System and method for providing WLAN security through synchronized update and rotation of WEP keys

US 6,965,674 B2
Filed: 11/20/2002
Issued: 11/15/2005
Est. Priority Date: 05/21/2002
Status: Expired due to Term

First Claim

Patent Images

1. A system for improved security for wireless local area networks, and comprised of:

a wireless local area network conforming to the IEEE 802.11 family of specifications, the wireless local area network providing wireless communications links for the transmission of data between the two or more communicating entities;

one or more generators for creating pseudorandom WEP encryption keys for the communicating entities; and

one or more controllers for synchronously selecting a transmission encryption key index for each communicating entity on a rotating basis from one or more sets of active WEP keys, and updating the one or more sets of active WEP keys.

View all claims

27 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed that overcome deficiencies of prior art IEEE 802.11 WEP key management schemes. Preferred embodiments of the present system and method update WEP keys and rotate transmission key indices in a synchronized manner and on a frequent basis making it impractical for a hacker to gather sufficient network traffic using any one WEP key to decrypt that key and without disrupting communications. Preferred embodiments of the present system and method do not require changes in access point or mobile unit hardware, radio drivers, or firmware and are therefore compatible with existing or legacy network infrastructure or components. The disclosed system and method may be used to facilitate secure communications between one or more access points and one or more mobile units and/or groups of two or more mobile units engaging in peer-to-peer associations.

103 Citations

View as Search Results

19 Claims

1. A system for improved security for wireless local area networks, and comprised of:
- a wireless local area network conforming to the IEEE 802.11 family of specifications, the wireless local area network providing wireless communications links for the transmission of data between the two or more communicating entities;
  
  one or more generators for creating pseudorandom WEP encryption keys for the communicating entities; and
  
  one or more controllers for synchronously selecting a transmission encryption key index for each communicating entity on a rotating basis from one or more sets of active WEP keys, and updating the one or more sets of active WEP keys.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1, wherein the communicating entities comprise:
    - one or more access points associating with one or more wired sub-networks; and
      
      one or more mobile units.
  - 3. The system of claim 1, wherein the communicating entities comprise two or more mobile units associating on a peer-to-peer basis.
  - 4. The system of claim 2, wherein the encryption keys are generated for and synchronized between one or more access points and one or more mobile units engaged in associations.
  - 5. The system of claim 3, wherein the encryption keys are generated for and synchronized between two or more mobile units engaging in peer-to-peer associations.
  - 6. The system of claim 1, wherein the controller selecting the active encryption keys for the one or more mobile units is on the mobile units.
  - 7. The system of claim 1, wherein the controller selecting the active encryption keys for the one or more access points is on one or more servers on the one or more sub-networks.
  - 8. The system of claim 1, wherein the controller selecting the active encryption keys for the one or more access points is on the access points.
  - 9. The system of claim 1, wherein a server generates a list of two or more encryption keys, which are distributed to the two or more communicating entities.
  - 10. The system of claim 9, wherein the active keys for the transmitting entities are selected from the list by the controllers in a staggered pattern, so that the encryption keys are different in each transmission direction, and where errors in time synchronization of up to one half of a key change time interval do not disrupt regular communications.
  - 11. The system of claim 1, wherein a server generates key generation information, which is distributed to the two or more communicating entities.
  - 12. The system of claim 11, wherein the active keys for the communicating entities are selected by the one or more controllers in a staggered pattern, so that the encryption keys are different in each transmission direction, and where errors in time synchronization of up to one half key change time interval do not disrupt regular communications.
  - 13. The system of claim 1, wherein the encryption key updates for the communicating entities are performed at specific dates and times.
  - 14. The system of claim 1, wherein the encryption key updates for the communicating entities are performed at regular time intervals.
  - 15. The system of claim 1, wherein the one or more controllers use time offsets to synchronize the key updates in time between the communicating entities.
  - 16. The system of claim 1, wherein a mobile unit reconnecting to the wireless network can determine the correct encryption keys to use based on the time.
  - 17. The system of claim 1, wherein a mobile unit reconnecting to the wireless network and unable to synchronize encryption keys is adapted to perform a systematic search for the correct keys based on a key update and rotation algorithm.
  - 18. The system of claim 1, wherein a mobile unit that has lost synchronization with the changes in encryption keys is adapted to connect to a wired network to regain synchronization.

19. A method for providing improved security for wireless local area networks, comprising:
- creating pseudorandom WEP encryption keys for a plurality of communicating entities adapted to communicate via a wireless local area network conforming to the IEEE 802.11 family of specifications;
  
  synchronously selecting a transmission encryption key index for each communicating entity on a rotating basis from one or more sets of active WEP keys; and
  
  synchronously updating the one or more sets of active WEP keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
Wavelink Corporation (Ivanti Software, Inc.)
Inventors
Whelan, Robert, Morris, Roy, Van Wagenen, Lamar, Wellisch, Gilbert
Primary Examiner(s)
Song, Hosuk

Application Number

US10/300,324
Publication Number

US 20030219129A1
Time in Patent Office

1,091 Days
Field of Search

380/247, 380/255, 380/261, 380/270, 380273-274, 380/277, 380/44, 380/46, 380/260, 713/153, 713200-201, 713/178, 713168-170, 455410-411
US Class Current

380/270
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/0457   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 9/0891   Revocation or update of sec...

H04L 9/12   Transmitting and receiving ...

H04W 12/50   Secure pairing of devices

H04W 84/12   WLAN [Wireless Local Area N...

System and method for providing WLAN security through synchronized update and rotation of WEP keys

First Claim

27 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

System and method for providing WLAN security through synchronized update and rotation of WEP keys

First Claim

27 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others