Security authentication and key management within an infrastructure-based wireless multi-hop network

US 7,793,104 B2
Filed: 01/14/2009
Issued: 09/07/2010
Est. Priority Date: 09/07/2006
Status: Active Grant

First Claim

Patent Images

1. A method of security authentication and key management within an infrastructure-based wireless multi-hop network, the method comprising:

initially authenticating a supplicant including determining one or more authenticated supplicant role attributes with an authentication server;

obtaining one or more authorization attributes from the authentication server by a top level key holder;

determining whether the authenticated supplicant role attribute is a level one key holder by the top level key holder;

initiating a four-way handshaking between the top level key holder and the supplicant with a pair-wise master key (PMK)_0 to derive a Key Distribution Key (KDK) when the authenticated supplicant role attribute is a level one key holder; and

when the authenticated supplicant role attribute is not a level one key holder;

communicating a level one pair-wise master key (PMK)_1 from the top level key holder to a level one key holder,initiating a four-way handshaking between the level one key holder and the supplicant with the level one pair-wise master key (PMK)_1 to generate a secure communication link between the supplicant and the level one key holder, andcommunicating on the secure link between the level one key holder and the supplicant.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of security authentication and key management scheme in a multi-hop wireless network is provided herein with a hop-by-hop security model. The scheme adapts the 802.11r key hierarchy into the meshed AP network. In this approach, a top key holder (R0KH) derives and holds the top Pairwise Master Key (PMK_—0) for each supplicant wireless device after the authentication process. All authenticator AP take the level one key holder (R1KH) role and receive the next level Pairwise Master Key (PMK_—1) from R0KH. The link level data protection key is derived from PMK_—1 via the 802.11i 4-way handshaking.

Citations

5 Claims

1. A method of security authentication and key management within an infrastructure-based wireless multi-hop network, the method comprising:
- initially authenticating a supplicant including determining one or more authenticated supplicant role attributes with an authentication server;
  
  obtaining one or more authorization attributes from the authentication server by a top level key holder;
  
  determining whether the authenticated supplicant role attribute is a level one key holder by the top level key holder;
  
  initiating a four-way handshaking between the top level key holder and the supplicant with a pair-wise master key (PMK)_0 to derive a Key Distribution Key (KDK) when the authenticated supplicant role attribute is a level one key holder; and
  
  when the authenticated supplicant role attribute is not a level one key holder;
  
  communicating a level one pair-wise master key (PMK)_1 from the top level key holder to a level one key holder,initiating a four-way handshaking between the level one key holder and the supplicant with the level one pair-wise master key (PMK)_1 to generate a secure communication link between the supplicant and the level one key holder, andcommunicating on the secure link between the level one key holder and the supplicant.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method of security authentication and key management within an infrastructure-based wireless multi-hop network as claimed in claim 1, wherein the four way handshaking between the top level key holder and the level one key holder comprises a 802.11i style four way handshaking to derive a KDK between the top level key holder and the level one key holder;
    - and further wherein the four way handshaking between the level one key holder and the supplicant comprises a 802.11i style four way handshaking to derive a pair-wise transient key (PTK) between the level one key holder and the supplicant.
  - 3. A method of security authentication and key management within an infrastructure-based wireless multi-hop network as claimed in claim 1, wherein the KDK is derived as:
    - KDK=KDF-KDKLen(PMK_—0, “
      
      KDK Key derivation”
      
      , SNonce∥
      
      Anonce∥
      
      AA∥
      
      SPA)where;
      
      KDF-256 is a predefined number,SNonce is a random number generated by the supplicant,ANonce is a random number generated by the top level key holder,the two random numbers are exchanged during the first two messages of the four-way handshaking,AA is the top level key holder MAC address, andSPA is supplicant MAC address.
  - 4. A method of security authentication and key management within an infrastructure-based wireless multi-hop network as claimed in claim 1, wherein the initial authentication step includes communication of a final “
    - authentication success”
      
      message, and further wherein the one or more authorization attributes are obtained from the final “
      
      authentication success”
      
      message.
  - 5. A method of secure authentication of a node within an infrastructure-based wireless multi-hop network as claimed in claim 1, the method comprising further comprising:
    - initiating a re-authentication with an other level one key holder -by the supplicant, wherein the other level one key holder has been authenticated and connected to the top level key holder within a same mobility domain wherein the re-authentication comprises;
      
      communicating a message using a fast handoff process from the supplicant to the other level one key holder;
      
      communicating the level one pair-wise master key (PMK)_1 from the top level key holder to the other level one key holder;
      
      completing a fast handoff between the other level one key holder and the supplicant using the level one pair-wise master key (PMK)_1 to generate a secure communication link between the supplicant and the other level one key holder; and
      
      communicating on the secure link between the other level one key holder and the supplicant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Hanna, Samer S., Zheng, Heyun, Goldberg, Keith J., Zeng, Surong, Gandhi, Amit, Baker, Jr., Charles R.
Primary Examiner(s)
Lanier, Benjamin E
Assistant Examiner(s)
ARMOUCHE, HADI S

Application Number

US12/353,562
Publication Number

US 20090210710A1
Time in Patent Office

601 Days
Field of Search

713/171, 370/331, 370/338, 455/436, 380/270, 380/277
US Class Current

713/171
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/064   Hierarchical key distributi...

H04L 63/162   at the data link layer

H04L 9/0844   with user authentication or...

H04L 9/321   involving a third party or ...

H04W 12/04   Key management, e.g. using ...

H04W 12/062   Pre-authentication

H04W 84/12   WLAN [Wireless Local Area N...

H04W 84/22   with access to wired networks

Security authentication and key management within an infrastructure-based wireless multi-hop network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Security authentication and key management within an infrastructure-based wireless multi-hop network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links