

H04L 2463/061   applying further key deriva...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 9/0836   using tree structure or hie...

H04L 9/0844   with user authentication or...

H04W 12/04   Key management, e.g. using ...

H04W 12/062   Pre-authentication

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/08   Access point devices

Method for fast roaming in a wireless network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method for fast roaming in a wireless network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links