METHOD, APPARATUS, AND SYSTEM FOR CENTRALIZED 802.1X AUTHENTICATION IN WIRELESS LOCAL AREA

US 20130272290A1
Filed: 06/10/2013
Published: 10/17/2013
Est. Priority Date: 12/09/2010
Status: Active Grant

First Claim

Patent Images

1. A method for centralized 802.1X authentication in a wireless local area network, wherein the wireless local area network comprises an authentication entity, an access point, and at least one user equipment (UE), the authentication entity is connected to the at least one UE through the access point, and the method comprises:

receiving, by the access point, an extensive authentication protocol (EAP) authentication start message from the UE, wherein a destination address of the EAP authentication start message is a media access control (MAC) address corresponding to an air interface of the access point, and a source address of the EAP authentication start message is a MAC address of the UE;

modifying, by the access point, the destination address of the EAP authentication start message to be one of the group consisting of (a) a multicast address of a port access entity and (b) a MAC address of the authentication entity; and

forwarding, by the access point, the EAP authentication start message whose destination address is modified, so that the authentication entity starts access authentication for the UE according to the EAP authentication start message whose destination address is modified.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a method, an apparatus, and a system for centralized 802.1X authentication in a wireless local area network, and the method includes: receiving, by the access point, an EAP authentication start message from the UE, where a destination address of the EAP authentication start message is a MAC address corresponding to an air interface of the access point, and its source address is a MAC address of the UE; modifying the destination address of the EAP authentication start message to be a multicast address of a port access entity or a MAC address of the authentication entity; and forwarding the EAP authentication start message whose destination address is modified.

Citations

10 Claims

1. A method for centralized 802.1X authentication in a wireless local area network, wherein the wireless local area network comprises an authentication entity, an access point, and at least one user equipment (UE), the authentication entity is connected to the at least one UE through the access point, and the method comprises:
- receiving, by the access point, an extensive authentication protocol (EAP) authentication start message from the UE, wherein a destination address of the EAP authentication start message is a media access control (MAC) address corresponding to an air interface of the access point, and a source address of the EAP authentication start message is a MAC address of the UE;
  
  modifying, by the access point, the destination address of the EAP authentication start message to be one of the group consisting of (a) a multicast address of a port access entity and (b) a MAC address of the authentication entity; and
  
  forwarding, by the access point, the EAP authentication start message whose destination address is modified, so that the authentication entity starts access authentication for the UE according to the EAP authentication start message whose destination address is modified.
- View Dependent Claims (2, 3, 4)
- - 2. The method according to claim 1, wherein the method further comprises:
    - receiving a first EAP authentication message sent by the authentication entity, wherein a source address of the first EAP authentication message is the MAC address of the authentication entity, and a destination address of the first EAP authentication message is the MAC address of the UE;
      
      modifying the source address of the first EAP authentication message to be the MAC address corresponding to the air interface of the access point; and
      
      forwarding the first EAP authentication message with the modified source address of the first EAP authentication message to the UE.
  - 3. The method according to claim 2, wherein the method further comprises:
    - receiving a second EAP authentication message sent by the UE, wherein the second EAP authentication message is sent by the UE, but different from the EAP authentication start message, a destination address of the second EAP authentication message is the MAC address corresponding to the air interface of the access point, and a source address of the second EAP authentication message is the MAC address of the UE;
      
      modifying the destination address of the second EAP authentication message to be the MAC address of the authentication entity; and
      
      forwarding the second EAP authentication message whose destination address is modified.
  - 4. The method according to claim 1, wherein the method further comprises:
    - receiving a third EAP authentication message sent by the authentication entity, wherein a source address of the third EAP authentication message is the MAC address of the authentication entity, and a destination address of the third EAP authentication message is the MAC address of the UE; and
      
      forwarding the third EAP authentication message to the UE, so that the UE learns the MAC address of the authentication entity from the third EAP authentication message.

5. A method for centralized 802.1X authentication in a wireless local area network, comprising:
- generating, by an access point, an extensive authentication protocol (EAP) authentication start message, wherein a destination address of the EAP authentication start message is one of the group consisting of (a) a multicast address of a port access entity and (b) a media access control (MAC) address of an authentication entity, and a source address of the EAP authentication start message is a MAC address of a user equipment (UE);
  
  sending, by the access point, the EAP authentication start message;
  
  receiving, by the access point, an EAP authentication message sent by the authentication entity, wherein a source address of the EAP authentication message is the MAC address of the authentication entity, and a destination address of the EAP authentication message is the MAC address of the UE; and
  
  modifying, by the access point, the source address of the EAP authentication message to be a MAC address corresponding to an air interface of the access point, and forwarding the EAP authentication message with the modified source address to the UE.

6. An access point device, comprising:
- a first receiving module, configured to receive an extensive authentication protocol (EAP) authentication start message sent by a user equipment (UE), wherein a destination address of the EAP authentication start message is a media access control (MAC) address corresponding to an air interface of an access point, and a source address of the EAP authentication start message is a MAC address of the UE;
  
  a first address-modifying module, configured to modify the destination address of the EAP authentication start message received by the first receiving module to be one of the group consisting of (a) a multicast address of a port access entity and (b) a MAC address of an authentication entity; and
  
  a first forwarding module, configured to forward the EAP authentication start message whose destination address is modified by the first address-modifying module, so that the authentication entity starts access authentication for the UE according to the EAP authentication start message whose destination address is modified.
- View Dependent Claims (7, 8, 9)
- - 7. The access point device according to claim 6, further comprising:
    - a second receiving module, configured to receive a first EAP authentication message sent by the authentication entity, wherein a source address of the first EAP authentication message is the MAC address of the authentication entity, and a destination address of the first EAP authentication message is the MAC address of the UE;
      
      a second address-modifying module, configured to modify the source address of the EAP authentication message received by the second receiving module to be the MAC address corresponding to the air interface of the access point; and
      
      a second forwarding module, configured to forward the EAP authentication message whose source address is modified by the second address-modifying module to the UE.
  - 8. The access point device according to claim 7, whereinthe first receiving module is further configured to receive a second EAP authentication message sent by the UE, wherein the second EAP authentication message is sent by the UE, but different from the EAP authentication start message, a destination address of the second EAP authentication message is the MAC address corresponding to the air interface of the access point, and a source address of the second EAP authentication message is the MAC address of the UE;
    - the first address-modifying module is further configured to modify the destination address of the second EAP authentication message received by the first receiving module to be the MAC address of the authentication entity; and
      
      the first forwarding module is further configured to forward the second EAP authentication message whose destination address is modified by the first address-modifying module.
  - 9. The access point device according to claim 6, further comprising:
    - a third receiving module, configured to receive a third EAP authentication message sent by the authentication entity, wherein a source address of the third EAP authentication message is the MAC address of the authentication entity, and a destination address of the third EAP authentication message is the MAC address of the UE; and
      
      a third forwarding module, configured to forward, to the UE, the third EAP authentication message received by the third receiving module, so that the UE learns the MAC address of the authentication entity from the third EAP authentication message.

10. A system for centralized 802.1X authentication in a wireless local area network, wherein the wireless local area network comprises an authentication entity, an access point, and at least one user equipment (UE), the authentication entity is connected to the at least one UE through the access point, andthe access point is configured to:
- receive an extensive authentication protocol (EAP) authentication start message sent by the UE, wherein a destination address of the EAP authentication start message is a media access control (MAC) address corresponding to an air interface of the access point, and a source address of the EAP authentication start message is a MAC address of the UE;
  
  modify the destination address of the EAP authentication start message to be one of the group consisting of (a) a multicast address of a port access entity and (b) a MAC address of the authentication entity; and
  
  forward the EAP authentication start message whose destination address is modified, so that the authentication entity starts access authentication for the UE according to the EAP authentication start message whose destination address is modified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
LIU, Guoping

Granted Patent

US 9,071,968 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/338
CPC Class Codes

H04L 63/0892   by using authentication-aut...

H04L 63/162   at the data link layer

H04L 63/205   involving negotiation or de...

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

METHOD, APPARATUS, AND SYSTEM FOR CENTRALIZED 802.1X AUTHENTICATION IN WIRELESS LOCAL AREA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, APPARATUS, AND SYSTEM FOR CENTRALIZED 802.1X AUTHENTICATION IN WIRELESS LOCAL AREA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links