Discovery and authentication scheme for wireless mesh networks

US 7,814,322 B2
Filed: 05/02/2006
Issued: 10/12/2010
Est. Priority Date: 05/03/2005
Status: Active Grant

First Claim

Patent Images

1. A mesh node, comprising:

a processor that operates as a Station service for scanning different channels configured for a network, authenticating and associating with Access Point (AP) nodes and mesh nodes;

the processor also operating as an AP service for scanning, authenticating, and associating with Station nodes and mesh nodes on the same radio interface as when the processor operates as a Station service;

the processor also dynamically configuring mutually reversible authenticator and supplicant authentication services with peer nodes according to the type of discovered peer nodes and peer addresses independently of any pre-existing centralized mesh authentication infrastructure; and

generating Pairwise Master Key Identifiers (PMKIDs) for individual peer-to-peer connections with the peers according to local and peer addresses, wherein computing the PMKIDs is according to the following;

PMKID=HASH(PMK, “

PMK Name”

∥

MAX(AA|SPA)∥

MIN(AA|SPA)),where PMK is the Pairwise Master Key, AA is the Authenticator MAC Address, SPA is the Supplicant MAC Address, PMK Name is a character string for the PMK, and HASH is a hashing operation.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Wireless network devices discover individual mesh nodes and networks of mesh nodes. An association is formed on the basis of peer-to-peer interactions at layer-1, layer-2 and/or higher layers of the Open System Interconnect (OSI) model. In particular, the system uses Beacon, Probe Request, Probe Response, Association Request, Association Response, and Disassociation frames and introduces a new Extensible Mesh Information Element (EMIE) used by mesh nodes to discover, authenticate, and associate with other peer nodes.

Citations

17 Claims

1. A mesh node, comprising:
- a processor that operates as a Station service for scanning different channels configured for a network, authenticating and associating with Access Point (AP) nodes and mesh nodes;
  
  the processor also operating as an AP service for scanning, authenticating, and associating with Station nodes and mesh nodes on the same radio interface as when the processor operates as a Station service;
  
  the processor also dynamically configuring mutually reversible authenticator and supplicant authentication services with peer nodes according to the type of discovered peer nodes and peer addresses independently of any pre-existing centralized mesh authentication infrastructure; and
  
  generating Pairwise Master Key Identifiers (PMKIDs) for individual peer-to-peer connections with the peers according to local and peer addresses, wherein computing the PMKIDs is according to the following;
  
  PMKID=HASH(PMK, “
  
  PMK Name”
  
  ∥
  
  MAX(AA|SPA)∥
  
  MIN(AA|SPA)),where PMK is the Pairwise Master Key, AA is the Authenticator MAC Address, SPA is the Supplicant MAC Address, PMK Name is a character string for the PMK, and HASH is a hashing operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The mesh node according to claim 1 wherein the processor is configured when operating the Station service or AP service or to check for either a Service Set Identifier (SSID) or an Extensible Mesh Information Element (EMIE) in received discovery messages and operate in a conventional 802.11 mode when the discovery messages include the SSID and operate in a mesh mode when the discovery messages include the EMIE.
  - 3. The mesh node according to claim 1 wherein the processor is configured when operating the Station service or the AP service to send both 802.11 probe request frames and mesh probe request frames.
  - 4. The mesh node according to claim 1 wherein the processor is configured to use a random token negotiated with a peer to determine whether to operate as the AP service or the STA service.
  - 5. The mesh node according to claim 1 wherein the processor is configured to associate with other peer nodes according to different factors associated with layer-1, layer-2 and layer-3 of the Open System Interconnect (OSI) model.
  - 6. The mesh node according to claim 5 wherein the processor conducts different layer-1 channel scans for discovering other peer nodes according to current associations with other nodes.
  - 7. The mesh node according to claim 5 wherein the processor associates with the peer nodes according to different layer-2 connectivity information and/or layer-3 forwarding information received in Extensible Mesh Information Elements (EMIEs) from the peer nodes.
  - 8. The mesh node according to claim 6 wherein the processor also associates with the peer nodes according to preconfigured policy values associated with the peer nodes.
  - 9. The mesh node according to claim 1 including the processor conducting authentication with the peer nodes using a single authentication operation between the dynamically configured supplicant and the dynamically configured authenticator.

10. A method for authenticating devices in a wireless network, comprising:
- dynamically configuring mutually reversible authenticator and supplicant services with peers, wherein the authenticator and supplicant are identified according to the type of peers and peer addresses discovered in the wireless network independently of any pre-existing centralized mesh authentication infrastructure; and
  
  generating Pairwise Master Key Identifiers (PMKIDs) for individual peer-to-peer connections with the peers according to local and peer addresses, wherein computing the PMKIDs is according to the following;
  
  PMKID=HASH(PMK, “
  
  PMK Name”
  
  ∥
  
  MAX(AA|SPA)∥
  
  MIN(AA|SPA)),where PMK is the Pairwise Master Key, AA is the Authenticator MAC Address, SPA is the Supplicant MAC Address, PMK Name is a character string for the PMK, and HASH is a hashing operation.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method according to claim 10 including conducting authentication with the peers using a single authentication operation between the dynamically configured authenticator and the dynamically configured supplicant.
  - 12. The method according to claim 10 including:
    - discovering different Access Point (AP) peers, Station peers, or mesh peers in the wireless network;
      
      dynamically operating a Station service as an authenticator for authenticating with discovered AP peers;
      
      dynamically operating an AP service as a supplicant for authenticating with discovered Station peers.
  - 13. The method according to claim 12 including:
    - negotiating with discovered mesh peers for operating as the authenticator or the supplicant; and
      
      dynamically configuring the Station service or the AP service for authenticating with the discovered mesh peer according to the negotiation.
  - 14. The method according to claim 13 including negotiating with the mesh peers to operate as the authenticator or the supplicant according to which has the highest Media Access Control (MAC) address.
  - 15. The method according to claim 10 including operating in a mesh mode after completing the authentication using the AP or Station service to authenticate peers.
  - 16. The method according to claim 10 including generating the PMKID value according to which local or peer has a higher MAC address.
  - 17. The method according to claim 10 including pre-configuring individual nodes for generating Pairwise Master Keys (PMKs) and then using the PMKs in the individual nodes to generate a single Pairwise Master Key Identifier (PMKID) for individual peer-to-peer connections and then using the PMKIDs to encrypt data exchanges between the individual peer-to-peer connections.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SRI International, Inc.
Original Assignee
SRI International, Inc.
Inventors
Gurevich, David, Gonzalez, Jose, Burke, Scott
Primary Examiner(s)
Harper, Vincent P
Assistant Examiner(s)
Sabouri, Mazda

Application Number

US11/381,326
Publication Number

US 20070189249A1
Time in Patent Office

1,624 Days
Field of Search

None
US Class Current

713/171
CPC Class Codes

H04L 45/20   Hop count for routing purpo...

H04L 45/26   Route discovery packet

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/162   at the data link layer

H04W 12/041   Key generation or derivation

H04W 12/043   using a trusted network nod...

H04W 12/062   Pre-authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 40/246   Connectivity information di...

H04W 8/005   Discovery of network device...

H04W 84/18   Self-organising networks, e...

H04W 88/06   adapted for operation in mu...

Discovery and authentication scheme for wireless mesh networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Discovery and authentication scheme for wireless mesh networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links