EAP Key Derivation for Multiple Applications
Cisco
Nokia
The Extensible Authentication Protocol (EAP) provides an extensible interface to various authentication mechanisms. Some EAP methods derive cryptographic material between the EAP peers; these keys can be used, for instance, with IEEE 802.11i encryption. This document proposes a mechanism that can be used to derive cryptographically separate keys for more than one cryptographic application, such as protecting subsequent EAP messages, distributing credentials for re- authentication, or handoff mechanisms involving multiple WLAN access points.