802.11 using a compressed reassociation exchange to facilitate fast handoff
First Claim
1. A method for establishing a secure association for a mobile node with a network, the steps comprising:
- associating with an access point;
authenticating the mobile node using an extensible authentication protocol by the access point;
establishing a network session key; and
wherein the network session key is used to establish a key request key and a base transient key;
wherein the base transient key is used as a counter mode key generator to provide fresh pairwise transient keys;
wherein the key request key is used by the mobile node to prove it has proper authorization for a session;
wherein roaming after establishing the network session key comprises;
incrementing a rekey number, producing an incremented rekey number,generating a fresh pairwise transient key based on the incremented rekey number;
sending a reassociation request to a new access point, the reassociation request containing the incremented rekey number, andverifying the new access point is using the fresh pairwise transient key based on the incremented rekey number.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for handling roaming mobile nodes in a wireless network. The system uses a Subnet Context Manager to store current Network session keys, security policy and duration of the session (e.g. session timeout) for mobile nodes, which is established when the mobile node is initially authenticated. Pairwise transit keys are derived from the network session key. The Subnet Context Manager handles subsequent reassociation requests. When a mobile node roams to a new access point, the access point obtains the network session key from the Subnet Context Manager and validates the mobile node by computing a new pairwise transient key from the network session key.
-
Citations
42 Claims
-
1. A method for establishing a secure association for a mobile node with a network, the steps comprising:
-
associating with an access point; authenticating the mobile node using an extensible authentication protocol by the access point; establishing a network session key; and wherein the network session key is used to establish a key request key and a base transient key; wherein the base transient key is used as a counter mode key generator to provide fresh pairwise transient keys; wherein the key request key is used by the mobile node to prove it has proper authorization for a session; wherein roaming after establishing the network session key comprises; incrementing a rekey number, producing an incremented rekey number, generating a fresh pairwise transient key based on the incremented rekey number; sending a reassociation request to a new access point, the reassociation request containing the incremented rekey number, and verifying the new access point is using the fresh pairwise transient key based on the incremented rekey number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 40, 41, 42)
-
-
14. A mobile node, comprising:
-
means for associating with an access point; means for authenticating the mobile node using an extensible authentication protocol by the access point; means for establishing a network session key; and wherein the network session key is used to establish a key request key and a base transient key; wherein the base transient key is used as a counter mode key generator to provide fresh pairwise transient keys; wherein the key request key is used by the mobile node to prove it has proper authorization for a session; and means for roaming, the means for roaming comprises means for incrementing a rekey number, producing an incremented rekey number, means for generating a fresh pairwise transient key based on the incremented rekey number, means for sending a reassociation request to a new access point, the new reassociation request containing the incremented rekey number, and means for verifying the new access point is using the fresh pairwise transient key based on the incremented rekey number. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer program product having a computer readable medium having computer program logic recorded thereon for establishing a secure association for a mobile node with a network, comprising means for associating with an access point;
-
means for authenticating the computer readable instructions using an extensible authentication protocol by the access point; means for establishing a network session key; and wherein the network session key is used to establish a key request key and a base transient key; wherein the base transient key is used as a counter mode key generator to provide fresh Pairwise transient keys; wherein the key request key is used by the computer readable instructions to prove it has proper authorization for a session; and means for roaming, the means for roaming comprises means for incrementing a rekey number, producing an incremented rekey number, means for generating a fresh pairwise transient key based on the incremented rekey number, means for sending a reassociation request to a new access point, the new reassociation request containing the incremented rekey number, and means for verifying the new access point is using the fresh pairwise transient key based on the incremented rekey number. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
Specification