Pre-association mechanism to provide detailed description of wireless services
First Claim
1. A computer-implemented method to pre-associatively describe available services specific to a wireless local area network (WLAN) while preventing tampering, the computer-implemented method comprising:
- prior to any association between a mobile device and a wireless access point under a communication standard, and prior to any link security provided via any such association;
receiving, by the mobile device, a signal from the wireless access point when the mobile device is within a radio range of the wireless access point, the wireless access point having an access network provider;
determining, based on the signal, whether the access network provider supports a protocol for advertising WLAN-specific services accessible to the mobile device via a WLAN of the wireless access point, wherein the WLAN-specific services are inaccessible via the Internet;
upon determining that the access network provider supports the protocol, sending a service request comprising a request for a list of WLAN-specific services to the access network provider and generating a first hash of the service request, wherein the first hash is not provided to the access network provider;
receiving a response to the service request, the response comprising;
(i) at least one service advertisement comprising data representative of a name of the access network provider and data representative of an icon for the access network provider, wherein the at least one service advertisement is associated with at least one service brief comprising data representative of a description of an available service; and
(ii) a first signature;
determining that the response has not been tampered with, by validating the response by operation of one or more computer processors, wherein validating the response includes verifying the signature by;
(i) decrypting the first signature using a public key associated with the access network provider and (ii) determining that the decrypted first signature includes a request hash matching the first hash;
upon receiving a response to a certificate request, the certificate request comprising a nonce, the response comprising a certificate and a second signature, validating the response to the certificate request by verifying the second signature using the public key;
upon receiving a response to a validation request comprising a request to validate a certificate chain of the certificate, determining that the certificate has not been revoked, by validating the certificate chain; and
upon determining that the certificate has not been revoked, and prior to accessing any of the WLAN-specific services, outputting, via the mobile device;
(i) the list of WLAN-specific services and (ii) a description for a first of the WLAN-specific services.
1 Assignment
0 Petitions
Accused Products
Abstract
In an example embodiment, an apparatus comprising a transceiver configured to send and receive data and logic coupled to the transceiver. The logic is configured to determine from a signal received by the transceiver whether an associated device sending the signal supports a protocol for advertising available services. The logic is configured to send a request for available services from the associated device via the transceiver responsive to determining the associated device supports the protocol. The logic is configured to receive a response to the request via the transceiver, the response comprising at least one service advertisement and a signature. The logic is configured to validate the response by confirming the signature.
94 Citations
20 Claims
-
1. A computer-implemented method to pre-associatively describe available services specific to a wireless local area network (WLAN) while preventing tampering, the computer-implemented method comprising:
prior to any association between a mobile device and a wireless access point under a communication standard, and prior to any link security provided via any such association; receiving, by the mobile device, a signal from the wireless access point when the mobile device is within a radio range of the wireless access point, the wireless access point having an access network provider; determining, based on the signal, whether the access network provider supports a protocol for advertising WLAN-specific services accessible to the mobile device via a WLAN of the wireless access point, wherein the WLAN-specific services are inaccessible via the Internet; upon determining that the access network provider supports the protocol, sending a service request comprising a request for a list of WLAN-specific services to the access network provider and generating a first hash of the service request, wherein the first hash is not provided to the access network provider; receiving a response to the service request, the response comprising;
(i) at least one service advertisement comprising data representative of a name of the access network provider and data representative of an icon for the access network provider, wherein the at least one service advertisement is associated with at least one service brief comprising data representative of a description of an available service; and
(ii) a first signature;determining that the response has not been tampered with, by validating the response by operation of one or more computer processors, wherein validating the response includes verifying the signature by;
(i) decrypting the first signature using a public key associated with the access network provider and (ii) determining that the decrypted first signature includes a request hash matching the first hash;upon receiving a response to a certificate request, the certificate request comprising a nonce, the response comprising a certificate and a second signature, validating the response to the certificate request by verifying the second signature using the public key; upon receiving a response to a validation request comprising a request to validate a certificate chain of the certificate, determining that the certificate has not been revoked, by validating the certificate chain; and upon determining that the certificate has not been revoked, and prior to accessing any of the WLAN-specific services, outputting, via the mobile device;
(i) the list of WLAN-specific services and (ii) a description for a first of the WLAN-specific services.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. Logic encoded in a non-transitory computer readable medium, the logic executable to perform an operation to pre-associatively describe available services specific to a wireless local area network (WLAN) while preventing tampering, the operation comprising:
prior to any association between a mobile device and a wireless access point under a communication standard, and prior to any link security provided via any such association; receiving, by the mobile device, a signal from the wireless access point when the mobile device is within a radio range of the wireless access point, the wireless access point having an access network provider; determining, based on the signal, whether the access network provider supports a protocol for advertising WLAN-specific services accessible to the mobile device via a WLAN of the wireless access point, wherein the WLAN-specific services are inaccessible via the Internet; upon determining that the access network provider supports the protocol, sending a service request comprising a request for a list of WLAN-specific services to the access network provider and generating a first hash of the service request, wherein the first hash is kept private from the access network provider; receiving a response to the service request, the response comprising;
(i) at least one service advertisement comprising data representative of a name of the access network provider and data representative of an icon for the access network provider, wherein the at least one service advertisement is associated with at least one service brief comprising data representative of a description of an available service; and
a first signature;determining that the response has not been tampered with, by validating the response by operation of one or more computer processors when executing the logic, wherein validating the response includes verifying the first signature by;
(i) decrypting the first signature using a public key associated with the access network provider and (ii) determining that the decrypted first signature includes a request hash matching the first hash;upon receiving a response to a certificate request, the certificate request comprising a nonce, the response comprising a certificate and a second signature, validating the response to the certificate request by verifying the second signature using the public key; upon receiving a response to a validation request comprising a request to validate a certificate chain of the certificate, determining that the certificate has not been revoked, by validating the certificate chain; and upon determining that the certificate has not been revoked, and prior to accessing any of the WLAN-specific services, outputting, via the mobile device;
(i) the list of WLAN-specific services and (ii) a description for a first of the WLAN-specific services.- View Dependent Claims (15, 16, 17, 18, 19)
-
20. A computer-implemented method to pre-associatively describe available services specific to a wireless local area network (WLAN) while preventing tampering, the computer-implemented method comprising:
prior to any association between a mobile device and a wireless access point under a communication standard, and prior to any link security provided via any such association; upon receiving, via the wireless access point and from a service provider, a signal comprising data representative of a protocol for advertising available services, sending a service request comprising a request for a list of available services that are accessible via a WLAN of the wireless access point, wherein the available services are inaccessible via the Internet, wherein a first hash is generated of the service request and is not provided to the service provider; receiving a response to the service request, the response comprising at least one service advertisement associated with at least one service brief, the response further comprising a first signature, wherein the service advertisement comprises data representative of a name of the service provider and data representative of an icon for the service provider, wherein the service brief comprises data representative of a description of an available service; determining that the response has not been tampered with, by validating the response to the service request by operation of one or more computer processors of the mobile device, wherein validating the response includes verifying the first signature by;
(i) obtaining a request hash by decrypting the first signature using a public key associated with the service provider and (ii) determining that the request hash matches the first hash;upon receiving a response to a certificate request, the certificate request comprising a nonce, the response comprising a certificate and a second signature, validating the response to the certificate request by verifying the second signature using the public key; upon receiving a response to a validation request comprising a request to validate a certificate chain of the certificate, determining whether the certificate has been revoked, by validating the certificate chain; and outputting, for display on the mobile device, an icon associated with the service brief upon all of;
validating the response to the service request, validating the response to the certificate request, and determining that the certificate has not been revoked.
Specification