Methods and apparatus for a keying mechanism for end-to-end service control protection

US 20070263873A1
Filed: 05/15/2006
Published: 11/15/2007
Est. Priority Date: 05/15/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a mobile station (STA) with a service controller identification of a service controller, when associating the STA with a wireless network;

forwarding to the service controller, on behalf of the STA, a service configuration request received from the STA, that includes a first random number generated by the STA in response to receipt of the service controller identification, for the service controller to symmetrically generate a temporal integrity pairwise key (TIPK) for secured control communication between the service controller the STA, the TIPK comprising the first random number and a second random number to be generated by the service controller in response to receipt of the first random number; and

forwarding to the STA, on behalf of the service controller, a service configuration response received from the service controller that includes the second random number generated by the service controller, for the STA to symmetrically generate the TIPK for said secured control communication with the service controller.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide methods and apparatus for a keying mechanism for end-to-end service control protection within wireless networks. Other embodiments may be described and claimed.

Citations

22 Claims

1. A method comprising:
- providing a mobile station (STA) with a service controller identification of a service controller, when associating the STA with a wireless network;
  
  forwarding to the service controller, on behalf of the STA, a service configuration request received from the STA, that includes a first random number generated by the STA in response to receipt of the service controller identification, for the service controller to symmetrically generate a temporal integrity pairwise key (TIPK) for secured control communication between the service controller the STA, the TIPK comprising the first random number and a second random number to be generated by the service controller in response to receipt of the first random number; and
  
  forwarding to the STA, on behalf of the service controller, a service configuration response received from the service controller that includes the second random number generated by the service controller, for the STA to symmetrically generate the TIPK for said secured control communication with the service controller.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the service configuration request further comprises a medium access control (MAC) address of the STA.
  - 3. The method of claim 1, wherein the TIPK comprises a service pairwise key (SPK) comprising a mobile station key (MSK), at least part of a medium access control (MAC) address of the STA, the service controller identifier (ID), and a length for the SPK.
  - 4. The method of claim 3, wherein the TIPK further comprises a service type identifier, the first and second random numbers, and a length for the TIPK.
  - 5. The method of claim 1, further comprising authenticating subsequent messages transmitted from the STA to the service controller with the TIPK.

6. An apparatus comprising:
- a transmit block adapted to transmit, for a mobile station (STA) hosting the apparatus, service configuration request and service control messages to a service controller that controls at least one service related to wireless communication within a wireless network;
  
  a receive block operatively coupled to the transmit block and adapted to receive service configuration response and service control messages from the service controller; and
  
  a control block operatively coupled to the transmit and receive blocks, the control block being adapted to generate a first random number for inclusion with a service configuration request message, on receipt of a service controller identification, when associating the STA to a network, and to symmetrically generate a temporal integrity pairwise key (TIPK) comprising the first random number and a second random number received with a service configuration response message, the second random number generated by the service controller in response to the receipt of the first random number.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The apparatus of claim 6, wherein the control block is further adapted to generate a service pairwise key (SPK) comprising a mobile station key (MSK), at least part of a medium access control (MAC) address of the STA, a service controller identifier (ID), and a length for the SPK.
  - 8. The apparatus of claim 7, wherein the control block is further adapted to generate the TIPK comprising the SPK, the first and second random numbers, a service type identifier and a length for the TIPK.
  - 9. The apparatus of claim 6, wherein the control block is adapted to generate a TIPK for each service provided by the network.
  - 10. The apparatus of claim 9, wherein the network provides a plurality of services including a paging service, and the control block is further adapted to operate the STA in and out of a paging mode.
  - 11. The apparatus of claim 6, wherein the control block is adapted to verify authenticity of control messages received from the service controller, subsequent to generation of the TIPK, by using the TIPK.
  - 12. The apparatus of claim 6, wherein the transmit block and control block, subsequent to generation of the TIPK, are adapted to generate and transmit messages to the service controller that are protected by the TIPK.
  - 13. The apparatus of claim 6, wherein at least the transmit and receive blocks are part of a transceiver having at least one common component.

14. A system comprising:
- an omnidirectional antenna;
  
  a service controller operatively coupled to the antenna to control a service for a wireless network that includes at least one service related to wireless communication, the service controller being adapted to receive a service configuration message from a network access point (AP) on behalf of a mobile station (STA), the service configuration message including a first random number generated by the STA, and to transmit a service configuration response message that includes a second random number to the AP for forwarding to the STA, the service controller being further adapted to generate the second random number and to symmetrically generate a unique temporal integrity pairwise key (TIPK) for secured control message communication with the STA, the TIPK comprising the first random number and the second random.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14, wherein the service controller is adapted to generate a service pairwise key (SPK) comprising a mobile station key (MSK), at least part of a medium access control (MAC) address of the STA, a service controller identifier (ID), and a length for the SPK, and to generate the TIPK comprising the SPK, a service type identifier, the first and second random numbers, and a length for the TIPK.
  - 16. The system of claim 14, wherein the service controller is adapted to verify authenticity of control messages received from the STA, subsequent to generation of the TIPK, by using the TIPK.

17. An article of manufacture comprising:
- a storage medium; and
  
  a plurality of instructions stored in the storage medium and designed to enable a mobile station (STA) to perform a plurality of STA operations, a service controller to perform a plurality of service controller operations, or both;
  
  the plurality of STA operations including;
  
  receiving for a first STA from a first access point (AP) a service controller identification as part of associating the first STA with a wireless network;
  
  generating a first random number for the first STA in response to receipt of the service controller identification;
  
  transmitting for the first STA to the first service controller, through the AP, a first service configuration request that includes the first random number generated by the first STA;
  
  receiving, for the first STA, via the first AP, a first service configuration response that includes a second random number generated by the first service controller in response to receipt of the first random number; and
  
  generating, for the first STA, a first temporal integrity pairwise key (TIPK) comprising the first and second random numbers, for secured control message communication between the first STA and the first service controller, the first TIPK being symmetric to a TIPK generated at the service controller;
  
  the plurality of service controller operations including;
  
  receiving from a second STA, by a second service controller, a second service configuration request including a third random number generated by the second STA;
  
  generating by the second service controller a fourth random number, in response to receipt of the third random number;
  
  responding, to the second STA, a second service configuration response that includes the fourth random number; and
  
  generating a second TIPK comprising the third and fourth random numbers to control secured control message communication between the second STA and the second service controller, the second TIPK being symmetric to a TIPK being generated by the second STA.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The article of manufacture of claim 17, wherein the plurality of instructions are further designed to enable the first STA to generate a service pairwise key (SPK) comprising a mobile station key (MSK), at least part of a medium access control (MAC) address of the first STA, a service controller identifier (ID), and a length for the SPK, and to enable the first STA to generate the first TIPK comprising the SPK, a service type identifier, the first and second random numbers, and a length for the first TIPK.
  - 19. The article of manufacture of claim 17, wherein the plurality of instructions are further designed to enable the second service controller to generate a service pairwise key (SPK) comprising a mobile station key (MSK), at least part of a medium access control (MAC) address of the second STA, a service controller identifier (ID), and a length for the SPK, and to enable the second service controller to generate the second TIPK comprising the SPK, a service type identifier, the third and fourth random numbers, and a length for the second TIPK.
  - 20. The article of manufacture of claim 17, wherein the plurality of instructions are further designed to enable the first STA to transmit messages to the first service controller that include the first TIPK, and to verify control messages received from the service controller by using the first TIPK.
  - 21. The article of manufacture of claim 17, wherein the plurality of instructions are further designed to enable the second service controller to transmit messages to the second STA that include the second TIPK, and to verify control messages received from the STA by using the second TIPK.
  - 22. The article of manufacture of claim 17, wherein the first and second STA are the same STA, the first and second service controller are the same service controller, the first and third random numbers are the same random number, and the second and fourth random numbers are the same random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Walker, Jesse, Tsai, JR-Shian, Qi, Emily

Granted Patent

US 7,945,053 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/273
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/062   for key distribution, e.g. ...

H04L 9/083   involving central third par...

H04L 9/321   involving a third party or ...

H04W 12/0433   Key management protocols

Methods and apparatus for a keying mechanism for end-to-end service control protection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for a keying mechanism for end-to-end service control protection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links