Enhancement to authentication protocol that uses a key lease
First Claim
1. A method of re-authenticating and protecting wireless communication security comprising the steps of:
- a) performing a secondary authentication protocol between a wireless client electronic system (client) and a wireless network access point electronic system (AP) using a key lease generated by performance of a primary authentication protocol, wherein said key lease includes a key lease period for indicating a length of time in which said key lease is valid for using said secondary authentication protocol instead of said primary authentication protocol, and wherein the secondary authentication protocol includes the steps of;
a(i) transmitting said key lease from said client to said AP;
a(ii) generating a first random number associated with said client and a second random number associated with said AP, wherein said key lease includes an encryption key for use in said secondary authentication protocol; and
a(iii) transmitting said first random number to said AP and said second random number to said client; and
b) if said secondary authentication protocol is successful, generating a session encryption key for encrypting communication traffic between said client and said AP, wherein the generating comprises;
b(i) applying a hash function and said encryption key to said first random number and said second random number to determine said session encryption key.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and system for using a key lease in a secondary authentication protocol after a primary authentication protocol has been performed is described. In one embodiment, the primary authentication protocol comprises a strong, secure, computationally complex authentication protocol. Moreover, the secondary authentication protocol comprises a less complex (compared to the primary authentication protocol) and less secure (compared to the primary authentication protocol) authentication protocol which can be performed in a length of time that is shorter than a length of time required to perform the primary authentication protocol. In an embodiment, the key lease includes context information. Moreover, a new session encryption key is computed after each time a quick re-authentication is performed by executing the secondary authentication protocol using the key lease, whereas the session encryption key is used for encrypting communication traffic, providing a solution to the potential communication traffic replay threat.
72 Citations
9 Claims
-
1. A method of re-authenticating and protecting wireless communication security comprising the steps of:
-
a) performing a secondary authentication protocol between a wireless client electronic system (client) and a wireless network access point electronic system (AP) using a key lease generated by performance of a primary authentication protocol, wherein said key lease includes a key lease period for indicating a length of time in which said key lease is valid for using said secondary authentication protocol instead of said primary authentication protocol, and wherein the secondary authentication protocol includes the steps of; a(i) transmitting said key lease from said client to said AP; a(ii) generating a first random number associated with said client and a second random number associated with said AP, wherein said key lease includes an encryption key for use in said secondary authentication protocol; and a(iii) transmitting said first random number to said AP and said second random number to said client; and b) if said secondary authentication protocol is successful, generating a session encryption key for encrypting communication traffic between said client and said AP, wherein the generating comprises; b(i) applying a hash function and said encryption key to said first random number and said second random number to determine said session encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification
-
- Resources
-
Current AssigneeValtrus Innovations Limited (f/k/a Dolya Holdco 9 Limited) (Key Patent Innovations Limited)
-
Original Assignee3Com Corporation (HP Inc.)
-
InventorsNessett, Danny M., Young, Albert
-
Primary Examiner(s)Revak, Christopher A
-
Assistant Examiner(s)Moorthy, Aravind K
-
Application NumberUS09/900,617Time in Patent Office2,755 DaysField of Search713/200, 713/168, 713/171, 713/201US Class Current726/22CPC Class CodesH04L 2209/80 Wireless network architectu...H04L 63/061 for key exchange, e.g. in p...H04L 63/08 for authentication of entit...H04L 63/12 Applying verification of th...H04L 9/083 involving central third par...H04L 9/0844 with user authentication or...H04L 9/0869 involving random numbers or...H04L 9/0891 Revocation or update of sec...H04L 9/3273 for mutual authentication n...H04W 12/06 AuthenticationH04W 12/10 IntegrityH04W 12/50 Secure pairing of devices
