Method and system for pre-authentication
First Claim
1. A method for roaming from a parent access point to a neighboring access point by a wireless station, comprising:
- sending a rekey request, the rekey request comprises an incremented rekey number;
receiving a rekey response, the rekey response comprises the incremented rekey number;
sending a reassociation request to the neighboring access point, the reassociation request comprising the incremented rekey number; and
receiving a reassociation response from the neighboring access point.
1 Assignment
0 Petitions
Accused Products
Abstract
A wireless station prepares to roam by pre-authenticating itself with a neighboring access point. The wireless station sends a rekey request, which can include an incremented rekey number. The wireless station receives a rekey response. The rekey response can include the incremented rekey number. Because the wireless station is pre-authenticated, after it roams it only needs to perform a two-way handshake with a new access point to establish secure communications with the new access point. The two-way handshake starts by the wireless station sending a reassociation request to the neighboring access point, the reassociation request comprising the incremented rekey number established during pre-authentication. The wireless station receives a reassociation response from the neighboring access point. To protect against replay attacks, the neighboring access point can verify the rekey number sent in the reassociation request matches the rekey number sent in the rekey response.
45 Citations
32 Claims
-
1. A method for roaming from a parent access point to a neighboring access point by a wireless station, comprising:
-
sending a rekey request, the rekey request comprises an incremented rekey number;
receiving a rekey response, the rekey response comprises the incremented rekey number;
sending a reassociation request to the neighboring access point, the reassociation request comprising the incremented rekey number; and
receiving a reassociation response from the neighboring access point. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system comprising:
-
an authentication server, the authentication server configured to maintain rekey data for a wireless station;
a parent access point; and
a neighboring access point;
wherein the wireless station is assigned to the parent access point and can communicate with the neighboring access, the wireless station configured to send a rekey request, the rekey request comprising an incremented rekey number;
wherein the rekey request is received by one of the parent access point and the neighboring access point, and the rekey request is forwarded to the authentication server for authentication by comparing he incremented rekey number with the rekey data;
wherein the neighboring access point is responsive to the authentication server to create a rekey response, the rekey response comprises the incremented rekey number, the rekey response being sent to the wireless station via the authentication server and the parent access point;
wherein the wireless station is further configured to send a reassociation request to the neighboring access point, the reassociation request containing the rekey number; and
wherein the neighboring access point is further configured to receive the reassociation request, verify the reassociation request contains the incremented rekey number and to send a reassociation response. - View Dependent Claims (25, 26, 27)
-
-
28. A wireless station, comprising
means for communicating with a parent access point; -
means for detecting a neighboring access point;
means for pre-authenticating with the neighboring access point by sending a rekey message directed to the neighboring access point, the rekey message containing an incremented rekey number;
means for receiving a rekey response that contains the incremented rekey number;
means for sending a reassociation request to the neighboring access point, the reassociation request comprising the incremented rekey number; and
means for receiving a reassociation response from the neighboring access point. - View Dependent Claims (29, 30)
-
-
31. An access point, comprising:
-
a first transceiver for communicating with a wireless station;
a second transceiver for communicating with an authentication server; and
wherein the access point is responsive to a pre-authentication request containing a rekey number to generate a one time ticket which is encrypted and authenticated with a key known only by the neighboring access point, the one time ticket comprising the rekey number and the 802.11 address of the wireless station, and to send the one way ticket via the second transceiver to the authentication server; and
wherein the access point is configured to receiving a reassociation request from the wireless station via the first transceiver and comparing a rekey number from the reassociation request with the rekey number from the pre-authentication request and responsive to sending a reassociation response when the rekey number from the reassociation request matches the rekey number from the pre-authentication request. - View Dependent Claims (32)
-
Specification