Key management methods for wireless LANs

US 7,028,186 B1
Filed: 02/11/2000
Issued: 04/11/2006
Est. Priority Date: 02/11/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of managing security keys in a wireless local area network having a mobile terminal, an access point and a server, the method comprising the steps of:

obtaining first and second certificates from a certificate authority;

associating the mobile terminal with the access point;

using a certificate authority certificate, first certificate and private key with Internet Key Exchange (IKE) to generate a WLAN link level key and mutually authenticating the mobile terminal and the access point using the IKE; and

using a certificate authority certificate, second certificate and private key with Internet Key Exchange (IKE) to generate IPsec authentication, encryption and decryption keys for data packets transferred between the mobile terminal and the server.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The security keys in the mobile terminals and access points of a wireless local area network (WLAN) are created, utilized and managed for a communication session between a mobile terminal and access point. Both the WLAN link level security protection and IP security functions of the network use the same Internet Key Exchange (IKE) key management protocol and use certificates in the same certificate hierarchy. When the mobile terminals associates with the network, it uses the IKE protocol with private keys and certificates to generate WLAN link level keys with the access point and provide mutual authentication.

183 Citations

11 Claims

1. A method of managing security keys in a wireless local area network having a mobile terminal, an access point and a server, the method comprising the steps of:
- obtaining first and second certificates from a certificate authority;
  
  associating the mobile terminal with the access point;
  
  using a certificate authority certificate, first certificate and private key with Internet Key Exchange (IKE) to generate a WLAN link level key and mutually authenticating the mobile terminal and the access point using the IKE; and
  
  using a certificate authority certificate, second certificate and private key with Internet Key Exchange (IKE) to generate IPsec authentication, encryption and decryption keys for data packets transferred between the mobile terminal and the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method recited in claim 1, wherein the certificate authority certificate, private key, and the first and second certificates are stored in the mobile terminal.
  - 3. The method recited in claim 2, wherein the certificate authority certificate, private key, and the first and second certificates are stored in the mobile terminal at the time of manufacture of the mobile terminal.
  - 4. The method recited in claim 1, wherein the mobile terminal generates an authentication header for transferred data packets utilizing the IPsec encryption key.
  - 5. The method recited in claim 1, wherein the server authenticates and decrypts data packets transferred from the mobile terminal utilizing the IPsec authentication and decryption keys.
  - 6. The method recited in claim 5, wherein the data packets are transferred from the mobile terminal to the access point using WLAN link level encryption in addition to the IPsec encryption.
  - 7. The method recited in claim 6, wherein the WLAN link level encryption comprises Wired Equivalent Privacy (WEP) encryption.
  - 8. The method recited in claim 1, wherein the data packets are transferred from the mobile terminal to the access point without using WLAN link level encryption.
  - 9. The method recited in claim 8, wherein the mobile terminal forwards the IPsec authentication key to the access point.
  - 10. The method recited in claim 9, wherein the access point authenticates data packets from the mobile terminal using the IPsec authentication key forwarded from the mobile terminal.
  - 11. The method recited in claim 1, wherein the mobile terminal sends an IPsec authenticated message to an access point as part of a MAC-level message of the wireless local area network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Conversant Wireless Licensing S.à.r.l. (f/k/a Core Wireless Licensing S.a.r.l.) (MOSAID Technologies Inc. (f/k/a Conversant Intellectual Property Management))
Original Assignee
Nokia, Inc. (Nokia Corporation)
Inventors
Stenman, Jorma, Hansen, Harri, Salvela, Juha
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Ho, Thomas

Application Number

US09/502,567
Time in Patent Office

2,251 Days
Field of Search

380/277, 380/247, 380/270, 380/278, 380/282, 380/283, 713/171, 713/173, 713/155
US Class Current

713/173
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 63/162   at the data link layer

H04L 63/164   at the network layer

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/02   Terminal devices

H04W 88/08   Access point devices

H04W 88/14   Backbone network devices

Key management methods for wireless LANs

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

183 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Key management methods for wireless LANs

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

183 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links