Wireless security system and method
First Claim
Patent Images
1. A method comprising:
- receiving data from a roaming client at a new access point;
transmitting a registration request to an access server from the new access point for the roaming client registered with the access server and previously in communication with an old access point;
receiving a registration reply message from the access server at the new access point, the registration reply message comprising a ticket encrypted with a session key of the old access point and a context transfer key;
transmitting a context request message from the new access point to the old access point, the context request message comprising the ticket and an authenticator;
receiving a context response message from the old access point at the new access point, the context message comprising an updated authenticator and context information for the roaming client, said context information comprising state information and address bindings; and
transmitting to the client, in response to a location discovery request, a ticket encrypted with a session key of a second client and containing a sidestream key used to provide private sidestream transmissions between the clients.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for providing private sidestream transmissions between a first and second client in a wireless network generally includes sending a location discovery request from a first client to an access point and receiving a location discovery response from the access point. The response includes a ticket encrypted with a session key of the second client and containing a sidestream key. The method further includes sending a direct communication request from the first client to the second client. The request includes the ticket and an authenticator encrypted with the sidestream key. A direct communication response including an updated authenticator is received from the second client. A method and apparatus for secure context transfer during client roaming are also disclosed.
-
Citations
17 Claims
-
1. A method comprising:
-
receiving data from a roaming client at a new access point; transmitting a registration request to an access server from the new access point for the roaming client registered with the access server and previously in communication with an old access point; receiving a registration reply message from the access server at the new access point, the registration reply message comprising a ticket encrypted with a session key of the old access point and a context transfer key; transmitting a context request message from the new access point to the old access point, the context request message comprising the ticket and an authenticator; receiving a context response message from the old access point at the new access point, the context message comprising an updated authenticator and context information for the roaming client, said context information comprising state information and address bindings; and transmitting to the client, in response to a location discovery request, a ticket encrypted with a session key of a second client and containing a sidestream key used to provide private sidestream transmissions between the clients. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a processor configured for receiving data from a roaming client at the new access point, transmitting a registration request to an access server from the new access point for the roaming client registered with the access server and previously in communication with an old access point, receiving a registration reply message from the access server at the new access point, the registration reply message containing a ticket encrypted with a session key of the old access point and a context transfer key, transmitting a context request message from the new access point to the old access point, the context request message comprising the ticket and an authenticator, and receiving at the new access point, a context response message from the old access point the context message comprising an updated authenticator and context information comprising state information and address bindings for the roaming client; and memory for storing said context transfer key; wherein the processor is further configured to generate a ticket encrypted with a session key of a second client and containing a sidestream key used to provide private sidestream transmissions between the clients upon receiving a location discovery request from the roaming client. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
InventorsMeier, Robert, Griswold, Victor
-
Primary Examiner(s)Moazzami; Nasser
-
Assistant Examiner(s)Abedin; Shanto M
-
Application NumberUS12/079,994Time in Patent Office1,044 DaysField of Search380/270, 455/411, 455/410, 455/432.1, 709/223, 709/229, 713/155, 713/168, 713/169, 713/170, 726/1, 726/2, 726/4, 726/5, 726/6, 726/3US Class Current380/270CPC Class CodesH04L 2209/80 WirelessH04L 63/0869 for achieving mutual authen...H04L 9/08 Key distribution or managem...H04L 9/0836 using tree structure or hie...H04L 9/0838 Key agreement, i.e. key est...H04L 9/32 including means for verifyi...H04L 9/3213 using tickets or tokens, e....H04L 9/3273 for mutual authentication n...H04W 12/065 Continuous authenticationH04W 12/069 using certificates or pre-s...H04W 36/0038 of security context informa...H04W 8/20 Transfer of user or subscri...H04W 92/20 between access points
