Method and apparatus for providing a key for secure communications
First Claim
Patent Images
1. A method for mutual authentication of a first and a second node in a peer-to-peer network, the method comprising the steps of:
- sending a first authentication message to the second node containing information needed to authenticate the first node;
receiving a second authentication message from the second node echoing at least some of the information transmitted in the first authentication message;
determining responsive to the contents of the received second authentication message whether authentication is needed;
deriving a pair-wise transient key (PTK) used for encryption of unicast traffic from a pair-wise master key created during authentication;
sending an association message to the second node, the association message comprising both information needed by the second node to validate the PTK, and a group transient key (GTK) used by the first node in encrypting multicast or broadcast traffic; and
receiving an association message from the second node, the association message comprising information needed by the first node to validate the PTK, and a GTK used by the second node, wherein the first authentication message comprises a nonce created by the first node and the second authentication message comprises a nonce created by the second node.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing a key for secure communications is provided herein. During operation a node wishing to join a network, will authenticate with an authentication server and then derive a pairwise key (e.g., a Pair-wise Transient Key (PTK)) used for encryption of unicast traffic. The node will also create its own group transient key (GTK) for use in encrypting multicast or broadcast traffic. Once the GTK is generated, it will be provided to an authenticator as part of an association request message.
-
Citations
14 Claims
-
1. A method for mutual authentication of a first and a second node in a peer-to-peer network, the method comprising the steps of:
-
sending a first authentication message to the second node containing information needed to authenticate the first node; receiving a second authentication message from the second node echoing at least some of the information transmitted in the first authentication message; determining responsive to the contents of the received second authentication message whether authentication is needed; deriving a pair-wise transient key (PTK) used for encryption of unicast traffic from a pair-wise master key created during authentication; sending an association message to the second node, the association message comprising both information needed by the second node to validate the PTK, and a group transient key (GTK) used by the first node in encrypting multicast or broadcast traffic; and receiving an association message from the second node, the association message comprising information needed by the first node to validate the PTK, and a GTK used by the second node, wherein the first authentication message comprises a nonce created by the first node and the second authentication message comprises a nonce created by the second node. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for performing mutual authentication, the apparatus comprising:
-
a transmitter sending a first authentication message to a second node containing information needed to authenticate a first node; a receiver receiving a second authentication message from the second node echoing at least some of the information transmitted in the first authentication message; a logic unit determining responsive to the contents of the received second authentication message whether authentication is needed and deriving a pair-wise transient key (PTK) used for encryption of unicast traffic from a pair-wise master key created during authentication; and wherein the transmitter additionally transmits an association message to the second node, the association message comprising both information needed by the second node to validate the PTK, and a group transient key (GTK) used by a first node in encrypting multicast or broadcast traffic; and the receiver additionally receives an association message from the second node, the association message comprising information needed by the first node to validate the PTK and a GTK used by the second, wherein the first authentication message comprises a nonce created by the first node and the second authentication message comprises a nonce created by the second node. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification