User control of a secure wireless computer network

US 7,596,223 B1
Filed: 09/12/2000
Issued: 09/29/2009
Est. Priority Date: 09/12/2000
Status: Active Grant

First Claim

Patent Images

1. A computerized method of establishing a secure wireless communication channel between an access point and a station, the channel being encrypted with a channel key, the method comprising:

the access point receiving a connection request from the station to initiate a setup connection between the access point and the station;

the access point sending a shared key to the station in response to the connection request if the access point is capable of handling a connection to the station;

the access point selecting a secret access point key subsequent to sending the shared key;

the access point generating a self-distributed key using the secret access point key;

the access point generating a first value using the secret access point key and a second value from the station, wherein the second value has been generated by the station using a secret station key;

the access point sending the first value to the station, wherein the station uses the first value and the secret station key to calculate the self-distributed key;

the access point receiving an encrypted user name and an encrypted password from the station, wherein the station has encrypted the user name and the password with the self-distributed key; and

the access point decrypting the user name and the password to check for validity;

the access point encrypting the channel key using the self-distributed key if the user name and the password are valid; and

the access point sending the encrypted channel key to the station to cause the station to terminate the setup connection and to establish a secured connection with the access point using the channel key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless network is established between a station and an access point for the network using a sequence of messages that securely transmit authentication information from the station to the access point for validation by the access point, and subsequently transmit a shared key necessary to establish the wireless network from the access point to the station when the station is validated.

Citations

13 Claims

1. A computerized method of establishing a secure wireless communication channel between an access point and a station, the channel being encrypted with a channel key, the method comprising:
- the access point receiving a connection request from the station to initiate a setup connection between the access point and the station;
  
  the access point sending a shared key to the station in response to the connection request if the access point is capable of handling a connection to the station;
  
  the access point selecting a secret access point key subsequent to sending the shared key;
  
  the access point generating a self-distributed key using the secret access point key;
  
  the access point generating a first value using the secret access point key and a second value from the station, wherein the second value has been generated by the station using a secret station key;
  
  the access point sending the first value to the station, wherein the station uses the first value and the secret station key to calculate the self-distributed key;
  
  the access point receiving an encrypted user name and an encrypted password from the station, wherein the station has encrypted the user name and the password with the self-distributed key; and
  
  the access point decrypting the user name and the password to check for validity;
  
  the access point encrypting the channel key using the self-distributed key if the user name and the password are valid; and
  
  the access point sending the encrypted channel key to the station to cause the station to terminate the setup connection and to establish a secured connection with the access point using the channel key.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the access point generating the self-distributed key using the secret access point key comprises:
    - the access point executing a security algorithm to generate the self-distributed key using the secret access point key.
  - 3. The method of claim 2, wherein the security algorithm comprises gⁿmod p.

4. A computerized method of establishing a secure wireless communication channel between an access point and a station, the channel being encrypted with a channel key, the method comprising:
- the station sending a connection request to the access point to initiate a setup connection between the access point and the station;
  
  the station generating a first value using a secret station key;
  
  the station sending the first value to the access point, wherein the access point uses the first value and secret access point key to generate a second value;
  
  the station receiving the second value from the access point;
  
  the station using the second value and a secret station key to calculate a self-distributed key previously generated by the access point using the secret access point key;
  
  the station encrypting a user name and a password with the self-distributed key; and
  
  sending the encrypted user name and encrypted password to the access point to be validated;
  
  the station receiving the channel key in an encrypted form from the access point if the user name and the password are validated by the access point; and
  
  the station decrypting the encrypted channel key using the self-distributed key;
  
  the station terminating the setup connection; and
  
  the station establishing a secured connection with the access point using the channel key decrypted.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein the access point executes a security algorithm to generate the self-distributed key using the secret access point key.
  - 6. The method of claim 5, wherein the security algorithm comprises gⁿmod p.

7. A computer-readable medium having stored thereon executable instructions to cause a processor to perform a method for establishing a secure wireless communication channel between an access point and a station, the channel being encrypted with a channel key, the method comprising:
- the access point receiving a connection request from the station to initiate a setup connection between the access point and the station;
  
  the access point sending a shared key to the station in response to the connection request if the access point is capable of handling a connection to the station;
  
  the access point selecting a secret access point key subsequent to sending the shared key;
  
  the access point generating a self-distributed key using the secret access point key;
  
  the access point generating a first value using the secret access point key and a second value from the station, wherein the second value has been generated by the station using a secret station key;
  
  the access point sending the first value to the station, wherein the station uses the first value and the secret station key to calculate the self-distributed key;
  
  the access point receiving an encrypted user name and an encrypted password from the station, wherein the station has encrypted the user name and the password with the self-distributed key; and
  
  the access point decrypting the user name and the password to check for validity;
  
  the access point encrypting the channel key using the self-distributed key if the user name and the password are valid; and
  
  the access point sending the encrypted channel key to the station to cause the station to terminate the setup connection and to establish a secured connection with the access point using the channel key.
- View Dependent Claims (8, 9)
- - 8. The computer-readable medium of claim 7, wherein the access point generating the self-distributed key using the secret access point key comprises:
    - the access point executing a security algorithm to generate the self-distributed key using the secret access point key.
  - 9. The computer-readable medium of claim 8, wherein the security algorithm comprises gⁿmod p.

10. A computer-readable medium having stored thereon executable instructions to cause a processor to perform a method for establishing a secure wireless communication channel between an access point and a station, the channel being encrypted with a channel key, the method comprising:
- the station sending a connection request to the access point to initiate a setup connection between the access point and the station;
  
  the station generating a first value using a secret station key;
  
  the station sending the first value to the access point, wherein the access point uses the first value and secret access point key to generate a second value;
  
  the station receiving the second value from the access point;
  
  the station using the second value and a secret station key to calculate a self-distributed key previously generated by the access point using the secret access point key;
  
  the station encrypting a user name and a password with the self-distributed key; and
  
  sending the encrypted user name and the encrypted password to the access point to be validated;
  
  the station receiving the channel key in an encrypted form from the access point if the user name and the password are validated by the access point; and
  
  the station decrypting the encrypted channel key using the self-distributed key;
  
  the station terminating the setup connection; and
  
  the station establishing a secured connection with the access point using the channel key decrypted.
- View Dependent Claims (11, 12)
- - 11. The computer-readable medium of claim 10, wherein the access point executes a security algorithm to generate the self-distributed key using the secret access point key.
  - 12. The computer-readable medium of claim 11, wherein the security algorithm comprises gⁿmod p.

13. A secure wireless network comprising:
- a station operable for sending a connection request to initiate a setup connection and for generating a first value using a secret station key;
  
  an access point wirelessly and communicably coupled to the station, the access point operable for sending a shared key to the station in response to the connection request if the access point is capable of handling a connection with the station, for selecting a secret access point key subsequent to sending the shared key, for generating a self-distributed key using the secret access point key, for generating a second value using the secret access point key and the first value from the station, for sending the first value to the station, and for encrypting a channel key using the self-distributed key if the user name and the password are validated and for sending the encrypted channel key to the station, wherein the station is further operable for calculating the self-distributed key using the second value and the secret station key, for encrypting a user name and a password with the self-distributed key, and for sending the encrypted user name and the encrypted password to the access point to be validated, and wherein the station is further operable for decrypting the encrypted channel key using the self-distributed key, for terminating the setup connection, and for establishing a secured connection with the access point using the channel key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc., Fluid Coupling Assembly
Original Assignee
Apple Inc.
Inventors
Vogel, "J" Leslie III
Primary Examiner(s)
Tran; Tongoc

Application Number

US09/659,864
Time in Patent Office

3,304 Days
Field of Search

713/200, 713/201, 713/150, 713/171, 713/168, 380/277, 380/271, 380/44, 380/270, 380/273
US Class Current

380/270
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/0822   using key encryption key

H04L 9/0844   with user authentication or...

User control of a secure wireless computer network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

User control of a secure wireless computer network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links