Methods And Apparatus For Maintaining Secure Connections In A Wireless Communication Network

US 20110010539A1
Filed: 07/13/2009
Published: 01/13/2011
Est. Priority Date: 07/13/2009
Status: Active Grant

First Claim

Patent Images

1. A method in a mobile communication device operating in a wireless communication network, the method comprising the acts of:

performing, via an access point of the wireless network, a first authentication procedure with an authentication server for obtaining a first session key;

establishing a first secure connection with the access point based on the first session key;

setting a timer with an initial value that is less than or equal to a key lifetime value associated with the first session key, and running the timer;

communicating in a media session over the first secure connection with the access point;

in response to an expiration of the timer during the media session;

performing, during the media session, a second authentication procedure with the authentication server for obtaining a second session key; and

establishing, during the media session, a second secure connection with the access point using the second session key; and

communicating in the media session over the second secure connection with the access point.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one illustrative example, a method in a mobile communication device operating in a wireless local area network (WLAN) involves performing, via a wireless AP of the WLAN, a first authentication procedure with an authentication server for obtaining a first session key and a key lifetime value associated with the first session key; establishing a first secure connection with the wireless AP based on the first session key; setting a timer with an initial value that is less than or equal to the key lifetime value, and running the timer; communicating in a media session over the first secure connection with the wireless AP; and in response to an expiration of the timer during the media session: performing, during the media session, a second authentication procedure with the authentication server for obtaining a second session key; and establishing, during the media session, a second secure connection with the wireless AP using the second session key; and communicating in the media session over the second secure connection with the wireless AP. In another illustrative example, the method involves performing the second authentication procedure with the authentication server in response to identifying a request for establishing the media session, just prior to establishing the media session.

34 Citations

View as Search Results

20 Claims

1. A method in a mobile communication device operating in a wireless communication network, the method comprising the acts of:
- performing, via an access point of the wireless network, a first authentication procedure with an authentication server for obtaining a first session key;
  
  establishing a first secure connection with the access point based on the first session key;
  
  setting a timer with an initial value that is less than or equal to a key lifetime value associated with the first session key, and running the timer;
  
  communicating in a media session over the first secure connection with the access point;
  
  in response to an expiration of the timer during the media session;
  
  performing, during the media session, a second authentication procedure with the authentication server for obtaining a second session key; and
  
  establishing, during the media session, a second secure connection with the access point using the second session key; and
  
  communicating in the media session over the second secure connection with the access point.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the mobile device and the wireless network operate in accordance with IEEE 802.11, and the authentication procedures are based on Extended Authentication Procedure (EAP).
  - 3. The method of claim 1, further comprising:
    - receiving, via the access point, the key lifetime value from the authentication server.
  - 4. The method of claim 1, wherein the acts of obtaining the first session key comprises deriving a master session key (MSK).
  - 5. The method of claim 1, wherein the act of obtaining the session key comprises deriving a master session key (MSK) and the method further comprises:
    - deriving a pairwise master key (PMK) or transient session key (TSK) based on the MSK for use in the first secure connection.
  - 6. The method of claim 1, wherein the media session comprises a voice call.
  - 7. The method of claim 1, which is performed by computer instructions stored in a computer readable medium and executable by one or more processors of the station.

8. A mobile communication device adapted to operate in a wireless communication network, the mobile communication device comprising:
- one or more processors;
  
  a wireless transceiver coupled to the one or more processors and operative to communicate with an access point of the wireless network;
  
  the one or more processors being operative to;
  
  perform, via the wireless transceiver, a first authentication procedure with an authentication server for obtaining a first session key;
  
  establish, via the wireless transceiver, a first secure connection with the access point using the first session key;
  
  set a timer with an initial value that is less than or equal to a key lifetime value associated with the first session key, and run the timer;
  
  communicate, via the wireless transceiver, in a media session over the first secure connection with the access point;
  
  in response to an expiration of the timer during the media session;
  
  perform, via the wireless transceiver during the media session, a second authentication procedure with the authentication server for obtaining a second session key; and
  
  establish, via the wireless transceiver during the media session, a second secure connection with the access point using the second session key; and
  
  communicate, via the wireless transceiver, in the media session over the second secure connection with the access point.
- View Dependent Claims (9, 10, 11)
- - 9. The mobile communication device of claim 8, wherein the mobile device and the wireless network operate in accordance with IEEE 802.11 standards, and the one or more processors are further operative to perform the authentication procedures based on Extended Authentication Procedure (EAP).
  - 10. The mobile communication device of claim 8, wherein the one or more processors are operative to obtain the first session key by deriving a master session key (MSK).
  - 11. The mobile communication device of claim 8, wherein the one or more processors are operative to obtain the session key by deriving a master session key (MSK) and thereafter deriving a pairwise master key (PMK) or transient session key (TSK) based on the MSK for the first secure connection.

12. A method in a mobile communication device operating in a wireless communication network, the method comprising the acts of:
- performing, via an access point of the wireless network, a first authentication procedure with the authentication server for obtaining a first session key, the first session key having a key lifetime value associated therewith;
  
  establishing a first secure connection with the access point using the first session key;
  
  identifying a request to establish a media session;
  
  in response to identifying the request;
  
  performing, via the access point, a second authentication procedure with the authentication server for obtaining a second session key;
  
  establishing a second secure connection with the access point using the second session key; and
  
  establishing communications for the media session over the second secure connection.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, wherein the mobile device and the wireless network operate in accordance with IEEE 802.11, and the authentication procedures are based on Extended Authentication Procedure (EAP).
  - 14. The method of claim 12, further comprising:
    - receiving, via the access point, the key lifetime value associated with the first session key from the authentication server.
  - 15. The method of claim 12, wherein the acts of obtaining the first session key comprises deriving a master session key (MSK).
  - 16. The method of claim 12, wherein the act of obtaining the session key comprises deriving a master session key (MSK) and the method further comprises:
    - deriving a pairwise master key (PMK) or transient session key (TSK) based on the MSK for use in the first secure connection.
  - 17. The method of claim 12, wherein the media session comprises a voice call.
  - 18. The method of claim 12, which is performed by computer instructions stored in a computer readable medium and executable by one or more processors of the station.

19. A mobile communication device adapted to operate in a wireless communication network, the mobile communication device comprising:
- one or more processors;
  
  a wireless transceiver coupled to the one or more processors and operative to communicate with the wireless network;
  
  the one or more processors being operative to;
  
  perform, via the wireless transceiver, a first authentication procedure with the authentication server for obtaining a first session key, the first session key having a key lifetime value associated therewith;
  
  establish, via the wireless transceiver, a first secure connection with the access point using the first session key;
  
  identifying a request to establish a media session;
  
  in response to identifying the request;
  
  performing, via the wireless transceiver, a second authentication procedure with the authentication server for obtaining a second session key;
  
  establishing, via the wireless transceiver, a second secure connection with the access point using the second session key; and
  
  establishing, via the wireless transceiver, communications for the media session over the second secure connection.
- View Dependent Claims (20)
- - 20. The mobile communication device of claim 19, wherein the mobile device and the wireless network operate in accordance with IEEE 802.11 standards, and the one or more processors are further operative to perform the authentication procedures based on Extended Authentication Procedure (EAP).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Salomone, Leonardo Jose Silva

Granted Patent

US 8,881,305 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/068   using time-dependent keys, ...

H04L 63/162   at the data link layer

H04L 65/1069   Session establishment or de...

H04L 65/1083   In-session procedures

H04L 9/088   Usage controlling of secret...

H04L 9/321   involving a third party or ...

H04L 9/3271   using challenge-response

H04W 12/04   Key management, e.g. using ...

H04W 12/0431   Key distribution or pre-dis...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/02   Terminal devices

H04W 88/08   Access point devices

Methods And Apparatus For Maintaining Secure Connections In A Wireless Communication Network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Methods And Apparatus For Maintaining Secure Connections In A Wireless Communication Network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others