Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for transmitting paired master cryptography keys in wireless local area network (WLAN) access network and system

A technology of paired master key and access key, which is applied in network topology, security devices, electrical components, etc., and can solve problems such as poor networking compatibility and complex interfaces

Active Publication Date: 2013-06-05
ZTE CORP
View PDF3 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The main purpose of the present invention is to provide a method and system for transferring paired master keys in a WLAN access network, aiming at avoiding network compatibility caused by the access authentication point passing the paired master key to the key negotiation authentication point Problems such as poor performance and complex interface

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for transmitting paired master cryptography keys in wireless local area network (WLAN) access network and system
  • Method for transmitting paired master cryptography keys in wireless local area network (WLAN) access network and system
  • Method for transmitting paired master cryptography keys in wireless local area network (WLAN) access network and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach 1

[0074] In fat AP deployment scenarios, APs perform local forwarding. The AP is located between the STA and the BNG. In this networking scenario, the AC does not need to participate. The specific implementation method is as follows:

[0075] Step 1: After connecting to the client STA and associating with the AP, it sends an EAPol-Start message to trigger EAP authentication.

[0076] Step 2: After the AP receives the STA's EAPol-Start message, it expands the notification information supported by the EAPoL V3 version in the EAPol-Start message, that is, carries information such as the AP's public key and encryption algorithm through the TLV option, and sends the expanded The message is sent to BNG.

[0077] Step 3: The BNG processes the EAPol-Start message, saves the relationship between the STA and the AP, and the AP's public key and encryption algorithm, and requests identity information from the STA by sending the EAPol / Eap-Req / Identity message.

[0078] Step 4: The AP forw...

Embodiment approach 2

[0089] In thin AP deployment scenarios, APs perform centralized forwarding. The wireless access controller AC and BNG can be integrated or separated. No matter in the network where the AC is separated or the network where the AC and BNG are integrated, the PMK carried by EAP-SUCCES can be Analyze the PMK on the AP side. This embodiment adopts a networking mode in which the AC and the BNG are separated. The AP goes online through steps such as discovering the AC request / response, AP joining the AC request / response, AP status change request / response, and configuration update request / response, and establishes a CAPWAP control tunnel with the AC.

[0090] Step 1: After the access client STA establishes an association with the AP, it sends an EAPol-Start message to trigger EAP authentication.

[0091] Step 2: After the AP receives the EAPol-Start message sent by the STA, it expands the notification information supported by the EAPoL V3 version in the EAPol-Start message, that is,...

Embodiment approach 3

[0108] Thin AP deployment scenario, AP local forwarding mode. This embodiment adopts a networking mode in which the AC and the BNG are separated, and the AC, the AP, and the BNG are connected through the SW. The AP goes online through steps such as discovering the AC request / response, AP joining the AC request / response, AP status change request / response, and configuration update request / response, and establishes a CAPWAP control tunnel with the AC.

[0109] Step 1: After the access client STA establishes an association with the AP, it sends an EAPol-Start message to trigger EAP authentication.

[0110] Step 2: After the AP receives the EAPol-Start message sent by the STA, it expands the notification information supported by the EAPoL V3 version in the EAPol-Start message, that is, the public key and encryption algorithm of the AP are carried in the TLV option, and the expanded The EAPol-Start message sent to the BNG.

[0111] Step 3: The BNG processes the received EAPol-Star...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for transmitting paired master cryptography keys in a wireless local area network (WLAN) access network. The method includes the steps: an access key negotiation point receives an access authentication message sent by an access client, expands notice information in the access authentication message, and sends the expanded access authentication message to an access authentication point; the access authentication point sends an access request message with identification information of the access client to an authentication server-side; after an authentication success message is received, a main master cryptography key is obtained from the authentication success message, the main master cryptography key is encrypted according to the notice message, and an obtained encrypted message is packaged in the authentication success message to be sent to the access client. The invention further provides a corresponding system. Due to the fact that the scheme is adopted, the problems that networking compatibility is poor and an interface is complex and the like due to the fact that the access authentication point sends the paired master cryptography keys to a secret key negotiation point are avoided.

Description

technical field [0001] The present invention relates to the technical field of wireless communication, in particular to a method and system for transmitting a paired master key in a WLAN access network. Background technique [0002] With the rapid development of Internet applications and smart terminals, WLAN applications have become very common and deployed in many public places. Users can access the Internet anytime and anywhere through various terminal devices such as mobile phones and computers for online office and entertainment activities. Accessing the network through a wireless local area network is one of the most important means for users to access network resources. [0003] In order to enhance the security of data transmission over the air interface of wireless devices, IEEE 802.1X and IEEE802.11i define the 8021X+EAP access authentication method and the EAPOL-Key key negotiation mechanism. WLAN adopts the 4-Way Handshake key negotiation mechanism to prompt the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04W12/02H04W12/04H04W12/06H04W84/12H04W12/033H04W12/0431
CPCH04W12/02H04W12/0433
Inventor 梁乾灯石磊范亮
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products