Method and apparatus for authenticating nodes in a wireless network

US 9,198,033 B2
Filed: 09/27/2007
Issued: 11/24/2015
Est. Priority Date: 09/27/2007
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a wireless node requesting to join a wireless network, the method comprising:

receiving, at an authentication server node, an authentication request from the wireless node;

negotiating at least one authentication parameter with the wireless node;

receiving, from the wireless node, a first encryption key derived using the at least one authentication parameter;

deriving a second encryption key using the first encryption key and the at least one authentication parameter, wherein the second encryption key is independently derived at the wireless node;

encrypting a third encryption key using the second encryption key to form an encrypted third encryption key; and

propagating the encrypted third encryption key toward the wireless node.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention includes a method and apparatus for authenticating a wireless node requesting to join a network. A method includes receiving an authentication request from the wireless node, negotiating at least one authentication parameter with the wireless node, deriving a first encryption key using the at least one authentication parameter, encrypting a second encryption key using the first encryption key, and propagating the encrypted second encryption key toward the wireless node, wherein the wireless node independently derives the first encryption key for use in decrypting the encrypted second encryption key received from the authentication server node. The wireless node decrypts the encrypted second encryption key and stores the second encryption key for use to securely communicate with other wireless nodes of the network. In one embodiment, the present invention may be implemented using a modified version of the EAP-TLS protocol, in which rather than a Pairwise Master Key (PMK) being sent from the authentication server node to the wireless node, the authentication server node and the wireless node each derive the PMK and the authentication server node securely provides a group encryption key to the wireless node by encrypting the group encryption key using the PMK.

32 Citations

View as Search Results

17 Claims

1. A method for authenticating a wireless node requesting to join a wireless network, the method comprising:
- receiving, at an authentication server node, an authentication request from the wireless node;
  
  negotiating at least one authentication parameter with the wireless node;
  
  receiving, from the wireless node, a first encryption key derived using the at least one authentication parameter;
  
  deriving a second encryption key using the first encryption key and the at least one authentication parameter, wherein the second encryption key is independently derived at the wireless node;
  
  encrypting a third encryption key using the second encryption key to form an encrypted third encryption key; and
  
  propagating the encrypted third encryption key toward the wireless node.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the second encryption key comprises an Extensible Authentication Protocol (EAP) Pairwise Master Key (PMK).
  - 3. The method of claim 1, wherein the third encryption key comprises one of a unicast encryption key, a multicast encryption key, and a broadcast encryption key.
  - 4. The method of claim 1, wherein negotiating the at least one authentication parameter with the wireless node is performed using an Extensible Authentication Protocol (EAP) method.
  - 5. The method of claim 1, further comprising:
    - after receiving the authentication request and prior to negotiating the at least one authentication parameter, establishing a secure tunnel between the wireless node and the authentication server node; and
      
      negotiating the at least one authentication parameter with the wireless node using the secure tunnel.
  - 6. The method of claim 5, wherein the secure tunnel is established using one of Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS) or Protected Extensible Authentication Protocol (PEAP).
  - 7. The method of claim 1, wherein the wireless node comprises an access node portion and a supplicant node portion, wherein the supplicant node portion is adapted to derive the second encryption key for use in decrypting the encrypted third encryption key.

8. An apparatus for authenticating a wireless node requesting to join a wireless network, comprising:
- a processor and a memory communicatively connected to the processor, the processor configured to;
  
  receive, at an authentication server node, an authentication request from the wireless node;
  
  negotiate at least one authentication parameter with the wireless node;
  
  receive, from the wireless node, a first encryption key derived using the at least one authentication parameter;
  
  derive a second encryption key using the first encryption key and the at least one authentication parameter, wherein the second encryption key is independently derived at the wireless node;
  
  encrypt a third encryption key using the second encryption key to form an encrypted third encryption key; and
  
  propagate the encrypted third encryption key toward the wireless node.

9. A method for authenticating a wireless node requesting to join a wireless network, comprising:
- negotiating at least one authentication parameter with an authentication server node;
  
  providing, from the wireless node toward the authentication server node, a first encryption key derived using the at least one authentication parameter;
  
  deriving, at the wireless node, a second encryption key using the first encryption key and the at least one authentication parameter, wherein the second encryption key is independently derived at the authentication server node; and
  
  receiving, at the wireless node from the authentication server node, a message including an encrypted third encryption key, wherein the encrypted third encryption key is an encrypted version of a third encryption key, wherein the third encryption key is encrypted using the second encryption key to form the encrypted third encryption key, wherein the third encryption key is adapted for use by the wireless node in communicating with at least one other node of the wireless network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising:
    - receiving a packet from a wireless user device;
      
      retrieving the third encryption key from the memory;
      
      encrypting the packet using the third encryption key to form an encrypted packet; and
      
      transmitting the encrypted packet toward another node.
  - 11. The method of claim 9, further comprising:
    - receiving an encrypted packet from another node;
      
      retrieving the third encryption key from the memory;
      
      decrypting the encrypted packet using the third encryption key to recover a packet; and
      
      transmitting the packet toward a wireless user device for which the packet is intended.
  - 12. The method of claim 9, wherein the second encryption key comprises an Extensible Authentication Protocol (EAP) Pairwise Master Key (PMK).
  - 13. The method of claim 9, wherein the third encryption key comprises one of a unicast encryption key, a multicast encryption key, and a broadcast encryption key.
  - 14. The method of claim 9, wherein negotiating the at least one authentication parameter with the authentication node is performed using an Extensible Authentication Protocol (EAP) method.
  - 15. The method of claim 9, further comprising:
    - prior to negotiating the at least one authentication parameter with the authentication server node, establishing a secure tunnel between the wireless node and the authentication server node; and
      
      negotiating the at least one authentication parameter with the authentication server node using the secure tunnel.
  - 16. The method of claim 15, wherein the secure tunnel is established using one of Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS) or Protected Extensible Authentication Protocol (PEAP).

17. An apparatus for authenticating a wireless node requesting to join a wireless network, comprising:
- a processor and a memory communicatively connected to the processor, the processor configured to;
  
  negotiate at least one authentication parameter with an authentication server node;
  
  provide, from the wireless node toward the authentication server node, a first encryption key derived using the at least one authentication parameter;
  
  derive, at the wireless node, a second encryption key using the first encryption key and the at least one authentication parameter, wherein the second encryption key is independently derived at the authentication server node; and
  
  receive, at the wireless node from the authentication server node, a message including an encrypted third encryption key, wherein the encrypted third encryption key is an encrypted version of a third encryption key, wherein the third encryption key is encrypted using the second encryption key to form the encrypted third encryption key, wherein the third encryption key is adapted for use by the wireless node in communicating with at least one other node of the wireless network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Payette, Charles, Buddhikot, Milind Madhav
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US11/862,561
Publication Number

US 20090086973A1
Time in Patent Office

2,980 Days
Field of Search

713/171, 380/270, 380/278
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/062   applying encryption of the ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 9/0822   using key encryption key

H04L 9/0833   involving conference or gro...

H04L 9/321   involving a third party or ...

H04L 9/3271   using challenge-response

H04W 12/041   Key generation or derivation

H04W 12/0433   Key management protocols

H04W 12/069   using certificates or pre-s...

Method and apparatus for authenticating nodes in a wireless network

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for authenticating nodes in a wireless network

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others