Localized network authentication and security using tamper-resistant keys
First Claim
1. A method for remote provisioning of a cryptographic key database file on an access point computing device on a communications network also including a host computing device having a cryptographic key database stored thereon and one or more client computing devices, the method comprising the steps of:
- selecting the access point computing device;
authenticating the selected access point computing device;
obtaining an access point identifier associated with the selected access point computing device;
obtaining from the cryptographic key database, an access point cryptographic secret key associated with said access point identifier and the cryptographic key database;
constructing the cryptographic key database file, wherein the cryptographic key database file comprises one or more client identifiers associated with the respective one or more client computing devices, and one or more client key cryptographic secret keys associated with cryptographic keys of the respective client computing devices;
encrypting the cryptographic key database file using the access point cryptographic secret key; and
receiving the encrypted cryptographic key database file at the selected access point computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two.
56 Citations
2 Claims
-
1. A method for remote provisioning of a cryptographic key database file on an access point computing device on a communications network also including a host computing device having a cryptographic key database stored thereon and one or more client computing devices, the method comprising the steps of:
-
selecting the access point computing device; authenticating the selected access point computing device; obtaining an access point identifier associated with the selected access point computing device; obtaining from the cryptographic key database, an access point cryptographic secret key associated with said access point identifier and the cryptographic key database; constructing the cryptographic key database file, wherein the cryptographic key database file comprises one or more client identifiers associated with the respective one or more client computing devices, and one or more client key cryptographic secret keys associated with cryptographic keys of the respective client computing devices; encrypting the cryptographic key database file using the access point cryptographic secret key; and receiving the encrypted cryptographic key database file at the selected access point computing device. - View Dependent Claims (2)
-
Specification
-
- Resources
-
Current AssigneeKoolSpan, Inc.
-
Original AssigneeKoolSpan, Inc.
-
InventorsFascenda, Anthony C.
-
Primary Examiner(s)CHEN, SHIN HON
-
Application NumberUS12/942,641Publication NumberTime in Patent Office721 DaysField of SearchNoneUS Class Current713/172CPC Class CodesH04L 2209/80 Wireless network architectu...H04L 63/0428 wherein the data content is...H04L 63/061 for key exchange, e.g. in p...H04L 63/08 for authentication of entit...H04L 9/0897 involving additional device...H04L 9/3234 involving additional secure...H04L 9/3271 using challenge-responseH04W 12/04 Key management, e.g. using ...H04W 12/06 AuthenticationH04W 12/50 Secure pairing of devices
