METHOD AND SYSTEM OF SECURED DIRECT LINK SET-UP (DLS) FOR WIRELESS NETWORKS

US 20110258448A1
Filed: 06/21/2011
Published: 10/20/2011
Est. Priority Date: 11/03/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

setting up a robust security network association (RSNA) by an access point (AP) in a network with a first STA and a second STA, wherein the RSNA provides a key hierarchy comprising a master key and a session-specific pairwise transient key generated from the master key;

receiving a direct link setup (DLS) request from the first STA, wherein the DLS request comprises a media access control (MAC) address of the second STA, a MAC address of the first STA, and capability information of the first STA;

receiving a DLS response from the second STA, wherein the DLS response comprises the media access control (MAC) address of the second STA, the MAC address of the first STA, and capability information of the second STA;

receiving a message from the first STA to deploy security measures between the first STA and the second STA, wherein a session key is established by the AP, first STA, and the second STA, and a 4-Way Handshake is established between the first STA and the second STA using the session key, wherein a transient key is established using the session key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure.

16 Citations

20 Claims

1. A method, comprising:
- setting up a robust security network association (RSNA) by an access point (AP) in a network with a first STA and a second STA, wherein the RSNA provides a key hierarchy comprising a master key and a session-specific pairwise transient key generated from the master key;
  
  receiving a direct link setup (DLS) request from the first STA, wherein the DLS request comprises a media access control (MAC) address of the second STA, a MAC address of the first STA, and capability information of the first STA;
  
  receiving a DLS response from the second STA, wherein the DLS response comprises the media access control (MAC) address of the second STA, the MAC address of the first STA, and capability information of the second STA;
  
  receiving a message from the first STA to deploy security measures between the first STA and the second STA, wherein a session key is established by the AP, first STA, and the second STA, and a 4-Way Handshake is established between the first STA and the second STA using the session key, wherein a transient key is established using the session key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the RSNA defines security features comprising an enhanced authentication mechanism for the STAs, a key management algorithm, and cryptographic key establishment.
  - 3. The method of claim 1, wherein data is not sent between the first STA and the second STA until a secure direct link is established using the 4-Way Handshake.
  - 4. The method of claim 1, wherein the message comprises a first random number from the first STA, a second random number from the second STA, and a MAC address of the first STA.
  - 5. The method of claim 1, wherein the transient key is derived at the first STA and the second STA using the 4-Way Handshake.
  - 6. The method of claim 1, wherein the transient key comprises the MAC address of the first STA and the MAC address of the second STA.

7. A method, comprising:
- receiving, by a first STA, a request from an access point (AP) to setup up a robust security network association (RSNA) with a second STA in a network, wherein the RSNA provides a key hierarchy comprising a master key and a session-specific pairwise transient key generated from the master key;
  
  sending a direct link setup (DLS) request to the AP, wherein the DLS request comprises a media access control (MAC) address of the second STA, a MAC address of the first STA, and capability information of the first STA;
  
  receiving a DLS response from the AP, wherein the DLS response comprises the media access control (MAC) address of the second STA, the MAC address of the first STA, and capability information of the second STA;
  
  initiating, by the first STA, security measures between the first STA and the second STA and receiving a session key from the AP to deploy the security measures; and
  
  initiating a 4-Way Handshake between the first STA and the second STA using the session key, wherein a transient key is established using the session key.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the RSNA defines security features comprising an enhanced authentication mechanism, a key management algorithm, and cryptographic key establishment.
  - 9. The method of claim 7, wherein data is not sent between the first STA and the second STA until a secure direct link is established using the 4-Way Handshake.
  - 10. The method of claim 7, wherein the network is a wireless local area network.
  - 11. The method of claim 7, wherein the session key and the transient key are established to secure the DLS.
  - 12. The method of claim 11, wherein the 4-Way Handshake cannot be performed without first establishing the RSNA.

13. A wireless access point (AP), comprising:
- a radio frequency (RF) interface to transmit and receive RF signals corresponding to a wireless communications protocol;
  
  a processor coupled to the RF interface; and
  
  logic executed by the processor to perform operations including;
  
  setting up a robust security network association (RSNA) by an access point (AP) in a network with a first STA and a second STA, wherein the RSNA provides a key hierarchy having a master key and a session-specific pairwise transient key generated from the master key;
  
  receiving a direct link setup (DLS) request from the first STA, wherein the DLS request comprises a media access control (MAC) address of the second STA, a MAC address of the first STA, and capability information of the first STA;
  
  receiving a DLS response from the second STA wherein the DLS response comprises the media access control (MAC) address of the second STA, the MAC address of the first STA, and capability information of the second STA;
  
  receiving a message from the first STA to deploy security measures between the first STA and the second STA, wherein a session key is established by the AP, first STA, and the second STA, and a 4-Way Handshake is established between the first STA and the second STA using the session key, wherein a transient key is established using the session key.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The wireless AP of claim 13, wherein the logic is configured to perform operations to define security features comprising an enhanced authentication mechanism for the STAs, a key management algorithm, and cryptographic key establishment.
  - 15. The wireless AP of claim 13, wherein the logic is configured to not send data between the first STA and the second STA until a secure direct link is established using the 4-Way Handshake.
  - 16. The wireless AP of claim 13, wherein the transient key is derived at the first STA and the second STA using the 4-Way Handshake.
  - 17. The wireless AP of claim 13, wherein the logic is configured to send a first Nonce with the master key to the first station and a second Nonce with the master key to the second station.

18. A first station (STA) configured to receive a request from an access point (AP) to setup up a robust security network association (RSNA) with a second STA in a network, wherein the RSNA provides a key hierarchy comprising a master key and a session-specific pairwise transient key generated from the master key, to send a direct link setup (DLS) request to the AP, wherein the DLS request comprises a media access control (MAC) address of the second STA, a MAC address of the first STA, and capability information of the first STA, to receive a DLS response from the AP, wherein the DLS response comprises the media access control (MAC) address of the second STA, the MAC address of the first STA, and capability information of the second STA, and to deploy security measures between the first STA and the second STA including receiving a session key from the AP by the first STA and initiating a 4-Way Handshake between the first STA and the second STA using the session key, wherein a transient key is established using the session key.
- View Dependent Claims (19, 20)
- - 19. The first STA of claim 18, wherein the session key and the transient key are established to secure the DLS.
  - 20. The STA of claim 18, wherein the 4-Way Handshake cannot be performed without first establishing the RSNA.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jesse Walker, Shlomo Ovadia, Suman Sharma
Original Assignee
Jesse Walker, Shlomo Ovadia, Suman Sharma
Inventors
Walker, Jesse, Sharma, Suman, Ovadia, Shlomo

Granted Patent

US 9,380,457 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/061   applying further key deriva...

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 9/083   involving central third par...

H04W 12/03   Protecting confidentiality,...

H04W 76/14   Direct-mode setup

H04W 84/12   WLAN [Wireless Local Area N...

H04W 84/18   Self-organising networks, e...

METHOD AND SYSTEM OF SECURED DIRECT LINK SET-UP (DLS) FOR WIRELESS NETWORKS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM OF SECURED DIRECT LINK SET-UP (DLS) FOR WIRELESS NETWORKS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links