Method and apparatus for providing a key for secure communications

US 7,461,253 B2
Filed: 11/20/2006
Issued: 12/02/2008
Est. Priority Date: 11/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method for mutual authentication of a first and a second node in a peer-to-peer network, the method comprising the steps of:

sending a first authentication message to the second node containing information needed to authenticate the first node;

receiving a second authentication message from the second node echoing at least some of the information transmitted in the first authentication message;

determining responsive to the contents of the received second authentication message whether authentication is needed;

deriving a pair-wise transient key (PTK) used for encryption of unicast traffic from a pair-wise master key created during authentication;

sending an association message to the second node, the association message comprising both information needed by the second node to validate the PTK, and a group transient key (GTK) used by the first node in encrypting multicast or broadcast traffic; and

receiving an association message from the second node, the association message comprising information needed by the first node to validate the PTK, and a GTK used by the second node, wherein the first authentication message comprises a nonce created by the first node and the second authentication message comprises a nonce created by the second node.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing a key for secure communications is provided herein. During operation a node wishing to join a network, will authenticate with an authentication server and then derive a pairwise key (e.g., a Pair-wise Transient Key (PTK)) used for encryption of unicast traffic. The node will also create its own group transient key (GTK) for use in encrypting multicast or broadcast traffic. Once the GTK is generated, it will be provided to an authenticator as part of an association request message.

Citations

14 Claims

1. A method for mutual authentication of a first and a second node in a peer-to-peer network, the method comprising the steps of:
- sending a first authentication message to the second node containing information needed to authenticate the first node;
  
  receiving a second authentication message from the second node echoing at least some of the information transmitted in the first authentication message;
  
  determining responsive to the contents of the received second authentication message whether authentication is needed;
  
  deriving a pair-wise transient key (PTK) used for encryption of unicast traffic from a pair-wise master key created during authentication;
  
  sending an association message to the second node, the association message comprising both information needed by the second node to validate the PTK, and a group transient key (GTK) used by the first node in encrypting multicast or broadcast traffic; and
  
  receiving an association message from the second node, the association message comprising information needed by the first node to validate the PTK, and a GTK used by the second node, wherein the first authentication message comprises a nonce created by the first node and the second authentication message comprises a nonce created by the second node.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the association message sent to the second node is an association request message.
  - 3. The method of claim 1 wherein the association message received from the second node is an association response message.
  - 4. The method of claim 1 wherein the first authentication message comprises information needed for the second node to authenticate the first node.
  - 5. The method of claim 4 wherein the second authentication message comprises information needed by the first node for the first node to be authenticated by the second node.
  - 6. The method of claim 1 wherein the information in the association message needed by the second node to validate the PTK comprises a Robust Security Network (RSN) information element identifying the pair-wise master key used for deriving the PTK, and a message integrity check value calculated using the PTK.
  - 7. The method of claim 1 wherein the information in the association message needed by the first node to validate the PTK comprises an RSN information element identifying the pair-wise master key used for deriving the PTK, and a message integrity check value calculated using the PTK.

8. An apparatus for performing mutual authentication, the apparatus comprising:
- a transmitter sending a first authentication message to a second node containing information needed to authenticate a first node;
  
  a receiver receiving a second authentication message from the second node echoing at least some of the information transmitted in the first authentication message;
  
  a logic unit determining responsive to the contents of the received second authentication message whether authentication is needed and deriving a pair-wise transient key (PTK) used for encryption of unicast traffic from a pair-wise master key created during authentication; and
  
  wherein the transmitter additionally transmits an association message to the second node, the association message comprising both information needed by the second node to validate the PTK, and a group transient key (GTK) used by a first node in encrypting multicast or broadcast traffic; and
  
  the receiver additionally receives an association message from the second node, the association message comprising information needed by the first node to validate the PTK and a GTK used by the second, wherein the first authentication message comprises a nonce created by the first node and the second authentication message comprises a nonce created by the second node.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8 wherein the association message sent to the second node is an association request message.
  - 10. The apparatus of claim 8 wherein the association message received from the second node is an association response message.
  - 11. The apparatus of claim 8 wherein the first authentication message comprises information needed for the second node to authenticate the first node.
  - 12. The apparatus of claim 11 wherein the second authentication message comprises information needed by the first node for the first node to be authenticated by the second node.
  - 13. The apparatus of claim 8 wherein the information in the association message needed by the second node to validate the PTK comprises a Robust Security Network (RSN) information element identifying the pair-wise master key used for deriving the PTK, and a message integrity check value calculated using the PTK.
  - 14. The apparatus of claim 8 wherein the information in the association message needed by the first node to validate the PTK comprises an RSN information element identifying the pair-wise master key used for deriving the PTK, and a message integrity check value calculated using the PTK.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Emeott, Stephen P., Braskich, Anthony J.
Primary Examiner(s)
Simitoski, Michael J

Application Number

US11/561,443
Publication Number

US 20080016350A1
Time in Patent Office

743 Days
Field of Search

713/168, 713/169, 726/2, 380/284, 370/331, 455/411, 709/227, 709/228
US Class Current

713/169
CPC Class Codes

H04L 2209/12   Details relating to cryptog...

H04L 2209/601   Broadcast encryption

H04L 63/0428   wherein the data content is...

H04L 63/065   for group communications cr...

H04L 63/162   at the data link layer

H04L 9/0833   involving conference or gro...

H04L 9/0869   involving random numbers or...

H04L 9/088   Usage controlling of secret...

H04L 9/321   involving a third party or ...

H04L 9/3273   for mutual authentication n...

Method and apparatus for providing a key for secure communications

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing a key for secure communications

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links