WLAN session management techniques with secure rekeying and logoff

US 20060179305A1
Filed: 03/11/2004
Published: 08/10/2006
Est. Priority Date: 03/11/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing a secure communications session with a user terminal in a communications network, the method comprising the steps of:

transmitting a secure key and a secure seed to the user terminal using a secure communications method, the secure key and the secure seed being suitable for storage in the user terminal for use during the secure communications session;

encrypting and transmitting data to the user terminal using a current session key, and receiving and decrypting data received from the user terminal using the current session key, the secure key initially being used as the current session key; and

periodically generating by an access point a subsequent session key using the secure seed and using the subsequent session key as the current session key during subsequent communications between the communications network and the user terminal.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a method for improving the security of a mobile terminal in a WLAN environment by installing two shared secrets instead of one shared secret, the initial session key, on both the wireless user machine and the WLAN access point during the user authentication phase. One of the shared secrets is used as the initial session key and the other is used as a secure seed. Since the initial authentication is secure, these two keys are not known to a would be hacker. Although the initial session key may eventually be cracked by the would be hacker, the secure seed remains secure as it is not used in any insecure communication.

52 Citations

View as Search Results

24 Claims

1. A method for providing a secure communications session with a user terminal in a communications network, the method comprising the steps of:
- transmitting a secure key and a secure seed to the user terminal using a secure communications method, the secure key and the secure seed being suitable for storage in the user terminal for use during the secure communications session;
  
  encrypting and transmitting data to the user terminal using a current session key, and receiving and decrypting data received from the user terminal using the current session key, the secure key initially being used as the current session key; and
  
  periodically generating by an access point a subsequent session key using the secure seed and using the subsequent session key as the current session key during subsequent communications between the communications network and the user terminal.
- View Dependent Claims (2, 3)
- - 2. The method according to claim 1, further comprising the step of:
    - logging off the user terminal in response to an encrypted logoff request from the user terminal accompanied by the secure seed.
  - 3. The method according to claim 1, wherein the periodically generating step comprises generating the subsequent session key by concatenating the current session key with the secure seed and applying a hash algorithm.

4. A method for providing a secure communications session with a mobile terminal in a wireless local area network, the method comprising the steps of:
- transmitting a secure key and a secure seed to the mobile terminal using a secure communications method, the secure key and the secure seed being suitable for storage in the mobile terminal for use during the secure communications session;
  
  encrypting and transmitting data to the mobile terminal using a current session key, and receiving and decrypting data received from the mobile terminal using the current session key, the secure key initially being used as the current session key; and
  
  periodically generating by an access point a subsequent session key using the secure seed and using the subsequent session key as the current session key during subsequent communications with the mobile terminal.
- View Dependent Claims (5, 6)
- - 5. The method as in claim 4, wherein the periodically generating step comprises generating by the AP a subsequent session key using a combination of a new key and the secure seed, the new key being generated using the secure key.
  - 6. The method as in claim 5, wherein the periodically generating step comprises generating by the AP a subsequent session key by concatenating the new key and the secure seed and running a hash algorithm to generate the subsequent session key.

7. A method for providing a secure communications session with a mobile terminal in a wireless local area network, the method comprising the steps of:
- generating a secure key;
  
  transmitting the secure key to the mobile terminal using a secure communications method, the secure key being stored in the mobile terminal for use during the secure communications session;
  
  encrypting and transmitting data to the mobile terminal using a current session key, and receiving and decrypting data received from the mobile terminal using the current session key; and
  
  ending the secure communications session by an access point in response to receiving a logoff message from the mobile terminal, the logoff message being in encrypted form and including the secure key.

8. A method for providing a secure communications session with a mobile terminal in a wireless local area network, the method comprising the steps of:
- generating a secure key and a secure seed;
  
  transmitting the secure key and the secure seed to the WLAN using a secure communications method, the secure key and the secure seed being stored in the WLAN for use during the secure communications session;
  
  encrypting and transmitting data to the WLAN using a current session key, and receiving and decrypting data received from the WLAN using the current session key, the secure key initially being used as the current session key; and
  
  periodically generating by the mobile terminal a subsequent session key using the secure seed and using the subsequent session key as the current session key during subsequent communications with the WLAN.
- View Dependent Claims (9, 10)
- - 9. The method as in claim 8, wherein the periodically generating step comprises generating by the mobile terminal a subsequent session key using a combination of a new key and the secure seed, the new key being generated using the secure key.
  - 10. The method as in claim 9, wherein the periodically generating step comprises generating by the mobile terminal a subsequent session key by concatenating the new key and the secure seed and running a hash algorithm to generate the subsequent session key.

11. A method for providing a secure communications session with a mobile terminal in a wireless local area network, the method comprising the steps of:
- generating a secure key;
  
  receiving the secure key from the WLAN using a secure communications method, the secure key being stored in the WLAN for use during the secure communications session;
  
  encrypting and transmitting data to the WLAN using a current session key, and receiving and decrypting data received from the WLAN using the current session key; and
  
  ending the secure communications session in response to receiving a logoff message from the WLAN, the logoff message being in encrypted form and including the secure key.

12. A method for providing a secure communications session with a mobile terminal in a wireless local area network, the method comprising the steps of:
- installing at least two shared secrets on both the mobile terminal and the WLAN access point during the user authentication phase whereby a first secret is the initial session key and a second secret is utilized as secure seed to generate subsequent session keys.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method as in claim 12, further comprising the step of generating a new key and encrypting the new key with the current session key and exchanging and the new key between the WLAN and the mobile terminal.
  - 14. The method as in claim 12, further comprising the step of the WLAN and the mobile terminal generating a new session key employing the new session key and the secure seed.
  - 15. The method as in claim 14, wherein generating the new session key generation comprises the step of concatenating the said new session key to the secure seed.
  - 16. The method as in claim 15, further comprising the step of generating a new session key by applying a hash algorithm on said concatenated result.
  - 17. The method as in claim 16, further comprising the step of using the said new session key in communications between the WLAN and mobile terminal.

18. A method for providing a secure communications session between a mobile terminal and a wireless local area network, the method comprising the steps of:
- a mobile terminal sending during session logoff an encrypted logoff request accompanied by the secure seed such that the secure seed appears in the logoff request.

19. An access point for providing a secure communications session between a mobile terminal and a wireless local area network, comprising:
- a means for transmitting a secure key and a secure seed to the mobile terminal using a secure communications method;
  
  a means to encrypt data using the secure key; and
  
  a means to periodically generate a subsequent session key using the secure seed.

20. A terminal device for providing a secure communications session with a communications network, comprising:
- a means to receive a secure key and a secure seed and a means to store the secure key and the secure seed for use during the secure communications session;
  
  a means to receive data and a means to decrypt the data using a current session key during the secure communications session, the secure key being using initially as the current session key; and
  
  a means to generate a subsequent session key using the current session key and the secure seed, the subsequent session key thereafter being used as the current session key for subsequent communications.
- View Dependent Claims (21)
- - 21. The terminal device according to claim 20, wherein the terminal device comprises a mobile terminal and the communications network comprises a wireless local area network.

24. An access point for providing a secure communications session between a mobile terminal and a wireless local area network, comprising:
- a means to transmit a secure key and a secure seed and a means to store the secure key and the secure seed for use during the secure communications session;
  
  a means to encrypt data and a means to transmit data to the mobile terminal and a means to receive data and a means to decrypt the data from the mobile terminal using a current session key during the secure communications session, the secure key being using initially as the current session key; and
  
  a means to generate a subsequent session key using the current session key and the secure seed, the subsequent session key thereafter being used as the current session key for subsequent communications.
- View Dependent Claims (22, 23)
- - 22. The access point according to claim 24, wherein the means to periodically generate a subsequent session key comprises a means to generate a subsequent session key using a combination of a new key and the secure seed, the new key being generated by means using the secure key.
  - 23. The access point according to claim 24, wherein the means to periodically generate a subsequent session key comprises a means to generate a subsequent session key by concatenating a new key and the second secure seed and a means for running a hash algorithm to generate the subsequent session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thomson Licensing (Vantiva SA)
Original Assignee
Thomson Licensing (Vantiva SA)
Inventors
Zhang, Junbiao

Application Number

US10/549,408
Publication Number

US 20060179305A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/068   using time-dependent keys, ...

H04L 9/083   involving central third par...

H04L 9/0869   involving random numbers or...

H04L 9/0891   Revocation or update of sec...

H04W 12/0431   Key distribution or pre-dis...

H04W 84/12   WLAN [Wireless Local Area N...

WLAN session management techniques with secure rekeying and logoff

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

WLAN session management techniques with secure rekeying and logoff

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links