Method and arrangement for providing a wireless mesh network
First Claim
Patent Images
1. A method for providing a wireless network comprising:
- a first communication device communicating with an authentication server in accordance with Extensible Authentication Protocol (“
EAP”
) in a first authentication communication, the first communication device communicating with the authentication server in the first authentication communication as an authenticator defined according to EAP protocol;
the authentication server generating first encryption information, first policy information and second policy information in response to the first authentication communication and transmitting the first encryption information, first policy information and second policy information to the first communication device;
the first communication device sending the second policy information to a second communication device, at least the second policy information being protected by a cryptographic checksum;
the first communication device communicating with the second communication device in accordance with EAP in a second authentication communication, the second authentication communication being based on the second policy information, the first communication device communicating with the second communication device in the second authentication communication as a supplicant defined according to EAP and the second communication device communicating with the first communication device during the second authentication communication as an authenticator defined according to EAP and the second communication device not communicating with the authentication sever during the second authentication communication such that the second communication device does not have a link with the authentication server during the second authentication communication, the second authentication communication being processed based on at least a portion of the first encryption information; and
the first and second communication devices exchanging communication information via a protected communication after the first and second authentication communications are completed; and
wherein the first encryption information is transmitted to the first communication device via a first EAP success message that comprises the first encryption information and wherein the second communication device receives a second EAP success message that comprises second encryption information.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and an arrangement are provided wherein a newly added mesh node does not require a link to the AAA server for the purpose of authentication. Authentication is carried out using a node which is already present in the mesh network and which has a link to the AAA server.
-
Citations
19 Claims
-
1. A method for providing a wireless network comprising:
-
a first communication device communicating with an authentication server in accordance with Extensible Authentication Protocol (“
EAP”
) in a first authentication communication, the first communication device communicating with the authentication server in the first authentication communication as an authenticator defined according to EAP protocol;the authentication server generating first encryption information, first policy information and second policy information in response to the first authentication communication and transmitting the first encryption information, first policy information and second policy information to the first communication device; the first communication device sending the second policy information to a second communication device, at least the second policy information being protected by a cryptographic checksum; the first communication device communicating with the second communication device in accordance with EAP in a second authentication communication, the second authentication communication being based on the second policy information, the first communication device communicating with the second communication device in the second authentication communication as a supplicant defined according to EAP and the second communication device communicating with the first communication device during the second authentication communication as an authenticator defined according to EAP and the second communication device not communicating with the authentication sever during the second authentication communication such that the second communication device does not have a link with the authentication server during the second authentication communication, the second authentication communication being processed based on at least a portion of the first encryption information; and the first and second communication devices exchanging communication information via a protected communication after the first and second authentication communications are completed; and wherein the first encryption information is transmitted to the first communication device via a first EAP success message that comprises the first encryption information and wherein the second communication device receives a second EAP success message that comprises second encryption information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification