Wireless security system and method
First Claim
1. A method comprising:
- receiving data from a roaming client at a new access point;
transmitting a registration request to an access server from the new access point for the roaming client registered with the access server and previously in communication with an old access point;
receiving a registration reply message from the access server at the new access point, the registration reply message comprising a ticket encrypted with a session key of the old access point and a context transfer key;
transmitting a context request message from the new access point to the old access point, the context request message comprising the ticket and an authenticator;
receiving a context response message from the old access point at the new access point, the context message comprising an updated authenticator and context information for the roaming client, said context information comprising state information and address bindings; and
transmitting to the client, in response to a location discovery request, a ticket encrypted with a session key of a second client and containing a sidestream key used to provide private sidestream transmissions between the clients.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for providing private sidestream transmissions between a first and second client in a wireless network generally includes sending a location discovery request from a first client to an access point and receiving a location discovery response from the access point. The response includes a ticket encrypted with a session key of the second client and containing a sidestream key. The method further includes sending a direct communication request from the first client to the second client. The request includes the ticket and an authenticator encrypted with the sidestream key. A direct communication response including an updated authenticator is received from the second client. A method and apparatus for secure context transfer during client roaming are also disclosed.
-
Citations
17 Claims
-
1. A method comprising:
-
receiving data from a roaming client at a new access point; transmitting a registration request to an access server from the new access point for the roaming client registered with the access server and previously in communication with an old access point; receiving a registration reply message from the access server at the new access point, the registration reply message comprising a ticket encrypted with a session key of the old access point and a context transfer key; transmitting a context request message from the new access point to the old access point, the context request message comprising the ticket and an authenticator; receiving a context response message from the old access point at the new access point, the context message comprising an updated authenticator and context information for the roaming client, said context information comprising state information and address bindings; and transmitting to the client, in response to a location discovery request, a ticket encrypted with a session key of a second client and containing a sidestream key used to provide private sidestream transmissions between the clients. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a processor configured for receiving data from a roaming client at the new access point, transmitting a registration request to an access server from the new access point for the roaming client registered with the access server and previously in communication with an old access point, receiving a registration reply message from the access server at the new access point, the registration reply message containing a ticket encrypted with a session key of the old access point and a context transfer key, transmitting a context request message from the new access point to the old access point, the context request message comprising the ticket and an authenticator, and receiving at the new access point, a context response message from the old access point the context message comprising an updated authenticator and context information comprising state information and address bindings for the roaming client; and memory for storing said context transfer key; wherein the processor is further configured to generate a ticket encrypted with a session key of a second client and containing a sidestream key used to provide private sidestream transmissions between the clients upon receiving a location discovery request from the roaming client. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification