-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfast-reauth.dita
39 lines (37 loc) · 2.46 KB
/
fast-reauth.dita
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Peer Authenticator
| |
| EAP‐Request/Identity |
+<------------------------------------------------------+
| |
| EAP‐Response/Identity :
| (Includes a fast re‐authentication identity) |
+------------------------------------------------------>+
| |
| +----------------------------+---+
| | Server recognizes the identity |
| | and agrees to use fast |
| | re‐authentication |
| +----------------------------+---+
| |
| EAP‐Request/SIM/Re‐authentication |
| (AT_IV, AT_ENCR_DATA, *AT_COUNTER, |
| *AT_NONCE_S, *AT_NEXT_REAUTH_ID, AT_MAC) |
|<------------------------------------------------------+
| |
+----+------------------------------------------+ |
| Peer verifies AT_MAC and the freshness of | |
| the counter. Peer MAY store the new fast re‐ | |
| authentication identity for next re‐auth. | |
+----+------------------------------------------+ |
| |
| EAP-Response/SIM/Re‐authentication |
| (AT_IV, AT_ENCR_DATA, *AT_COUNTER with same value, |
| AT_MAC) |
+------------------------------------------------------>|
| +----------------------------+---+
| | Server verifies AT_MAC and |
| | the counter |
| +----------------------------+---+
| |
| EAP‐Success |
|<------------------------------------------------------+