Mobile devices such as cellular phones, personal digital assistants (PDAs) and notebook computers often require authentication when accessing remote databases or networks. Devices are generally authenticated through an Infrastructure Access Point (IAP), such as a base station, which is connected to an authentication server. An authentication request can be transmitted for example using an Extensible Authentication Protocol (EAP) comprising EAP Over Local Area Network (EAPOL) packets. The authentication process involves several EAPOL packets being transmitted and received, beginning with an EAP Start packet and finishing with either an EAP Success message packet or an EAP Failure message packet. The authentication server stores the authentication credentials of a mobile device (typically called a supplicant) that is being authenticated. Authentication servers also can be connected to other authentication servers to obtain supplicant authentication credentials that are not stored locally.
In prior systems, a centralized procedure is followed where a single IAP handles an authentication process for all supplicants within range of the IAP. For example, prior systems which adhere to American National Standards Institute/Institute of Electrical and Electronics Engineers (ANSI/IEEE) 802.1X or ANSI/IEEE 802.11i standards utilize such a centralized procedure. Because every supplicant can be authenticated only via an IAP, such a centralized procedure is not practical in wireless communication networks that have nodes operating outside of the wireless range of an IAP.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.