Method and apparatus for managing communication security in wireless network

US 20060062391A1
Filed: 09/22/2005
Published: 03/23/2006
Est. Priority Date: 09/22/2004
Status: Active Grant

First Claim

Patent Images

1. A method of managing communication security in a wireless network including an access point, the method comprising:

receiving from a station that intends to associate in the wireless network, first key generation information provided by the access point and second key generation information provided by the station;

providing third key generation information;

generating a security key using the first key generation information, the second key generation information, the third key generation information, and an initial key; and

sending the third key generation information and the security key to the station.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for managing communication security in a wireless network are provided. The method includes receiving from a station that intends to associate in the wireless network including an access point, first key generation information provided by the access point and second key generation information provided by the station, providing third key generation information, generating a security key using the first key generation information, the second key generation information, the third key generation information, and an initial key, and sending the third key generation information and the security key to the station.

84 Citations

View as Search Results

84 Claims

1. A method of managing communication security in a wireless network including an access point, the method comprising:
- receiving from a station that intends to associate in the wireless network, first key generation information provided by the access point and second key generation information provided by the station;
  
  providing third key generation information;
  
  generating a security key using the first key generation information, the second key generation information, the third key generation information, and an initial key; and
  
  sending the third key generation information and the security key to the station.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first key generation information comprises a first random number provided by the access point and a medium access control (MAC) address of the access point, the second key generation information comprises an MAC address of the station, and the third key generation information comprises a second random number.
  - 3. The method of claim 1, wherein the initial key is stored in a storage area that is physically or logically protected from being accessed by the station.
  - 4. The method of claim 1, wherein the first key generation information and the second key generation information received from the station and the third key generation information and the security key sent to the station are transmitted and received using the same communication means as a communication means used for communication between the access point and the station.
  - 5. The method of claim 1, wherein the first key generation information and the second key generation information received from the station and the third key generation information and the security key sent to the station are transmitted using a first communication means having a narrower communication range than a second communication means used for communication between the access point and the station.
  - 6. The method of claim 5, wherein the first communication means is a non-contact type communication means utilizing Infrared Data Association, near field communication or Bluetooth, or a contact-type communication means utilizing a Universal Serial Bus or International Organization for Standardization-7816 standard.
  - 7. The method of claim 1, further comprising transmitting identification information of the station to the access point when disassociation of the station from the wireless network is requested by user;
    - and deactivating the first key generation information and the second key generation information when information indicating that the station has been disassociated from the wireless network is received from the access point receiving the identification information.

8. A method of managing communication security in a wireless network, the method comprising:
- receiving from a station that intends to associate in the wireless network including an access point, first key generation information provided by the access point and second key generation information provided by the station;
  
  generating a security key using the first key generation information, the second key generation information, and an initial key; and
  
  sending the security key to the station.
- View Dependent Claims (9)
- - 9. The method of claim 8, wherein the first key generation information comprises a first random number provided by the access point and a medium access control (MAC) address of the access point, and the second key generation information comprises a second random number provided by the station and an MAC address of the station.

10. A method of managing communication security in a wireless network, which is performed by a station that intends to associate in the wireless network, the method comprising:
- receiving first key generation information from an access point included in the wireless network;
  
  providing second key generation information;
  
  transmitting the first key generation information and the second key generation information to a key generation apparatus;
  
  receiving from the key generation apparatus, third key generation information provided by the key generation apparatus and a security key which is generated by the key generation apparatus using the first key generation information, the second key generation information, the third key generation information, and an initial key;
  
  transmitting the second key generation information and the third key generation information to the access point; and
  
  performing communication with the access point using the security key.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein the first key generation information comprises a first random number provided by the access point and a medium access control (MAC) address of the access point, the second key generation information comprises an MAC address of the station, and the third key generation information comprises a second random number.
  - 12. The method of claim 10, wherein the first key generation information and the second key generation information transmitted to the key generation apparatus and the security key received from the key generation apparatus are transmitted/received using the same communication means as a communication means used for communication between the access point and the station.
  - 13. The method of claim 10, wherein the first key generation information and the second key generation information transmitted to the key generation apparatus and the security key received from the key generation apparatus are transmitted and received using a first communication means having a narrower communication range than a second communication means used for communication between the access point and the station.
  - 14. The method of claim 13, wherein the first communication means is a non-contact type communication means utilizing Infrared Data Association, near field communication or Bluetooth, or a contact-type communication means utilizing a Universal Serial Bus or International Organization for Standardization-7816 standard.

15. A method of managing communication security in a wireless network, which is performed by a station that intends to associate in the wireless network, the method comprising:
- receiving first key generation information from an access point included in the wireless network;
  
  providing second key generation information;
  
  transmitting the first key generation information and the second key generation information to a key generation apparatus;
  
  receiving from the key generation apparatus a security key, which is generated by the key generation apparatus using the first key generation information, the second key generation information, and an initial key;
  
  transmitting the second key generation information to the access point; and
  
  performing communication with the access point using the security key.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein the first key generation information comprises a first random number provided by the access point and a medium access control (MAC) address of the access point, and the second key generation information comprises a second random number provided by the station and an MAC address of the station.

17. A method of managing communication security in a wireless network, which is performed by an access point included in the wireless network, the method comprising:
- providing first key generation information;
  
  transmitting the first key generation information to a station that intends to associate in the wireless network;
  
  receiving from the station, second key generation information provided by the station and third key generation information provided by a key generation apparatus, which generates a security key to be used by the station in the wireless network;
  
  generating a security key using the first key generation information, the second key generation information, the third key generation information, and an initial key that the access point stores; and
  
  performing communication with the station using the generated security key.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17, wherein the first key generation information comprises a first random number provided by the access point and a medium access control (MAC) address of the access point, the second key generation information comprises an MAC address of the station, and the third key generation information comprises a second random number provided by the key generation apparatus.
  - 19. The method of claim 17, further comprising:
    - receiving from the key generation apparatus a request to disassociate the station and identification information for identifying the station;
      
      disassociating the station designated by the identification information and deactivating the security key; and
      
      transmitting a result of the disassociation of the station to the key generation apparatus.
  - 20. The method of claim 19, wherein a first communication means used for communication between the access point and the key generation apparatus has a narrower communication range than a second communication means used for communication between the access point and the station.
  - 21. The method of claim 20, wherein the first communication means is a non-contact type communication means utilizing Infrared Data Association, (near field communication or Bluetooth, or a contact-type communication means utilizing a Universal Serial Bus or International Organization for Standardization-7816 standard.

22. A key generation apparatus comprising:
- a communication apparatus interface module which receives from a station that intends to associate in a wireless network including an access point, first key generation information provided by the access point and second key generation information provided by the station;
  
  a key generation information providing module which provides third key generation information;
  
  a storage module which stores an initial key;
  
  a security key generation module which generates a security key using the first key generation information and the second key generation information, which are received through the communication apparatus interface module, the third key generation information provided by the key generation information providing module, and the initial key stored in the storage module; and
  
  a control module which sends the third key generation information provided by the key generation information providing module and the security key generated by the security key generation module to the station through the communication apparatus interface module.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The key generation apparatus of claim 22, wherein the first key generation information comprises a first random number provided by the access point and a medium access control (MAC) address of the access point, the second key generation information comprises an MAC address of the station, and the third key generation information comprises a second random number.
  - 24. The key generation apparatus of claim 22, wherein the initial key is stored in a storage area of the storage module, the storage area being physically or logically protected from being accessed by the station.
  - 25. The key generation apparatus of claim 22, wherein communication means used by the communication apparatus interface module is the same as communication means used for communication between the access point and the station.
  - 26. The key generation apparatus of claim 22, wherein communication means used by the communication apparatus interface module is a first communication means having a narrower communication range than a second communication means used for communication between the access point and the station.
  - 27. The key generation apparatus of claim 26, wherein the first communication means is a non-contact type communication means utilizing Infrared Data Association, near field communication or Bluetooth, or a contact-type communicating means utilizing a Universal Serial Bus or International Organization for Standardization-7816 standard.
  - 28. The key generation apparatus of claim 22, wherein to disassociate the station from the wireless network, the control module transmits identification information of the station to the access point through the communication apparatus interface module, and when the communication apparatus interface module receives information indicating that the station has been disassociated from the wireless network from the access point receiving the identification information, the control module deactivates the first key generation information and the second key generation information which have been received from the station.

29. A key generation apparatus comprising:
- a communication apparatus interface module which receives from a station that intends to associate in a wireless network including an access point, first key generation information provided by the access point and second key generation information provided by the station;
  
  a storage module which stores an initial key;
  
  a security key generation module which generates a security key using the first key generation information and the second key generation information, which are received through the communication apparatus interface module, and the initial key stored in the storage module; and
  
  a control module which sends the security key generated by the security key generation module to the station through the communication apparatus interface module.
- View Dependent Claims (30)
- - 30. The key generation apparatus of claim 29, wherein the first key generation information comprises a first random number provided by the access point and a medium access control (MAC) address of the access point, and the second key generation information comprises a second random number provided by the station and an MAC address of the station.

31. A station that intends to associate in a wireless network, the station comprising:
- a network communication module which receives first key generation information from an access point included in the wireless network;
  
  a key generation information providing module which provides second key generation information;
  
  a key generation apparatus interface module which transmits the first key generation information and the second key generation information to a key generation apparatus and receives from the key generation apparatus, third key generation information provided by the key generation apparatus and a security key generated by the key generation apparatus using the first key generation information, the second key generation information, the third key generation information, and an initial key; and
  
  a control module which transmits the second key generation information and the third key generation information to the access point via the network communication module when receiving the security key and the third key generation information through the key generation apparatus interface module and sets the security key for communication between the access point and the station.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The station of claim 31, wherein the first key generation information comprises a first random number provided by the access point and a medium access control (MAC) address of the access point, the second key generation information comprises an MAC address of the station, and the third key generation information comprises a second random number.
  - 33. The station of claim 31, wherein communication means used by the key generation apparatus interface module is the same as communication means used by the network communication module.
  - 34. The station of claim 31, wherein communication means used by the key generation apparatus interface module is a first communication means having a narrower communication range than a second communication means used by the network communication module.
  - 35. The station of claim 34, wherein the first communication means is a non-contact type communicating means utilizing Infrared Data Association, near field communication or Bluetooth, or a contact-type communicating means utilizing a Universal Serial Bus or International Organization for Standardization-7816 standard.

36. A station that intends to associate in a wireless network, the station comprising:
- a network communication module which receives first key generation information from an access point included in the wireless network;
  
  a key generation information providing module which provides second key generation information;
  
  a key generation apparatus interface module which transmits the first key generation information and the second key generation information to a key generation apparatus and receives from the key generation apparatus a security key generated by the key generation apparatus using the first key generation information, the second key generation information, and an initial key; and
  
  a control module which transmits the second key generation information to the access point via the network communication module when receiving the security key through the key generation apparatus interface module and sets the security key for communication between the access point and the station.
- View Dependent Claims (37)
- - 37. The station of claim 36, wherein the first key generation information comprises a first random number provided by the access point and a medium access control (MAC) address of the access point, and the second key generation information comprises a second random number provided by the station and an MAC address of the station.

38. An access point for managing communication security in a wireless network to communicate with a station that intends to associate in the wireless network, the access point comprising:
- a key generation information providing module which provides first key generation information;
  
  a network communication module which transmits the first key generation information provided by the key generation information providing module to the station and receives from the station second key generation information provided by the station and third key generation information provided by a key generation apparatus, which generates a security key to be used by the station in the wireless network;
  
  a storage module which stores an initial key;
  
  a security key generation module which generates a security key using the first key generation information, the second key generation information, the third key generation information, and the initial key stored in the storage module; and
  
  an encryption and decryption module which encrypts data, which will be transmitted to the station via the network communication module, using the security key generated by the security key generation module and decrypts encrypted data received from the station via the network communication module using the security key.
- View Dependent Claims (39, 40, 41, 42)
- - 39. The access point of claim 38, wherein the first key generation information comprises a first random number and a medium access control (MAC) address of the access point, the second key generation information comprises an MAC address of the station, and the third key generation information comprises a second random number provided by the key generation apparatus.
  - 40. The access point of claim 38, further comprising:
    - a key generation apparatus interface module which performs communication with the key generation apparatus; and
      
      a control module which disassociates the station from the wireless network, deactivates the security key, and transmits a result of disassociation of the station to the key generation apparatus, when identification information for identifying the station and a request to disassociate the station from the wireless network are received from the key generation apparatus through the key generation apparatus interface module.
  - 41. The access point of claim 40, wherein communication means used by the key generation apparatus interface module is a first communication means having a narrower communication range than a second communication means used by the network communication module.
  - 42. The access point of claim 41, wherein the first communication means is a non-contact type communication means utilizing Infrared Data Association, near field communication or Bluetooth, or a contact-type communicating means utilizing a Universal Serial Bus or International Organization for Standardization-7816 standard.

43. An initial key providing apparatus comprising:
- a communication apparatus interface module which performs communication with an access point and a station;
  
  a control module which performs authentication with the access point and receives an initial key from the access point through the communication apparatus interface module and performs authentication with the station and transmits the initial key to the station through the communication apparatus interface module; and
  
  a storage module which stores the received initial key.
- View Dependent Claims (44, 45, 46)
- - 44. The initial key providing apparatus of claim 43, wherein communication means used by the key generation apparatus interface module is a first communication means having a narrower communication range than a second communication means for communication between the access point and the station.
  - 45. The initial key providing apparatus of claim 44, wherein the first communication means is a non-contact type communication means utilizing Infrared Data Association, near field communication or Bluetooth, or a contact-type communication means utilizing a Universal Serial Bus or International Organization for Standardization-7816 standard.
  - 46. The initial key providing apparatus of claim 43, wherein the initial key is stored in a storage area of the storage module, the storage area being physically or logically protected from being accessed by the station.

47. A method of managing communication security in a wireless network, which is performed by a station that intends to associate in the wireless network, the method comprising:
- providing first key generation information;
  
  storing the first key generation information in a key transmitter connected to the station;
  
  acquiring from the key transmitter a security key, which is generated by an access point included in the wireless network using the first key generation information, second key generation information provided by the access point, and an initial key, when the key transmitter is newly connected to the station,; and
  
  setting the security key acquired from the key transmitter as a security key used for communication with the access point.
- View Dependent Claims (48, 49, 50, 51, 52)
- - 48. The method of claim 47, wherein the key transmitter is a portable storage apparatus including flash memory.
  - 49. The method of claim 48, wherein the portable storage apparatus is a universal serial bus (USB) storage.
  - 50. The method of claim 47, wherein the initial key is stored in a storage area that is physically or logically protected from being accessed by the station.
  - 51. The method of claim 47, wherein the first key generation information comprises a first random number and a medium access control (MAC) address of the station, and the second key generation information comprises a second random number and an MAC address of the access point.
  - 52. The method of claim 47, wherein the setting of the security key comprises checking message integrity using the security key acquired from the key transmitter.

53. A method of managing communication security in a wireless network, which is performed by an access point included in the wireless network, the method comprising:
- acquiring first key generation information provided by a station that intends to associate in the wireless network from a key transmitter connected to the access point;
  
  providing second key generation information;
  
  generating a security key using the first key generation information, the second key generation information, and an initial key;
  
  storing the security key in the key transmitter; and
  
  setting the security key as a security key used for communication with the station.
- View Dependent Claims (54, 55, 56)
- - 54. The method of claim 53, wherein the key transmitter is a portable storage apparatus including flash memory.
  - 55. The method of claim 54, wherein the portable storage apparatus is a universal serial bus (USB) storage.
  - 56. The method of claim 53, wherein the first key generation information comprises a first random number and a medium access control (MAC) address of the station, and the second key generation information comprises a second random number and an MAC address of the access point.

57. A station that intends to associate in a wireless network, the station comprising:
- a key transmitter interface module which is connected to a key transmitter;
  
  a key generation information providing module which provides first key generation information; and
  
  a control module which stores the first key generation information in the key transmitter through the key transmitter interface module, acquires a security key from the key transmitter when the key transmitter is newly connected through the key transmitter interface module, and sets the acquired security key as a security key used for communication with an access point included in the wireless network.
- View Dependent Claims (58, 59, 60, 61, 62)
- - 58. The station of claim 57, wherein the key transmitter is a portable storage apparatus including flash memory.
  - 59. The station of claim 58, wherein the portable storage apparatus is a universal serial bus (USB) storage.
  - 60. The station of claim 57, wherein the security key is generated by the access point using the first key generation information, a second key generation information provided by the access point and an initial key.
  - 61. The station of claim 60, wherein the first key generation information comprises a first random number and a medium access control (MAC) address of the station, and the second key generation information comprises a second random number and an MAC address of the access point.
  - 62. The station of claim 57, wherein the setting of the security key is performed according to result of checking message integrity using the security key acquired from the key transmitter.

63. An access point for managing communication security in a wireless network to communicate with a station that intends to associate in the wireless network, the access point comprising:
- a key transmitter interface module which is connected to a key transmitter;
  
  a key generation information providing module which provides second key generation information;
  
  a security key generation module which generates a security key using first key generation information, which is provided by the station and stored in the key transmitter, the second key generation information, and an initial key; and
  
  a control module which stores the generated security key in the key transmitter through the key transmitter interface module and sets the generated security key as a security key used for communication with the station.
- View Dependent Claims (64, 65, 66)
- - 64. The access point of claim 63, wherein the key transmitter is a portable storage apparatus including flash memory.
  - 65. The access point of claim 64, wherein the portable storage apparatus is a universal serial bus (USB) storage.
  - 66. The access point of claim 63, wherein the first key generation information comprises a first random number and a medium access control (MAC) address of the station, and the second key generation information comprises a second random number and an MAC address of the access point.

67. A method of managing communication security in a wireless network, which is performed by a station that intends to associate in the wireless network, the method comprising:
- providing first key generation information;
  
  transmitting the first key generation information to an access point included in the wireless network using limited range communication means;
  
  receiving from the access point a security key, which is generated by the access point using the first key generation information, second key generation information provided by the access point, and an initial key using the limited range communication means; and
  
  setting the received security key to perform communication in accordance with the wireless network.
- View Dependent Claims (68, 69, 70, 71)
- - 68. The method of claim 67, wherein the first key generation information comprises a first random number and a medium access control (MAC) address of the station, and the second key generation information comprises a second random number and an MAC address of the access point.
  - 69. The method of claim 67, wherein the limited range communication means is communication means having a narrower communication range than the communication means used for communication in accordance with the wireless network.
  - 70. The method of claim 69, wherein the limited range communication means is a non-contact type communication means utilizing Infrared Data Association, near field communication or Bluetooth, or a contact-type communication means utilizing a Universal Serial Bus or International Organization for Standardization-7816 standard.
  - 71. The method of claim 67, wherein the setting of the security key comprises checking message integrity using the security key acquired from the access point.

72. A method of managing communication security in a wireless network, which is performed by a access point included in the wireless network, the method comprising:
- receiving first key generation information from a station that intends to associate in the wireless network using limited range communication means;
  
  providing second key generation information;
  
  generating a security key using the first key generation information, the second key generation information, and an initial key;
  
  transmitting the generated security key to the station using the limited range communication means; and
  
  setting the generated security key as a security key used to perform communication in accordance with the wireless network.
- View Dependent Claims (73, 74, 75)
- - 73. The method of claim 72, wherein the first key generation information comprises a first random number and a medium access control (MAC) address of the station, and the second key generation information comprises a second random number and an MAC address of the access point.
  - 74. The method of claim 72, wherein the limited range communication means is communication means having a narrower communication range than the communication means used for communication in accordance with the wireless network.
  - 75. The method of claim 74, wherein the limited range communication means is a non-contact type communication means utilizing Infrared Data Association, near field communication or Bluetooth, or a contact-type communication means utilizing a Universal Serial Bus or International Organization for Standardization-7816 standard.

76. A station that intends to associate in a wireless network, the station comprising:
- a key generation information providing module which provides first key generation information;
  
  a limited range communication module which transmits the first key generation information to an access point included in the wireless network and receives from the access point a security key, which is generated by the access point using the first key generation information, second key generation information provided by the access point, and an initial key;
  
  a network communication module which performs network communication in accordance with the wireless network; and
  
  a control module which sets the received security key for the network communication performed by the network communication module.
- View Dependent Claims (77, 78, 79, 80)
- - 77. The station of claim 76, wherein the first key generation information comprises a first random number and a medium access control (MAC) address of the station, and the second key generation information comprises a second random number and an MAC address of the access point.
  - 78. The station of claim 76, wherein a communication means used by the limited range communication module has a narrower communication range than a communication means used by the network communication module.
  - 79. The station of claim 78, wherein the communication means used by the limited range communication module is a non-contact type communication means utilizing Infrared Data Association, near field communication or Bluetooth, or a contact-type communication means utilizing a Universal Serial Bus or International Organization for Standardization-7816 standard.
  - 80. The station of claim 76, wherein the setting of the security key is performed according to message integrity check result using the acquired security key.

81. An access point included in a wireless network, the access point comprising:
- a limited range communication module which receives first key generation information from a station that intends to associate in the wireless network;
  
  a key generation information providing module which provides second key generation information;
  
  a security key generation module which generates a security key using the first key generation information, the second key generation information, and an initial key;
  
  a network communication module which performs network communication in accordance with the wireless network; and
  
  a control module which transmits the generated security key to the station using the limited range communication module and sets the generated security key to use for the network communication performed by the network communication module.
- View Dependent Claims (82, 83, 84)
- - 82. The access point of claim 81, wherein the first key generation information comprises a first random number and a medium access control (MAC) address of the station, and the second key generation information comprises a second random number and an MAC address of the access point.
  - 83. The access point of claim 81, wherein a communication means used by the limited range communication module has a narrower communication range than a communication means used by the network communication module.
  - 84. The access point of claim 83, wherein the communication means used by the limited range communication module is a non-contact type communication means utilizing Infrared Data Association, near field communication or Bluetooth, or a contact-type communication means utilizing a Universal Serial Bus or International Organization for Standardization-7816 standard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Oh, Seung-jae, Han, Se-hee, Lee, Sung-min

Granted Patent

US 7,721,325 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0492   by using a location-limited...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/18   using different networks or...

H04L 9/0822   using key encryption key

H04L 9/0866   involving user or device id...

H04L 9/3242   involving keyed hash functi...

H04W 12/50   Secure pairing of devices

H04W 12/71   Hardware identity

Method and apparatus for managing communication security in wireless network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

84 Citations

84 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for managing communication security in wireless network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

84 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links