Methods and apparatus for a keying mechanism for end-to-end service control protection
First Claim
Patent Images
1. A method comprising:
- providing, by a first access point (AP) of an extended service set (ESS) of a wireless network to a mobile station (STA), a service controller identification of a service controller of the ESS, said providing to occur when associating the STA with the ESS, wherein the service controller comprises a paging or location service controller;
receiving, by the first AP from the STA, a service configuration request that includes a requested service type and a first random number generated by the STA in response to receipt of the service controller identification;
forwarding, by the first AP to the service controller, the service configuration request on behalf of the STA, for the service controller to symmetrically generate a temporal integrity pairwise key (TIPK), the TIPK to facilitate secured control communication between the service controller and the STA using a second access point (AP), the TIPK comprising the first random number and a second random number to be generated by the service controller in response to receipt of the first random number, the TIPK being generated using a service pairwise key (SPK) derived, by at least the service controller, from a distributed key or a pre-shared key (PSK);
receiving from the service controller, by the first AP over a network communication link, a service configuration response that includes the second random number generated by the service controller; and
forwarding to the STA on behalf of the service controller, by the first AP, the service configuration response for the STA to symmetrically generate the TIPK for said secured control communication with the service controller.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide methods and apparatus for a keying mechanism for end-to-end service control protection within wireless networks. Other embodiments may be described and claimed.
21 Citations
22 Claims
-
1. A method comprising:
-
providing, by a first access point (AP) of an extended service set (ESS) of a wireless network to a mobile station (STA), a service controller identification of a service controller of the ESS, said providing to occur when associating the STA with the ESS, wherein the service controller comprises a paging or location service controller; receiving, by the first AP from the STA, a service configuration request that includes a requested service type and a first random number generated by the STA in response to receipt of the service controller identification; forwarding, by the first AP to the service controller, the service configuration request on behalf of the STA, for the service controller to symmetrically generate a temporal integrity pairwise key (TIPK), the TIPK to facilitate secured control communication between the service controller and the STA using a second access point (AP), the TIPK comprising the first random number and a second random number to be generated by the service controller in response to receipt of the first random number, the TIPK being generated using a service pairwise key (SPK) derived, by at least the service controller, from a distributed key or a pre-shared key (PSK); receiving from the service controller, by the first AP over a network communication link, a service configuration response that includes the second random number generated by the service controller; and forwarding to the STA on behalf of the service controller, by the first AP, the service configuration response for the STA to symmetrically generate the TIPK for said secured control communication with the service controller. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus comprising:
-
a transmit block adapted to transmit, for a mobile station (STA) hosting the apparatus, a service configuration request and service control messages to a service controller of an extended service set (ESS) of a wireless network via a first access point (AP) of the ESS, wherein the service controller comprises a paging or location service controller; a receive block operatively coupled to the transmit block and adapted to receive a service configuration response and service control messages from the service controller via the first AP over a network communication link between the service controller and the first AP; and a control block operatively coupled to the transmit and receive blocks, the control block being adapted to generate a first random number for inclusion with a service configuration request message that includes a requested service type, on receipt of a service controller identification when associating the STA with the extended service set (ESS), and to symmetrically generate a temporal integrity pairwise key (TIPK) for secured control communication between the service controller and the STA using a second access point (AP), the TIPK comprising the first random number and a second random number received with a service configuration response message, the second random number generated by the service controller in response to the receipt of the first random number, the TIPK being generated using a service pairwise key (SPK) derived, by at least the service controller, from a distributed key or a pre-shared key (PSK). - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 22)
-
-
14. A system comprising:
-
an antenna; a service controller operatively coupled to the antenna to control a service for an extended service set (ESS) of a wireless network, wherein the service controller comprises a paging or location service controller, the service controller being adapted to receive a service configuration message sent by a mobile station (STA) via a network communication link with a first access point (AP) of the ESS, the service configuration message including a first random number generated by the STA and a requested service type, and to transmit a service configuration response message that includes a second random number to the first AP of the ESS for forwarding to the STA, the service controller being further adapted to generate the second random number and to symmetrically generate a unique temporal integrity pairwise key (TIPK) for secured control message communication between the service controller and the STA using a second access point (AP), the TIPK comprising the first random number and the second random number, the TIPK being generated using a service pairwise key (SPK) derived, by at least the service controller, from a distributed key or a pre-shared key (PSK). - View Dependent Claims (15, 16)
-
-
17. An article of manufacture comprising:
-
a memory device or other storage device; and a plurality of instructions stored in the memory device or the other storage device and designed to enable a mobile station (STA) to perform a plurality of STA operations, a service controller of an extended service set (ESS) of a wireless network to perform a plurality of service controller operations, or both, wherein the service controller comprises a paging or location service controller; the plurality of STA operations including; receiving, for a first STA from a first service controller via a network communication link with a first access point (AP), a service controller identification as part of associating the first STA with the ESS; generating a first random number for the first STA in response to receipt of the service controller identification; transmitting for the first STA to the first service controller, via the first AP, a first service configuration request that includes the first random number generated by the first STA and a requested service type; receiving, for the first STA, via the first AP, a first service configuration response that includes a second random number generated by the first service controller in response to receipt of the first random number; and generating, for the first STA, a first temporal integrity pairwise key (TIPK) for secured control communication between the first service controller and the first STA using a second AP, the first TIPK comprising the first and second random numbers, for secured control message communication between the first STA and the first service controller, the first TIPK being symmetric to a TIPK generated at the first service controller; the plurality of service controller operations including; receiving, for a second service controller, a second service configuration request sent by a second STA via a third access point (AP), the service configuration request including a third random number generated by the second STA and a requested service type; generating by the second service controller a fourth random number, in response to receipt of the third random number; sending, to the second STA via a network communication link with the third AP, a second service configuration response that includes the fourth random number; and generating a second TIPK for secured control communication between the second service controller and the second STA using a fourth access point (AP), the second TIPK comprising the third and fourth random numbers to control secured control message communication between the second STA and the second service controller, the second TIPK being symmetric to a TIPK being generated by the second STA; wherein the first TIPK or the second TIPK are generated using a service pairwise key (SPK) derived, by at least the first or the second service controller, from a distributed key or a pre-shared key (PSK). - View Dependent Claims (18, 19, 20, 21)
-
Specification