×

System and method for securing mesh access points in a wireless mesh network, including rapid roaming

  • US 8,270,382 B2
  • Filed: 07/05/2011
  • Issued: 09/18/2012
  • Est. Priority Date: 03/06/2006
  • Status: Active Grant
First Claim
Patent Images

1. A method in a first mesh access point (AP) comprising:

  • securing a layer-2 link between the first mesh AP and a second mesh AP, the second mesh AP being a mesh point of a mesh network of mesh points, each mesh point in the mesh network having a secure tunnel to a controller, wherein the controller centrally controls the mesh network, including controlling functions other than authentication, authorization and accounting performed by a RADIUS server, the functions including access control, mobility and radio management of mesh points in the mesh network that have access point capability, such that mesh points of the mesh network that have access point capability are lightweight access points under control of the controller, and such that wireless clients associated with a mesh point that has access point capability and that is in the mesh network can securely communicate with the controller;

    undergoing a join exchange with the controller to establish a secure tunnel with the controller and to join the mesh network,wherein the securing the layer-2 link includes;

    carrying out an association exchange with the controller via the second mesh AP;

    undergoing a backend authentication with the controller as authenticator resulting in a pairwise master key available at the first mesh AP and the authenticator, such that a secure tunnel is established between the first mesh AP and the controller; and

    undergoing a 4-way handshake with the first mesh AP as supplicant and the controller as authenticator using the pairwise master key to determine a pairwise transient key to use between the first mesh AP and the second mesh AP,the method further comprising;

    caching a roam key and an identifier therefor, including mesh domain identification information, such that a secure link can be rapidly established between the first mesh AP and a third mesh AP that has a secure tunnel with the controller and that sends mesh beacon frames that include an indication that the third mesh AP supports fast roaming of links between a child mesh AP and the third mesh AP as a parent mesh AP, the rapidly establishing including using a key hierarchy to determine a new pairwise transient key for use between the first mesh AP and the third mesh AP without the first mesh AP having to undergo a backend authentication with the controller.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×