Authentication for relay deployment
First Claim
1. An apparatus for communication, wherein the apparatus is configured to be associated with a second apparatus and the apparatus is configured to be authenticated to a server, the apparatus comprising:
- a first communication device configured to receive a cryptographic master key from the server; and
a second communication device configured to send the cryptographic master key to the second apparatus, wherein the second communication device is further configured to communicate with a third apparatus via encrypted messages tunneled and not decrypted by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for proving enterprise mode security for relays are disclosed. For example, enterprise mode security based on IEEE 802.1x is provided for relays or other similar devices to extend the coverage of access point hotspots or other similar access point use cases. According to one aspect, a relay incorporates an authentication client associated with an authentication server. According to another aspect, a four address format is employed for tunneling messages via a relay between a station and an access point. According to another aspect, a cryptographic master key associated with an access point and a station is provided to a relay to enable the relay to be an authenticator for the station.
17 Citations
24 Claims
-
1. An apparatus for communication, wherein the apparatus is configured to be associated with a second apparatus and the apparatus is configured to be authenticated to a server, the apparatus comprising:
-
a first communication device configured to receive a cryptographic master key from the server; and a second communication device configured to send the cryptographic master key to the second apparatus, wherein the second communication device is further configured to communicate with a third apparatus via encrypted messages tunneled and not decrypted by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of communication, wherein a first apparatus is associated with a second apparatus and the first apparatus is authenticated to a server, the method comprising:
-
receiving, by the first apparatus, a cryptographic master key from the server; sending the cryptographic master key to the second apparatus; and communicating with a third apparatus via encrypted messages tunneled and not decrypted by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the first apparatus and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message. - View Dependent Claims (7, 8, 9, 10)
-
-
11. An apparatus for communication, wherein a second apparatus is configured to be associated with the apparatus, and the apparatus is configured to be associated with a third apparatus, the apparatus comprising:
-
a communication device configured to receive a cryptographic master key from the second apparatus, wherein the cryptographic master key is from a server associated with the second apparatus; and a processing system configured to use the cryptographic master key to establish secure communication with the third apparatus over a wireless channel, wherein the communication device is further configured to tunnel encrypted messages between the second apparatus and the third apparatus without decrypting the encrypted messages, wherein the processing system is further configured to obtain a second cryptographic key from the cryptographic master key, a MAC address of the apparatus, a MAC address of the third apparatus, a nonce selected by the apparatus, and a nonce selected by the third apparatus. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method of communication, wherein a first apparatus is associated with a second apparatus, and the second apparatus is associated with a third apparatus, the method comprising:
-
receiving, by the second apparatus, a cryptographic master key from the first apparatus, wherein the cryptographic master key is from a server associated with the first apparatus; using the cryptographic master key to establish secure communication with the third apparatus over a wireless channel; obtaining a second cryptographic key from the cryptographic master key, a MAC address of the second apparatus, a MAC address of the third apparatus, a nonce selected by the second apparatus, and a nonce selected by the third apparatus; and tunneling encrypted messages between the first apparatus and the third apparatus without decrypting the encrypted messages. - View Dependent Claims (19, 20, 21, 22)
-
-
23. An access point for communication, the access point is configured to be associated with a relay, and the access point is configured to be authenticated to a server, the access point comprising:
-
at least one antenna; a first communication device configured to receive, via the at least one antenna, a cryptographic master key from the server; and a second communication device configured to send, via the at least one antenna, the cryptographic master key to the relay, wherein the second communication device is further configured to communicate, via the at least one antenna, with a station via encrypted messages tunneled and not decrypted by the relay, wherein the station is associated with the relay and not associated with the access point, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
-
-
24. A relay for communication, the relay is associated with an access point, and the relay is associated with a station, the relay comprising:
-
at least one antenna; a communication device configured to receive, via the at least one antenna, a cryptographic master key from the access point, wherein the cryptographic master key is from a server associated with the access point; and a processing system configured to use the cryptographic master key to establish secure communication with the station over a wireless channel, wherein the processing system is further configured to obtain a second cryptographic key from the cryptographic master key, a MAC address of the relay, a MAC address of the station, a nonce selected by the relay, and a nonce selected by the station, and wherein the communication device is further configured to tunnel encrypted messages between the access point and the station without decrypting the encrypted messages.
-
Specification