Method and arrangement for providing a wireless mesh network
First Claim
1. A method for providing a wireless local area network, having stationary communication devices and mobile communication devices embodied according to the IEEE 802.11 standard and its derivatives and belonging to a mesh subnetwork which is connected to an infrastructure network in such a way that it can exchange authentication messages via a station assigned to the subnetwork with an Authentication, Authorization, Accounting (AAA) server disposed in the infrastructure network using the Extensible Authentication Protocol (EAP) protocol comprising:
- the AAA server;
generating basic encryption information valid for the subnetwork precisely once within a first validity period, the generating being performed after a successful first-time authentication of a first communication device of the subnetwork with specification of first identity information vis-à
-vis a communication device of the subnetwork fulfilling a role of an authenticator defined in accordance with the EAP protocol, andtransmitting the basic encryption information to a station that is uniquely assignable to the subnetwork; and
the station assigned to the subnetwork;
storing the basic encryption information,assigning the basic encryption to the first identity information specified by the first communication device; and
handling subsequent authentication attempts of the first communication device vis-à
-vis a second communication device of the subnetwork with specification of second identity information in the manner of a proxy server while omitting the AAA server on the basis of the basic encryption information determined from the specified identity information using the EAP protocol; and
a station of the second communication device;
providing a key determined for the second communication device using the stored basic encryption information for the purpose of cryptographically secure communication with the first communication device.
6 Assignments
0 Petitions
Accused Products
Abstract
Provided are a method and an arrangement for creating a wireless mesh network in which a new node is provided that is connected between mesh nodes and an AAA server located in an infrastructure network. Based on basic encoding data that is available to the new node following successful initial authentication of a first mesh node, the new node performs the authentication similar to a proxy server instead of an AAA server, particularly for a limited time, during subsequent authentication attempts.
-
Citations
25 Claims
-
1. A method for providing a wireless local area network, having stationary communication devices and mobile communication devices embodied according to the IEEE 802.11 standard and its derivatives and belonging to a mesh subnetwork which is connected to an infrastructure network in such a way that it can exchange authentication messages via a station assigned to the subnetwork with an Authentication, Authorization, Accounting (AAA) server disposed in the infrastructure network using the Extensible Authentication Protocol (EAP) protocol comprising:
-
the AAA server; generating basic encryption information valid for the subnetwork precisely once within a first validity period, the generating being performed after a successful first-time authentication of a first communication device of the subnetwork with specification of first identity information vis-à
-vis a communication device of the subnetwork fulfilling a role of an authenticator defined in accordance with the EAP protocol, andtransmitting the basic encryption information to a station that is uniquely assignable to the subnetwork; and the station assigned to the subnetwork; storing the basic encryption information, assigning the basic encryption to the first identity information specified by the first communication device; and handling subsequent authentication attempts of the first communication device vis-à
-vis a second communication device of the subnetwork with specification of second identity information in the manner of a proxy server while omitting the AAA server on the basis of the basic encryption information determined from the specified identity information using the EAP protocol; anda station of the second communication device; providing a key determined for the second communication device using the stored basic encryption information for the purpose of cryptographically secure communication with the first communication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification