Supplicant

Abstract: Provisioned wireless service (PWS) authentication apparatus and method simplifies determination of PWS authentication state by dual mode access point (DMAP) receiving an identifying credential from supplicant dual mode mobile station (DMMS) within predefined authentication period and comparing with authentication credential. DMMS is provisioned PWS upon authentication. DMAP having multiple BSSID remotely configurable to differentiate between provisioned services (e.g., voice, VoIP) and standard wireline/fixed wireless services. DMAP and DMMS are each identifiable by respective unique provisioned service BSSID. Identifying credential can be pass code supplied to DMMS user by DMAP operator to facilitate authenticated association and to deter wireless channel interlopers.

Abstract: A software based wireless infrastructure system is provided. The system has a driver that communicates with the network stack and a network interface card (NIC), a station server in communication with the station driver and an 802.1X supplicant or an 802.1X authenticator. Each NIC provides station and/or access point functionality support. The driver drops packets that have been received if the packet has not been authenticated and associated. Packets that have been fragmented or encrypted are unfragmented and decrypted. An association manager is used in conjunction with a configuration table manager to associate stations and access points via management packets. A manager receives 802.1X data packets from the packet processor and sends them up to a station server that communicates with user mode applications and an 802.1X supplicant or an 802.1X authenticator that are used to authenticate and deauthenticate stations and access points. APIs are provided to enable communication between the components.

Abstract: A method is disclosed for determining the authentication capabilities of a supplicant before initiating an authentication conversation with a client (104), for example, using Extensible Authentication Protocol (EAP). In one aspect, the method provides for sending (130), to a supplicant (104) that is requesting access to a computer network (110) subject to authentication of a user (102) of the supplicant (104), a list of first authentication methods (112) that are supported by an authentication server (150); receiving (152), from the supplicant (104), a counter-list of second authentication methods (112) that are supported by the supplicant (104); determining how many second authentication methods in the counter-list match the first authentication methods (154); and performing an authentication policy action based on how many of the second authentication methods match the first authentication methods (156). Policy actions can include blocking access, re-directing to sources of acceptable authentication methods, granting one of several levels of network access, etc (162-170).

Abstract: A method of detecting a rogue access point is disclosed. A message is directed from a supplicant to a network through an access point. A network response message is received by the supplicant from the access point. A step of determining whether the access point is one of a valid network access point and a rogue access point is performed based on whether the received network response message is respectively in conformity or nonconformity with predetermined expectations. If the access point is determined to be a rogue access point, it is reported to the network. If the access point is determined to be a valid network access point, the supplicant is authenticated to the network.