Method of cryptographing wireless data and apparatus using the method

US 20040073796A1
Filed: 05/20/2003
Published: 04/15/2004
Est. Priority Date: 10/11/2002
Status: Active Grant

First Claim

Patent Images

1. A key descriptor structure exchanged between a wireless LAN terminal and an access point, the structure comprising:

a key initial vector which is a random number generated in the access point;

a key descriptor type which indicates an encryption algorithm; and

a plurality of key materials encrypted according to the encryption algorithm of the key descriptor using the key initial vector and a master session key shared between the wireless LAN terminal and the access point as an encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A key descriptor structure exchanged between a wireless LAN terminal and an access point, and a method and apparatus for cryptographing wireless data are provided. The key descriptor structure includes a key initial vector which is a random number generated in the access point, a key descriptor type which indicates an encryption algorithm, and a plurality of key materials encrypted according to the encryption algorithm of the key descriptor using the key initial vector and a master session key shared between the wireless LAN terminal and the access point as an encryption key.

56 Citations

View as Search Results

16 Claims

1. A key descriptor structure exchanged between a wireless LAN terminal and an access point, the structure comprising:
- a key initial vector which is a random number generated in the access point;
  
  a key descriptor type which indicates an encryption algorithm; and
  
  a plurality of key materials encrypted according to the encryption algorithm of the key descriptor using the key initial vector and a master session key shared between the wireless LAN terminal and the access point as an encryption key.
- View Dependent Claims (2)
- - 2. The structure of claim 1, wherein each of the key materials comprises:
    - a tag part which designates a wireless section encryption algorithm;
      
      a length part which designates the length of a wireless section encryption key; and
      
      a key value part which represents the wireless section encryption key.

3. A method of exchanging a wireless section encryption key using a key descriptor between a wireless LAN terminal and an access point, the method comprising:
- (a) receiving a master session key from an authentication server through the access point and sharing the wireless LAN terminal and the master session key;
  
  (b) generating a plurality of key materials in the access point;
  
  (c) transmitting the key descriptor including the key materials encrypted on the basis of the master session key and the key initial vector, to the wireless LAN terminal; and
  
  (d) detecting a wireless section encryption key from the key descriptor received by the wireless LAN terminal.
- View Dependent Claims (4, 5, 6, 15)
- - 4. The method of claim 3, wherein (b) comprises:
    - (b1) generating a tag which designates a wireless section encryption algorithm;
      
      (b2) calculating the length of a wireless section encryption key of the encryption algorithm indicated by the tag; and
      
      (b3) generating an actual value of the encryption key.
  - 5. The method of claim 4, wherein (b1) further comprises arranging the tag randomly.
  - 6. The method of claim 3, wherein (d) comprises re-keying the wireless section encryption on the basis of the tag after detecting the wireless section encryption key from the key descriptor received by the wireless LAN terminal.
  - 15. A computer readable recording medium on which a program for executing steps of claim 3 in a computer is recorded.

7. A method of exchanging wireless data between a wireless LAN terminal and an access point, the method comprising:
- (a) generating a plurality of key materials in the access point;
  
  (b) transmitting a key descriptor including the key materials to the wireless LAN terminal and detecting a wireless section encryption key from the key descriptor received by the wireless LAN terminal;
  
  (c) encrypting data according to an algorithm designated in a tag field through the access point and transmitting encrypted data with the tag; and
  
  (d) receiving the encrypted data through the wireless LAN terminal and decrypting the data on the basis of the algorithm and the wireless section encryption key.
- View Dependent Claims (8, 9, 10, 11, 16)
- - 8. The method of claim 7, wherein (a) comprises:
    - (a1) generating a tag which designates a wireless section encryption algorithm;
      
      (a2) calculating the length of a wireless section encryption key of the encryption algorithm indicated by the tag; and
      
      (a3) generating an actual value of the encryption key.
  - 9. The method of claim 7, wherein (c) comprises (c1) designating different algorithms for each tag field and encrypting the tag field according to the different algorithms.
  - 10. The method of claim 9, wherein (c1) further comprises arranging the tag randomly.
  - 11. The method of claim 7, wherein in (c), the tag field is encrypted using the master session key as an encryption key and using a symmetrical key algorithm between the wireless LAN terminal and the access point.
  - 16. A computer readable recording medium on which a program for executing steps of claim 7 in a computer is recorded.

12. An access point, which constitutes at least one wireless LAN terminal, an authentication server, and a network, the access point comprising:
- an arithmetic processor which processes data communicated with the network and performs the control of the access point;
  
  a master session key receiver which receives a master session key from the authentication server and stores the master session key;
  
  a security processor which encrypts a key material according to an encryption algorithm indicated by a key descriptor type using the master session key and a key initial vector as an encryption key;
  
  a transmitter which outputs a key descriptor including the encrypted key material; and
  
  an interface which transmits and receives the key descriptor output by the transmitter and data to and from the wireless LAN terminal.
- View Dependent Claims (13, 14)
- - 13. The access point of claim 12, wherein the security processor comprises:
    - a tag generator which generates a tag for designating an encryption algorithm to be used in a wireless section;
      
      an encryption key length generator which designates the length of a wireless section encryption key; and
      
      a key value generator which generates a wireless section encryption key value.
  - 14. The access point of claim 12, wherein the security processor further includes a multiple cryptography unit, which designates different tag values for each data frame that is transmitted and received between the wireless LAN terminal and the access point, encrypts the data of each data frame according to a different encryption algorithm and outputs the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Kang, You-Sung, Chung, Byung-Ho

Granted Patent

US 7,539,866 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

H04W 84/12   WLAN [Wireless Local Area N...

Method of cryptographing wireless data and apparatus using the method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

56 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method of cryptographing wireless data and apparatus using the method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links