Dynamic authentication in secured wireless networks

US 8,607,315 B2
Filed: 08/21/2012
Issued: 12/10/2013
Est. Priority Date: 04/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method for enabling access to a secured wireless network, the method comprising:

storing information in memory regarding a plurality of users authorized to access the secured wireless network;

receiving an authentication request from a wireless device; and

executing instructions stored in memory, wherein execution of instructions by a processor;

authenticates a requesting user of the wireless device as one of the users authorized to access the secured wireless network,generates a security key to be associated with the wireless device-used by the requesting user, wherein the security key is derived from a secret unique to the requesting user; and

processes subsequent access requests from the requesting user of the wireless device, wherein the wireless device is granted access to the secured wireless network following a determination that the security key is valid and has not expired.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.

226 Citations

20 Claims

1. A method for enabling access to a secured wireless network, the method comprising:
- storing information in memory regarding a plurality of users authorized to access the secured wireless network;
  
  receiving an authentication request from a wireless device; and
  
  executing instructions stored in memory, wherein execution of instructions by a processor;
  
  authenticates a requesting user of the wireless device as one of the users authorized to access the secured wireless network,generates a security key to be associated with the wireless device-used by the requesting user, wherein the security key is derived from a secret unique to the requesting user; and
  
  processes subsequent access requests from the requesting user of the wireless device, wherein the wireless device is granted access to the secured wireless network following a determination that the security key is valid and has not expired.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 16)
- - 2. The method of claim 1, wherein the unique security key is based on a unique secret associated with the requesting user.
  - 3. The method of claim 2, further comprising generating a plurality of other unique security keys based on the unique secret and storing the plurality of other unique security keys in memory.
  - 4. The method of claim 3, further comprising receiving another authentication request from the requesting user using another wireless device and associating the other wireless device with one of the plurality of other unique security keys.
  - 5. The method of claim 2, wherein the unique secret expires and further comprising re-authentication before associating a new unique secret with the wireless device.
  - 6. The method of claim 5, wherein the new unique secret is generated periodically.
  - 7. The method of claim 5, wherein the new unique secret is generated in response to a request by a network administrator.
  - 8. The method of claim 5, wherein expiration includes terminating a connection to the wireless device.
  - 9. The method of claim 1, further comprising generating an executable for the wireless device, wherein execution of the executable at the wireless device binds the unique security key with the wireless device.
  - 16. The system of claim 5, wherein the secret generation module generates the new unique secret periodically.

10. A system for enabling access to a secured wireless network, the system comprising:
- an authentication database for storing information regarding a plurality of users authorized to access the secured wireless network;
  
  a network interface for receiving an authentication request from a wireless device; and
  
  a processor for executing instructions and modules stored in memory, wherein the processor executes;
  
  an authentication module to authenticate a requesting user of the wireless device as one of the users authorized to access the secured wireless network,a secret generation module to generate a security key to be associated with the wireless device used by the requesting user, wherein the security key is derived from a secret unique to the requesting user; and
  
  authentication server instructions to process subsequent access requests from the requesting user of the wireless device, wherein the wireless device is granted access to the secured wireless network following a determination that the security key is valid and has not expired.
- View Dependent Claims (11, 12, 13, 14, 15, 17, 18, 19)
- - 11. The system of claim 10, further comprising a binding module for associating the wireless device with the unique security key.
  - 12. The system of claim 10, wherein the unique security key is based on a unique secret associated with the requesting user.
  - 13. The system of claim 12, wherein the processor further executes the secret generation module to generate a plurality of other unique security keys based on the unique secret and storing the plurality of other unique security keys in memory.
  - 14. The system of claim 13, wherein the network interface receives another authentication request from the requesting user using another wireless device and further comprising a binding associating the other wireless device with one of the plurality of other unique security keys.
  - 15. The system of claim 12, wherein the unique secret expires and wherein the authentication server requires re-authentication before associating a new unique secret with the wireless device.
  - 17. The system of claim 15, wherein the secret generation module generates the new unique secret in response to a request by a network administrator.
  - 18. The system of claim 15, wherein expiration includes termination of a connection to the wireless device.
  - 19. The system of claim 10, further comprising an executable generation module for generating an executable for the wireless device, wherein execution of the executable at the wireless device binds the unique security key with the wireless device.

20. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for enabling access to a secured wireless network, the method comprising:
- storing information regarding a plurality of users authorized to access the secured wireless network;
  
  receiving an authentication request from a wireless device;
  
  authenticating a requesting user of the wireless device as one of the users authorized to access the secured wireless network;
  
  generating a security key to be associated with the wireless device-used by the requesting user, wherein the security key is derived from a secret unique to the requesting user; and
  
  processing subsequent access requests from the requesting user of the wireless device, wherein the wireless device is granted access to the secured wireless network following a determination that the security key is valid and has not expired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ruckus IP Holdings LLC
Original Assignee
Ruckus Wireless, Inc. (CommScope Holding Company, Inc.)
Inventors
Jou, Tyan-Shu, Sheu, Ming, Yang, Bo-Chieh, Lin, Tian-Yuan, Kuo, Ted Tsei
Primary Examiner(s)
Truong, Thanhnga B

Application Number

US13/590,997
Publication Number

US 20120317625A1
Time in Patent Office

476 Days
Field of Search

726 2- 4, 380/255, 380/270, 380/282, 713/171
US Class Current

726/4
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04W 12/041   Key generation or derivation

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 8/18   Processing of user or subsc...

Dynamic authentication in secured wireless networks

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

226 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Dynamic authentication in secured wireless networks

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

226 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others