Apparatus and method simplifying an encrypted network

US 20040168081A1
Filed: 02/20/2003
Published: 08/26/2004
Est. Priority Date: 02/20/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for joining a computing device to a secure network, comprising the steps of:

(a) enabling a user to initiate joining of the computing device to the secure network;

(b) in response to an initiation for the computing device to join the secure network, creating an alternate communication link between the computing device and an access point of the secure network;

(c) transmitting credentials necessary to join the secure network to the computing device; and

(d) using the credentials received by the computing device to join the computing device to the secure network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device is enabled to join a secure network with minimal user interaction. Either a user of the computing device, or a person authorized to control access to the secure network can initiate a bind step to enable the computing device to join the network. A temporary alternate network is then created between an access point of the network and the computing device network interface card (NIC). Network credentials (optionally, encrypted) are then transmitted to the computing device NIC. These parameters are decrypted by the computing device NIC (if they were encrypted) and used by it to join the secure network. Optionally, a secret can be encrypted, transmitted to the access point, and verified prior to the access point providing these parameters to the computing device. The secret ensures that a third party is not improperly authorized to access the secure network.

265 Citations

37 Claims

1. A method for joining a computing device to a secure network, comprising the steps of:
- (a) enabling a user to initiate joining of the computing device to the secure network;
  
  (b) in response to an initiation for the computing device to join the secure network, creating an alternate communication link between the computing device and an access point of the secure network;
  
  (c) transmitting credentials necessary to join the secure network to the computing device; and
  
  (d) using the credentials received by the computing device to join the computing device to the secure network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising the steps of:
    - (a) encrypting the credentials required for communication over the secure network, creating an encrypted message;
      
      (b) transmitting the encrypted message to the computing device over the alternate network; and
      
      (c) decrypting the encrypted message at the computing device, to recover the credentials.
  - 3. The method of claim 2, further comprising the step of determining an encryption key for use in encrypting the credentials to create the encrypted message, and for decrypting the encrypted message to recover the credentials.
  - 4. The method of claim 2, wherein a public and private key combination are used for encrypting and decrypting the credentials.
  - 5. The method of claim 2, wherein a Diffie-Hellman key exchange is used for encrypting and decrypting the credentials.
  - 6. The method of claim 1, further comprising the steps of:
    - (a) enabling the user to enter a secret on the computing device, said secret being known to a person at the access point, who is authorized to selectively enable the computing device to join the secure network;
      
      (b) encrypting the secret at the computing device, producing an encrypted secret message;
      
      (c) transmitting the encrypted secret message to the access point; and
      
      (d) decrypting the encrypted secret message to recover the secret at the access point, to enable the person to determine that the secret thus recovered is correct and to thereby prevent a third party intermediary who may be intercepting communications over the alternate network from being improperly authorized to communicate over the secure network.
  - 7. The method of claim 1, further comprising the step of enabling the user to initiate joining the secure network through the computing device.
  - 8. The method of claim 1, further comprising the step of enabling the user to initiate joining the secure network through the access point.
  - 9. A memory media having machine instructions stored thereon for carrying out the steps of claim 1.

10. A method for selectively automatically enabling a computing device to join a secure network, comprising the steps of:
- (a) enabling activation of a bind option on the computing device and on an access point used on the secure network;
  
  (b) in response to the bind option being activated, automatically producing a secure encrypted communication link between the computing device and the access point;
  
  (c) selectively transmitting a secure encrypted message from the access point to the computer device after authorization is granted for the computing device to join the secure network, said encrypted message conveying credentials that are required by the computing device for joining the secure network;
  
  (d) decrypting the encrypted message to recover the credentials, at the computing device; and
  
  (e) using the credentials at the computing device to join the computing device to the secure network.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, wherein the step of automatically producing the encrypted wireless network comprises the step of producing an encryption key for use in communicating over the encrypted communication link.
  - 12. The method of claim 10, further comprising the steps of:
    - (a) enabling entry of a secret on the computing device, said secret being known by a person enabled to selectively authorize the computing device to join the secure network;
      
      (b) encrypting the secret in a secure encrypted message that is transmitted to the access point; and
      
      (c) decrypting the secure encrypted message at the access point to recover the secret, enabling said person to determine if the secret that is known was actually recovered, and if not, preventing a third party intermediary who may have intercepted the encrypted message from being improperly authorized to communicate over the secure network.
  - 13. The method of claim 10, wherein the step of automatically producing the encrypted communication link comprises the step of employing a Diffie-Heilman key exchange.
  - 14. The method of claim 10, wherein the step of automatically producing the encrypted communication link comprises the step of employing a private/public key for encrypting and decrypting communications.
  - 15. The method of claim 10, further comprising the step of interrupting other communications over the secure network while joining the computing device to the secure network.
  - 16. The method of claim 10, wherein the step of enabling activation of the bind option comprises the step of displaying a graphic user interface option to bind the computing device to the secure network.
  - 17. The method of claim 10, wherein the credentials comprise a Service Set Identifier (SSID) and a Wired Equivalent Privacy (WEP) key.
  - 18. The method of claim 10, wherein the credentials comprise a Wireless Protected Access (WPA) key.
  - 19. A memory medium on which are stored machine instructions for carrying out the steps of claim 10.

20. A system for joining a secure network, comprising:
- (a) a memory in which a plurality of machine instructions are stored;
  
  (b) a network communication interface; and
  
  (c) a processor coupled to the memory and the network communication interface, said processor executing the machine instructions, which cause the processor to carry out a plurality of functions, including;
  
  (i) enabling a user to initiate joining of the computing device to the secure network;
  
  (ii) participating in creating an alternate communication link between the computing device and an access point of the secure network;
  
  (iii) receiving credentials required for joining the secure network over the alternate communication link, from the access point; and
  
  (iv) using the credentials on the computing device to join the computing device to the secure network.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 34)
- - 21. The system of claim 20, wherein the machine instructions further cause the processor to decrypt an encrypted message used to convey the credentials to the computing device from the access point in a secure encrypted message.
  - 22. The system of claim 20, wherein the network interface comprises a wireless network communication device.
  - 23. The system of claim 20, wherein the machine instructions further cause the processor to enable a user to enter a secret that is included in a secure encrypted transmission to the access point over the alternate communication link, said secret being known to a person authorized to permit the computing device to join the secure network.
  - 24. The system of claim 20, wherein the machine instructions cause the processor to enable the alternate communication link to be established with the access point using a Diffie-Hellman key exchange.
  - 25. The system of claim 20, wherein the machine instructions cause the processor to enable the alternate communication link to be established with the access point using a private/public key.
  - 26. The system of claim 20, further comprising a display, wherein said machine instructions further cause the processor to display a bind option in a user interface on the display, said bind option being selectively activated to initiate joining the secure network.
  - 27. The system of claim 20, wherein the credentials comprise a Service Set Identifier (SSID), and a Wired Equivalent Privacy (WEP) key.
  - 28. The system of claim 20, wherein the credentials comprise a Wireless Protected Access (WPA) key.
  - 34. The system of claim 24, wherein the machine instructions cause the processor to enable the alternate communication link to be established with the computing device using a private/public key.

29. A system for facilitating joining a computing device to a secure network, comprising:
- (a) a memory in which a plurality of machine instructions are stored;
  
  (b) a network communication interface; and
  
  (c) a processor coupled to the memory and the network communication interface, said processor executing the machine instructions, which cause the processor to carry out a plurality of functions, including;
  
  (i) enabling a user to initiale joining of the computing device to the secure network;
  
  (ii) participating in creating an alternate communication link with the computing device;
  
  (iii) using the alternate communication link, transmitting credentials required for communication over the secure network, to the computing device; and
  
  (iv) joining the computing device to the secure network in response to the computing device requesting to be joined using credentials.
- View Dependent Claims (30, 31, 32, 33, 35, 36, 37)
- - 30. The system of claim 29, wherein the processor, network communication interface, and memory comprise an access point on the secure network.
  - 31. The system of claim 29, wherein the machine instructions further cause the processor to encrypt the credentials, to produce an encrypted message that is transmitted to the computing device over the alternate communications link.
  - 32. The system of claim 29, wherein the machine instructions further cause the processor to:
    - (a) receive an encrypted message that conveys a secret, from the computing device;
      
      (b) decrypt the encrypted message to recover the secret; and
      
      (c) compare the secret to a known secret, to selectively determine that the credentials are to be transmitted to the computing device if the secret and the known secret match, but to detect an unauthorized third party attempting to join the secure network if the secret and known secret do not match.
  - 33. The system of claim 29, wherein the machine instructions cause the processor to enable the alternate communication link to be established with the computing device using a Diffie-Hellman key exchange.
  - 35. The system of claim 29, further comprising a display, wherein said machine instructions further cause the processor to display a bind option in a user interface on the display, said bind option being selectively activated to initiate joining the computing device to the secure network.
  - 36. The system of claim 29, wherein the credentials comprise a Service Set Identifier (SSID), and a Wired Equivalent Privacy (WEP) key.
  - 37. The system of claim 29, wherein the credentials comprise a Wireless Protected Access (WPA) key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Childerston, Matthew D., Malik, Neel R.S., Ladas, Corey M.

Application Number

US10/370,192
Publication Number

US 20040168081A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04W 12/50   Secure pairing of devices

Apparatus and method simplifying an encrypted network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

265 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method simplifying an encrypted network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

265 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links