Terminal authentication in a wireless network
First Claim
1. A method performed by a user terminal of a wireless access network, the method comprising:
- generating a shared secret to be provided to an access point of the wireless access network;
encrypting the shared secret with an access point public key;
pre-calculating a plurality of authenticator messages based on a corresponding plurality of estimated time parameters, each authenticator message comprising at least part of the shared secret;
receiving an indication of a measured time parameter; and
selecting a pre-calculated authenticator message that corresponds to the measured time parameter; and
signing the selected authenticator message with a user terminal private key; and
sending a message to the access point, the message including the encrypted shared secret, a user terminal certificate, and the signed authenticator message.
4 Assignments
0 Petitions
Accused Products
Abstract
A user terminal can be authenticated by an access point based on one message. In one embodiment, the present invention includes the access point receiving a message containing a shared secret encrypted with an access point public key, a user terminal certificate, and an authenticator string demonstrating possession by the user terminal of a user terminal private key. The access point can decrypt the shared secret using the private key of the access point paired with its private key. The access point can then authenticate the user terminal by checking the authenticator string using a user terminal public key included in the user terminal certificate to verify possession of the user terminal private key by the user terminal.
-
Citations
16 Claims
-
1. A method performed by a user terminal of a wireless access network, the method comprising:
-
generating a shared secret to be provided to an access point of the wireless access network; encrypting the shared secret with an access point public key; pre-calculating a plurality of authenticator messages based on a corresponding plurality of estimated time parameters, each authenticator message comprising at least part of the shared secret; receiving an indication of a measured time parameter; and selecting a pre-calculated authenticator message that corresponds to the measured time parameter; and signing the selected authenticator message with a user terminal private key; and sending a message to the access point, the message including the encrypted shared secret, a user terminal certificate, and the signed authenticator message. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A user terminal comprising:
-
a memory to store a user terminal certificate and a shared secret to be provided to an access point; a processor coupled to the memory to encrypt the shared secret with access point public key, pre-calculate a plurality of authenticator messages based on a corresponding plurality of estimated time parameters, each authenticator message comprising at least part of the shared secret; receive an indication of a measured time parameter, select a pre-calculated authenticator message that corresponds to the measure time parameter, and sign the selected authenticator message with a user terminal private key; and a transmitter coupled to the processor to send a message to the access point, the message including the encrypted shared secret, the user terminal certificate, and the signed authenticator message. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A machine-readable medium storing data representing instructions that, when executed by a processor of a user terminal, cause the processor to perform operations comprising:
-
generating a shared secret to be provided to an access point of the wireless access network; encrypting the shared secret with an access point public key; pre-calculating a plurality of authenticator messages based on a corresponding plurality of estimated time parameters, each authenticator message comprising at least part of the shared secret; receiving an indication of a measured time parameter; and selecting a pre-calculated authenticator message that corresponds to the measured time parameter; and signing the selected authenticator message with a user terminal private key; and sending a message to the access point, the message including the encrypted shared secret, a user terminal certificate, and the signed authenticator message. - View Dependent Claims (13, 14, 15, 16)
-
Specification