Enhancement to authentication protocol that uses a key lease
First Claim
1. A method of re-authenticating and protecting wireless communication security comprising the steps of:
- a) performing a secondary authentication protocol between a wireless client electronic system (client) and a wireless network access point electronic system (AP) using a key lease generated by performance of a primary authentication protocol, wherein said key lease includes a key lease period for indicating a length of time in which said key lease is valid for using said secondary authentication protocol instead of said primary authentication protocol, and wherein the secondary authentication protocol includes the steps of;
a(i) transmitting said key lease from said client to said AP;
a(ii) generating a first random number associated with said client and a second random number associated with said AP, wherein said key lease includes an encryption key for use in said secondary authentication protocol; and
a(iii) transmitting said first random number to said AP and said second random number to said client; and
b) if said secondary authentication protocol is successful, generating a session encryption key for encrypting communication traffic between said client and said AP, wherein the generating comprises;
b(i) applying a hash function and said encryption key to said first random number and said second random number to determine said session encryption key.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and system for using a key lease in a secondary authentication protocol after a primary authentication protocol has been performed is described. In one embodiment, the primary authentication protocol comprises a strong, secure, computationally complex authentication protocol. Moreover, the secondary authentication protocol comprises a less complex (compared to the primary authentication protocol) and less secure (compared to the primary authentication protocol) authentication protocol which can be performed in a length of time that is shorter than a length of time required to perform the primary authentication protocol. In an embodiment, the key lease includes context information. Moreover, a new session encryption key is computed after each time a quick re-authentication is performed by executing the secondary authentication protocol using the key lease, whereas the session encryption key is used for encrypting communication traffic, providing a solution to the potential communication traffic replay threat.
72 Citations
9 Claims
-
1. A method of re-authenticating and protecting wireless communication security comprising the steps of:
-
a) performing a secondary authentication protocol between a wireless client electronic system (client) and a wireless network access point electronic system (AP) using a key lease generated by performance of a primary authentication protocol, wherein said key lease includes a key lease period for indicating a length of time in which said key lease is valid for using said secondary authentication protocol instead of said primary authentication protocol, and wherein the secondary authentication protocol includes the steps of; a(i) transmitting said key lease from said client to said AP; a(ii) generating a first random number associated with said client and a second random number associated with said AP, wherein said key lease includes an encryption key for use in said secondary authentication protocol; and a(iii) transmitting said first random number to said AP and said second random number to said client; and b) if said secondary authentication protocol is successful, generating a session encryption key for encrypting communication traffic between said client and said AP, wherein the generating comprises; b(i) applying a hash function and said encryption key to said first random number and said second random number to determine said session encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification