Mixed mode security for mesh networks

US 9,232,389 B2
Filed: 06/11/2009
Issued: 01/05/2016
Est. Priority Date: 06/11/2008
Status: Active Grant

First Claim

Patent Images

1. A method for providing mixed mode security for a mesh network comprising (i) a plurality of open mesh points that are configured to send and receive unencrypted traffic, and (ii) a plurality of secure mesh points that are configured to send and receive encrypted traffic, the method comprising:

configuring a first secure mesh point in the plurality of secure mesh points to operate in a mixed mode in which the first secure mesh point is configured to (i) exchange encrypted traffic with other secure mesh points and (ii) exchange unencrypted traffic with open mesh points; and

while the first secure mesh point is operating in the mixed mode;

receiving, at the first secure mesh point, traffic from either one of the open mesh points or a second secure mesh point with which the first secure mesh point has already exchanged encrypted traffic,if the traffic is unencrypted traffic, one of(i) forwarding, with the first secure mesh point, the unencrypted traffic to an open mesh point in the plurality of open mesh points, or(ii) if the unencrypted traffic is destined for the first secure mesh point, accepting and processing the unencrypted traffic at the first secure mesh point, andif the traffic is encrypted traffic, processing the encrypted traffic.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mixed mode security is provided for a mesh network comprising a plurality of open mesh points and at least one secure mesh point that is capable of sending and receiving encrypted traffic. Aspects of the exemplary embodiment include configuring the secure mesh point to forward unencrypted traffic received from one of the plurality of open mesh points; and configuring the secure mesh point to be a source of unencrypted source traffic, and to receive unencrypted traffic that is destined for the secure mesh point to enable routes in the mesh network to terminate at the secure mesh point.

23 Citations

View as Search Results

18 Claims

1. A method for providing mixed mode security for a mesh network comprising (i) a plurality of open mesh points that are configured to send and receive unencrypted traffic, and (ii) a plurality of secure mesh points that are configured to send and receive encrypted traffic, the method comprising:
- configuring a first secure mesh point in the plurality of secure mesh points to operate in a mixed mode in which the first secure mesh point is configured to (i) exchange encrypted traffic with other secure mesh points and (ii) exchange unencrypted traffic with open mesh points; and
  
  while the first secure mesh point is operating in the mixed mode;
  
  receiving, at the first secure mesh point, traffic from either one of the open mesh points or a second secure mesh point with which the first secure mesh point has already exchanged encrypted traffic,if the traffic is unencrypted traffic, one of(i) forwarding, with the first secure mesh point, the unencrypted traffic to an open mesh point in the plurality of open mesh points, or(ii) if the unencrypted traffic is destined for the first secure mesh point, accepting and processing the unencrypted traffic at the first secure mesh point, andif the traffic is encrypted traffic, processing the encrypted traffic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising providing the first secure mesh point, when configured to operate in said mixed mode, with configurable first and second security modes, wherein:
    - when the first security mode is enabled, the first secure mesh point forwards received unencrypted traffic that is destined for open mesh points, andwhen the second security mode is enabled, the first secure mesh point originates unencrypted source traffic, and accepts and receives unencrypted traffic that is destined for the first secure mesh point.
  - 3. The method of claim 2, wherein when the first security mode is enabled, the first secure mesh point is configured to set up routes between the first secure mesh point and the plurality of open mesh points.
  - 4. The method of claim 2, wherein the encrypted traffic and the unencrypted traffic are transmitted through the mesh network, the method further comprising:
    - using at least one reserved bit in a management frame to indicate secure route discovery or open route discovery.
  - 5. The method of claim 2, wherein when route discovery is originated by a first open mesh point for a second open mesh point:
    - the first open mesh point generates a route request message indicating open route discovery;
      
      the route request message is forwarded by intermediate open mesh points; and
      
      the first secure mesh point is configured to forward the route request message while the first secure mesh point is operating in the mixed mode.
  - 6. The method of claim 2, wherein when route discovery is originated by a first open mesh point for the first secure mesh point, the first open mesh point generates a route request message indicating open route discovery, and the route request message is forwarded by intermediate open mesh points and any other secure mesh points that are configured to operate in the mixed mode to forward the unencrypted traffic destined for the first secure mesh point, and the route request message is accepted and responded to by the first secure mesh point, while the first secure mesh point is operating in the mixed mode and if the first secure mesh point has the second security mode enabled.
  - 7. The method of claim 2, wherein when route discovery is originated by the first secure mesh point for a third secure mesh point, the first secure mesh point originating the route discovery generates a route request message indicating secure route discovery such that intermediate secure mesh points only send a secure route response message if any secure route exists, andwherein intermediate open mesh points ignore and discard the route request message.
  - 8. The method of claim 2, wherein when the first secure mesh point has the second security mode enabled and route discovery is originated by the first secure mesh point for one of the open mesh points, the first secure mesh point, generates a route request message indicating open route discovery, and the route request message is forwarded by intermediate open mesh points and any secure mesh points which are configured to forward the unencrypted source traffic.
  - 9. The method of claim 2, wherein, while the first secure mesh point is operating in the mixed mode:
    - when the first secure mesh point starts a first route discovery for a final destination, but is unaware of a security mode of the final destination, the first secure mesh point generates a first route request message indicating secure route discovery, andif the first route discovery fails and the first secure mesh point has the second security mode enabled, the first secure mesh point initiates a second route discovery using a second route request message indicating open route discovery.
  - 10. The method of claim 1, wherein the first secure mesh point is configured to maintain security capability information of the open mesh points that are not 1-hop neighbors by listening to traffic originated by open mesh points during forwarding.

11. A wireless device for use in a mesh network, the mesh network including (i) a plurality of open mesh points that are configured to send and receive unencrypted traffic, and (ii) a plurality of secure mesh points that are configured to send and receive encrypted traffic, the wireless device comprising:
- a processor configured toconfigure the wireless device to operate in a mixed mode in which the wireless device is configured to (i) exchange encrypted traffic with secure mesh points and (ii) exchange unencrypted traffic with open mesh points; and
  
  while the wireless device is operating in the mixed mode;
  
  determine whether traffic received at the wireless device from either 9i) one of the open mesh points or (ii) a secure mesh point with which the wireless device has already exchanged encrypted traffic is unencrypted traffic or encrypted traffic,if the traffic is unencrypted traffic, one of(i) cause the wireless device to forward the unencrypted traffic to an open mesh point in the plurality of open mesh points, or(ii) if the unencrypted traffic is destined for the wireless device, cause the wireless device to accept and process the unencrypted traffic, andif the traffic is encrypted traffic, cause the wireless device to process the encrypted traffic.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The wireless device of claim 11, wherein the processor, when the wireless device is operating in the mixed mode, is configured to operate (i) in a first security mode, when enabled, and (ii) in a second security mode, when enabled, wherein:
    - when the first security mode is enabled, the wireless device forwards the unencrypted traffic, andwhen the second security mode is enabled, the wireless device originates unencrypted source traffic and receives unencrypted traffic that is destined for the wireless device.
  - 13. The wireless device of claim 12, wherein when the wireless device is operating in the mixed mode and when the first security mode is enabled, the wireless device is configured to set up routes between the wireless device and the plurality of open mesh points.
  - 14. The wireless device of claim 12, wherein when route discovery is originated by a first open mesh point for a second open mesh point, the first open mesh point generates a route request message indicating open route discovery, and the route request message is forwarded by intermediate open mesh points and the wireless device while the wireless device is operating in the mixed mode.
  - 15. The wireless device of claim 12, wherein when route discovery is originated by a first open mesh point for the wireless device, the first open mesh point generates a route request message indicating open route discovery, and the route request message is forwarded by intermediate open mesh points and any other secure mesh points that are configured in the mixed mode to forward the unencrypted traffic destined for the wireless device, and the route request message is accepted and responded to by the wireless device while the wireless device is operating in the mixed mode and if the wireless device has the second security mode enabled.
  - 16. The wireless device of claim 12, wherein when route discovery is originated by a first secure mesh point for a second secure mesh point, the first secure mesh point originating the route discovery generates a route request message indicating secure route discovery, such that intermediate secure mesh points only send a secure route response message if any secure route exists, and wherein intermediate open mesh points ignore and discard the route request message.
  - 17. The wireless device of claim 12, wherein when route discovery is originated by the wireless device, while the wireless device is operating in the mixed mode, for one of the open mesh points, the wireless device generates a route request message indicating open route discovery, and the route request message is forwarded by intermediate open mesh points and any secure mesh points which are configured in the mixed mode to forward the unencrypted source traffic.
  - 18. The wireless device of claim 12, wherein, while the wireless device is operating in the mixed mode and when the wireless device starts a first route discovery for a final destination, but is unaware of a security mode of the final destination, the wireless device generates a first route request message indicating secure route discovery, wherein if the first route discovery fails and the wireless device has the second security mode enabled, the wireless device initiates a second route discovery using a second route request message indicating open route discovery.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP USA, Inc. (NXP Semiconductors NV)
Original Assignee
Marvell World Trade Limited (Marvell Technology Group Limited)
Inventors
Shukla, Ashish Kumar, Goel, Sandesh, Bhagwat, Rajesh Shreeram
Primary Examiner(s)
Choudhury, Azizul
Assistant Examiner(s)
NAJEE-ULLAH, TARIQ S

Application Number

US12/482,817
Publication Number

US 20090313464A1
Time in Patent Office

2,399 Days
Field of Search

713/151
US Class Current

1/1
CPC Class Codes

H04W 12/033 of the user plane, e.g. use...

H04W 84/18 Self-organising networks, e...

Mixed mode security for mesh networks

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Mixed mode security for mesh networks

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links