Method, apparatus, and system for centralized 802.1X authentication in wireless local area network

US 9,071,968 B2
Filed: 06/10/2013
Issued: 06/30/2015
Est. Priority Date: 12/09/2010
Status: Active Grant

First Claim

Patent Images

1. A method for centralized 802.1X authentication in a wireless local area network, wherein the wireless local area network comprises an authentication entity, an access point, and at least one user equipment (UE), the authentication entity is connected to the at least one UE through the access point, and the method comprises:

receiving, by the access point, an extensive authentication protocol (EAP) authentication start message from the UE, wherein a destination address of the EAP authentication start message is a media access control (MAC) address corresponding to an air interface of the access point, and a source address of the EAP authentication start message is a MAC address of the UE;

modifying, by the access point, only content of the destination address of the EAP authentication start message to be one of the group consisting of (a) a multicast address of a port access entity and (b) a MAC address of the authentication entity;

forwarding, by the access point, the EAP authentication start message whose destination address is modified, to the authentication entity, to enable the authentication entity to start access authentication for the UE according to the EAP authentication start message whose destination address is modified;

receiving a first EAP authentication message sent by the authentication entity, wherein a source address of the first EAP authentication message is the MAC address of the authentication entity, and a destination address of the first EAP authentication message is the MAC address of the UE;

modifying the source address of the first EAP authentication message to be the MAC address corresponding to the air interface of the access point;

forwarding the first EAP authentication message with the modified source address of the first EAP authentication message to the UE;

receiving a second EAP authentication message sent by the UE wherein the second EAP authentication message is sent by the UE, but different from the EAP authentication start message, a destination address of the second EAP authentication message is the MAC address corresponding to the air interface of the access point and a source address of the second EAP authentication message is the MAC address of the UE;

modifying the destination address of the second EAP authentication message to be the MAC address of the authentication entity; and

forwarding the second EAP authentication message whose destination address is modified.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a method, an apparatus, and a system for centralized 802.1X authentication in a wireless local area network, and the method includes: receiving, by the access point, an EAP authentication start message from the UE, where a destination address of the EAP authentication start message is a MAC address corresponding to an air interface of the access point, and its source address is a MAC address of the UE; modifying the destination address of the EAP authentication start message to be a multicast address of a port access entity or a MAC address of the authentication entity; and forwarding the EAP authentication start message whose destination address is modified.

6 Citations

6 Claims

1. A method for centralized 802.1X authentication in a wireless local area network, wherein the wireless local area network comprises an authentication entity, an access point, and at least one user equipment (UE), the authentication entity is connected to the at least one UE through the access point, and the method comprises:
- receiving, by the access point, an extensive authentication protocol (EAP) authentication start message from the UE, wherein a destination address of the EAP authentication start message is a media access control (MAC) address corresponding to an air interface of the access point, and a source address of the EAP authentication start message is a MAC address of the UE;
  
  modifying, by the access point, only content of the destination address of the EAP authentication start message to be one of the group consisting of (a) a multicast address of a port access entity and (b) a MAC address of the authentication entity;
  
  forwarding, by the access point, the EAP authentication start message whose destination address is modified, to the authentication entity, to enable the authentication entity to start access authentication for the UE according to the EAP authentication start message whose destination address is modified;
  
  receiving a first EAP authentication message sent by the authentication entity, wherein a source address of the first EAP authentication message is the MAC address of the authentication entity, and a destination address of the first EAP authentication message is the MAC address of the UE;
  
  modifying the source address of the first EAP authentication message to be the MAC address corresponding to the air interface of the access point;
  
  forwarding the first EAP authentication message with the modified source address of the first EAP authentication message to the UE;
  
  receiving a second EAP authentication message sent by the UE wherein the second EAP authentication message is sent by the UE, but different from the EAP authentication start message, a destination address of the second EAP authentication message is the MAC address corresponding to the air interface of the access point and a source address of the second EAP authentication message is the MAC address of the UE;
  
  modifying the destination address of the second EAP authentication message to be the MAC address of the authentication entity; and
  
  forwarding the second EAP authentication message whose destination address is modified.
- View Dependent Claims (2)
- - 2. The method according to claim 1, wherein the method further comprises:
    - receiving a third EAP authentication message sent by the authentication entity, wherein a source address of the third EAP authentication message is the MAC address of the authentication entity, and a destination address of the third EAP authentication message is the MAC address of the UE; and
      
      forwarding the third EAP authentication message to the UE, so that the UE learns the MAC address of the authentication entity from the third EAP authentication message.

3. A method for centralized 802.1X authentication in a wireless local area network, comprising:
- generating, by an access point, an extensive authentication protocol (EAP) authentication start message, wherein a destination address of the EAP authentication start message is one of the group consisting of (a) a multicast address of a port access entity and (b) a media access control (MAC) address of an authentication entity, and a source address of the EAP authentication start message is a MAC address of a user equipment (UE);
  
  sending, by the access point, the EAP authentication start message;
  
  receiving a first EAP authentication message sent by the authentication entity, wherein a source address of the first EAP authentication message is the MAC address of the authentication entity, and a destination address of the first EAP authentication message is the MAC address of the UE;
  
  modifying the source address of the first EAP authentication message to be the MAC address corresponding to an air interface of the access point;
  
  forwarding the first EAP authentication message with the modified source address of the first EAP authentication message to the UE;
  
  receiving a second EAP authentication message sent by the UE, wherein the second EAP authentication message is sent by the UE, which is different from the EAP authentication start message, a destination address of the second EAP authentication message is the MAC address corresponding to the air interface of the access point and a source address of the second EAP authentication message is the MAC address of the UE;
  
  modifying the destination address of the second EAP authentication message to be the MAC address of the authentication entity; and
  
  forwarding the second EAP authentication message whose destination address is modified.

4. An access point device, comprising:
- a first receiving module, configured to receive an extensive authentication protocol (EAP) authentication start message sent by a user equipment (UE), wherein a destination address of the EAP authentication start message is a media access control (MAC) address corresponding to an air interface of an access point, and a source address of the EAP authentication start message is a MAC address of the UE;
  
  a first address-modifying module, configured to modify only the content the destination address of the EAP authentication start message received by the first receiving module to be one of the group consisting of (a) a multicast address of a port access entity and (b) a MAC address of an authentication entity; and
  
  a first forwarding module, configured to forward the EAP authentication start message whose destination address is modified by the first address-modifying module to the authentication entity, to enable the authentication entity to start access authentication for the UE according to the EAP authentication start message whose destination address is modified;
  
  a second receiving module, configured to receive a first EAP authentication message sent by the authentication entity, wherein a source address of the first EAP authentication message is the MAC address of the authentication entity and a destination address of the first EAP authentication message is the MAC address of the UE;
  
  a second address-modifying module, configured to modify the source address of the EAP authentication message received by the second receiving module to be the MAC address corresponding to the air interface of the access point; and
  
  a second forwarding module, configured to forward the EAP authentication message whose source address is modified by the second address-modifying module to the UE;
  
  wherein the first receiving module is further configured to receive a second EAP authentication message sent by the UE wherein the second EAP authentication message is sent by the UE but different from the EAP authentication start message, a destination address of the second EAP authentication message is the MAC address corresponding to the air interface of the access point and a source address of the second EAP authentication message is the MAC address of the UE;
  
  the first address-modifying module is further configured to modify the destination address of the second EAP authentication message received by the first receiving module to be the MAC address of the authentication entity; and
  
  the first forwarding module is further configured to forward the second EAP authentication message whose destination address is modified by the first address-modifying module.
- View Dependent Claims (5)
- - 5. The access point device according to claim 4, further comprising:
    - a third receiving module, configured to receive a third EAP authentication message sent by the authentication entity, wherein a source address of the third EAP authentication message is the MAC address of the authentication entity, and a destination address of the third EAP authentication message is the MAC address of the UE; and
      
      a third forwarding module, configured to forward, to the UE, the third EAP authentication message received by the third receiving module, so that the UE learns the MAC address of the authentication entity from the third EAP authentication message.

6. A system for centralized 802.1X authentication in a wireless local area network, wherein the system comprises an authentication entity, an access point, and at least one user equipment (UE), the authentication entity is connected to the at least one UE through the access point, andthe access point is configured to:
- receive an extensive authentication protocol (EAP) authentication start message sent by the UE, wherein a destination address of the EAP authentication start message is a media access control (MAC) address corresponding to an air interface of the access point, and a source address of the EAP authentication start message is a MAC address of the UE;
  
  modify the destination address of the EAP authentication start message to be one of the group consisting of (a) a multicast address of a port access entity and (b) a MAC address of the authentication entity; and
  
  forward the EAP authentication start message whose destination address is modified, so that the authentication entity starts access authentication for the UE according to the EAP authentication start message whose destination address is modified;
  
  the access point is further configured to;
  
  receive a first EAP authentication message sent by the authentication entity, wherein a source address of the first EAP authentication message is the MAC address of the authentication entity, and a destination address of the first EAP authentication message is the MAC address of the UE;
  
  modify the source address of the first EAP authentication message to be the MAC address corresponding to the air interface of the access point;
  
  forward the first EAP authentication message with the modified source address of the first EAP authentication message to the UE;
  
  receive a second EAP authentication message sent by the UE wherein the second EAP authentication message is sent by the UE, but different from the EAP authentication start message, a destination address of the second EAP authentication message is the MAC address corresponding to the air interface of the access point and a source address of the second EAP authentication message is the MAC address of the UE;
  
  modify the destination address of the second EAP authentication message to be the MAC address of the authentication entity; and
  
  forward the second EAP authentication message whose destination address is modified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Liu, Guoping
Primary Examiner(s)
Acolatse, Kodzovi

Application Number

US13/913,792
Publication Number

US 20130272290A1
Time in Patent Office

750 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/0892   by using authentication-aut...

H04L 63/162   at the data link layer

H04L 63/205   involving negotiation or de...

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

Method, apparatus, and system for centralized 802.1X authentication in wireless local area network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

6 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Method, apparatus, and system for centralized 802.1X authentication in wireless local area network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links