AUTHENTICATION FOR RELAY DEPLOYMENT

US 20140281541A1
Filed: 03/12/2014
Published: 09/18/2014
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. An apparatus for communication, wherein the apparatus is configured to be associated with a second apparatus and the apparatus is configured to be authenticated to a server, the apparatus comprising:

a first communication device configured to receive a cryptographic master key from the server; and

a second communication device configured to send the cryptographic master key to the second apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for proving enterprise mode security for relays are disclosed. For example, enterprise mode security based on IEEE 802.1x is provided for relays or other similar devices to extend the coverage of access point hotspots or other similar access point use cases. According to one aspect, a relay incorporates an authentication client associated with an authentication server. According to another aspect, a four address format is employed for tunneling messages via a relay between a station and an access point. According to another aspect, a cryptographic master key associated with an access point and a station is provided to a relay to enable the relay to be an authenticator for the station.

19 Citations

View as Search Results

30 Claims

1. An apparatus for communication, wherein the apparatus is configured to be associated with a second apparatus and the apparatus is configured to be authenticated to a server, the apparatus comprising:
- a first communication device configured to receive a cryptographic master key from the server; and
  
  a second communication device configured to send the cryptographic master key to the second apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the cryptographic master key comprises a pairwise master key.
  - 3. The apparatus of claim 1, wherein the cryptographic master key is sent to the second apparatus via an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
  - 4. The apparatus of claim 1, wherein:
    - the second communication device is further configured to communicate with a third apparatus via messages tunneled by the second apparatus; and
      
      the third apparatus is associated with the second apparatus and not associated with the apparatus.
  - 5. The apparatus of claim 4, wherein each message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
  - 6. The apparatus of claim 1, wherein the server comprises a RADIUS server or a DIAMETER server.
  - 7. The apparatus of claim 1, wherein the second apparatus is a relay.

8. A method of communication, wherein a first apparatus is associated with a second apparatus and the first apparatus is authenticated to a server, the method comprising:
- receiving, by the first apparatus, a cryptographic master key from the server; and
  
  sending the cryptographic master key to the second apparatus.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the cryptographic master key comprises a pairwise master key.
  - 10. The method of claim 8, wherein the cryptographic master key is sent to the second apparatus via an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
  - 11. The method of claim 8, further comprising communicating with a third apparatus via messages tunneled by the second apparatus, wherein the third apparatus is associated with the second apparatus and not associated with the first apparatus.
  - 12. The method of claim 11, wherein each message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
  - 13. The method of claim 8, wherein the server comprises a RADIUS server or a DIAMETER server.
  - 14. The method of claim 8, wherein the second apparatus is a relay.

15. An apparatus for communication, wherein a second apparatus is configured to be associated with the apparatus, and the apparatus is configured to be associated with a third apparatus, the apparatus comprising:
- a communication device configured to receive a cryptographic master key from the second apparatus, wherein the cryptographic master key is from a server associated with the second apparatus; and
  
  a processing system configured to use the cryptographic master key to establish secure communication with the third apparatus over a wireless channel.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The apparatus of claim 15, wherein the cryptographic master key comprises a pairwise master key.
  - 17. The apparatus of claim 15, wherein the cryptographic master key is received via an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
  - 18. The apparatus of claim 15, wherein the processing system is further configured to obtain a second cryptographic key from the cryptographic master key, a MAC address of the apparatus, a MAC address of the third apparatus, a nonce selected by the apparatus, and a nonce selected by the third apparatus.
  - 19. The apparatus of claim 18, wherein the second cryptographic key comprises a pairwise transient key.
  - 20. The apparatus of claim 15, wherein the communication device is further configured to tunnel messages between the second apparatus and the third apparatus.
  - 21. The apparatus of claim 20, wherein each message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
  - 22. The apparatus of claim 15, wherein the communication with the third apparatus employs Extensible Authentication Protocol over Local Area Network (EAPOL).
  - 23. The apparatus of claim 15, wherein the server comprises a RADIUS server or a DIAMETER server.

24. A method of communication, wherein a first apparatus is associated with a second apparatus, and the second apparatus is associated with a third apparatus, the method comprising:
- receiving, by the second apparatus, a cryptographic master key from the first apparatus, wherein the cryptographic master key is from a server associated with the first apparatus; and
  
  using the cryptographic master key to establish secure communication with the third apparatus over a wireless channel.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The method of claim 24, wherein the cryptographic master key comprises a pairwise master key.
  - 26. The method of claim 24, wherein the cryptographic master key is received via an Extensible Authentication Protocol over Local Area Network (EAPOL) message.
  - 27. The method of claim 24, further comprising obtaining a second cryptographic key from the cryptographic master key, a MAC address of the second apparatus, a MAC address of the third apparatus, a nonce selected by the second apparatus, and a nonce selected by the third apparatus.
  - 28. The method of claim 27, wherein the second cryptographic key comprises a pairwise transient key.
  - 29. The method of claim 24, further comprising tunneling messages between the first apparatus and the third apparatus.
  - 30. The method of claim 24, wherein each message comprises an Extensible Authentication Protocol over Local Area Network (EAPOL) message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Cherian, George, Abraham, Santosh Paul, Wentink, Maarten Menzo, Merlin, Simone

Granted Patent

US 9,363,671 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 63/0892   by using authentication-aut...

H04L 63/10   for controlling access to d...

H04L 63/162   at the data link layer

H04L 9/3242   involving keyed hash functi...

H04W 12/041   Key generation or derivation

H04W 12/069   using certificates or pre-s...

H04W 84/047   using dedicated repeater st...

H04W 88/08   Access point devices

AUTHENTICATION FOR RELAY DEPLOYMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION FOR RELAY DEPLOYMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links