Rajesh I V
Ram Mohan R


Internet of things (IoT) devices frequently apply insufficient authentication mechanisms with their application servers due to the constrained nature of such devices. For example, most IoT devices lack the resources that are necessary to store usernames and passwords, certificates, and keys in a secured manner. The challenge that was described above is solved in a 3rd Generation Partnership Project (3GPP) fifth-generation (5G) wireless environment through the Authentication and Key Management for Applications (AKMA) initiative. However, there is no AKMA-equivalent facility within a WiFi environment. Accordingly, techniques are presented herein that extend the WiFi authentication process to support application server authentication for constrained devices. Aspects of the presented techniques support an exchange of a WiFi key and a key identifier (which may be referred to herein as a KAKMA key and an A-KID) as part of an Extensible Authentication Protocol (EAP) tunnel using a new information element (IE) once an authentication process has successfully completed. Such an exchange allows a station (STA) device to use the key tuple {KAKMA, A-KID} to access any application functions that are grouped with that key identifier (i.e., A-KID) without requiring any further authentication.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.