Wireless security system and method
First Claim
1. A method for reauthentication during client roaming in a wireless network system, the network having at least one access server operable to communicate with an a remote authentication server during an initial authentication of the client, and a plurality of access points, the access points being registered with the access server, the method comprising:
- receiving a registration request at the access server from a new access point for a roaming client registered with the access server and previously in communication with an old access point, the request including a ticket or authenticator;
authenticating the registration request with an authentication extension generated with a secret session key shared by the new access point and the access server, wherein authenticating the registration request comprises comparing timer values from the client and the new access point; and
sending a client'"'"'s session key from the access server to the new access point in a registration reply upon authentication of the registration request at the access server;
wherein the client'"'"'s session key is configured for use by the new access point to reauthenticate the client and establish encryption keys for the client without contacting the authentication server; and
wherein said at least one access server comprises a central access server at a top level of a hierarchy, and a local access server at a second level of said hierarchy and registered with the central access server, the access points located at a third level of said hierarchy.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for reauthentication during client roaming in a wireless network system. The network has at least one access server and a plurality of access points registered with the access server. The method includes receiving a registration request at the access server from a new access point for a roaming client registered with the access server and sending a client'"'"'s session key to the new access point in a registration reply upon authentication of the registration request. The client'"'"'s session key is configured for use by the new access point to authenticate the client and establish keys for the client. A method for secure context transfer during client roaming is also disclosed.
105 Citations
27 Claims
-
1. A method for reauthentication during client roaming in a wireless network system, the network having at least one access server operable to communicate with an a remote authentication server during an initial authentication of the client, and a plurality of access points, the access points being registered with the access server, the method comprising:
-
receiving a registration request at the access server from a new access point for a roaming client registered with the access server and previously in communication with an old access point, the request including a ticket or authenticator; authenticating the registration request with an authentication extension generated with a secret session key shared by the new access point and the access server, wherein authenticating the registration request comprises comparing timer values from the client and the new access point; and sending a client'"'"'s session key from the access server to the new access point in a registration reply upon authentication of the registration request at the access server; wherein the client'"'"'s session key is configured for use by the new access point to reauthenticate the client and establish encryption keys for the client without contacting the authentication server; and wherein said at least one access server comprises a central access server at a top level of a hierarchy, and a local access server at a second level of said hierarchy and registered with the central access server, the access points located at a third level of said hierarchy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A wireless security protocol system for reauthentication during client roaming, comprising:
-
a central access server at a top level of a hierarchy of the protocol system; and a plurality of local access servers at a second level of said hierarchy and associated with the central access server, each local access server having at least one access point associated therewith, the access points at a third level of said hierarchy and each being registered with the associated-local-access servers and central access server; wherein the local access server comprises a processor configured to mutually authenticate and establish a secret session key with the central access server and the access points through an a remote authentication server, and operate as a key distribution center for clients roaming between different access points so that no authentication is required between the client and the authentication server during roaming between an old access point and a new access point, the processor further configured to receive a registration request from the new access point for a roaming client, authenticate the registration request with an authentication extension generated with a secret session key shared by the new access point and the local access server, compare timer values from the client and the new access point during authentication, and send a client'"'"'s session key to the new access point in a registration reply upon authentication of the registration request at the local access server. - View Dependent Claims (20, 22, 23, 24)
-
-
21. A computer-readable storage medium comprising computer readable program codes for reauthentication during client roaming in a wireless network system, the wireless network system comprising at least one access server operable to communicate with an a remote authentication server during an initial authentication of the client, and a plurality of access points, the access points being registered with the access server, the program codes comprising:
-
code that receives a registration request at the access server from a new access point for a roaming client registered with the access server and previously in communication with an old access point, the request including a ticket; code that authenticates the registration request with an authentication extension generated with a secret session key shared by the new access point and access server, wherein authenticating the registration request comprises comparing timer values from the client and the new access point; and code that sends a client'"'"'s session key from the access server to the new access point in a registration reply upon authentication of the registration request at the access server, wherein the client'"'"'s session key is configured for use by the new access point to reauthenticate the client and establish keys for the client without contacting the authentication server; wherein said at least one access server comprises a central access server at a top level of a hierarchy, and a local access server at a second level of said hierarchy and registered with the central access server, the access points located at a third level of said hierarchy. - View Dependent Claims (25, 26, 27)
-
Specification