Authentication for relay deployment
First Claim
1. An apparatus for communication, wherein the apparatus is configured to be associated with a second apparatus, the apparatus comprising:
- a processing system configured to authenticate the apparatus to a server; and
a communication device configured to;
send a message to the server to authorize the second apparatus as an authenticator;
receive an authentication credential from the server as a result of sending the message, wherein the authentication credential is for setting up a session between the server and the second apparatus; and
communicate with a third apparatus via encrypted messages tunneled and not decrypted by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for proving enterprise mode security for relays are disclosed. For example, enterprise mode security based on IEEE 802.1x is provided for relays or other similar devices to extend the coverage of access point hotspots or other similar access point use cases. According to one aspect, a relay incorporates an authentication client associated with an authentication server. According to another aspect, a four address format is employed for tunneling messages via a relay between a station and an access point. According to another aspect, a cryptographic master key associated with an access point and a station is provided to a relay to enable the relay to be an authenticator for the station.
-
Citations
20 Claims
-
1. An apparatus for communication, wherein the apparatus is configured to be associated with a second apparatus, the apparatus comprising:
-
a processing system configured to authenticate the apparatus to a server; and a communication device configured to; send a message to the server to authorize the second apparatus as an authenticator; receive an authentication credential from the server as a result of sending the message, wherein the authentication credential is for setting up a session between the server and the second apparatus; and communicate with a third apparatus via encrypted messages tunneled and not decrypted by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of communication, wherein a first apparatus is associated with a second apparatus, the method comprising:
-
authenticating the first apparatus to a server; sending a message from the first apparatus to the server to authorize the second apparatus as an authenticator; receiving an authentication credential from the server as a result of sending the message, wherein the authentication credential is for setting up a session between the server and the second apparatus; and communicating with a third apparatus via encrypted messages tunneled and not decrypted by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the first apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus for communication, wherein a second apparatus is configured to be authenticated to the apparatus, the apparatus comprising:
-
a communication device configured to; receive a message from the second apparatus, wherein the message identifies a third apparatus associated with the second apparatus; and send an authentication credential to the second apparatus, wherein the authentication credential is for setting up the session between the apparatus and the third apparatus; and a processing system configured to authorize, as a result of receiving the message, the third apparatus as an authenticator, wherein; the communication device is further configured to send a cryptographic key to the third apparatus to enable the third apparatus and a fourth apparatus to establish secure communication over a wireless channel, wherein the secure communication comprises encrypted messages tunneled and not decrypted by the third apparatus, wherein the fourth apparatus is associated with the third apparatus and not associated with the second apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message. - View Dependent Claims (14, 15)
-
-
16. A method of communication, wherein a first apparatus is authenticated to a server, the method comprising:
-
receiving, by the server, a message from the first apparatus, wherein the message identifies a second apparatus associated with the first apparatus; authorizing, as a result of receiving the message, the second apparatus as an authenticator; sending an authentication credential to the first apparatus, wherein the authentication credential is for setting up the session between the server and the second apparatus; and send a cryptographic key to the second apparatus to enable the second apparatus and a third apparatus to establish secure communication over a wireless channel, wherein the secure communication comprises encrypted messages tunneled and not decrypted by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the first apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message. - View Dependent Claims (17, 18)
-
-
19. An access point for communication, wherein the access point is configured to be associated with a relay, the access point comprising:
-
at least one antenna; a processing system configured to authenticate, via the at least one antenna, the access point to a server; and a communication device configured to; send, via the at least one antenna, a message to the server to authorize the relay as an authenticator; receive, via the at least one antenna, an authentication credential from the server as a result of sending the message, wherein the authentication credential is for setting up a session between the server and the relay; and communicate with a station via encrypted messages tunneled and not decrypted by the relay, wherein the station is associated with the relay and not associated with the access point, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
-
-
20. A server for communication, wherein an access point is configured to be authenticated to the server, the server comprising:
-
at least one antenna; a communication device configured to; receive, via the at least one antenna, a message from the access point, wherein the message identifies a relay associated with the access point; send, via the at least one antenna, an authorization credential to the access point, wherein the authentication credential is for setting up a session between the server and the relay; and a processing system configured to authorize, as a result of receiving the message, the relay as an authenticator, wherein; the communication device is further configured to send a cryptographic key to the relay to enable the relay and a station to establish secure communication over a wireless channel, wherein the secure communication comprises encrypted messages tunneled and not decrypted by the relay, wherein the station is associated with the relay and not associated with the access point, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
-
Specification