Method and apparatus for providing a supplicant access to a requested service

Description

BRIEF DESCRIPTION OF THE FIGURES

The accompanying figures, where like reference numerals refer to identical or functionally similar elements throughout the separate views and which together with the detailed description below are incorporated in and from part of the specification, serve to further illustrate various embodiments and to explain various principles and advantages all in accordance with the present invention.

FIG. 1 is a block diagram showing a wireless communication network in accordance with some embodiments of the invention.

FIG. 2 is a flow diagram showing a method for providing a supplicant access to at least one requested service provided by an authenticator in a wireless communications network in accordance with some embodiments of the invention.

FIG. 3 is a flow diagram depicting a method of creating a relationship between a supplicant and a requested service based on an association request in accordance with some embodiments of the invention.

FIG. 4 is a flow diagram showing a method for providing a supplicant access to at least one requested service provided by an authenticator in a wireless communications network in accordance with some embodiments of the invention.

FIG. 5 is a flow diagram showing a method for providing a supplicant access to at least one requested service provided by an authenticator in a wireless communications network in accordance with some embodiments of the invention.

FIG. 6 is a block diagram showing a multi system authenticator in a wireless communication network in accordance with some embodiments of the invention.

FIG. 7 is a diagram showing communication exchanged between a supplicant and an authenticator for a requested service provided by an authenticator in a wireless communication network in one embodiment of the present invention.

FIG. 8 is a diagram showing communication exchanged between a supplicant and an authenticator for a requested service provided by an authenticator in a wireless communication network in a second embodiment of the present invention.

FIG. 9 is a diagram showing communication exchanged between a supplicant and an authenticator for a requested service provided by an authenticator in a wireless communication network in a third embodiment of the present invention.

Claims

1. A method of providing a supplicant access to at least one requested service provided by an authenticator in a wireless communications network, the method comprising: receiving an authentication request, wherein the authentication request comprises an association request and an identifier to a requested service;creating a relationship between the supplicant and the requested service based on the association request;fulfilling the association request for the requested service;determining an authentication server based upon the requested service identified in the authentication request; andauthenticating the supplicant for the requested service.
2. The method of claim 1 further comprising authenticating the supplicant for a second requested service while maintaining authentication for the requested service.
3. The method of claim 1, wherein the creating step further comprises: creating a map between a service identification parameter corresponding to the requested service and the supplicant;associating the service identification parameter with a security association, the security association comprising at least one of a security association index (SAI) number, Virtual LAN identifier and an IP address; andmaintaining a state of each supplicant wherein the state is an association between the service identification parameter and the security association
4. The method of claim 1 further comprising: specifying the security association in a message for directing the message to the requested service using one of a) a key identification field, b) media access control address of the supplicant and c) an additional field in each message.
5. The method of claim 1, wherein the authenticating step further comprises: sending the authentication request from the authenticator to an authentication server where the authentication server provides the requested service;receiving an indication from the authentication server that the authentication request of the supplicant for the requested service is successful; andreceiving keying material from the authentication server so that the authenticator determines whether the supplicant is authenticated with the authentication server.
6. A method of providing a supplicant access to at least one requested service provided by an authenticator in a wireless communications network, the method comprising: receiving an association request corresponding to a first requested service at the authenticator from the supplicant;creating a relationship between the supplicant and the first requested service based on the association request;fulfilling the association request for the first requested service;receiving a first authentication request;determining an authentication server based upon the first requested service identified in the first association request;authenticating the supplicant for the first requested service by creating a security association between the supplicant and the authenticator for the first requested service;receiving a second authentication request corresponding to a second requested service;determining a second authentication server based upon the second requested service identified in the second authentication request; andauthenticating the supplicant for the second requested service while maintaining the security association between the supplicant and the authenticator for the first requested service.
7. The method of claim 6, wherein the creating step further comprises: creating a map between a service identification parameter corresponding to the requested service and the supplicant;associating the service identification parameter with a security association, the security association comprising at least one of a security association index (SAI) number, Virtual LAN identifier and an IP address; andmaintaining a state of each supplicant wherein the state is an association between the service identification parameter and the security association
8. The method of claim 6 further comprising: specifying the security association in a message for directing the message to the requested service using one of a) a key identification field, b) media access control address of the supplicant and c) an additional field in each message.
9. The method of claim 6, wherein the authenticating step further comprises: sending the authentication request from the authenticator to an authentication server where the authentication server provides the requested service;receiving an indication from the authentication server that the authentication request of the supplicant for the requested service is successful; andreceiving keying material from the authentication server so that the authenticator determines whether the supplicant is authenticated with the authentication server.
10. A method of providing a supplicant access to at least one requested service provided by an authenticator in a wireless communications network, the method comprising: receiving an association request corresponding to a second requested service at the authenticator from the supplicant, wherein the supplicant is authenticated for a first requested service and the authenticator creates a security association between the supplicant and the authenticator for the first requested service;creating a relationship between the supplicant and the second requested service based on the association request;fulfilling the association request for the second requested service;receiving an authentication request;determining an authentication server based upon the second requested service identified in the association request; andauthenticating the supplicant for the second requested service while maintaining the security association between the supplicant and the authenticator for the first requested service.
11. The method of claim 10 further comprising the step of authenticating the supplicant for a third requested service.
12. The method of claim 10, wherein the association request comprises a service identification parameter corresponding to the requested service.
13. The method of claim 10, wherein the fulfilling step further comprises: sending a security association index number corresponding to the association request if the supplicant is eligible for association in at least one of an association response and an authentication response.
14. The method of claim 10, wherein the creating step further comprises: creating a map between a service identification parameter corresponding to the requested service and the supplicant;associating the service identification parameter with a security association, the security association comprising at least one of a security association index (SAI) number, Virtual LAN identifier and an IP address; andmaintaining a state of each supplicant wherein the state is an association between the service identification parameter and the security association
15. The method of claim 14 further comprising: specifying the security association in a message for directing the message to the requested service using one of a key identification field, media access control address of the supplicant and an additional field in each message.
16. The method of claim 14 further comprising: receiving a message corresponding to the requested service at a first receiving node from at least one transmitting node in the wireless communications network;determining if the transmitting node has successfully authenticated for the requested service at the first receiving node indicated by the security association in the received message; andforwarding the message to a second receiving node, if the first receiving node has a security association with the second receiving node for the requested service
17. The method of claim 16, wherein the forwarding step further comprises: queuing the message at the first receiving node, if the first receiving node does not have the security association with the second receiving node;performing an authentication for the requested service with the second receiving node; andtransmitting the message to the second receiving node, if the first receiving node has successfully authenticated with the second receiving node for the requested service.
18. The method of claim 16, wherein the forwarding step further comprises: determining a third receiving node, if the first receiving node does not have the security association with the second receiving node, the third receiving node having access to the requested service;performing an authentication for the requested service with the third receiving node, if the first receiving node has not successfully authenticated with the third receiving node;forwarding the message to the third receiving node, if the first receiving node has successfully authenticated with the third receiving node for the requested service; andinforming the transmitting node if a third receiving node was not found.
19. The method of claim 14 further comprising receiving a message corresponding to the requested service at a first receiving node in the wireless communications network; anddiscarding the message, if the received message comprises an invalid security association.
20. The method of claim 10, wherein the authenticating step further comprises: sending the authentication request from the authenticator to an authentication server;receiving an indication from the authentication server that the authentication request of the supplicant for the requested service is successful; andreceiving keying material from the authentication server so that the authenticator determines whether the supplicant is authenticated with the authentication server.
21. The method of claim 20, wherein the authenticator server may be found via a relay to the authentication server.

Method and apparatus for providing a supplicant access to a requested service

Information

Publication Number

Date Filed

Date Published

Inventors

CPC

US Classifications

International Classifications

Abstract

Description

Claims