| 主权项 |
1. A method for authenticating a peer device onto a network having an authenticator and an authentication server, the authentication server supporting modifications to Extensible Authentication Protocol (EAP), the network being accessible through an access point associated with the authenticator, the method including steps of:
exchanging EAP-specific authentication messages between the peer device and the authentication server via the authenticator; generating keying material in the peer device, wherein the authentication server generates said keying material and an associated key lifetime in the authentication server, and communicates said keying material and said associated key lifetime from the authentication server to the authenticator; receiving an EAP Success packet from the authenticator to the peer device following the exchange of EAP-specific authentication messages, wherein the EAP Success packet comprises a code field set to Success, and wherein the EAP Success packet exclusively contains said associated key lifetime, to complete authentication to grant the peer device unblocked access to the network; conducting a 4-way handshake, without receiving the associated key lifetime during the 4-way handshake, to complete said authentication and grant the peer device unblocked access to the network after communication of the EAP Success packet to the peer device; and establishing re-authentication with the authentication server via the authenticator, at a time which is a fixed time interval prior to session timeout of the associated key lifetime as selected by a user of the peer device, including generating second keying material; and responsive to determining no active media sessions are disrupted as a result of the re-authentication, completing the re-authentication with the second keying material. |
