Using a mobile device to enable another device to connect to a wireless network

US 9,031,050 B2
Filed: 10/23/2012
Issued: 05/12/2015
Est. Priority Date: 04/17/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

at a first device, while the first device is connected to a wireless local area network (WLAN) and a second device is unconnected to the WLAN, establishing a secure channel to the second device using an extensible authentication protocol (EAP) exchange;

sending, to the second device via the secure channel, at least one credential associated with the WLAN to enable the second device to connect to the WLAN;

receiving, at the first device, at least one application layer credential supplied by a user via user input; and

sending, to the second device via the secure channel, the at least one application layer credential supplied by the user to enable the second device to access a network external to the WLAN.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes, at a first device while the first device is connected to a wireless local area network (WLAN) and a second device is unconnected to the WLAN, establishing a secure channel to the second device using an EAP exchange. The method also includes sending at least one credential associated with the WLAN to the second device via the secure channel to enable the second device to connect to the WLAN.

59 Citations

View as Search Results

38 Claims

1. A method comprising:
- at a first device, while the first device is connected to a wireless local area network (WLAN) and a second device is unconnected to the WLAN, establishing a secure channel to the second device using an extensible authentication protocol (EAP) exchange;
  
  sending, to the second device via the secure channel, at least one credential associated with the WLAN to enable the second device to connect to the WLAN;
  
  receiving, at the first device, at least one application layer credential supplied by a user via user input; and
  
  sending, to the second device via the secure channel, the at least one application layer credential supplied by the user to enable the second device to access a network external to the WLAN.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the first device comprises a mobile telephone, a portable computing device, a tablet computing device, a personal digital assistant (PDA), a portable media player, or any combination thereof.
  - 3. The method of claim 1, wherein the second device comprises a smart energy profile (SEP)-compatible device.
  - 4. The method of claim 1, wherein the second device comprises a headless device that includes at least one network interface but does not include an input device or an output device.
  - 5. The method of claim 1, wherein the at least one credential comprises a service set identifier (SSID), a passphrase, a security key, or any combination thereof.
  - 6. The method of claim 1, further comprising:
    - receiving input at the first device indicating a security credential associated with the second device; and
      
      sending the security credential from the first device to the second device during the EAP exchange.
  - 7. The method of claim 1, wherein the second device comprises a headless device and the application layer credential enables operations at the headless device that are layer-7 or lower.
  - 8. The method of claim 1, wherein the first device comprises an autonomous Wi-Fi Direct group owner with respect to the second device.
  - 9. The method of claim 8, further comprising maintaining compatibility with legacy Wi-Fi direct clients by refraining from issuing a notice of absence while communicating with the second device.
  - 10. The method of claim 1, further comprising, at the first device, discovering the second device via a Wi-Fi Protected Setup (WPS) discovery operation.
  - 11. The method of claim 1, further comprising:
    - performing a four-way handshake operation after the EAP exchange; and
      
      performing a Wi-Fi Protected Setup (WPS) authentication and configuration operation using a null personal identification number (PIN).
  - 12. The method of claim 1, wherein the EAP exchange comprises an EAP using only a password (EAP-pwd) exchange, and further comprising:
    - determining a personal identification number (PIN) based on a portion of a master session key (MSK) associated with the EAP exchange; and
      
      performing a Wi-Fi Protected Setup (WPS) authentication and configuration operation using the PIN.
  - 13. The method of claim 12, wherein the portion of the MSK comprises ten least significant bytes of the MSK.
  - 14. The method of claim 1, wherein the EAP exchange comprises an EAP with encrypted key exchange (EAP-eke).
  - 15. The method of claim 1, wherein the EAP exchange is triggered by a Wi-Fi Protected Setup (WPS) failure.
  - 16. The method of claim 1, further comprising, at the first device, broadcasting a service set identification (SSID) associated with the second device, a device identifier associated with the second device, or a combination thereof to discover the second device.
  - 17. The method of claim 1, wherein the at least one application layer credential corresponds to login information associated with a user account at a website.

18. A method comprising:
- receiving, at a first device, while the first device is unconnected to a wireless local area network (WLAN) and a second device is connected to the WLAN, a security credential;
  
  determining, at the first device during an extensible authentication protocol (EAP) exchange while the first device is unconnected to the WLAN and the second device is connected to the WLAN, whether the security credential matches a stored security credential stored in the first device;
  
  at the first device, while the first device is unconnected to the WLAN and the second device is connected to the WLAN, establishing a secure channel to the second device using the EAP exchange;
  
  receiving, at the first device from the second device via the secure channel, at least one credential associated with the WLAN;
  
  establishing, at the first device, a connection to the WLAN using the at least one credential;
  
  receiving, at the first device from the second device, at least one application layer credential, wherein the at least one application layer credential enables the first device to access a network external to the WLAN; and
  
  replacing the stored security credential with at least a portion of the at least one application layer credential.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18, further comprising terminating the EAP exchange when the received security credential does not match the stored security credential.
  - 20. The method of claim 18, wherein the stored security credential is a layer-2 credential and the at least one application layer credential is a layer-7 credential.
  - 21. The method of claim 18, further comprising accessing, via the WLAN, the network external to the WLAN using the at least one application layer credential.

22. A method comprising:
- at a first device, sending a first message to a second device during a Wi-Fi Protected Setup (WPS) discovery operation; and
  
  at the first device, sending a second message to the second device during a WPS authentication and configuration operation that follows the WPS discovery operation,wherein the second message includes data associated with an extensible authentication protocol (EAP) using a password (EAP-pwd) exchange, andwherein the data includes at least one link layer credential to enable the second device to access a wireless local area network (WLAN) and at least one application layer credential supplied by a user via user input to enable the second device to access a network external to the WLAN.

23. A method comprising:
- at a first device, while the first device is connected to a wireless local area network (WLAN) and a second device is unconnected to the WLAN, establishing a secure channel to the second device using a Wi-Fi Protected Access 2 Pre-shared Key (WPA2-PSK) exchange;
  
  receiving, at the first device, at least one application layer credential supplied by a user via user input;
  
  sending, to the second device via the secure channel, at least one credential associated with the WLAN to enable the second device to connect to the WLAN; and
  
  sending, to the second device via the secure channel, the at least one application layer credential supplied by the user to enable the second device to access a network external to the WLAN.
- View Dependent Claims (24, 25, 26)
- - 24. The method of claim 23, further comprising:
    - determining a personal identification number (PIN) based on a portion of a pairwise master key (PMK) associated with the WPA2-PSK exchange; and
      
      performing a Wi-Fi Protected Setup (WPS) authentication and configuration operation using the PIN.
  - 25. The method of claim 24, wherein the portion of the PMK comprises ten least significant bytes of the PMK.
  - 26. The method of claim 23, further comprising discovering the second device via a Wi-Fi Direct discovery operation.

27. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor, the memory storing instructions executable by the processor to;
  
  establish, while the apparatus is connected to a wireless local area network (WLAN) and a second apparatus is unconnected to the WLAN, a secure channel to the second apparatus using an extensible authentication protocol (EAP) exchange;
  
  direct a transmitter to send, to the second apparatus via the secure channel, at least one credential associated with the WLAN to enable the second apparatus to connect to the WLAN; and
  
  direct the transmitter to send, to the second apparatus via the secure channel, at least one application layer credential supplied by a user via user input to enable the second apparatus to access a network external to the WLAN.

28. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor, the memory storing instructions executable by the processor to;
  
  determine, during an extensible authentication protocol (EAP) exchange while the apparatus is unconnected to a wireless local area network (WLAN) and a second apparatus is connected to the WLAN, whether a security credential received from the second apparatus matches a stored security credential stored in the apparatus;
  
  establish, while the apparatus is unconnected to the WLAN and the second apparatus is connected to the WLAN, a secure channel to the second apparatus using the EAP exchange;
  
  receive, from the second apparatus via the secure channel, at least one credential associated with the WLAN;
  
  establish a connection to the WLAN using the at least one credential;
  
  receive, from the second apparatus, at least one application layer credential, wherein the at least one application layer credential enables the apparatus to access a network external to the WLAN; and
  
  replace the stored security credential with at least a portion of the at least one application layer credential.

29. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor, the memory storing instructions executable by the processor to;
  
  direct a transmitter to send a first message to a second apparatus during a Wi-Fi Protected Setup (WPS) discovery operation; and
  
  direct the transmitter to send a second message to the second apparatus during a WPS authentication and configuration operation that follows the WPS discovery operation,wherein the second message includes data associated with an extensible authentication protocol (EAP) using a password (EAP-pwd) exchange, andwherein the data includes at least one link layer credential to enable the second apparatus to access a wireless local area network (WLAN) and at least one application layer credential supplied by a user via user input to enable the second apparatus to access a network external to the WLAN.

30. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor, the memory storing instructions executable by the processor to;
  
  establish, while the apparatus is connected to a wireless local area network (WLAN) and a second apparatus is unconnected to the WLAN, a secure channel to the second apparatus using a Wi-Fi Protected Access 2 Pre-shared Key (WPA2-PSK) exchange;
  
  direct a transmitter to send, to the second apparatus via the secure channel, at least one credential associated with the WLAN to enable the second apparatus to connect to the WLAN; and
  
  direct the transmitter to send, to the second apparatus via the secure channel, at least one application layer credential supplied by a user via user input to enable the second apparatus to access a network external to the WLAN.

31. An apparatus comprising:
- means for establishing, while the apparatus is connected to a wireless local area network (WLAN) and a second apparatus is unconnected to the WLAN, a secure channel to the second apparatus using an extensible authentication protocol (EAP) exchange; and
  
  means for sending, to the second apparatus via the secure channel, at least one credential associated with the WLAN to enable the second apparatus to connect to the WLAN, wherein the means for sending is configured to send, to the second apparatus via the secure channel, at least one application layer credential supplied by a user via user input to enable the second apparatus to access a network external to the WLAN.

32. An apparatus comprising:
- means for determining, during an extensible authentication protocol (EAP) exchange while the apparatus is unconnected to a wireless local area network (WLAN) and a second apparatus is connected to the WLAN, whether a security credential received from the second apparatus matches a stored security credential stored in the apparatus;
  
  means for establishing, while the apparatus is unconnected to the WLAN and the second apparatus is connected to the WLAN, a secure channel to the second apparatus using the extensible authentication protocol (EAP) exchange;
  
  means for receiving, from the second apparatus via the secure channel, at least one credential associated with the WLAN, wherein the means for establishing establishes a connection to the WLAN using the at least one credential, and wherein the means for receiving is configured to receive, from the second apparatus, at least one application layer credential, wherein the at least one application layer credential enables the apparatus to access a network external to the WLAN; and
  
  means for replacing the stored security credential with at least a portion of the at least one application layer credential.

33. An apparatus comprising:
- means for generating a first message and a second message; and
  
  means for sending, wherein the means for sending is configured to;
  
  send the first message to a second apparatus during a Wi-Fi Protected Setup (WPS) discovery operation; and
  
  send the second message to the second apparatus during a WPS authentication and configuration operation that follows the WPS discovery operation,wherein the second message includes data associated with an extensible authentication protocol (EAP) using a password (EAP-pwd) exchange, andwherein the data includes at least one link layer credential to enable the second apparatus to access a wireless local area network (WLAN) and at least one application layer credential supplied by a user via user input to enable the second apparatus to access a network external to the WLAN.

34. An apparatus comprising:
- means for establishing, while the apparatus is connected to a wireless local area network (WLAN) and a second apparatus is unconnected to the WLAN, a secure channel to the second apparatus using a Wi-Fi Protected Access 2 Pre-shared Key (WPA2-PSK) exchange; and
  
  means for sending, to the second apparatus via the secure channel, at least one credential associated with the WLAN to enable the second apparatus to connect to the WLAN, wherein the means for sending is configured to send, to the second apparatus via the secure channel, at least one application layer credential supplied by a user via user input to enable the second apparatus to access a network external to the WLAN.

35. A non-transitory computer-readable medium comprising instructions that when executed cause an apparatus to:
- establish, while the apparatus is connected to a wireless local area network (WLAN) and a second apparatus is unconnected to the WLAN, a secure channel to the second apparatus using an extensible authentication protocol (EAP) exchange;
  
  send, to the second apparatus via the secure channel, at least one credential associated with the WLAN to enable the second apparatus to connect to the WLAN; and
  
  send, to the second apparatus via the secure channel, at least one application layer credential supplied by a user via user input to enable the second apparatus to access a network external to the WLAN.

36. A non-transitory computer-readable medium comprising instructions that when executed cause an apparatus to:
- determine, during an extensible authentication protocol (EAP) exchange while the apparatus is unconnected to a wireless local area network (WLAN) and a second apparatus is connected to the WLAN, whether a security credential received from the second apparatus matches a stored security credential stored in the apparatus;
  
  establish, while the apparatus is unconnected to the WLAN and the second apparatus is connected to the WLAN, a secure channel to the second apparatus using the EAP exchange;
  
  receive, from the second apparatus via the secure channel, at least one credential associated with the WLAN;
  
  establish a connection to the WLAN using the at least one credential;
  
  receive, from the second apparatus, at least one application layer credential, wherein the at least one application layer credential enables the apparatus to access a network external to the WLAN; and
  
  replace the stored security credential with at least a portion of the at least one application layer credential.

37. A non-transitory computer-readable medium comprising instructions that when executed cause an apparatus to:
- send a first message to a second apparatus during a Wi-Fi Protected Setup (WPS) discovery operation; and
  
  send a second message to the second apparatus during a WPS authentication and configuration operation that follows the WPS discovery operation,wherein the second message includes data associated with an extensible authentication protocol (EAP) using a password (EAP-pwd) exchange, andwherein the data includes at least one link layer credential to enable the second apparatus to access a wireless local area network (WLAN) and at least one application layer credential supplied by a user via a user input to enable the second apparatus to access a network external to the WLAN.

38. A non-transitory computer-readable medium comprising instructions that when executed cause an apparatus to:
- establish, while the apparatus is connected to a wireless local area network (WLAN) and a second apparatus is unconnected to the WLAN, a secure channel to the second apparatus using a Wi-Fi Protected Access 2 Pre-shared Key (WPA2-PSK) exchange;
  
  send, to the second apparatus via the secure channel, at least one credential associated with the WLAN to enable the second apparatus to connect to the WLAN; and
  
  send, to the second apparatus via the secure channel, at least one application layer credential supplied by a user via user input to enable the second apparatus to access a network external to the WLAN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Cherian, George, Malinen, Jouni, Abraham, Santosh Paul, Tinnakornsrisuphap, Peerapol, Kapoor, Samir, De Vegt, Rolf
Primary Examiner(s)
Duong, Frank

Application Number

US13/658,268
Publication Number

US 20130286889A1
Time in Patent Office

931 Days
Field of Search

370252-254, 370328-339, 713168-171, 726 2- 5, 726 16- 19
US Class Current

370/338
CPC Class Codes

H04L 63/18   using different networks or...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/43   using shared identity modul...

H04W 12/50   Secure pairing of devices

H04W 76/14   Direct-mode setup

H04W 84/12   WLAN [Wireless Local Area N...

Using a mobile device to enable another device to connect to a wireless network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Using a mobile device to enable another device to connect to a wireless network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links