Localized network authentication and security using tamper-resistant keys
First Claim
1. A method for remote provisioning of a cryptographic key database file on an access point computing device on a communications network also including a host computing device having a cryptographic key database stored thereon and one or more client computing devices, the method comprising the steps of:
- selecting the access point computing device;
authenticating the selected access point computing device;
obtaining an access point identifier associated with the selected access point computing device;
obtaining from the cryptographic key database, an access point cryptographic secret key associated with said access point identifier and the cryptographic key database;
constructing the cryptographic key database file, wherein the cryptographic key database file comprises one or more client identifiers associated with the respective one or more client computing devices, and one or more client key cryptographic secret keys associated with cryptographic keys of the respective client computing devices;
encrypting the cryptographic key database file using the access point cryptographic secret key; and
receiving the encrypted cryptographic key database file at the selected access point computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two.
56 Citations
2 Claims
-
1. A method for remote provisioning of a cryptographic key database file on an access point computing device on a communications network also including a host computing device having a cryptographic key database stored thereon and one or more client computing devices, the method comprising the steps of:
-
selecting the access point computing device; authenticating the selected access point computing device; obtaining an access point identifier associated with the selected access point computing device; obtaining from the cryptographic key database, an access point cryptographic secret key associated with said access point identifier and the cryptographic key database; constructing the cryptographic key database file, wherein the cryptographic key database file comprises one or more client identifiers associated with the respective one or more client computing devices, and one or more client key cryptographic secret keys associated with cryptographic keys of the respective client computing devices; encrypting the cryptographic key database file using the access point cryptographic secret key; and receiving the encrypted cryptographic key database file at the selected access point computing device. - View Dependent Claims (2)
-
Specification