Dynamic Authentication in Secured Wireless Networks

US 20090092255A1
Filed: 12/19/2008
Published: 04/09/2009
Est. Priority Date: 04/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method for pairing dynamic secrets in a secured wireless network, the method comprising:

generating a random secret for an authenticated user, wherein the secret is unique to the user;

associating the secret with an access profile belonging to the user; and

associating the secret with a wireless interface device belonging to the user and further associated with the access profile, wherein use of the secret to access the secured wireless network is restricted to the associated wireless interface device belonging to the user as identified by the access profile.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.

118 Citations

View as Search Results

20 Claims

1. A method for pairing dynamic secrets in a secured wireless network, the method comprising:
- generating a random secret for an authenticated user, wherein the secret is unique to the user;
  
  associating the secret with an access profile belonging to the user; and
  
  associating the secret with a wireless interface device belonging to the user and further associated with the access profile, wherein use of the secret to access the secured wireless network is restricted to the associated wireless interface device belonging to the user as identified by the access profile.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein associating the secret with the wireless interface device comprises:
    - generating an executable for configuring the wireless interface device to access the secured wireless network;
      
      transferring the executable and the secret to the wireless interface as a part of the access profile; and
      
      executing the executable on the wireless interface device, wherein the executable configures the wireless interface to access the secured wireless network using the access profile and the secret.
  - 3. The method of claim 1, wherein associating the secret with the wireless interface includes deriving one or more security keys from the secret.
  - 4. The method of claim 3, wherein associating the secret with the wireless interface further comprises associating at least one security key with the wireless interface device, wherein the use of the at least one security key to access the secured wireless network is restricted to the wireless interface.
  - 5. The method of claim 3, further comprising saving the one or more keys to a table, wherein the table comprises information concerning each key, whether each key is associated with a wireless interface device, and which wireless interface device is associated with each key.
  - 6. The method of claim 1, wherein associating the secret to the wireless interface comprises associating the secret with the identification of the wireless interface.
  - 7. The method of claim 6, wherein the wireless interface identification includes a MAC address.
  - 8. The method of claim 1, wherein associating the secret to the wireless interface comprises associating the secret with a radio of the wireless interface device.
  - 9. The method of claim 1, further comprising updating the secret.
  - 10. The method of claim 9, wherein updating the secret occurs after a predefined period of time.
  - 11. The method of claim 9, wherein updating the secret occurs upon request by a system administrator.
  - 12. The method of claim 9, wherein updating the secret comprises:
    - generating a new random secret unique to the user;
      
      associating the new secret with the access profile belonging to the user; and
      
      requiring that the wireless interface be reauthenticated by the user before associating the new secret to the wireless interface.
  - 13. The method of claim 12, wherein requiring the wireless interface to be re-authenticated comprises terminating the wireless connection between the wireless interface and the secured wireless network.

14. A system for pairing dynamic secrets in a secured wireless network, the system comprising:
- a secret generation module stored in memory and executable by a processor to generate a random secret unique to an authenticated user;
  
  a binding module stored in memory and executable by the processor to associate the secret with a wireless interface device belonging to the authenticated user, wherein use of the secret to access the secured wireless network is restricted to the associated wireless interface device belonging to the user; and
  
  a secret database configured to store information concerning at least one secret and the associated wireless interface device.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14, further comprising an access profile generation module executable by the processor to generate an access profile for the authenticated user.
  - 16. The system of claim 15, wherein the binding module is further executable by the processor to associate the access profile with the secret.
  - 17. The system of claim 14, further comprising an executable generation module executable by the processor to generate an executable for using the access profile and the secret to configure the wireless interface to access the secured wireless network.
  - 18. The system of claim 14, wherein the secret generation module is further executable by the processor to update the secret by generating a new random secret unique to the user.

19. A computer-readable storage medium having embodied thereon a program, the program being executable by a computer processor to perform a method for pairing dynamic secrets in a secured wireless network, the method comprising:
- generating a random secret for an authenticated user, wherein the secret is unique to the user;
  
  associating the secret with an access profile belonging to the user; and
  
  associating the secret with a wireless interface belonging to the user, wherein use of the secret to access the secured wireless network is restricted to the associated wireless interface belonging to the user.
- View Dependent Claims (20)
- - 20. The computer-readable storage medium of claim 19, wherein the program is further executable by the processor to update the secret, wherein the wireless interface must be reauthenticated by the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ruckus IP Holdings LLC
Original Assignee
Ruckus Wireless, Inc. (CommScope Holding Company, Inc.)
Inventors
Kuo, Ted Tsei, Yang, Bo-Chieh, Lin, Tian-Yuan, Jou, Tyan-Shu, Sheu, Ming

Granted Patent

US 7,669,232 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/279
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04W 12/041   Key generation or derivation

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 8/18   Processing of user or subsc...

Dynamic Authentication in Secured Wireless Networks

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Dynamic Authentication in Secured Wireless Networks

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others