Dynamic authentication in secured wireless networks

US 8,272,036 B2
Filed: 07/28/2010
Issued: 09/18/2012
Est. Priority Date: 04/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method for enabling access to a wireless network, the method comprising:

receiving an authentication request from a wireless device, the authentication request identifying a requesting user and including wireless device information;

determining that a security key is associated with the wireless device;

verifying that the security key is valid by comparing the security key associated with the wireless device to security key information associated with a stored user profile of the requesting user; and

granting the wireless device access to the wireless network following a determination that the security key is valid and has not expired.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.

211 Citations

14 Claims

1. A method for enabling access to a wireless network, the method comprising:
- receiving an authentication request from a wireless device, the authentication request identifying a requesting user and including wireless device information;
  
  determining that a security key is associated with the wireless device;
  
  verifying that the security key is valid by comparing the security key associated with the wireless device to security key information associated with a stored user profile of the requesting user; and
  
  granting the wireless device access to the wireless network following a determination that the security key is valid and has not expired.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein receiving an authentication request includes receiving a request to access a secured wireless network as a guest.
  - 3. The method of claim 1, wherein determining that the security key is associated with the wireless device includes receiving the security key as a part of the authentication request.
  - 4. The method of claim 1, wherein verifying that the security key is valid includes comparing the security key against a database of unique security keys.
  - 5. The method of claim 1, wherein determining that the security key has not expired includes determining that a predetermined period time has not yet passed following issuance of the security key.
  - 6. The method of claim 1, wherein determining that the security key has not expired includes determining that the security key has not previously been revoked.
  - 7. The method of claim 1, further comprising assigning an access profile to the wireless device based on the security key.
  - 8. The method of claim 1, further comprising revoking the security key after a predetermined period of time following issuance of the security key.

9. A method for enabling access to a wireless network, the method comprising:
- receiving an access request from a wireless device, the access request identifying a requesting user and including a security key associated with the wireless device;
  
  verifying that the received security key is valid by comparing the received security key associated with the wireless device to security key information associated with a stored user profile of the requesting user;
  
  determining that the security key has not expired; and
  
  granting the wireless interface access to the wireless network only after determining that the security key is valid and has not expired.

10. A method for enabling access to a wireless network, the method comprising:
- generating a plurality of unique security keys;
  
  associating a first one of the plurality of unique security keys with a stored user profile for a user;
  
  receiving a request from the user using a wireless device to access the wireless network, the request including a security key associated with the wireless device;
  
  determining that the received security key matches the first one of the plurality of unique security keys associated with the stored user profile for the user;
  
  determining that the first one of the plurality of unique security keys has not expired; and
  
  granting the user access to the wireless network in response to the determination that the first one of the plurality of unique security keys has not expired.

11. A method for enabling access to a wireless network, the method comprising:
- generating a plurality of unique security keys for a plurality of users, each user having an account with a stored user profile indicating an access profile type;
  
  associating a first one of the plurality of unique security keys to a first account having a first access profile type associated with a first level of access having a first set of access level privileges within the wireless network;
  
  associating a second one of the plurality of unique security keys to a second account having a second access profile type associated with a second level of access having a second set of access level privileges within the wireless network, wherein the first set of access level privileges is different from the second set of access level privileges;
  
  receiving a request sent by a user using a wireless device, the request including a security key associated with the wireless device;
  
  matching the received security key associated with the wireless device to one of the unique security keys; and
  
  granting access to the wireless network based on the received security key being associated with the first access profile type or the second access profile type, wherein the associated user accessed the wireless network, according to the access privileges associated with the profile type of the received security key.

12. A method for enabling access to a wireless network, the method comprising:
- generating a plurality of unique security keys for a plurality of users;
  
  maintaining the plurality of unique security keys in a database, wherein a stored user profile in the database is associated with one or more of the unique security keys;
  
  receiving a request from one of the plurality of users using a wireless device to access the wireless network, the request including a security key associated with the wireless device;
  
  verifying that the received security key is valid by comparing the received security key associated with the wireless device to security key information associated with a stored user profile of the requesting user;
  
  determining that the security key has not expired; and
  
  granting a wireless device associated with the one of the plurality of users access to the wireless network upon a determination that the security key is valid and has not expired.

13. A method for enabling access to a wireless network, the method comprising:
- generating a plurality of unique secret keys at an authentication server communicatively coupled to a wireless network;
  
  maintaining the plurality of unique secret keys in a database of secrets, wherein a stored user profile in the database is associated with one or more of the unique secret keys, the database communicatively coupled to the authentication server;
  
  receiving a request from a user using a wireless device to access the wireless network, the request including a security key and received at the authentication server;
  
  verifying that the security key is valid by comparing the received security key associated with the wireless device to the one or more secret keys associated with a stored user profile of the requesting user, the verification taking place at the authentication server;
  
  determining that the security key has not expired, the determination taking place at the database of secrets in response to a query by the authentication server as to whether the security key has expired; and
  
  granting the user access to the wireless network following the determination that the security key is both valid and not expired.

14. A method for enabling access to a wireless network, the method comprising:
- generating a plurality of unique secret keys, wherein each secret key has a predetermined expiration;
  
  maintaining the unique secret keys in a database of secrets, wherein a stored user profile in the database is associated with one or more of the unique secret keys;
  
  updating the database of secrets when a secret key has exceeded the predetermined expiration;
  
  revoking a secret key prior to a predetermined expiration and updating the database following the revocation;
  
  receiving a request from a user using a wireless device to access the wireless network, the request including a security key associated with the wireless device;
  
  verifying that the received security key is valid by comparing the received security key associated with the wireless device to security key information associated with a stored user profile of the identified user;
  
  granting the user access to the wireless network following a determination that the security key has not expired or otherwise been revoked in response to a query to the database of secrets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ruckus IP Holdings LLC
Original Assignee
Ruckus Wireless, Inc. (CommScope Holding Company, Inc.)
Inventors
Jou, Tyan-Shu, Sheu, Ming, Yang, Bo-Chieh, Lin, Tian-Yuan, Kuo, Ted Tsei
Primary Examiner(s)
ZIA, SYED

Application Number

US12/845,089
Publication Number

US 20110055898A1
Time in Patent Office

783 Days
Field of Search

None
US Class Current

726/2
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04W 12/041   Key generation or derivation

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 8/18   Processing of user or subsc...

Dynamic authentication in secured wireless networks

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

211 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic authentication in secured wireless networks

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

211 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links