Apparatus and method for protection of management frames

US 7,890,745 B2
Filed: 01/11/2006
Issued: 02/15/2011
Est. Priority Date: 01/11/2006
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a receiver of a station configured to receive, from an access point when the station is in an unassociated and unauthenticated state with respect to the access point, a wireless communication including a beacon frame or a probe response frame having a first plurality of parameters related to network capability information, and to receive, from the access point during a four-way handshake key distribution process, a message 3 frame of the four-way handshake including a second plurality of parameters corresponding to at least a subset of the first plurality of parameters related to network capability information contained in the beacon frame or the probe response frame;

an authentication module coupled to the receiver to compare respective ones of the second plurality of parameters with corresponding ones of the first plurality of parameters to determine whether they are the same; and

a transmitter coupled to the authentication module and configured to transmit data in response to a determination that the respective ones of the second plurality of parameters and the corresponding ones of the first plurality of parameters are same.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, methods and apparatus to protect management frames are generally described herein. Other embodiments may be described and claimed.

53 Citations

View as Search Results

31 Claims

1. An apparatus comprising:
- a receiver of a station configured to receive, from an access point when the station is in an unassociated and unauthenticated state with respect to the access point, a wireless communication including a beacon frame or a probe response frame having a first plurality of parameters related to network capability information, and to receive, from the access point during a four-way handshake key distribution process, a message 3 frame of the four-way handshake including a second plurality of parameters corresponding to at least a subset of the first plurality of parameters related to network capability information contained in the beacon frame or the probe response frame;
  
  an authentication module coupled to the receiver to compare respective ones of the second plurality of parameters with corresponding ones of the first plurality of parameters to determine whether they are the same; and
  
  a transmitter coupled to the authentication module and configured to transmit data in response to a determination that the respective ones of the second plurality of parameters and the corresponding ones of the first plurality of parameters are same.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 27, 28, 29, 30, 31)
- - 2. The apparatus according to claim 1 further comprising a transmitter configured to terminate an association with the access point in response to a determination that at least one of the second plurality of parameters and the corresponding one of the first plurality of parameters are not the same.
  - 3. The apparatus according to claim 1, wherein the first plurality of parameters related to network capability information received by the receiver in the wireless communication include a first plurality of static parameters and a first plurality of dynamic parameters.
  - 4. The apparatus according to claim 3, wherein the receiver is further configured to receive, from the access point, another wireless communication including an action frame having a second plurality of dynamic parameters after the station is in an associated and authenticated state with respect to the access point, the second plurality of dynamic parameters corresponding to at least a subset of the first plurality of dynamic parameters related to network capability information, and at least one of the second plurality of dynamic parameters of the action frame including an updated value of one of the first plurality of dynamic parameters.
  - 5. The apparatus according to claim 3, wherein the at least a subset of the first plurality of parameters includes the first plurality of static parameters.
  - 6. The apparatus according to claim 4, wherein the at least a subset of the first plurality of parameters includes the first plurality of static parameters and the first plurality of dynamic parameters.
  - 7. The apparatus according to claim 4, wherein the action frame has a format in accordance with IEEE 802.11e.
  - 8. The apparatus according to claim 4, wherein the receiver is further configured to receive a message 1 frame of the four-way handshake which includes a first nonce, the transmitter is configured to transmit after the message 1 frame a message 2 frame of the four-way handshake which includes a second nonce and a first security parameter, the receiver is further configured to receive after the message 2 frame in the message 3 frame of the four-way handshake which includes the second plurality of parameters, a group temporary key and a second security parameter;
    - and the transmitter is further configured to transmit a message 4 frame of the four-way handshake which includes an acknowledgement.
  - 9. The apparatus according to claim 4, wherein the second plurality of parameters are a plurality of encrypted parameters and the action frame is an encrypted action frame.
  - 27. The apparatus of claim 1, wherein the receiver is further configured to receive the second plurality of parameters during a point in the key distribution process that occurs after a negotiation of a group cipher and an encrypted key data field includes the second plurality of parameters and a group temporary key.
  - 28. The apparatus of claim 3, wherein the first plurality of static parameters comprise a Beacon Interval and a Physical parameter set further including a frequency hopping (FH) parameter, a direct-sequence (DS) parameter, a channel number used by a network, a contention free (CF) parameter and an Independent BSS (IBSS) parameter set.
  - 29. The apparatus of claim 3, wherein the first plurality of dynamic parameters related to network capability information comprise a Timestamp, a Traffic Information Map (TIM), and an Enhanced Distribution Channel Access (EDCA) parameter set established in IEEE 802.11e.
  - 30. The apparatus of claim 3, wherein the second plurality of parameters received in the message 3 frame of the four-way handshake correspond to at least a subset of the first plurality of static parameters.
  - 31. The apparatus of claim 3, wherein the second plurality of parameters received in the message 3 frame of the four-way handshake correspond to at least a subset of the first plurality of dynamic parameters that are not anticipated to change between the first wireless transmission and the second wireless transmission unless there is a forgery or transmission error.

10. A method comprising:
- receiving, by a receiver of a station, an unencrypted wireless communication from an access point including a management frame having a first plurality of parameters related to network capability information, wherein the management frame comprises a beacon frame or a probe response frame;
  
  receiving, by the receiver of the station, during a four-way handshake key distribution process, a message 3 frame of the four-way handshake including a second plurality of parameters corresponding to at least a subset of the first plurality of parameters related to network capability information contained in the beacon frame or the probe response frame;
  
  comparing respective ones of the second plurality of parameters with the corresponding ones of the first plurality of parameters to determine whether they are the same; and
  
  terminating an association with the access point in response to a determination that that at least one of the second plurality of parameters and the corresponding one of the first plurality of parameters are not the same, or establishing an association with the access point in response to a determination that the respective ones of the plurality of second parameters and the corresponding ones of the plurality of first parameters are the same.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method according to claim 10, wherein the first plurality of parameters related to network capability information received by the receiver include a first plurality of static parameters and a first plurality of dynamic parameters.
  - 12. The method according to claim 11, further comprises:
    - after determining that the respective ones of the second plurality of parameters and the corresponding ones of the first plurality of parameters are the same and after establishing the association with the access point, receiving another wireless communication including an action frame having a second plurality of dynamic parameters corresponding to at least a subset of the first plurality of dynamic parameters, and at least one of the second plurality of dynamic parameters of the action frame including an updated value of the corresponding one of the first plurality of dynamic parameters.
  - 13. The method according to claim 11, wherein the at least a subset of the first plurality of parameters includes the first plurality of static parameters.
  - 14. The method according to claim 12, wherein the at least a subset of the first plurality of parameters includes the first plurality of static parameters and the first plurality of dynamic parameters.
  - 15. The method according to claim 12, wherein the action frame having a format in accordance with IEEE 802.11e.
  - 16. The method according to claim 12, further comprising:
    - receiving a message 1 frame of the four-way handshake which includes a first nonce;
      
      after receiving the message 1 frame, conveying a message 2 frame of the four-way handshake which includes a second nonce and a first security parameter;
      
      after conveying the message 2 frame, receiving the message 3 frame of the four-way handshake which includes the second plurality of parameters, a group temporary key and a second security parameter; and
      
      after receiving the message 3 frame, conveying a message 4 frame of the four-way handshake which includes an acknowledgement.
  - 17. The method according to claim 12, wherein the second plurality of parameters is a plurality of encrypted parameters and the action frame is an encrypted action frame.

18. An article comprising a non-transitory storage medium;
- and a plurality of instructions stored in the non-transitory storage medium, the plurality of instructions designed to enable an apparatus to receive an unencrypted wireless communication including a management frame having a first plurality of parameters related to network capability information;
  
  to receive, during a four-way handshake key distribution process, a message 3 frame of the four-way handshake including a second plurality of parameters corresponding to at least a subset of the first plurality of parameters related to network capability information contained in the management frame;
  
  to compare respective ones of the second plurality of parameters with corresponding ones of the first plurality of parameters to determine whether they are the same; and
  
  to generate an indication based on said determination;
  
  wherein the management frame comprises a beacon frame or a probe response frame.
- View Dependent Claims (19, 20)
- - 19. The article according to claim 18, wherein the first plurality of parameters related to network capability information are to include a first plurality of static parameters and a first plurality of dynamic parameters.
  - 20. The article according to claim 19, wherein the plurality of instructions are further designed to receive, after determining that the respective ones of the second plurality of parameters and the corresponding ones of the first plurality of parameters are the same, another wireless communication including an action frame having a second plurality of dynamic parameters corresponding to at least a subset of the first plurality of dynamic parameters, and at least one of the second plurality of dynamic parameters of the action frame including an updated value of the corresponding one of the first plurality of dynamic parameter.

21. A system, comprising:
- a plurality of omnidirectional antennas;
  
  an authenticator wireless transmitter coupled to the antennas and configured to transmit to a supplicant an unencrypted wireless communication including a management frame having a first plurality of parameters related to network capability information, wherein the management frame comprises a beacon frame or a probe response frame;
  
  a wireline based transceiver configured to transmit and receive data from an authentication server; and
  
  an authenticator module coupled to the authenticator transmitter and the transceiver to access one or more security parameters from the authenticator server to generate a second plurality of parameters corresponding to at least a subset of the first plurality of parameters related to network capability information contained in the management frame, and to transmit via the authenticator transmitter to the supplicant, during a four-way handshake key distribution process, a message 3 frame of the four-way handshake including the second plurality of parameters.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The system according to claim 21, wherein the supplicant includes an authentication module to compare respective ones of the second plurality of parameters with corresponding ones of the first plurality of parameters to determine whether they are the same, and a supplement transmitter, coupled to the authentication module, to send an acknowledgement to the system if they are the same.
  - 23. The system according to claim 22, wherein the first plurality of parameters related to the network capability information include a first plurality of static parameters and a first plurality of dynamic parameters.
  - 24. The system according to claim 22, wherein the authenticator module is further configured to transmit via the authenticator transmitter, after the transmission of the acknowledgment, another wireless communication including an encrypted action frame having a second plurality of dynamic parameters corresponding to at least a subset of the first plurality of dynamic parameters, and at least one of the second plurality of dynamic parameters of the encrypted action frame including an updated value of the corresponding one of the first plurality of dynamic parameters.
  - 25. The system according to claim 24, wherein the action frame having a format in accordance with IEEE 802.11e.
  - 26. The system according to claim 24, wherein the authenticator module is further configured to transmit via the authenticator transmitter to the supplicant a message 1 frame of the four-way handshake which includes a first nonce;
    - the supplicant, after receiving the message 1 frame, is configured to transmit via the supplicant transmitter to the system a message 2 frame of the four-way handshake which includes a second nonce and a first security parameter;
      
      the authenticator module, after receiving the message 2 frame, is further configured to transmit via the authenticator transmitter the message 3 frame of the four-way handshake which includes the second plurality of parameters, a group temporary key and a second security parameter; and
      
      the supplicant, after receiving message 3 frame, is further configured to transmit via the supplement transmitter to the system a message 4 frame of the four-way handshake which includes the acknowledgement.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Qi, Emily H., Walker, Jesse R.
Primary Examiner(s)
Arani; Taghi T
Assistant Examiner(s)
MEHEDI, MORSHED D

Application Number

US11/330,568
Publication Number

US 20070192832A1
Time in Patent Office

1,861 Days
Field of Search

713/150, 713/151, 726/3
US Class Current

713/150
CPC Class Codes

G06Q 20/3821   Electronic credentials

H04L 63/12   Applying verification of th...

H04W 12/106   Packet or message integrity

H04W 12/108   Source integrity

H04W 28/18   Negotiating wireless commun...

H04W 84/12   WLAN [Wireless Local Area N...

Apparatus and method for protection of management frames

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for protection of management frames

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links