Dynamic authentication in secured wireless networks

US 7,669,232 B2
Filed: 12/19/2008
Issued: 02/23/2010
Est. Priority Date: 04/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method for pairing dynamic secrets in a secured wireless network, the method comprising:

identifying an access profile belonging to an authenticated user, the user having been authenticated as being authorized to access the secured wireless network, the access profile being specific to the authenticated user;

randomly generating a secret for the authenticated user, wherein the secret is unique to the authenticated user;

storing the secret in memory, the secret being stored in association with the identified access profile belonging to the authenticated user;

deriving one or more security keys from the secret;

saving the one or more derived security keys to a table in memory, the table including information concerning the security keys and whether each security key is associated with a wireless interface device;

generating an executable for configuring the wireless interface device to access the secured wireless network;

downloading the executable and at least one of the security keys as a part of the access profile to a wireless interface device belonging to the authenticated user, wherein executing the transferred executable on the wireless interface device configures the wireless interface device to access the secured wireless network using the security key and the access profile belonging to the authenticated user; and

updating the table to include the association between the security key and the wireless interface device belonging to the authenticated user and further associated with the access profile, wherein use of the security key to access the secured wireless network is restricted to the associated wireless interface device belonging to the authenticated user as identified by the associated access profile.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.

Citations

13 Claims

1. A method for pairing dynamic secrets in a secured wireless network, the method comprising:
- identifying an access profile belonging to an authenticated user, the user having been authenticated as being authorized to access the secured wireless network, the access profile being specific to the authenticated user;
  
  randomly generating a secret for the authenticated user, wherein the secret is unique to the authenticated user;
  
  storing the secret in memory, the secret being stored in association with the identified access profile belonging to the authenticated user;
  
  deriving one or more security keys from the secret;
  
  saving the one or more derived security keys to a table in memory, the table including information concerning the security keys and whether each security key is associated with a wireless interface device;
  
  generating an executable for configuring the wireless interface device to access the secured wireless network;
  
  downloading the executable and at least one of the security keys as a part of the access profile to a wireless interface device belonging to the authenticated user, wherein executing the transferred executable on the wireless interface device configures the wireless interface device to access the secured wireless network using the security key and the access profile belonging to the authenticated user; and
  
  updating the table to include the association between the security key and the wireless interface device belonging to the authenticated user and further associated with the access profile, wherein use of the security key to access the secured wireless network is restricted to the associated wireless interface device belonging to the authenticated user as identified by the associated access profile.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein updating the table includes storing the association between the security key and an identification of the wireless interface.
  - 3. The method of claim 1, wherein updating the table includes storing the association between the security key and a radio of the wireless interface device.
  - 4. The method of claim 1, further comprising updating the secret.
  - 5. The method of claim 2, wherein the wireless interface identification includes a MAC address.
  - 6. The method of claim 4, wherein updating the secret occurs after a predefined period of time.
  - 7. The method of claim 4, wherein updating the secret occurs upon request by a system administrator.
  - 8. The method of claim 4, wherein updating the secret comprises:
    - generating a new random secret unique to the authenticated user;
      
      storing the new secret in memory with the access profile belonging to the user; and
      
      requiring that the wireless interface be reauthenticated by the authenticated user before associating the new secret to the wireless interface.
  - 9. The method of claim 8, wherein requiring the wireless interface to be re-authenticated comprises terminating the wireless connection between the wireless interface and the secured wireless network.

10. A system for pairing dynamic secrets in a secured wireless network, the system comprising:
- a secret generation module stored in memory and executable by a processor to;
  
  randomly generate a secret unique to an authenticated user, the user having been authenticated as being authorized to access the secured wireless network, andderive one or more security secrets from the secret;
  
  a secret database configured to store information concerning the secret in association with an access profile identified as belonging to the authenticated user, the access profile being specific to the authenticated user, the secret database comprising a table including information concerning the re security keys and whether each security key is associated with a wireless interface device;
  
  an access profile generation module executable by the processor to generate an access profile for the authenticated user;
  
  an executable generation module executable by the processor to generate an executable for using the access profile and the security key to configure the wireless interface to access the secured wireless network; and
  
  a binding module stored in memory and executable by the processor to download the executable and at least one of the security keys as part of the access profile to a wireless interface device belonging to the authenticated user,wherein executing the transferred executable on the wireless interface device configures the wireless interface device to access the secured wireless network using the security key and the access profile belonging to the authenticated user, andwherein the table is updated to include the association between the security key and the wireless interface device belonging to the authenticated user and further associated with the access profile, wherein use of the security key to access the secured wireless network is restricted to the associated wireless interface device belonging to the authenticated user as identified by the associated access profile.
- View Dependent Claims (11)
- - 11. The system of claim 10, wherein the secret generation module is further executable by the processor to update the secret by generating a new random secret unique to the user.

12. A computer-readable storage medium having embodied thereon a program, the program being executable by a computer processor to perform a method for pairing dynamic secrets in a secured wireless network, the method comprising:
- identifying an access profile belonging to an authenticated user, the user having been authenticated as being authorized to access the secured wireless network, the access profile being specific to the authenticated user;
  
  randomly generating a secret for the authenticated user, wherein the secret is unique to the authenticated user;
  
  storing the secret in memory, the secret being stored in association with the identified access profile belonging to the authenticated user, the access profile;
  
  deriving one or more security keys from the secret;
  
  saving the one or more derived security keys to a table in memory, the table including information concerning the security keys and whether each security key is associated with a wireless interface device;
  
  generating an executable for configuring the wireless interface device to access the secured wireless network;
  
  downloading the executable and at least one of the security keys as a part of the access profile to a wireless interface device belonging to the authenticated user, wherein executing the transferred executable on the wireless interface device configures the wireless interface device to access the secured wireless network using the security key and the access profile belonging to the authenticated user; and
  
  updating the table to include the association between the security key and the wireless interface belonging to the authenticated user, wherein use of the security key to access the secured wireless network is restricted to the associated wireless interface belonging to the authenticated user as identified by the associated access profile.
- View Dependent Claims (13)
- - 13. The computer-readable storage medium of claim 12, wherein the program is further executable by the processor to update the secret, wherein the wireless interface must be reauthenticated by the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ruckus IP Holdings LLC
Original Assignee
Ruckus Wireless, Inc. (CommScope Holding Company, Inc.)
Inventors
Kuo, Ted Tsei, Yang, Bo-Chieh, Lin, Tian-Yuan, Jou, Tyan-Shu, Sheu, Ming
Primary Examiner(s)
Zia; Syed A.

Application Number

US12/339,688
Publication Number

US 20090092255A1
Time in Patent Office

431 Days
Field of Search

None
US Class Current

726/2
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04W 12/041   Key generation or derivation

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 8/18   Processing of user or subsc...

Dynamic authentication in secured wireless networks

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic authentication in secured wireless networks

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links