Dynamic authentication in secured wireless networks

US 7,788,703 B2
Filed: 04/18/2007
Issued: 08/31/2010
Est. Priority Date: 04/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method for pairing secrets in a secured wireless network, the method comprising:

receiving an access request from a wireless interface device, the access request regarding access to the secured wireless network;

identifying that the wireless interface device belongs to an authenticated user having an access profile in the secured wireless network, wherein identification is based on the access request;

determining that the wireless interface device is associated with a valid security key derived from a secret, the secret associated with the access profile belonging to the authenticated user, wherein determining that the wireless interface device is associated with the valid security key comprises;

initially identifying that the wireless interface device is associated with at least one invalid security key, wherein the secret associated with the invalid security key is identified as being expired,updating the expired secret associated with the access profile by;

generating a new random secret unique to the authenticated user, wherein the new secret is associated with the access profile belonging to the authenticated user;

deriving one or more security keys from the new secret; and

updating a table of unassociated security keys with the one or more security keys derived from the new secret;

obtaining the valid security key from the table of unassociated security keys, andproviding the valid security key to the wireless interface device, wherein execution of an executable on the wireless interface device configures the wireless interface device to access the secured wireless network using the access profile and the valid security key; and

permitting use of the valid security key to access the secured wireless network, wherein the use of the valid security key is restricted to the wireless interface device belonging to the user as identified by the access profile.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.

207 Citations

11 Claims

1. A method for pairing secrets in a secured wireless network, the method comprising:
- receiving an access request from a wireless interface device, the access request regarding access to the secured wireless network;
  
  identifying that the wireless interface device belongs to an authenticated user having an access profile in the secured wireless network, wherein identification is based on the access request;
  
  determining that the wireless interface device is associated with a valid security key derived from a secret, the secret associated with the access profile belonging to the authenticated user, wherein determining that the wireless interface device is associated with the valid security key comprises;
  
  initially identifying that the wireless interface device is associated with at least one invalid security key, wherein the secret associated with the invalid security key is identified as being expired,updating the expired secret associated with the access profile by;
  
  generating a new random secret unique to the authenticated user, wherein the new secret is associated with the access profile belonging to the authenticated user;
  
  deriving one or more security keys from the new secret; and
  
  updating a table of unassociated security keys with the one or more security keys derived from the new secret;
  
  obtaining the valid security key from the table of unassociated security keys, andproviding the valid security key to the wireless interface device, wherein execution of an executable on the wireless interface device configures the wireless interface device to access the secured wireless network using the access profile and the valid security key; and
  
  permitting use of the valid security key to access the secured wireless network, wherein the use of the valid security key is restricted to the wireless interface device belonging to the user as identified by the access profile.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein initially identifying that the wireless interface device is not associated with the valid security key includes determining that the wireless interface device is not associated with any security keys derived from the secret associated with the access profile of the authenticated user.
  - 3. The method of claim 1, wherein one or more valid security keys are stored to the table, wherein the table comprises information concerning each key, whether each key is associated with a wireless interface device, and which wireless interface device is associated with each key.
  - 4. The method of claim 1, wherein expiration of the secret occurs after a predefined period of time.
  - 5. The method of claim 1, wherein expiration of the secret occurs upon request by a system administrator.
  - 6. The method of claim 1, wherein requiring the wireless interface device to be re-authenticated comprises terminating the wireless connection between the wireless interface device and the wireless network.

7. A system for pairing secrets in a secured wireless network comprising:
- an authentication module stored in memory and executable by a processor to authenticate a user of a wireless interface device, the authenticated user having an access profile in the secured wireless network;
  
  a secret database for storing information concerning an updated secret, the secret database including a table concerning at least one valid security key derived from the updated secret, the updated secret associated with the access profile belonging to the authenticated user;
  
  a secret generation module stored in memory and executable by a processor to update a secret when the secret is identified as being expired, wherein updating the secret comprises;
  
  generating a new random secret unique to the authenticated user, wherein the new secret is associated with the access profile belonging to the authenticated user, andderiving one or more security keys from the new secret, wherein the table is updated with the one or more security keys derived from the new secret;
  
  an executable generation module stored in memory and executable by the processor to generate an executable for using the access profile and the updated secret to configure the wireless interface device to access the secured wireless network; and
  
  an interface that receives requests to access the secured wireless network, wherein use of the valid security key to access the secured wireless network is restricted to the wireless interface device belonging to the user as identified by the access profile.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, further comprising an access profile generation module executable by a processor to update an access profile for the authenticated user, the update concerning the updated secret.
  - 9. The system of claim 7, wherein the secret generation module is further executable to update the secret after a predefined period of time.
  - 10. The system of claim 7, wherein the secret generation module is further executable to update the secret upon request by a system administrator.
  - 11. The system of claim 8, further comprising a binding module stored in memory and executable by a processor to associate the wireless interface device with the updated secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ruckus IP Holdings LLC
Original Assignee
Ruckus Wireless, Inc. (CommScope Holding Company, Inc.)
Inventors
Kuo, Ted Tsei, Yang, Bo-Chieh, Lin, Tian-Yuan, Jou, Tyan-Shu, Sheu, Ming
Primary Examiner(s)
ZIA, SYED

Application Number

US11/788,371
Publication Number

US 20070249324A1
Time in Patent Office

1,231 Days
Field of Search

None
US Class Current

726/2
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04W 12/041   Key generation or derivation

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 8/18   Processing of user or subsc...

Dynamic authentication in secured wireless networks

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

207 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic authentication in secured wireless networks

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

207 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links