Methods and apparatus for a keying mechanism for end-to-end service control protection

US 7,945,053 B2
Filed: 05/15/2006
Issued: 05/17/2011
Est. Priority Date: 05/15/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

providing, by a first access point (AP) of an extended service set (ESS) of a wireless network to a mobile station (STA), a service controller identification of a service controller of the ESS, said providing to occur when associating the STA with the ESS, wherein the service controller comprises a paging or location service controller;

receiving, by the first AP from the STA, a service configuration request that includes a requested service type and a first random number generated by the STA in response to receipt of the service controller identification;

forwarding, by the first AP to the service controller, the service configuration request on behalf of the STA, for the service controller to symmetrically generate a temporal integrity pairwise key (TIPK), the TIPK to facilitate secured control communication between the service controller and the STA using a second access point (AP), the TIPK comprising the first random number and a second random number to be generated by the service controller in response to receipt of the first random number, the TIPK being generated using a service pairwise key (SPK) derived, by at least the service controller, from a distributed key or a pre-shared key (PSK);

receiving from the service controller, by the first AP over a network communication link, a service configuration response that includes the second random number generated by the service controller; and

forwarding to the STA on behalf of the service controller, by the first AP, the service configuration response for the STA to symmetrically generate the TIPK for said secured control communication with the service controller.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide methods and apparatus for a keying mechanism for end-to-end service control protection within wireless networks. Other embodiments may be described and claimed.

21 Citations

View as Search Results

22 Claims

1. A method comprising:
- providing, by a first access point (AP) of an extended service set (ESS) of a wireless network to a mobile station (STA), a service controller identification of a service controller of the ESS, said providing to occur when associating the STA with the ESS, wherein the service controller comprises a paging or location service controller;
  
  receiving, by the first AP from the STA, a service configuration request that includes a requested service type and a first random number generated by the STA in response to receipt of the service controller identification;
  
  forwarding, by the first AP to the service controller, the service configuration request on behalf of the STA, for the service controller to symmetrically generate a temporal integrity pairwise key (TIPK), the TIPK to facilitate secured control communication between the service controller and the STA using a second access point (AP), the TIPK comprising the first random number and a second random number to be generated by the service controller in response to receipt of the first random number, the TIPK being generated using a service pairwise key (SPK) derived, by at least the service controller, from a distributed key or a pre-shared key (PSK);
  
  receiving from the service controller, by the first AP over a network communication link, a service configuration response that includes the second random number generated by the service controller; and
  
  forwarding to the STA on behalf of the service controller, by the first AP, the service configuration response for the STA to symmetrically generate the TIPK for said secured control communication with the service controller.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the service configuration request further comprises a medium access control (MAC) address of the STA.
  - 3. The method of claim 1, wherein the TIPK is further generated using bits 256-511 of the distributed key or the PSK, the TIPK comprising the SPK, the SPK comprising:
    - the distributed key or the PSK, at least part of a medium access control (MAC) address of the STA, the service controller identifier (ID), and a length for the SPK.
  - 4. The method of claim 3, wherein the TIPK further comprises a service type identifier, the first and second random numbers, and a length for the TIPK.
  - 5. The method of claim 1, wherein the TIPK provides for secured control communication of broadcast or multicast messages sent between the service controller and the STA using the second AP prior to association of the STA with the second AP.

6. An apparatus comprising:
- a transmit block adapted to transmit, for a mobile station (STA) hosting the apparatus, a service configuration request and service control messages to a service controller of an extended service set (ESS) of a wireless network via a first access point (AP) of the ESS, wherein the service controller comprises a paging or location service controller;
  
  a receive block operatively coupled to the transmit block and adapted to receive a service configuration response and service control messages from the service controller via the first AP over a network communication link between the service controller and the first AP; and
  
  a control block operatively coupled to the transmit and receive blocks, the control block being adapted to generate a first random number for inclusion with a service configuration request message that includes a requested service type, on receipt of a service controller identification when associating the STA with the extended service set (ESS), and to symmetrically generate a temporal integrity pairwise key (TIPK) for secured control communication between the service controller and the STA using a second access point (AP), the TIPK comprising the first random number and a second random number received with a service configuration response message, the second random number generated by the service controller in response to the receipt of the first random number, the TIPK being generated using a service pairwise key (SPK) derived, by at least the service controller, from a distributed key or a pre-shared key (PSK).
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 22)
- - 7. The apparatus of claim 6, wherein the control block is further adapted to generate the SPK, the SPK comprising the distributed key or the PSK, at least part of a medium access control (MAC) address of the STA, a service controller identifier (ID), and a length for the SPK.
  - 8. The apparatus of claim 7, wherein the control block is further adapted to generate the TIPK using bits 256-511 of the distributed key or the PSK, the TIPK comprising the SPK, the first and second random numbers, a service type identifier and a length for the TIPK.
  - 9. The apparatus of claim 6, wherein the TIPK is a location TIPK for a location service provided by the ESS, wherein the location TIPK is to secure a location control message transmitted by the transmit block to the service controller.
  - 10. The apparatus of claim 6, wherein the TIPK is a paging TIPK for a paging service provided by the ESS, wherein the paging TIPK is to secure a paging control message received by the receive block from the service controller.
  - 11. The apparatus of claim 6, wherein the control block is adapted to verify authenticity of control messages received from the service controller, subsequent to generation of the TIPK, by using the TIPK.
  - 12. The apparatus of claim 6, wherein:
    - the service controller identification is received from the first AP when associating the station with the first A; and
      
      the TIPK provides for secured control communication of broadcast or multicast messages sent between the service controller and the STA using the second AP prior to association of the STA with the second AP.
  - 13. The apparatus of claim 6, wherein at least the transmit and receive blocks are part of a transceiver having at least one common component.
  - 22. The apparatus of claim 9, wherein the location TIPK is to secure a location control message broadcasted or multicasted by the transmit block to multiple access points that forward the location control message to the service controller.

14. A system comprising:
- an antenna;
  
  a service controller operatively coupled to the antenna to control a service for an extended service set (ESS) of a wireless network, wherein the service controller comprises a paging or location service controller, the service controller being adapted to receive a service configuration message sent by a mobile station (STA) via a network communication link with a first access point (AP) of the ESS, the service configuration message including a first random number generated by the STA and a requested service type, and to transmit a service configuration response message that includes a second random number to the first AP of the ESS for forwarding to the STA, the service controller being further adapted to generate the second random number and to symmetrically generate a unique temporal integrity pairwise key (TIPK) for secured control message communication between the service controller and the STA using a second access point (AP), the TIPK comprising the first random number and the second random number, the TIPK being generated using a service pairwise key (SPK) derived, by at least the service controller, from a distributed key or a pre-shared key (PSK).
- View Dependent Claims (15, 16)
- - 15. The system of claim 14, wherein the service controller is adapted to generate the SPK, the SPK comprising the distributed key or the PSK, at least part of a medium access control (MAC) address of the STA, a service controller identifier (ID), and a length for the SPK, and to generate the TIPK using bits 256-511 of the distributed key or the PSK, the TIPK comprising the SPK, a service type identifier, the first and second random numbers, and a length for the TIPK.
  - 16. The system of claim 14, wherein the TIPK provides for secured control communication of broadcast or multicast messages sent between the service controller and the STA using the second AP prior to association of the STA with the second AP.

17. An article of manufacture comprising:
- a memory device or other storage device; and
  
  a plurality of instructions stored in the memory device or the other storage device and designed to enable a mobile station (STA) to perform a plurality of STA operations, a service controller of an extended service set (ESS) of a wireless network to perform a plurality of service controller operations, or both, wherein the service controller comprises a paging or location service controller;
  
  the plurality of STA operations including;
  
  receiving, for a first STA from a first service controller via a network communication link with a first access point (AP), a service controller identification as part of associating the first STA with the ESS;
  
  generating a first random number for the first STA in response to receipt of the service controller identification;
  
  transmitting for the first STA to the first service controller, via the first AP, a first service configuration request that includes the first random number generated by the first STA and a requested service type;
  
  receiving, for the first STA, via the first AP, a first service configuration response that includes a second random number generated by the first service controller in response to receipt of the first random number; and
  
  generating, for the first STA, a first temporal integrity pairwise key (TIPK) for secured control communication between the first service controller and the first STA using a second AP, the first TIPK comprising the first and second random numbers, for secured control message communication between the first STA and the first service controller, the first TIPK being symmetric to a TIPK generated at the first service controller;
  
  the plurality of service controller operations including;
  
  receiving, for a second service controller, a second service configuration request sent by a second STA via a third access point (AP), the service configuration request including a third random number generated by the second STA and a requested service type;
  
  generating by the second service controller a fourth random number, in response to receipt of the third random number;
  
  sending, to the second STA via a network communication link with the third AP, a second service configuration response that includes the fourth random number; and
  
  generating a second TIPK for secured control communication between the second service controller and the second STA using a fourth access point (AP), the second TIPK comprising the third and fourth random numbers to control secured control message communication between the second STA and the second service controller, the second TIPK being symmetric to a TIPK being generated by the second STA;
  
  wherein the first TIPK or the second TIPK are generated using a service pairwise key (SPK) derived, by at least the first or the second service controller, from a distributed key or a pre-shared key (PSK).
- View Dependent Claims (18, 19, 20, 21)
- - 18. The article of manufacture of claim 17, wherein the plurality of instructions are further designed to enable the first STA to generate the SPK, the SPK comprising the distributed key or the PSK, at least part of a medium access control (MAC) address of the first STA, a service controller identifier (ID), and a length for the SPK, and to enable the first STA to generate the first TIPK using bits 256-511 of the distributed key or the PSK, the TIPK comprising the SPK, a service type identifier, the first and second random numbers, and a length for the first TIPK;
    - andwherein the plurality of instructions are further designed to enable the second service controller to generate the SPK, the SPK comprising the distributed key or the PSK, at least part of a medium access control (MAC) address of the second STA, a service controller identifier (ID), and a length for the SPK, and to enable the second service controller to generate the second TIPK using bits 256-511 of the distributed key or the PSK, the TIPK comprising the SPK, a service type identifier, the third and fourth random numbers, and a length for the second TIPK.
  - 19. The article of manufacture of claim 17, wherein the plurality of instructions are further designed to enable the first STA to transmit messages to the first service controller that include the first TIPK, and to verify control messages received from the service controller by using the first TIPK;
    - andwherein the plurality of instructions are further designed to enable the second service controller to transmit messages to the second STA that include the second TIPK, and to verify control messages received from the STA by using the second TIPK.
  - 20. The article of manufacture of claim 17, wherein the TIPK provides for secured control communication of broadcast or multicast messages sent between the first service controller or the second service controller and the first STA or the second STA using the second AP or the fourth AP to forward the broadcast or multicast messages, prior to association of the first STA or the second STA with the second AP or the fourth AP.
  - 21. The article of manufacture of claim 17, wherein the first and second STA are the same STA, the first and second service controller are the same service controller, the first AP and the third AP are the same AP, the first and third random numbers are the same random number, and the second and fourth random numbers are the same random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Tsai, JR-Shian, Qi, Emily H., Walker, Jesse R.
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
SIMS, JING F

Application Number

US11/435,316
Publication Number

US 20070263873A1
Time in Patent Office

1,828 Days
Field of Search

380277-286, 380 44- 47
US Class Current

380/283
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/062   for key distribution, e.g. ...

H04L 9/083   involving central third par...

H04L 9/321   involving a third party or ...

H04W 12/0433   Key management protocols

Methods and apparatus for a keying mechanism for end-to-end service control protection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for a keying mechanism for end-to-end service control protection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links