Many wireless communication systems require a rapid deployment of independent mobile users as well as reliable communications between user nodes. Mesh networks, such as Mobile Ad Hoc Networks (MANETs), are based on self-configuring autonomous collections of portable devices that communicate with each other over wireless links having limited bandwidths. A mesh network is a collection of wireless nodes or devices organized in a decentralized manner to provide range extension by allowing nodes to be reached across multiple hops. In a mesh network, communication packets sent by a source node thus can be relayed through one or more intermediary nodes before reaching a destination node. Mesh networks may be deployed as temporary packet radio networks that do not involve significant, if any, supporting infrastructure. Rather than employing fixed base stations, in some mesh networks each user node can operate as a router for other user nodes, thus enabling expanded network coverage that can be set up quickly, at low cost, and which is highly fault tolerant. In some mesh networks, special wireless routers also may be used as intermediary infrastructure nodes. Large networks thus can be realized using intelligent access points (IAPs), also known as gateways or portals, which provide wireless nodes with access to a wired backhaul or wide area network (WAN).
Mesh networks can provide critical communication services in various environments involving, for example, emergency services supporting police and fire personnel, military applications, industrial facilities and construction sites. Mesh networks are also used to provide communication services in homes, in areas with little or no basic telecommunications or broadband infrastructure, and in other areas with demand for high speed services (e.g., universities, corporate campuses, and dense urban areas).
However, establishing secure communications between nodes in a mesh communication network can be complex. Conventional mobile devices such as cellular phones often obtain communication security using infrastructure-based authentication processes. Devices are generally authenticated through an Access Point (AP), such as a base station, which is connected to an authentication server. An authentication request can be transmitted for example using an Extensible Authentication Protocol (EAP) comprising EAP Over Local Area Network (EAPOL) packets. The authentication process involves several EAPOL packets being transmitted and received, beginning with an EAP Start packet and finishing with either an EAP Success message packet or an EAP Failure message packet. The authentication server stores the authentication credentials of a mobile device (typically called a supplicant) that is being authenticated. Authentication servers also can be connected to other authentication servers to obtain supplicant authentication credentials that are not stored locally.
In infrastructure-based mobile networks, a centralized procedure is often followed where a single AP handles an authentication process for all supplicants within range of the AP. For example, prior systems which adhere to American National Standards Institute/Institute of Electrical and Electronics Engineers (ANSI/IEEE) 802.1X or ANSI/IEEE 802.11i standards utilize such a centralized procedure (see: http://standards.ieee.org/getieee802/index.html or contact the IEEE at IEEE, 445 Hoes Lane, PO Box 1331, Piscataway, N.J. 08855-1331, USA). However, because every supplicant can be authenticated only via an AP, such a centralized procedure is not practical in wireless mesh communication networks, which often have nodes operating outside of the wireless range of an Intelligent AP (IAP). Wireless mesh communication networks thus often involve complex mutual authentication methods performed between all neighboring network nodes, which can consume significant time and processor resources of the network nodes.
Accordingly, there is a need for an improved method and system for mutual authentication of nodes in a wireless communication network.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.