Key synchronization mechanism for wireless LAN (WLAN)

US 8,582,773 B2
Filed: 07/27/2004
Issued: 11/12/2013
Est. Priority Date: 07/29/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A key synchronization method for a wireless network comprising:

setting a current encryption key and an old encryption key at an access point in the wireless network;

generating a new encryption key at the access point;

resetting at the access point the current encryption key to equal the newly generated encryption key;

resetting at the access point the old encryption key to equal an encryption key being used by a station in communication with the access point;

communicating the newly generated encryption key from the access point directly to the station in an encrypted form using the old encryption key;

indicating at the access point a decryption failure for a data frame received from the station when the current encryption key fails to decrypt the data frame, and decrypting the data frame at the access point using the old encryption key; and

resetting at the access point the old encryption key to equal the current encryption key when decryption using the new encryption key is successful.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A key synchronization mechanism for wireless LANs is provided where the access point (AP) does not start using a new encryption key until the first data frame correctly encrypted with the new key is received from the station (STA). The new key is used from this point on, until the expiration of a key refresh interval.

19 Citations

View as Search Results

18 Claims

1. A key synchronization method for a wireless network comprising:
- setting a current encryption key and an old encryption key at an access point in the wireless network;
  
  generating a new encryption key at the access point;
  
  resetting at the access point the current encryption key to equal the newly generated encryption key;
  
  resetting at the access point the old encryption key to equal an encryption key being used by a station in communication with the access point;
  
  communicating the newly generated encryption key from the access point directly to the station in an encrypted form using the old encryption key;
  
  indicating at the access point a decryption failure for a data frame received from the station when the current encryption key fails to decrypt the data frame, and decrypting the data frame at the access point using the old encryption key; and
  
  resetting at the access point the old encryption key to equal the current encryption key when decryption using the new encryption key is successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, further comprising:
    - incrementing an out-of-sync counter in the access point when said decryption failure occurs due to the encryption key used by the station not matching the current encryption key; and
      
      decrypting received data frames associated with said out-of-sync counter at the access point using the old encryption key.
  - 3. The method according to claim 2, wherein said out-of-sync counter comprises a predetermined threshold that if exceeded causes communication to terminate between the access point and a source of the data frames causing the threshold of said out-of-sync counter to be exceeded.
  - 4. The method according to claim 1, further comprising:
    - decrypting, using the new encryption key, the received data frame from the station when the access point determines the station sending the received data frame is using the new encryption key, the access point starting to use the new encryption key when a first data frame correctly encrypted with the new encryption key is received from the station; and
      
      re-setting an out-of-sync counter to zero upon successful decryption.
  - 5. The method according to claim 1, further comprising setting the old encryption key equal to a null value, said null value representing a no encryption mode.
  - 6. The method according to claim 1, further comprising setting the current encryption key and the old encryption key to a null value, said null value representing a no encryption mode.
  - 7. The method according to claim 1, wherein said setting is performed by the access point for each station in the wireless network.
  - 8. The method according to claim 1, wherein the new encryption key is generated at the access point upon expiration of a key refresh interval.

9. A key synchronization system for a wireless network comprising:
- at least one station in the wireless network; and
  
  at least one access point in the wireless network configured for;
  
  maintaining an old encryption key and a new encryption key through a key rotation interval for each of said at least one station, using said new encryption key for decryption when a first data frame correctly encrypted with said new encryption key is received from said at least one station and using said old encryption key for decryption when said new encryption key fails to decrypt a data frame received from said at least one station, and resetting the old encryption key to equal the new encryption key when decryption with the new encryption key is successful.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The key synchronization system according to claim 9, wherein said at least one access point is further configured for maintaining an out-of-sync counter to track a number of packets where decryption using said new encryption key fails.
  - 11. The key synchronization system according to claim 9, wherein said at least one access point is configured for setting the old encryption key to a null value, said null value representing a no encryption mode.
  - 12. The key synchronization system according to claim 9, wherein said at least one access point is configured for setting the new encryption key to a null value, said null value representing a no encryption mode.
  - 13. The key synchronization system according to claim 9, wherein said at least one access point is configured for initially setting the old encryption key to a null value.

14. A key synchronization system for a wireless network comprising:
- at least one station in the wireless network; and
  
  at least one access point in the wireless network configured for;
  
  maintaining an old encryption key and a new encryption key through a key rotation interval for each of said at least one station, setting said old encryption key equal to an encryption key used by said at least one station, and setting said new encryption key as a current encryption key;
  
  said at least one access point further configured for;
  
  using said new encryption key for decryption when a first data frame correctly encrypted with said new encryption key is received from said at least one station and using said old encryption key for decryption when said new encryption key fails to decrypt a data frame received from said at least one station, and resetting the old encryption key to equal the current encryption key when decryption with the new encryption key is successful.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The key synchronization system according to claim 14, wherein said at least one access point is further configured for maintaining an out-of-sync counter to track a number of packets where decryption using said new encryption key fails.
  - 16. The key synchronization system according to claim 14, wherein said at least one access point is configured for setting the old encryption key to a null value, said null value representing a no encryption mode.
  - 17. The key synchronization system according to claim 14, wherein said at least one access point is configured for setting the new encryption key to a null value, said null value representing a no encryption mode.
  - 18. The key synchronization system according to claim 14, wherein said at least one access point is configured for initially setting the old encryption key to a null value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
Thomson Licensing (Vantiva SA)
Inventors
Zhang, Junbiao, Mathur, Saurabh
Primary Examiner(s)
McNally, Michael S

Application Number

US10/559,889
Publication Number

US 20060133614A1
Time in Patent Office

3,395 Days
Field of Search

380/270, 380/273, 380/274, 380/277, 713/153
US Class Current

380/273
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 9/0891   Revocation or update of sec...

H04L 9/12   Transmitting and receiving ...

H04W 12/041   Key generation or derivation

H04W 12/043   using a trusted network nod...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/08   Access point devices

Key synchronization mechanism for wireless LAN (WLAN)

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Key synchronization mechanism for wireless LAN (WLAN)

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links