Method of cryptographing wireless data and apparatus using the method

US 7,539,866 B2
Filed: 05/20/2003
Issued: 05/26/2009
Est. Priority Date: 10/11/2002
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a wireless LAN terminal coupled to an access point device, the wireless LAN terminal and access point device operate to exchange a key descriptor, the key descriptor having a structure comprising;

a key initial vector which is a random number generated in the access point device;

a key descriptor type which indicates an encryption algorithm; and

a plurality of key materials encrypted according to the encryption algorithm of the key descriptor using the key initial vector and a master session key shared between the wireless LAN terminal and the access point device, a first encrypted key material to enable formation of a first encryption key,wherein a second wireless session encryption key that is formed by the wireless LAN terminal from a second encrypted material of the plurality of encrypted key materials after the first encrypted key material operates as a new encryption key that is different from the first encryption key for re-keying wireless LAN terminal encryption, andwherein each of the key materials comprises;

a tag part which designates a wireless section encryption algorithm;

a length part which designates the length of a wireless section encryption key; and

a key value part which represents the wireless section encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A key descriptor structure exchanged between a wireless LAN terminal and an access point, and a method and apparatus for cryptographing wireless data are provided. The key descriptor structure includes a key initial vector which is a random number generated in the access point, a key descriptor type which indicates an encryption algorithm, and a plurality of key materials encrypted according to the encryption algorithm of the key descriptor using the key initial vector and a master session key shared between the wireless LAN terminal and the access point as an encryption key.

Citations

11 Claims

1. A system comprising:
- a wireless LAN terminal coupled to an access point device, the wireless LAN terminal and access point device operate to exchange a key descriptor, the key descriptor having a structure comprising;
  
  a key initial vector which is a random number generated in the access point device;
  
  a key descriptor type which indicates an encryption algorithm; and
  
  a plurality of key materials encrypted according to the encryption algorithm of the key descriptor using the key initial vector and a master session key shared between the wireless LAN terminal and the access point device, a first encrypted key material to enable formation of a first encryption key,wherein a second wireless session encryption key that is formed by the wireless LAN terminal from a second encrypted material of the plurality of encrypted key materials after the first encrypted key material operates as a new encryption key that is different from the first encryption key for re-keying wireless LAN terminal encryption, andwherein each of the key materials comprises;
  
  a tag part which designates a wireless section encryption algorithm;
  
  a length part which designates the length of a wireless section encryption key; and
  
  a key value part which represents the wireless section encryption key.

2. A method of exchanging a wireless section encryption key using a key descriptor between a wireless LAN terminal and an access point, the method comprising:
- (a) receiving a master session key from an authentication server through the access point and sharing the wireless LAN terminal and the master session key;
  
  (b) generating a plurality of encrypted key materials in the access point, wherein (b) further comprises;
  
  (b1) generating a tag which designates a wireless section encryption algorithm;
  
  (b2) calculating the length of a wireless section encryption key of the encryption algorithm indicated by the tag; and
  
  (b3) generating an actual value of the encryption key;
  
  (c) transmitting the key descriptor including the plurality of encrypted key materials on the basis of the master session key and the key initial vector, to the wireless LAN terminal;
  
  (d) detecting a first wireless section encryption key from a first encrypted key material of the key descriptor received by the wireless LAN terminal based on a type of algorithm used in encrypting the plurality of encrypted key materials; and
  
  re-keying wireless section encryption with a second wireless session encryption key that is formed by the wireless LAN terminal from a second encrypted material of the plurality of encrypted key materials that is after the first encrypted key material.
- View Dependent Claims (3, 4)
- - 3. The method of claim 2, wherein (b1) further comprises arranging the tag randomly.
  - 4. A computer readable recording medium on which a program for executing the method of claim 2 in a computer is recorded.

5. A method of exchanging wireless data between a wireless LAN terminal and an access point, the method comprising:
- (a) generating a plurality of encrypted key materials in the access point, wherein (a) further comprises;
  
  (a1) generating a tag which designates a wireless section encryption algorithm;
  
  (a2) calculating the length of a wireless section encryption key of the encryption algorithm indicated by the tag; and
  
  (a3) generating an actual value of the encryption key;
  
  (b) transmitting a key descriptor including the plurality of encrypted key materials to the wireless LAN terminal and detecting a first wireless section encryption key from a first encrypted key material of the key descriptor received by the wireless LAN terminal based on the type of algorithm used to encrypt the plurality of encrypted key materials;
  
  (c) encrypting data according to the algorithm designated in a tag field through the access point and transmitting encrypted data with the tag; and
  
  (d) receiving the encrypted data through the wireless LAN terminal and decrypting the data on the basis of the algorithm and the first wireless section encryption key,wherein a second wireless session encryption key that is formed by the wireless LAN terminal from a second encrypted material of the plurality of encrypted key materials after the first encrypted key material operates as a new wireless section encryption key that is different from the first encryption key for re-keying wireless LAN terminal encryption.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The method of claim 5, wherein (c) comprises (c1) designating different algorithms for each tag field and encrypting the tag field according to the different algorithms.
  - 7. The method of claim 6, wherein (c1) further comprises arranging the tag randomly.
  - 8. The method of claim 5, wherein in (c), the tag field is encrypted using the master session key as an encryption key and using a symmetrical key algorithm between the wireless LAN terminal and the access point.
  - 9. A computer readable recording medium on which a program for executing the method of claim 5 in a computer is recorded.

10. An access point, which constitutes at least one wireless LAN terminal, an authentication server, and a network, the access point comprising:
- an arithmetic processor which processes data communicated with the network and performs the control of the access point;
  
  a master session key receiver which receives a master session key from the authentication server and stores the master session key;
  
  a security processor which encrypts a key material according to an encryption algorithm indicated by a key descriptor type using the master session key and a key initial vector as an encryption key;
  
  a transmitter which outputs a key descriptor including the encrypted key material; and
  
  an interface which transmits and receives the key descriptor output by the transmitter and data to and from the wireless LAN terminal,wherein the LAN terminal detects a first wireless section encryption key from a first encrypted key material of the key descriptor received by the wireless LAN terminal based on the indicated key descriptor type, and wherein the wireless LAN terminal forms a second encrypted key material from the plurality of other encrypted key materials after the first encrypted key material to operate as a new wireless LAN terminal encryption key that is different from the first encryption key for re-keying wireless LAN terminal encryption; and
  
  wherein the security processor comprises;
  
  a tag generator which generates a tag for designating an encryption algorithm to be used in a wireless section;
  
  an encryption key length generator which designates the length of a wireless section encryption key; and
  
  a key value generator which generates a wireless section encryption key value.
- View Dependent Claims (11)
- - 11. The access point of claim 10, wherein the security processor further includes a multiple cryptography unit, which designates different tag values for each data frame that is transmitted and received between the wireless LAN terminal and the access point, encrypts the data of each data frame according to a different encryption algorithm and outputs the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Kang, You-sung, Chung, Byung-ho
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
GERGISO, TECHANE

Application Number

US10/441,518
Publication Number

US 20040073796A1
Time in Patent Office

2,198 Days
Field of Search

713/171, 380/273, 380/279
US Class Current

713/171
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

H04W 84/12   WLAN [Wireless Local Area N...

Method of cryptographing wireless data and apparatus using the method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method of cryptographing wireless data and apparatus using the method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links