Authentication for relay deployment

US 9,392,458 B2
Filed: 03/12/2014
Issued: 07/12/2016
Est. Priority Date: 03/15/2013
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus for communication, wherein the apparatus is configured to be associated with a second apparatus, the apparatus comprising:

a processing system configured to authenticate the apparatus to a server; and

a communication device configured to;

send a message to the server to authorize the second apparatus as an authenticator;

receive an authentication credential from the server as a result of sending the message, wherein the authentication credential is for setting up a session between the server and the second apparatus; and

communicate with a third apparatus via encrypted messages tunneled and not decrypted by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for proving enterprise mode security for relays are disclosed. For example, enterprise mode security based on IEEE 802.1x is provided for relays or other similar devices to extend the coverage of access point hotspots or other similar access point use cases. According to one aspect, a relay incorporates an authentication client associated with an authentication server. According to another aspect, a four address format is employed for tunneling messages via a relay between a station and an access point. According to another aspect, a cryptographic master key associated with an access point and a station is provided to a relay to enable the relay to be an authenticator for the station.

Citations

20 Claims

1. An apparatus for communication, wherein the apparatus is configured to be associated with a second apparatus, the apparatus comprising:
- a processing system configured to authenticate the apparatus to a server; and
  
  a communication device configured to;
  
  send a message to the server to authorize the second apparatus as an authenticator;
  
  receive an authentication credential from the server as a result of sending the message, wherein the authentication credential is for setting up a session between the server and the second apparatus; and
  
  communicate with a third apparatus via encrypted messages tunneled and not decrypted by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1, wherein:
    - the apparatus further comprises a transmitter configured to send the authentication credential to the second apparatus.
  - 3. The apparatus of claim 2, wherein:
    - the server comprises a RADIUS server or a DIAMETER server;
      
      the message comprises a RADIUS message or a DIAMETER message; and
      
      the authentication credential comprises a RADIUS authentication credential or a DIAMETER authentication credential.
  - 4. The apparatus of claim 1, wherein the message comprises a request to admit the second apparatus as a client of the server.
  - 5. The apparatus of claim 1, wherein:
    - the communication device is further configured to receive a cryptographic master key from the server; and
      
      the apparatus further comprises a transmitter configured to send the cryptographic master key to the second apparatus.
  - 6. The apparatus of claim 5, wherein the cryptographic master key comprises a pairwise master key.

7. A method of communication, wherein a first apparatus is associated with a second apparatus, the method comprising:
- authenticating the first apparatus to a server;
  
  sending a message from the first apparatus to the server to authorize the second apparatus as an authenticator;
  
  receiving an authentication credential from the server as a result of sending the message, wherein the authentication credential is for setting up a session between the server and the second apparatus; and
  
  communicating with a third apparatus via encrypted messages tunneled and not decrypted by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the first apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising:
    - sending the authentication credential to the second apparatus.
  - 9. The method of claim 8, wherein:
    - the server comprises a RADIUS server or a DIAMETER server;
      
      the message comprises a RADIUS message or a DIAMETER message; and
      
      the authentication credential comprises a RADIUS authentication credential or a DIAMETER authentication credential.
  - 10. The method of claim 7, wherein the message comprises a request to admit the second apparatus as a client of the server.
  - 11. The method of claim 7, further comprising:
    - receiving, by the first apparatus, a cryptographic master key from the server; and
      
      sending the cryptographic master key from the first apparatus to the second apparatus.
  - 12. The method of claim 11, wherein the cryptographic master key comprises a pairwise master key.

13. An apparatus for communication, wherein a second apparatus is configured to be authenticated to the apparatus, the apparatus comprising:
- a communication device configured to;
  
  receive a message from the second apparatus, wherein the message identifies a third apparatus associated with the second apparatus; and
  
  send an authentication credential to the second apparatus, wherein the authentication credential is for setting up the session between the apparatus and the third apparatus; and
  
  a processing system configured to authorize, as a result of receiving the message, the third apparatus as an authenticator, wherein;
  
  the communication device is further configured to send a cryptographic key to the third apparatus to enable the third apparatus and a fourth apparatus to establish secure communication over a wireless channel, wherein the secure communication comprises encrypted messages tunneled and not decrypted by the third apparatus, wherein the fourth apparatus is associated with the third apparatus and not associated with the second apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
- View Dependent Claims (14, 15)
- - 14. The apparatus of claim 13, wherein the message comprises a request to admit the third apparatus as a client of the apparatus.
  - 15. The apparatus of claim 13, wherein:
    - the processing system is further configured to establish a session with a fourth apparatus associated with the third apparatus; and
      
      the processing system is further configured to obtain the cryptographic key associated with the session.

16. A method of communication, wherein a first apparatus is authenticated to a server, the method comprising:
- receiving, by the server, a message from the first apparatus, wherein the message identifies a second apparatus associated with the first apparatus;
  
  authorizing, as a result of receiving the message, the second apparatus as an authenticator;
  
  sending an authentication credential to the first apparatus, wherein the authentication credential is for setting up the session between the server and the second apparatus; and
  
  send a cryptographic key to the second apparatus to enable the second apparatus and a third apparatus to establish secure communication over a wireless channel, wherein the secure communication comprises encrypted messages tunneled and not decrypted by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the first apparatus, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the message comprises a request to admit the second apparatus as a client of the server.
  - 18. The method of claim 16, further comprising:
    - establishing a session with a third apparatus associated with the second apparatus; and
      
      obtaining a cryptographic key associated with the session.

19. An access point for communication, wherein the access point is configured to be associated with a relay, the access point comprising:
- at least one antenna;
  
  a processing system configured to authenticate, via the at least one antenna, the access point to a server; and
  
  a communication device configured to;
  
  send, via the at least one antenna, a message to the server to authorize the relay as an authenticator;
  
  receive, via the at least one antenna, an authentication credential from the server as a result of sending the message, wherein the authentication credential is for setting up a session between the server and the relay; and
  
  communicate with a station via encrypted messages tunneled and not decrypted by the relay, wherein the station is associated with the relay and not associated with the access point, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.

20. A server for communication, wherein an access point is configured to be authenticated to the server, the server comprising:
- at least one antenna;
  
  a communication device configured to;
  
  receive, via the at least one antenna, a message from the access point, wherein the message identifies a relay associated with the access point;
  
  send, via the at least one antenna, an authorization credential to the access point, wherein the authentication credential is for setting up a session between the server and the relay; and
  
  a processing system configured to authorize, as a result of receiving the message, the relay as an authenticator, wherein;
  
  the communication device is further configured to send a cryptographic key to the relay to enable the relay and a station to establish secure communication over a wireless channel, wherein the secure communication comprises encrypted messages tunneled and not decrypted by the relay, wherein the station is associated with the relay and not associated with the access point, and each encrypted message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Cherian, George, Abraham, Santosh Paul, Wentink, Maarten Menzo, Merlin, Simone
Primary Examiner(s)
Zaidi, Syed

Application Number

US14/207,440
Publication Number

US 20140282909A1
Time in Patent Office

853 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 63/0892   by using authentication-aut...

H04L 63/10   for controlling access to d...

H04L 63/162   at the data link layer

H04L 9/3242   involving keyed hash functi...

H04W 12/041   Key generation or derivation

H04W 12/069   using certificates or pre-s...

H04W 84/047   using dedicated repeater st...

H04W 88/08   Access point devices

Authentication for relay deployment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication for relay deployment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links