Methods and apparatus for providing an insertion and integrity protection system associated with a wireless communication platform

US 7,921,463 B2
Filed: 09/30/2005
Issued: 04/05/2011
Est. Priority Date: 09/30/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

performing a handshake exchange between a wireless supplicant of a host controller and a network interface device driver of the host controller to produce one or more integrity protection information, wherein the host controller resides in a wireless communication node, and wherein the one or more integrity protection information is not accessible to applications operating on the host controller other than the network interface device driver, wherein the one or more integrity protection information is based on one or more encryption keys;

generating a first data integrity value of a protocol data unit (PDU) at the network interface device driver, wherein the first data integrity value is based on the one or more integrity protection information;

storing the first data integrity value in a message integrity check field of the PDU;

providing the one or more integrity protection information and the PDU, separately, to a network interface device operatively coupled to the network interface device driver, wherein the network interface device resides in the wireless communication node;

generating a second data integrity value of the PDU at the network interface device based on the one or more integrity protection information provided to the network interface device;

comparing the first data integrity value of the PDU and the second data integrity value of the PDU at the network interface device;

identifying a condition indicative of integrity of the PDU based on the comparison of the first and second data integrity values; and

transmitting the PDU through the network interface device if the condition indicative of integrity is met.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of methods and apparatus for providing an insertion and integrity protection system associated with a wireless communication platform are generally described herein. Other embodiments may be described and claimed.

222 Citations

30 Claims

1. A method comprising:
- performing a handshake exchange between a wireless supplicant of a host controller and a network interface device driver of the host controller to produce one or more integrity protection information, wherein the host controller resides in a wireless communication node, and wherein the one or more integrity protection information is not accessible to applications operating on the host controller other than the network interface device driver, wherein the one or more integrity protection information is based on one or more encryption keys;
  
  generating a first data integrity value of a protocol data unit (PDU) at the network interface device driver, wherein the first data integrity value is based on the one or more integrity protection information;
  
  storing the first data integrity value in a message integrity check field of the PDU;
  
  providing the one or more integrity protection information and the PDU, separately, to a network interface device operatively coupled to the network interface device driver, wherein the network interface device resides in the wireless communication node;
  
  generating a second data integrity value of the PDU at the network interface device based on the one or more integrity protection information provided to the network interface device;
  
  comparing the first data integrity value of the PDU and the second data integrity value of the PDU at the network interface device;
  
  identifying a condition indicative of integrity of the PDU based on the comparison of the first and second data integrity values; and
  
  transmitting the PDU through the network interface device if the condition indicative of integrity is met.
- View Dependent Claims (2, 3, 4, 5, 6, 28, 29, 30)
- - 2. A method as defined in claim 1 further comprising generating the first data integrity value at the network interface device driver based further on one or more sequence values, and providing the one or more encryption keys to the network interface device.
  - 3. A method as defined in claim 1 further comprising storing the PDU in a host storage device accessible by the network interface device.
  - 4. A method as defined in claim 1 further comprising synchronizing one or more sequence counters associated with the network interface device driver and the network interface device.
  - 5. A method as defined in claim 1 further comprising discarding the PDU in response to identifying an illegal condition or an invalid condition associated with the PDU based on at least one of a condition of a sequence value associated with the PDU or comparison of the first and second data integrity values.
  - 6. A method as defined in claim 1 further comprising performing a remedial action based on the condition, wherein the remedial action comprises at least one of generating one of an event report or an event log, transmitting a notification to a management console, terminating network traffic associated with a network, or controlling rate of the network traffic.
  - 28. A method as defined in claim 1, further comprising generating the first data integrity value at the network interface device driver based on one or more immutable bit fields of a PDU.
  - 29. A method as defined in claim 1, further comprising protecting the one or more integrity protection information by storing the one or more integrity protection information at a volatile memory area where access to the one or more integrity protection information is granted to the network interface device driver via a system management interrupt (SMI).
  - 30. A method as defined in claim 1, further comprising storing the one or more integrity protection information in a local storage device of the network interface device.

7. An article of manufacture comprising:
- a non-transitory storage medium; and
  
  a plurality of programming instructions stored on the storage medium, which, in response to execution of the plurality of programming instructions by a computing device, cause the computing device to;
  
  perform a handshake exchange between a wireless supplicant of a host controller and a network interface device driver of the host controller to produce one or more integrity protection information, wherein the host controller resides in the computing device, and wherein the one or more integrity protection information is not accessible to applications operating on the host controller other than the network interface device driver, wherein the one or more integrity protection information is based on one or more encryption keys;
  
  generate a first data integrity value of a protocol data unit (PDU) at the network interface device driver of the computing device, wherein the first data integrity value is based on the one or more integrity protection information, and wherein the PDU includes the first data integrity value in a message integrity check field of the PDU;
  
  provide the one or more integrity protection information and the PDU, separately, to a network interface device operatively coupled to the network interface device driver, wherein the network interface device resides in the computing device;
  
  generate a second data integrity value of the PDU at the network interface device based on the one or more integrity protection information provided to the network interface device;
  
  compare the first data integrity value and the second data integrity value of the PDU at the network interface device,;
  
  identify a condition indicative of integrity of the data traffic based on the comparison of the first and second data integrity values; and
  
  transmit the PDU through the network interface device if the condition indicative of integrity is met.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. An article of manufacture as defined in claim 7, wherein the plurality of programming instructions configured to program a computing device to generate the first data integrity value at the network interface device driver based further on one or more sequence values, and provide the one or more encryption keys to the network interface device.
  - 9. An article of manufacture as defined in claim 7, wherein the plurality of programming instructions configured to program a computing device to generate the second data integrity value at the network interface device based on one or more encryption keys generated by the network interface device driver and one or more sequence values synchronized by the network interface device driver.
  - 10. An article of manufacture as defined in claim 7, wherein the plurality of programming instructions configured to program a computing device to retrieve the PDU from a host storage device accessible by the network interface device.
  - 11. An article of manufacture as defined in claim 7, wherein the plurality of programming instructions configured to program a computing device to encrypt the PDU and transmit the PDU via a wireless link in response to identifying one of a legal condition or a valid condition of integrity of the PDU based on a condition of a sequence value associated with the PDU and comparison of the first and second data integrity values.
  - 12. An article of manufacture as defined in claim 7, wherein the plurality of programming instructions configured to program a computing device to discard the PDU in response to identifying one of an illegal condition or an invalid condition of integrity of the PDU based on at least one of a condition of a sequence value associated with the PDU or comparison of the first and second data integrity values.
  - 13. An article of manufacture as defined in claim 7, wherein the plurality of programming instructions configured to program a computing device to perform a remedial action based on the condition, and wherein the remedial action comprises at least one of generating one of an event report or an event log, transmitting a notification to a management console, terminating network traffic associated with a network, or controlling rate of the network traffic.

14. An apparatus comprising:
- a network interface device driver of a wireless station configured to generate a first data integrity value of a protocol data unit (PDU), wherein the first data integrity value is based on one or more integrity protection information generated from a handshake exchange between a wireless supplicant of a host controller of the wireless station and the network interface device driver, wherein the network interface device driver reside in the host controller, wherein the one or more integrity protection information is based on one or more encryption keys generated by the network interface device driver and is not accessible to applications operating on the host controller other than the network interface device driver, and wherein the PDU includes the first data integrity value in a message integrity check field of the PDU; and
  
  a network interface device residing in the wireless station and operatively coupled to the network interface device driver, and configured to;
  
  obtain the one or more integrity protection information and the PDU separately from the network interface device driver,generate a second data integrity value of the PDU based on the one or more integrity protection information separately obtained by the network interface device,compare the first and second data integrity values,identify a condition indicative of integrity of the PDU based on comparison of the first and second data integrity values, andtransmit the PDU if the condition indicative of integrity is met.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. An apparatus as defined in claim 14, wherein the network interface device driver is configured to generate the first data integrity value based further on one or more sequence values, and to provide the one or more encryption keys to the network interface device.
  - 16. An apparatus as defined in claim 14, wherein the network interface device driver is configured to store the PDU in a host storage device accessible by the network interface device.
  - 17. An apparatus as defined in claim 14, wherein the network interface device driver is configured to synchronize one or more sequence counters associated with the network interface device driver and the network interface device.
  - 18. An apparatus as defined in claim 14, wherein the network interface device is configured to generate the second data integrity value based further on one or more sequence values synchronized by the network interface device driver.
  - 19. An apparatus as defined in claim 14, wherein the network interface device is configured to encrypt the PDU and transmit the PDU via a wireless link in response to identifying a legal condition or a valid condition associated with the PDU based on a condition of a sequence value associated with the PDU and comparison of the first and second data integrity values.
  - 20. An apparatus as defined in claim 14, wherein the network interface device is configured to discard the PDU in response to identifying one of an illegal condition or an invalid condition associated with the PDU based on at least one of a condition of a sequence value associated with the PDU or comparison of the first and second data integrity values.
  - 21. An apparatus as defined in claim 14, wherein the network interface device is configured to perform a remedial action based on the condition, and wherein the remedial action comprises at least one of generating one of an event report or an event log, transmitting a notification to a management console, terminating network traffic to a network, or controlling rate of the network traffic.

22. A system comprising:
- a processor;
  
  a network interface device driver operatively coupled to the processor and configured to generate a first data integrity value of a protocol data unit (PDU), wherein the first data integrity value is based on one or more integrity protection information generated from a handshake exchange between a wireless supplicant of a host controller of the system and the network interface device driver, wherein the one or more integrity protection information is based on one or more encryption keys generated by the processor and is not accessible to applications operating on the host controller other than the network interface device driver, and wherein the PDU includes the first data integrity value in a message integrity check field of the PDU;
  
  a network interface card operatively coupled to the processor and the network interface device driver, and configured to;
  
  obtain the one or more integrity protection information and the PDU separately from the processor,generate a second data integrity value of the PDU based on the one or more integrity protection information separately obtained by the network interface device,compare the first and second data integrity values,identify a condition indicative of integrity of the PDU based on the comparison of the first and second data integrity values, andtransmit the PDU if the condition indicative of integrity is met; and
  
  an omni-directional antenna operatively coupled to the network interface card.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. A system as defined in claim 22, wherein the network interface card is configured to retrieve the PDU from a host memory, and wherein the PDU includes the first data integrity value in a message integrity check field.
  - 24. A system as defined in claim 22, wherein the network interface card is configured to generate the second data integrity value based further on one or more sequence values synchronized by the processor.
  - 25. A system as defined in claim 22, wherein the network interface card is configured to encrypt the PDU and transmit the PDU via a wireless link in response to identifying a legal condition or a valid condition associated with the PDU based on a condition of a sequence value associated with the PDU and comparison of the first and second data integrity values.
  - 26. A system as defined in claim 22, wherein the network interface card is configured to discard the PDU in response to identifying one of an illegal condition or an invalid condition associated with the PDU based on at least one of a condition of a sequence value associated with the PDU or comparison of the first and second data integrity values.
  - 27. A system as defined in claim 22, wherein the network interface card is configured to perform a remedial action based on the condition, and wherein the remedial action comprises at least one of generating one of an event report or an event log, transmitting a notification to a management console, terminating network traffic to a network, or controlling rate of the network traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Schluessler, Travis T., Lord, Christopher, Sood, Kapil
Primary Examiner(s)
Arani; Taghi T
Assistant Examiner(s)
PLECHA, THADDEUS J

Application Number

US11/239,976
Publication Number

US 20070076885A1
Time in Patent Office

2,013 Days
Field of Search

719321-327, 713/181, 726/26, 707/698
US Class Current

726/26
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04L 63/123   received data contents, e.g...

H04L 63/1441   Countermeasures against mal...

H04W 12/03   Protecting confidentiality,...

H04W 12/10   Integrity

H04W 12/128   Anti-malware arrangements, ...

Methods and apparatus for providing an insertion and integrity protection system associated with a wireless communication platform

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

222 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for providing an insertion and integrity protection system associated with a wireless communication platform

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

222 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links