System and method for distributing keys in a wireless network
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/00
H04L-009/08
H04L-009/32
출원번호
US-0401073
(2009-03-10)
등록번호
US-8161278
(2012-04-17)
발명자
/ 주소
Harkins, Dan
출원인 / 주소
Trapeze Networks, Inc.
인용정보
피인용 횟수 :
13인용 특허 :
319
초록▼
A technique for improving authentication speed when a client roams from a first authentication domain to a second authentication domain involves coupling authenticators associated with the first and second authentication domains to an authentication server. A system according to the technique may in
A technique for improving authentication speed when a client roams from a first authentication domain to a second authentication domain involves coupling authenticators associated with the first and second authentication domains to an authentication server. A system according to the technique may include, for example, a first authenticator using an encryption key to ensure secure network communication, a second authenticator using the same encryption key to ensure secure network communication, and a server coupled to the first authenticator and the second authenticator wherein the server distributes, to the first authenticator and the second authenticator, information to extract the encryption key from messages that a client sends to the first authenticator and the second authenticator.
대표청구항▼
1. A system comprising: a first authenticator, the first authenticator, in operation, receiving a first message including an encryption key from a client;a second authenticator, the second authenticator, in operation, receiving a second message including the encryption key from the client; anda serv
1. A system comprising: a first authenticator, the first authenticator, in operation, receiving a first message including an encryption key from a client;a second authenticator, the second authenticator, in operation, receiving a second message including the encryption key from the client; anda server coupled to the first authenticator and the second authenticator, the server, in operation, distributing to the first authenticator and the second authenticator information to extract the encryption key from the first message and the second message,wherein, in operation, the first authenticator and the second authenticator each uses the encryption key to ensure secure network communication. 2. The system of claim 1, further comprising the client, wherein, in operation, the client maintains the encryption key that allows the client to communicate securely with authenticators coupled to the server. 3. The system of claim 1, wherein, in operation, the first authenticator is implemented in a network switch or an access point. 4. The system of claim 1, wherein, in operation, the second authenticator is implemented in a network switch or an access point. 5. The system of claim 1, further comprising the client: the client, in operation, generates a client-generated key;the client, in operation, uses the client-generated key to encrypt the encryption key;the client, in operation, sends the first message to the first authenticator. 6. The system of claim 1, further comprising the client: the client, in operation, encrypts the portion of the first message comprising the client-generated key and the identity of the first authenticator based on both the client-generated key and the shared key; andthe server, in operation, uses a shared key to decrypt and extract a portion of the first message having a client-generated key and an identity of the first authenticator. 7. The system of claim 1, wherein, in operation: the first authenticator forwards the first message to the server;the first authenticator receives a third message from the server;the first authenticator uses a second shared key to extract the client-generated key from the third message, the second shared key being shared by the server and the first authenticator;the first authenticator uses the client-generated key to extract the encryption key to establish secure communication with the client. 8. The system of claim 1, wherein, in operation: the server uses a first shared key to extract a portion of the first message having a client-generated key and an identity of the first authenticator, the first shared key being shared by the client and the server;the server uses a second shared key to encrypt the client-generated key, the second shared key being shared by the server and the first authenticator;the server sends the client-generated key encrypted with the first key to the first authenticator. 9. The system of claim 1, further comprising the client: the client, in operation, generates a second client-generated key;the client, in operation, uses the second client-generated key to encrypt the encryption key;the client, in operation, sends the second message to the second authenticator;the second authenticator, in operation, forwards the second message to the server;the server, in operation, uses a third shared key to extract a portion of the second message comprising the second client-generated key and an identity of the second authenticator, wherein the third shared key is shared by the server and the client;the server, in operation, uses a fourth shared key to encrypt the second client-generated key;the server, in operation, sends the second client-generated key encrypted with the fourth shared key to the second authenticator, wherein the fourth shared key being shared by the server and the second authenticator; andthe second authenticator, in operation, uses the fourth shared key to extract the second client-generated key;the second authenticator, in operation, uses the second client-generated key to extract the encryption key to establish secure communication with the client. 10. A system comprising: a first authentication domain the first authentication domain, in operation, receiving an encryption key from a client;a second authentication domain, the second authentication domain, in operation, receiving the encryption key from the client; anda server coupled to the first authentication domain and the second authentication domain, the server, in operation, acting as a trusted third party for the client when the client transitions from the first authentication domain to the second authentication domain, using the encryption key to ensure secure network communication. 11. The system of claim 10, further comprising: a client-generated first key that the client uses to encrypt the encryption key when the client sends a first message to the first authenticator, wherein the first authenticator forwards the first message to the server;a second key that the server and the client share, wherein the server uses the second key to extract the portion of the first message comprising the first key and the identity of the first authenticator;a third key that the server and the first authenticator share, wherein the server uses the third key to encrypt the first key and sends the first key encrypted with the third key to the first authenticator, and wherein the first authenticator uses the third key to extract the first key which the first authenticator uses to extract the encryption key in order to establish secure communication with the client;a client-generated fourth key that the client uses to encrypt the encryption key when the client sends a second message to the second authenticator, wherein the second authenticator forwards the second message to the server;a fifth key that the server and the client share, wherein the server uses the fifth key to extract the portion of the second message comprising the fourth key and the identity of the second authenticator; anda sixth key that the server and the second authenticator share, wherein the server uses the sixth key to encrypt the fourth key and sends the fourth key encrypted with the sixth key to the second authenticator, and wherein the second authenticator uses the sixth key to extract the fourth key which the second authenticator uses to extract the encryption key in order to establish secure communication with the client. 12. The system of claim 10, wherein: the first authentication domain includes a first authenticator, the first authenticator, in operation, coupled to the server, andthe second authentication domain includes a second authenticator, the second authenticator, in operation, coupled to the server. 13. The system of claim 10, wherein: the first authentication domain includes a first authenticator, the first authenticator, in operation, coupled to the server;the second authentication domain includes a second authenticator, the second authenticator, in operation, coupled to the server; andthe client, in operation, maintains an encryption key that allows the client to communicate securely in authentication domains having authenticators coupled to the server. 14. A method comprising: receiving a second message at a server from an authenticator associated with a second authentication domain, the second message including cryptographic data included in a first message received at the authenticator from a client authenticated at a first authentication domain, the first message including cryptographic data including a first key and a second key;decrypting the second message at the server;verifying the identity of the authenticator at the server; andif the authenticator is verified: constructing a third message comprising the first key at the server;sending the third message from the server to the authenticator;extracting the first key from the third message at the authenticator;extracting the second key from the cryptographic data at the authenticator; andestablishing secure data communication with the client using the second key. 15. The method of claim 14, further comprising identifying an access point at a client. 16. The method of claim 14, further comprising identifying a server at the authenticator. 17. The method of claim 14, further comprising refusing client authentication when the authentication is not verified. 18. The method of claim 14, further comprising constructing and sending the first message having cryptographic data to the authenticator. 19. The method of claim 14, wherein the first key is randomly generated. 20. The method of claim 14, wherein the second key is defined by a user.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (319)
Meier,Robert; Rebo,Richard D.; Griswold,Victor J.; Smith,Douglas; Winget,Nancy Cam, 802.11 using a compressed reassociation exchange to facilitate fast handoff.
Hunkeler,Teresa Joanne; Zaki,Maged, Access points with selective communication rate and scheduling control and related methods for wireless local area networks (WLANs).
Bergl Vladimir,CZX ; Davies Kenneth ; Ittycheriah Abraham Poovakunnel ; Maes Stephane Herman, Apparatus and methods for user identification to deny access or service to unauthorized users.
Brockel Kenneth H. ; Procopio ; Jr. Victor J. ; Major Paul A. ; Vigants Arvids ; Pasirstein Joseph ; Wood Richard W., Apparatus and processes for realistic simulation of wireless information transport systems.
Watanabe Fujio,FIX ; Buot Theodore,FIX ; Kuntze Roland,FIX ; Jokela Jari,FIX, Apparatus, and associated method for selecting a size of a contention window for a packet of data system.
Chuah Mooi Choo, Bandwidth reservation and collision resolution method for multiple access communication networks where remote hosts send reservation requests to a base station for randomly chosen minislots.
Adachi Hideo,JPX, Base station apparatus for radiocommunication network, method of controlling communication across radiocommunication network, radiocommunication network system, and radio terminal apparatus.
Baker Murray C. (Toronto CAX) Cheung Roger Y. M. (Scarborough CAX) Bhattacharya Partha P. (Briarcliff NY) Kobo Roberto M. (Campinas BRX) Kolbe Eduardo M. (Campinas BRX) Naghshineh Mahmoud (Fishkill N, Broadcast/multicast filtering by the bridge-based access point.
Pickering Leslie W. (Atlanta GA) Barnhart Eric N. (Lawrenceville GA) Harvey Bruce A. (Norcross GA) Witten Michael L. (Decatur GA), Cell engineering tool and methods.
McIntosh, Chris P.; Lu, Priscilla M.; Ogaz, Ronald S., Cellular network having a concentrated base transceiver station and a plurality of remote transceivers.
Huelamo Platas, Jose Javier; Gomez Mateo, Daniel, Communications network system with discrete terminal mobility and remote user registration associated with said mobility.
See Michael E. ; Bailey John W. ; Panza Charles L. ; Pikover Yuri ; Stone Geoffrey C., Deterministic user authentication service for communication network.
Tate Duncan Hartley,AUX ; Palmer Robert,AUX ; Heinze Garry Colin,AUX ; Shahbaz Mourad Christopher Manoug,AUX ; Mikelaitis Peter Ian,AUX ; Gorog Peter Alexander Ernest,AUX, Digital communication system for simultaneous transmission of data from constant and variable rate sources.
Gilhousen Klein S. (San Diego CA) Padovani Roberto (San Diego CA) Wheatly ; III Charles E. (Del Mar CA), Diversity receiver in a CDMA cellular telephone system.
Wah Benjamin W. (1109 Cumberland Ave. West Lafayette IN 47906) Juang Jie-Yong (32-7 Hilltop Dr. West Lafayette IN 47906), Efficient contention-resolution protocol for local multiaccess networks.
Lund Carsten (New Providence NJ) Phillips Steven (New York NY) Reingold Nicholas F. (Madison NJ), Fair prioritized scheduling in an input-buffered switch.
Wang Zhonghe (Lake Worth FL) Schwendeman Robert John (Pompano Beach FL), Flexible mobility management in a two-way messaging system and method therefor.
Huang Chia-Chi (Hsinchu NY TWX) Bantz David F. (Chappaqua NY) Bauchot Frederic (Saint Jeannet NY FRX) Natarajan Kadathur S. (Millwood NY) Narasimhan Anand (New York NY) Wetterwald Michele M. (Cagnes , Handoff monitoring in cellular communication networks using slow frequency hopping.
Ruan, Jiandong; Kuehnel, Thomas W., Hardware control interface for IEEE standard 802.11 including transmission control interface component and a transmission status interface component.
Tobagi Fouad A. (Los Altos CA) Fratta Luigi (Segrate ITX) Borgonovo Flaminio (Cant ITX), Local area communication network utilizing a round robin access scheme with improved channel utilization.
Mastrianni, Steven J.; Mohindra, Ajay; Shea, Dennis G., Method and apparatus for a centralized facility for administering and performing connectivity and information management tasks for a mobile user.
Laux,Carlos V.; Toor,Kamaldip; de Siqueira,Marcio G.; Valluru,Sudhakar S.; Hayashi,Steven, Method and apparatus for adjusting operational parameter of a wireless device bases upon a monitored characteristic.
Leedom,David Arlen; Garza,Jose Eulalio; Stakelum,Richard Allen; Ramsay,Leigh William; Irvine,Glenn Michael, Method and apparatus for controlling the allocation of bandwidth of a network access point to an application having a message transmitted on the network.
Peden, II, Jeffrey J.; Gray, Matthew K.; Parker, Coleman P., Method and apparatus for controlling wireless network access privileges based on wireless client location.
McCrady, Dennis D.; Cummiskey, Peter; Doyle, Lawrence J.; Forstrom, Howard, Method and apparatus for determining the position of a mobile communication device.
Bo S. P. Wallentin SE; Leif P. Lindskog SE; Thomas Rimhagen SE; Per O. G. Bark SE; Ulf A. Hansson SE; Harri Vilander FI, Method and apparatus for dynamically adapting a connection state in a mobile communications system.
Dobric,Damian; Rozman,Eduard; Wong,Francis; Finkelstein,Arina, Method and apparatus for hardware implementation independent verification of network layers.
Olson,Timothy; Shuen,Pauline; Sanzgiri,Ajit; Winget,Nancy; Roshan,Pejman, Method and apparatus for locating rogue access point switch ports in a wireless network.
Stratis Glafkos ; Mendoza Julian ; Mendoza Javier ; Anantha Veeraraghavan A., Method and apparatus for predicting signal characteristics in a wireless communication system.
Wang,Jiwei R.; Jayant,Alin; Kadar,Vincent; Kim,Ken, Method and apparatus for providing service selection, redirection and managing of subscriber access to multiple WAP (Wireless Application Protocol) gateways simultaneously.
Yamano Larry C. ; Holloway John T. ; Frank Edward H. ; Mallory Tracy D. ; Corry Alan G. ; Forrest Craig S. ; Peterson Kevin H. ; Robinson Timothy B. ; Snow Dane, Method and apparatus for reducing signal processing requirements for transmitting packet-based data with a modem.
Rappaport, Theodore; Skidmore, Roger; Reifsneider, Eric, Method and system for designing or deploying a communications network which considers frequency dependent effects.
Galluzzo, Joseph D.; Chakra, Al; O'Sullivan, Patrick Joseph; Callanan, Sean, Method and system for dynamically changing user session behavior based on user and/or group classification in response to application server demand.
Kondou Takeshi,JPX ; Takahashi Yasuhiro,JPX ; Matsui Susumu,JPX ; Takebe Keishi,JPX, Method and system for providing information for a mobile terminal.
Bhatti Nina T. ; Friedrich Richard J. ; Jin Tai ; Zara Anna M., Method and systems for allowing data service system to provide class-based services to its users.
Darryl Steven Richman ; Moshe Lichtman ; Mark R. Enstrom ; Thomas E. Lennon ; Ralph A. Lipe ; Pierre-Yves Santerre ; Robert T. Short ; David W. Voth, Method for automatically configuring devices including a network adapter without manual intervention and without prior configuration information.
Hluchyj Michael G. (Wellesley MA) Bhargave Amit (Somerville MA) Yin Nanying (Cambridge MA), Method for prioritizing, selectively discarding, and multiplexing differing traffic type fast packets.
Wippenbeck Matthias (Stuttgart DEX) Willmann Gert (Stuttgart DEX) Schrodi Karl (Heimsheim DEX), Method of controlling access to a buffer and a device for temporary storage of data packets and an exchange with such a.
Gandhi,Asif Dawoodi; Kamel,Raafat Edward; Thomas,Mathew; Vitebsky,Stanley; Weaver,Carl Francis, Method of determining transmission rate from a mobile station to a base station in a wireless communication system.
Nordman, Ian; Alamaki, Tero; Vanska, Marko; Gyorbiro, Norbert; Gripenberg, Casper; Tarkiainen, Mikko, Method, system, and apparatus for providing services in a privacy enabled mobile and Ubicom environment.
Scott, Mark; Cheng, Anita; Ho, Simon; Irimescu, George; Voineag, Dorel; Wong, William; Yao, Min; Zadeh, Row J., Method, system, and computer program product for providing voice over the internet communication.
Gitlin Richard D. (Little Silver NJ) Sabnani Krishan K. (Westfield NJ) Woo Thomas Y. C. (Red Bank NJ), Methods and apparatus for bandwidth reduction in a two-way paging system.
Doyle,Ronald P.; Hind,John R.; Narten,Thomas; Peters,Marcia L., Methods, systems and computer program products for detecting a spoofed source address in IP datagrams.
Blakeney ; II Robert D. (San Diego CA) Karmi Gadi (San Diego CA) Tiedemann ; Jr. Edward G. (San Diego CA) Weaver ; Jr. Lindsay A. (San Diego CA), Mobile station assisted soft handoff in a CDMA cellular communications system.
Wright Andrew S.,CAX ; Lai Cuong Hon,CAX ; Shin Soon S.,CAX ; Newton Helen R.,CAX, Multiple access communication network with combined contention and reservation mode access.
Shepard Howard M (Great River NY) Barkan Edward D. (South Setauket NY) Swartz Jerome (Stonybrook NY), Narrow bodied, single- and twin-windowed portable laser scanning head for reading bar code symbols.
Shepard Howard M. (Great River NY) Barkan Edward D. (South Setauket NY) Swartz Jerome (Stonybrook NY), Narrow-bodied, single- and twin-windowed portable laser scanning head for reading bar code symbols.
Shepard Howard M. (Great River NY) Barkan Edward D. (South Setauket NY) Swartz Jerome (Stonybrook NY), Narrow-bodied, single- and twin-windowed portable scanning head for reading bar code symbols.
Shepard Howard M. (Great River NY) Barkan Edward D. (South Setauket NY) Swartz Jerome (Stonybrook NY), Narrow-bodied, single-and twin-windowed portable laser scanning head for reading bar code symbols.
Shepard Howard M. (Great River NY) Barkan Edward D. (South Setauket NY) Swartz Jerome (Stonybrook NY), Narrow-bodied, single-and twin-windowed portable laser scanning head for reading bar code symbols.
Sprecher Jerry W. (Danville CA) Winters ; Jr. Donald J. (Danville CA) Rajwany Amirali S. (Walnut Creek CA) Dodson Michael W. (Walnut Creek CA) Penning Gene R. (Antioch CA) Harrington Darryl F. (Pitts, Network management system.
Zook Ronald E. (Boulder CO) Gombrich Peter P. (Boulder CO), Portable handheld terminal including optical bar code reader and electromagnetic transceiver means for interactive wirel.
Broekhoven Paul V. (Needham MA) Fitzmartin Daniel (Newton MA) Blasche Paul (Arlington MA) Cox ; Jr. Duncan B. (Manchester MA) Upadhyay Triveni (Burlington MA), Precorrelation digital spread spectrum receiver.
Fortune Steven J. (Summit NJ) Gay David M. (New Providence NJ) Kernighan Brian W. (Berkeley Heights NJ) Landron Orlando (Shrewsbury Township ; Monmouth County NJ) Valenzuela Reinaldo A. (Holmdel NJ) , Prediction of indoor electromagnetic wave propagation for wireless indoor systems.
Lockhart ; Jr. Robert K. (Lauderhill FL) Macko William J. (Tamarac FL) Bass Robert H. (Sunrise FL) Wallace Craig S. (Coral Springs FL) Moore Morris A. (Sunrise FL), Re-linked portable data terminal controller system.
Simpson Raymond W. (Hamilton Square NJ) Chandler Donald G. (Pennington NJ) Bowers John (Monmouth Junction NJ), Remote control system, components and methods.
Clarkson, Kenneth L.; Hampel, Karl Georg; Hobby, John D.; Polakos, Paul Anthony, Road-based evaluation and interpolation of wireless network parameters.
Weinberg Aaron (Potomac MD) Ebert Paul M. (Potomac MD) Fee Joseph J. (Wheaton MD) Kaminsky Yaroslav (Herndon VA) Keblawi Feisal S. (Vienna VA) Scales Walter C. (McLean VA), Spread spectrum communications method and apparatus.
Gilhousen Klein S. (San Diego CA) Jacobs Irwin M. (La Jolla CA) Weaver ; Jr. Lindsay A. (San Diego CA), Spread spectrum multiple access communication system using satellite or terrestrial repeaters.
Croft Thomas M. (Cary NC) Dent Paul W. (Stehag SEX) Harte Lawrence J. (Cary NC) Solve Torbjorn (Lund SEX), Standby power savings with cumulative parity check in mobile phones.
Rappaport, Theodore; Skidmore, Roger; Henty, Benjamin, System and method for design, tracking, measurement, prediction and optimization of data communication networks.
Gilhousen Klein S. (San Diego CA) Jacobs Irwin M. (La Jolla CA) Padovani Roberto (San Diego CA) Weaver ; Jr. Lindsay A. (San Diego CA) Wheatley ; III Charles E. (Del Mar CA) Viterbi Andrew J. (La Jol, System and method for generating signal waveforms in a CDMA cellular telephone system.
Cromer,Daryl Carvis; Jakes,Philip John; Locker,Howard Jeffrey; Griffiths, Jr.,Ronald John, System and method for passive scanning of authorized wireless channels.
Massie,Rodney E.; Speaks,Chantel M.; Franklin,Julian M.; Leboulanger,Patrick, System and method of querying a device, checking device roaming history and/or obtaining device modem statistics when device is within a home network and/or complementary network.
Zhou, Peter Y.; Pang, Dexing; Tong, Yiu-Cho Alan; Lin, Ning; Addington, David Ralph; Albanna, Rowena Lampa; Albanna, Amro; Bolton, Keith I., System for localizing and sensing objects and providing alerts.
Alpdemir, Ahmet, System, method, and business model for speech-interactive information system having business self-promotion, audio coupon and rating features.
Seazholtz John W. ; Farris Robert D., Use of cellular digital packet data (CDPD) communications to convey system identification list data to roaming cellular.
Carter, Scott J.; Flanders, Edward L.; Hannah, Stephen E., Wireless LAN architecture for integrated time-critical and non-time-critical services within medical facilities.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.