Method and system for pre-authentication
First Claim
1. A method for roaming from a parent access point to a neighboring access point by a wireless station, comprising:
- pre-authenticating with the neighboring access point while associated with the parent access point, the pre-authenticating comprises;
sending a rekey request to the neighboring access point, the rekey request comprises an incremented rekey number, andreceiving a rekey response to the rekey request, the rekey response comprises a one time ticket that includes the incremented rekey number; and
roaming to the neighboring access point after pre-authenticating using a two-way handshake with the neighboring access point, the two-way handshake comprises;
sending a reassociation request to the neighboring access point, the reassociation request comprising the one time ticket, andreceiving a reassociation response from the neighboring access point.
1 Assignment
0 Petitions
Accused Products
Abstract
A wireless station prepares to roam by pre-authenticating itself with a neighboring access point. The wireless station sends a rekey request, which can include an incremented rekey number. The wireless station receives a rekey response. The rekey response can include the incremented rekey number. Because the wireless station is pre-authenticated, after it roams it only needs to perform a two-way handshake with a new access point to establish secure communications with the new access point. The two-way handshake starts by the wireless station sending a reassociation request to the neighboring access point, the reassociation request comprising the incremented rekey number established during pre-authentication. The wireless station receives a reassociation response from the neighboring access point. To protect against replay attacks, the neighboring access point can verify the rekey number sent in the reassociation request matches the rekey number sent in the rekey response.
44 Citations
30 Claims
-
1. A method for roaming from a parent access point to a neighboring access point by a wireless station, comprising:
-
pre-authenticating with the neighboring access point while associated with the parent access point, the pre-authenticating comprises; sending a rekey request to the neighboring access point, the rekey request comprises an incremented rekey number, and receiving a rekey response to the rekey request, the rekey response comprises a one time ticket that includes the incremented rekey number; and roaming to the neighboring access point after pre-authenticating using a two-way handshake with the neighboring access point, the two-way handshake comprises; sending a reassociation request to the neighboring access point, the reassociation request comprising the one time ticket, and receiving a reassociation response from the neighboring access point. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system comprising:
-
an authentication server, the authentication server configured to maintain rekey data for a wireless station; a parent access point; and a neighboring access point; wherein the wireless station is assigned to the parent access point and can communicate with the neighboring access point; wherein the wireless station configured to pre-authenticate with the neighboring access point while associated with the parent access point by sending a rekey request, the rekey request comprising an incremented rekey number; wherein the rekey request is received by one of the parent access point and the neighboring access point, and the rekey request is forwarded to the authentication server for authentication by comparing he incremented rekey number with the rekey data; wherein the neighboring access point is responsive to the authentication server to create a rekey response, the rekey response comprises a one time ticket that includes the incremented rekey number, the rekey response being sent to the wireless station via the authentication server and the parent access point; wherein the wireless station is further configured to roam to the neighboring access point after pre-authentication using a two-way handshake with the neighboring access point, the two-way handshake comprising; sending a reassociation request to the neighboring access point, the reassociation request containing the one time ticket; and receiving a reassociation response from the neighboring access point; and wherein the neighboring access point is further configured to verify the reassociation request contains the one time ticket with the incremented rekey number and to send a reassociation response responsive to verifying the one time ticket sent in the reassociation request has the correct rekey number. - View Dependent Claims (25, 26, 27)
-
-
28. A wireless station, comprising
means for communicating with a parent access point; -
means for detecting a neighboring access point; means for pre-authenticating with the neighboring access point while associated to the parent access point by sending a rekey message directed to the neighboring access point, the rekey message containing an incremented rekey number; means for receiving a rekey response comprising a one time ticket that contains the incremented rekey number; means for roaming to the neighboring access point after pre-authentication using a two way handshake with the neighboring access point, the two way handshake comprising; means for sending a reassociation request to the neighboring access point, the reassociation request comprising the one time ticket; and means for receiving a reassociation response from the neighboring access point. - View Dependent Claims (29, 30)
-
Specification