Tunneling security association messages through a mesh network
First Claim
Patent Images
1. A method for establishing security associations within a wireless Mesh communication network, the method comprising:
- authenticating one or more Mesh Authenticators with an Authentication Server using the Mesh Key Distributor as an Authentication, Authorization and Accounting (AAA) client for the Authentication Server, including creating a master key for each Mesh Authenticator and delivering the master key to the Mesh Key Distributor;
maintaining a secure communication channel using one or more layer 2 protocols between the Mesh Key Distributor and one or more Mesh Authenticators including deriving from the master key for each of the one or more Mesh Authenticators;
at least one derived Mesh Authenticator key for communicating between the Mesh Key Distributor and the Mesh Authenticator, andat least one derived Mesh Authenticator key for key delivery from the Mesh Key Distributor to the Mesh Authenticator for establishing new Supplicant security associations; and
establishing a security association of a Supplicant node including;
communicating an Extensible Authentication Protocol (EAP) request message from the Supplicant node to one of the Mesh Authenticators,communicating the EAP request message from the Supplicant node to the Authentication Server by passing the EAP request message within an EAP encapsulation request message from the Mesh Authenticator to the Mesh Key Distributor over the secure communication channel using the derived key for communicating, and from the Mesh Key Distributor to the Authentication server,communicating an EAP response message from the Authentication Server to the Mesh Key Distributor,communicating the EAP response message and a message type between the Mesh Key Distributor and the Mesh Authenticator to communicate encapsulated EAP response messages, using the secure communication channel between the Mesh Key Distributor and the Mesh Authenticator, wherein the message type indicating whether the supplicant node is accepted or should not be granted access to the mesh,communicating the EAP response message from the Mesh Authenticator to the Supplicant node, andestablishing the security association of the Supplicant node using a distributed unwrapped key when the message type is an accept message type.
7 Assignments
0 Petitions
Accused Products
Abstract
The disclosure relates to techniques and technologies for establishing a secure link between a mesh authenticator and a mesh key distributor for transporting security association messages. The secure link can allow the mesh key distributor to communicate results of an authentication process to the mesh authenticator.
59 Citations
17 Claims
-
1. A method for establishing security associations within a wireless Mesh communication network, the method comprising:
-
authenticating one or more Mesh Authenticators with an Authentication Server using the Mesh Key Distributor as an Authentication, Authorization and Accounting (AAA) client for the Authentication Server, including creating a master key for each Mesh Authenticator and delivering the master key to the Mesh Key Distributor; maintaining a secure communication channel using one or more layer 2 protocols between the Mesh Key Distributor and one or more Mesh Authenticators including deriving from the master key for each of the one or more Mesh Authenticators; at least one derived Mesh Authenticator key for communicating between the Mesh Key Distributor and the Mesh Authenticator, and at least one derived Mesh Authenticator key for key delivery from the Mesh Key Distributor to the Mesh Authenticator for establishing new Supplicant security associations; and establishing a security association of a Supplicant node including; communicating an Extensible Authentication Protocol (EAP) request message from the Supplicant node to one of the Mesh Authenticators, communicating the EAP request message from the Supplicant node to the Authentication Server by passing the EAP request message within an EAP encapsulation request message from the Mesh Authenticator to the Mesh Key Distributor over the secure communication channel using the derived key for communicating, and from the Mesh Key Distributor to the Authentication server, communicating an EAP response message from the Authentication Server to the Mesh Key Distributor, communicating the EAP response message and a message type between the Mesh Key Distributor and the Mesh Authenticator to communicate encapsulated EAP response messages, using the secure communication channel between the Mesh Key Distributor and the Mesh Authenticator, wherein the message type indicating whether the supplicant node is accepted or should not be granted access to the mesh, communicating the EAP response message from the Mesh Authenticator to the Supplicant node, and establishing the security association of the Supplicant node using a distributed unwrapped key when the message type is an accept message type. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
Specification