The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Network access solutions requiring user friendly and easily deployable secure authentication mechanisms need strong mutual authentication protocols that are not necessarily dependent on computation intensive and, in some cases, potentially costly exchanges of digital certificates. For example, RFC4851, “Extensible Authentication Protocol based Flexible Authentication via Secure Tunneling Protocol (EAP-FAST),” provides a Transport Layer Security (TLS) tunnel using a TLS version mutually supported by both a client and a network access server. Once a secure tunnel is established, EAP-FAST exchanges data in the form of type, length, and value (TLV) objects to perform authentication.
EAP-FAST provides authentication using a Protected Access Credential (PAC). The PAC generally includes an encrypted set of parameters and a set of unencrypted parameters. An initialization vector may be used to provide better variance when encrypting and decrypting the PAC encrypted portion. The encrypted set of parameters is sent to the client in a protected access credential and is presented to the network authentication server when the client requests access to network resources. The network access server then attempts to verify the contents of the encrypted set of parameters and if verified, the client is granted access to the network by the network access server.