Method of cryptographing wireless data and apparatus using the method
First Claim
Patent Images
1. A system comprising:
- a wireless LAN terminal coupled to an access point device, the wireless LAN terminal and access point device operate to exchange a key descriptor, the key descriptor having a structure comprising;
a key initial vector which is a random number generated in the access point device;
a key descriptor type which indicates an encryption algorithm; and
a plurality of key materials encrypted according to the encryption algorithm of the key descriptor using the key initial vector and a master session key shared between the wireless LAN terminal and the access point device, a first encrypted key material to enable formation of a first encryption key,wherein a second wireless session encryption key that is formed by the wireless LAN terminal from a second encrypted material of the plurality of encrypted key materials after the first encrypted key material operates as a new encryption key that is different from the first encryption key for re-keying wireless LAN terminal encryption, andwherein each of the key materials comprises;
a tag part which designates a wireless section encryption algorithm;
a length part which designates the length of a wireless section encryption key; and
a key value part which represents the wireless section encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
A key descriptor structure exchanged between a wireless LAN terminal and an access point, and a method and apparatus for cryptographing wireless data are provided. The key descriptor structure includes a key initial vector which is a random number generated in the access point, a key descriptor type which indicates an encryption algorithm, and a plurality of key materials encrypted according to the encryption algorithm of the key descriptor using the key initial vector and a master session key shared between the wireless LAN terminal and the access point as an encryption key.
-
Citations
11 Claims
-
1. A system comprising:
-
a wireless LAN terminal coupled to an access point device, the wireless LAN terminal and access point device operate to exchange a key descriptor, the key descriptor having a structure comprising; a key initial vector which is a random number generated in the access point device; a key descriptor type which indicates an encryption algorithm; and a plurality of key materials encrypted according to the encryption algorithm of the key descriptor using the key initial vector and a master session key shared between the wireless LAN terminal and the access point device, a first encrypted key material to enable formation of a first encryption key, wherein a second wireless session encryption key that is formed by the wireless LAN terminal from a second encrypted material of the plurality of encrypted key materials after the first encrypted key material operates as a new encryption key that is different from the first encryption key for re-keying wireless LAN terminal encryption, and wherein each of the key materials comprises; a tag part which designates a wireless section encryption algorithm; a length part which designates the length of a wireless section encryption key; and a key value part which represents the wireless section encryption key.
-
-
2. A method of exchanging a wireless section encryption key using a key descriptor between a wireless LAN terminal and an access point, the method comprising:
-
(a) receiving a master session key from an authentication server through the access point and sharing the wireless LAN terminal and the master session key; (b) generating a plurality of encrypted key materials in the access point, wherein (b) further comprises; (b1) generating a tag which designates a wireless section encryption algorithm; (b2) calculating the length of a wireless section encryption key of the encryption algorithm indicated by the tag; and (b3) generating an actual value of the encryption key; (c) transmitting the key descriptor including the plurality of encrypted key materials on the basis of the master session key and the key initial vector, to the wireless LAN terminal; (d) detecting a first wireless section encryption key from a first encrypted key material of the key descriptor received by the wireless LAN terminal based on a type of algorithm used in encrypting the plurality of encrypted key materials; and re-keying wireless section encryption with a second wireless session encryption key that is formed by the wireless LAN terminal from a second encrypted material of the plurality of encrypted key materials that is after the first encrypted key material. - View Dependent Claims (3, 4)
-
-
5. A method of exchanging wireless data between a wireless LAN terminal and an access point, the method comprising:
-
(a) generating a plurality of encrypted key materials in the access point, wherein (a) further comprises; (a1) generating a tag which designates a wireless section encryption algorithm; (a2) calculating the length of a wireless section encryption key of the encryption algorithm indicated by the tag; and (a3) generating an actual value of the encryption key; (b) transmitting a key descriptor including the plurality of encrypted key materials to the wireless LAN terminal and detecting a first wireless section encryption key from a first encrypted key material of the key descriptor received by the wireless LAN terminal based on the type of algorithm used to encrypt the plurality of encrypted key materials; (c) encrypting data according to the algorithm designated in a tag field through the access point and transmitting encrypted data with the tag; and (d) receiving the encrypted data through the wireless LAN terminal and decrypting the data on the basis of the algorithm and the first wireless section encryption key, wherein a second wireless session encryption key that is formed by the wireless LAN terminal from a second encrypted material of the plurality of encrypted key materials after the first encrypted key material operates as a new wireless section encryption key that is different from the first encryption key for re-keying wireless LAN terminal encryption. - View Dependent Claims (6, 7, 8, 9)
-
-
10. An access point, which constitutes at least one wireless LAN terminal, an authentication server, and a network, the access point comprising:
-
an arithmetic processor which processes data communicated with the network and performs the control of the access point; a master session key receiver which receives a master session key from the authentication server and stores the master session key; a security processor which encrypts a key material according to an encryption algorithm indicated by a key descriptor type using the master session key and a key initial vector as an encryption key; a transmitter which outputs a key descriptor including the encrypted key material; and an interface which transmits and receives the key descriptor output by the transmitter and data to and from the wireless LAN terminal, wherein the LAN terminal detects a first wireless section encryption key from a first encrypted key material of the key descriptor received by the wireless LAN terminal based on the indicated key descriptor type, and wherein the wireless LAN terminal forms a second encrypted key material from the plurality of other encrypted key materials after the first encrypted key material to operate as a new wireless LAN terminal encryption key that is different from the first encryption key for re-keying wireless LAN terminal encryption; and wherein the security processor comprises; a tag generator which generates a tag for designating an encryption algorithm to be used in a wireless section; an encryption key length generator which designates the length of a wireless section encryption key; and a key value generator which generates a wireless section encryption key value. - View Dependent Claims (11)
-
Specification