Method and apparatus for authenticating nodes in a wireless network
First Claim
1. A method for authenticating a wireless node requesting to join a wireless network, the method comprising:
- receiving, at an authentication server node, an authentication request from the wireless node;
negotiating at least one authentication parameter with the wireless node;
receiving, from the wireless node, a first encryption key derived using the at least one authentication parameter;
deriving a second encryption key using the first encryption key and the at least one authentication parameter, wherein the second encryption key is independently derived at the wireless node;
encrypting a third encryption key using the second encryption key to form an encrypted third encryption key; and
propagating the encrypted third encryption key toward the wireless node.
13 Assignments
0 Petitions
Accused Products
Abstract
The invention includes a method and apparatus for authenticating a wireless node requesting to join a network. A method includes receiving an authentication request from the wireless node, negotiating at least one authentication parameter with the wireless node, deriving a first encryption key using the at least one authentication parameter, encrypting a second encryption key using the first encryption key, and propagating the encrypted second encryption key toward the wireless node, wherein the wireless node independently derives the first encryption key for use in decrypting the encrypted second encryption key received from the authentication server node. The wireless node decrypts the encrypted second encryption key and stores the second encryption key for use to securely communicate with other wireless nodes of the network. In one embodiment, the present invention may be implemented using a modified version of the EAP-TLS protocol, in which rather than a Pairwise Master Key (PMK) being sent from the authentication server node to the wireless node, the authentication server node and the wireless node each derive the PMK and the authentication server node securely provides a group encryption key to the wireless node by encrypting the group encryption key using the PMK.
32 Citations
17 Claims
-
1. A method for authenticating a wireless node requesting to join a wireless network, the method comprising:
-
receiving, at an authentication server node, an authentication request from the wireless node; negotiating at least one authentication parameter with the wireless node; receiving, from the wireless node, a first encryption key derived using the at least one authentication parameter; deriving a second encryption key using the first encryption key and the at least one authentication parameter, wherein the second encryption key is independently derived at the wireless node; encrypting a third encryption key using the second encryption key to form an encrypted third encryption key; and propagating the encrypted third encryption key toward the wireless node. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for authenticating a wireless node requesting to join a wireless network, comprising:
a processor and a memory communicatively connected to the processor, the processor configured to; receive, at an authentication server node, an authentication request from the wireless node; negotiate at least one authentication parameter with the wireless node; receive, from the wireless node, a first encryption key derived using the at least one authentication parameter; derive a second encryption key using the first encryption key and the at least one authentication parameter, wherein the second encryption key is independently derived at the wireless node; encrypt a third encryption key using the second encryption key to form an encrypted third encryption key; and propagate the encrypted third encryption key toward the wireless node.
-
9. A method for authenticating a wireless node requesting to join a wireless network, comprising:
-
negotiating at least one authentication parameter with an authentication server node; providing, from the wireless node toward the authentication server node, a first encryption key derived using the at least one authentication parameter; deriving, at the wireless node, a second encryption key using the first encryption key and the at least one authentication parameter, wherein the second encryption key is independently derived at the authentication server node; and receiving, at the wireless node from the authentication server node, a message including an encrypted third encryption key, wherein the encrypted third encryption key is an encrypted version of a third encryption key, wherein the third encryption key is encrypted using the second encryption key to form the encrypted third encryption key, wherein the third encryption key is adapted for use by the wireless node in communicating with at least one other node of the wireless network. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for authenticating a wireless node requesting to join a wireless network, comprising:
-
a processor and a memory communicatively connected to the processor, the processor configured to; negotiate at least one authentication parameter with an authentication server node; provide, from the wireless node toward the authentication server node, a first encryption key derived using the at least one authentication parameter; derive, at the wireless node, a second encryption key using the first encryption key and the at least one authentication parameter, wherein the second encryption key is independently derived at the authentication server node; and receive, at the wireless node from the authentication server node, a message including an encrypted third encryption key, wherein the encrypted third encryption key is an encrypted version of a third encryption key, wherein the third encryption key is encrypted using the second encryption key to form the encrypted third encryption key, wherein the third encryption key is adapted for use by the wireless node in communicating with at least one other node of the wireless network.
-
Specification