METHOD AND SYSTEM FOR SECURE PROCESSING OF AUTHENTICATION KEY MATERIAL IN AN AD HOC WIRELESS NETWORK

US 20080063204A1
Filed: 09/07/2006
Published: 03/13/2008
Est. Priority Date: 09/07/2006
Status: Active Grant

First Claim

Patent Images

1. A method for secure processing of authentication key material in an ad hoc wireless network, the method comprising:

deriving a pairwise transient key for key distribution using a mesh key holder security information element;

requesting a mesh authenticator pairwise master key using a first mesh encrypted key information element that includes data origin information; and

decrypting, using the pairwise transient key for key distribution, a second mesh encrypted key information element to obtain the mesh authenticator pairwise master key.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for secure processing of authentication key material in an ad hoc wireless network enables secure distribution of the authentication key material between a mesh authenticator (110) and a mesh key distributor (115), which may be separated by multiple wireless links. The method includes deriving a pairwise transient key for key distribution (PTK-KD) using a mesh key holder security information element (MKHSIE). A mesh authenticator pairwise master key (PMK-MA) is then requested using a first mesh encrypted key information element (MEKIE) that includes data origin information. Using the pairwise transient key for key distribution (PTK-KD), a second mesh encrypted key information element (MEKIE) is then decrypted to obtain the mesh authenticator pairwise master key (PMK-MA).

99 Citations

View as Search Results

27 Claims

1. A method for secure processing of authentication key material in an ad hoc wireless network, the method comprising:
- deriving a pairwise transient key for key distribution using a mesh key holder security information element;
  
  requesting a mesh authenticator pairwise master key using a first mesh encrypted key information element that includes data origin information; and
  
  decrypting, using the pairwise transient key for key distribution, a second mesh encrypted key information element to obtain the mesh authenticator pairwise master key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - completing a supplicant security exchange using the mesh authenticator pairwise master key.
  - 3. The method of claim 1, wherein the mesh key holder security information element includes a message integrity check value.
  - 4. The method of claim 1, wherein deriving the pairwise transient key for key distribution comprises processing a three message handshake with a mesh key distributor.
  - 5. The method of claim 4, wherein the three message handshake comprises a mesh key holder security association request message, a mesh key holder security association response message, and a mesh key holder security association confirm message.
  - 6. The method of claim 1, wherein deriving the pairwise transient key for key distribution comprises confirming that a mesh key distributor has correctly derived the pairwise transient key for key distribution.
  - 7. The method of claim 1, wherein the pairwise transient key for key distribution comprises both a key encrypting key and a key confirmation key.
  - 8. The method of claim 7, wherein the data origin information is computed using the key confirmation key and the second mesh encrypted key information element is decrypted using the key encrypting key.
  - 9. The method of claim 1, wherein the pairwise transient key for key distribution is based on a master key generated during a mesh authenticator extensible authentication protocol authentication process.
  - 10. The method of claim 1, wherein the mesh key holder security information element comprises an information count value that indicates a number of information elements protected by a message integrity check value.
  - 11. The method of claim 1, wherein the mesh encrypted key information element comprises a replay counter.
  - 12. The method of claim 1, wherein the data origin information comprises a message integrity check value.
  - 13. The method of claim 1, wherein the second mesh encrypted key information element comprises encrypted contents, including the mesh authenticator pairwise master key, which are encrypted using an advanced encryption standard key wrap.

14. A system for secure processing of authentication key material in an ad hoc wireless network, the system comprising:
- computer readable program code components configured to cause deriving a pairwise transient key for key distribution using a mesh key holder security information element;
  
  computer readable program code components configured to cause requesting a mesh authenticator pairwise master key using a first mesh encrypted key information element that includes data origin information; and
  
  computer readable program code components configured to cause decrypting, using the pairwise transient key for key distribution, a second mesh encrypted key information element to obtain the mesh authenticator pairwise master key.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The system of claim 14, further comprising:
    - computer readable program code components configured to cause completing a supplicant security exchange using the mesh authenticator pairwise master key.
  - 16. The system of claim 14, wherein the mesh key holder security information element includes a message integrity check value.
  - 17. The system of claim 14, wherein deriving the pairwise transient key for key distribution comprises processing a three message handshake with a mesh key distributor.
  - 18. The system of claim 17, wherein the three message handshake comprises a mesh key holder security association request message, a mesh key holder security association response message, and a mesh key holder security association confirm message.
  - 19. The system of claim 14, wherein deriving the pairwise transient key for key distribution comprises confirming that a mesh key distributor has correctly derived the pairwise transient key for key distribution.
  - 20. The system of claim 14, wherein the pairwise transient key for key distribution comprises both a key encrypting key and a key confirmation key.
  - 21. The system of claim 20, wherein the data origin information is computed using the key confirmation key and the second mesh encrypted key information element is decrypted using the key encrypting key.
  - 22. The system of claim 14, wherein the pairwise transient key for key distribution is based on a master key generated during a mesh authenticator extensible authentication protocol authentication process.
  - 23. The system of claim 14, wherein the mesh key holder security information element comprises an information count value that indicates a number of information elements protected by a message integrity check value.
  - 24. The system of claim 14, wherein the mesh encrypted key information element comprises a replay counter.
  - 25. The system of claim 14, wherein the data origin information comprises a message integrity check value.
  - 26. The system of claim 14, wherein the second mesh encrypted key information element comprises encrypted contents, including the mesh authenticator pairwise master key, which are encrypted using an advanced encryption standard key wrap.

27. A system for secure processing of authentication key material in an ad hoc wireless network, the system comprising:
- means for deriving a pairwise transient key for key distribution using a mesh key holder security information element;
  
  means for requesting a mesh authenticator pairwise master key using a first mesh encrypted key information element that includes data origin information; and
  
  means for decrypting, using the pairwise transient key for key distribution, a second mesh encrypted key information element to obtain the mesh authenticator pairwise master key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Emeott, Stephen P., Braskich, Anthony J.

Granted Patent

US 7,734,052 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/061   applying further key deriva...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0822   using key encryption key

H04L 9/0836   using tree structure or hie...

H04L 9/321   involving a third party or ...

H04L 9/3271   using challenge-response

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/069   using certificates or pre-s...

H04W 84/18   Self-organising networks, e...

METHOD AND SYSTEM FOR SECURE PROCESSING OF AUTHENTICATION KEY MATERIAL IN AN AD HOC WIRELESS NETWORK

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

99 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR SECURE PROCESSING OF AUTHENTICATION KEY MATERIAL IN AN AD HOC WIRELESS NETWORK

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links