Wireless access point security for multi-hop networks

US 9,510,190 B2
Filed: 02/13/2013
Issued: 11/29/2016
Est. Priority Date: 07/06/2006
Status: Active Grant

First Claim

Patent Images

1. An access point for use in a multiple hop access point set comprising:

at least one wireless communication interface; and

a processor associated with the at least one wireless communication interface and adapted to;

obtain resource information for communications to be supported by a child access point in the access point set, wherein the child access point provides a communication link between the access point and a mobile station;

encrypt the resource information using a first key to create encrypted resource information, wherein the first key is known to the mobile station and unknown to the child access point and provides end-to-end security between the access point and the mobile station;

further encrypting the encrypted resource information using a second key to create further encrypted resource information, wherein the second key is known to the child access point and provides per-hop security between the child access point and the mobile station; and

initiate delivery of the further encrypted resource information to the child access point via the at least one wireless communication interface, wherein the further encrypted resource information is delivered over a single wireless communications hop to the child access point.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security in wireless communication networks that employ relay stations to facilitate communications between base stations and mobile stations is enhanced. In one embodiment, resource information provided to one or more relay stations from a base station or another relay station is encrypted prior to being delivered to the one or more relay stations. Only authorized relay stations are allocated an appropriate key necessary to decrypt the resource information. As such, only appropriate relay stations are able to access and use the resource information to effect communications directly or indirectly between the base stations and the mobile stations. In certain embodiments, the resource information is delivered between the various base and relay stations using either unicast or multicast delivery techniques.

14 Citations

View as Search Results

33 Claims

1. An access point for use in a multiple hop access point set comprising:
- at least one wireless communication interface; and
  
  a processor associated with the at least one wireless communication interface and adapted to;
  
  obtain resource information for communications to be supported by a child access point in the access point set, wherein the child access point provides a communication link between the access point and a mobile station;
  
  encrypt the resource information using a first key to create encrypted resource information, wherein the first key is known to the mobile station and unknown to the child access point and provides end-to-end security between the access point and the mobile station;
  
  further encrypting the encrypted resource information using a second key to create further encrypted resource information, wherein the second key is known to the child access point and provides per-hop security between the child access point and the mobile station; and
  
  initiate delivery of the further encrypted resource information to the child access point via the at least one wireless communication interface, wherein the further encrypted resource information is delivered over a single wireless communications hop to the child access point.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The access point of claim 1 wherein the access point is a relay station that is at least one wireless communications hop away from a base station, and the child access point is another relay station.
  - 3. The access point of claim 1 wherein the access point is a base station and the child access point is a relay station that is at least one wireless communications hop away from the base station.
  - 4. The access point of claim 1 wherein the further encrypted resource information is delivered over a plurality of wireless communications hops via at least one relay station to the child access point.
  - 5. The access point of claim 1 wherein to initiate delivery of the further encrypted resource information, the processor is adapted to unicast the further encrypted resource information to the child access point.
  - 6. The access point of claim 5 wherein the processor is further adapted to unicast different encrypted resource information to different child access points.
  - 7. The access point of claim 6 wherein each of the different encrypted resource information for the different child access points is encrypted with a different key.
  - 8. The access point of claim 1 wherein the resource information is used for communications to be supported by a plurality of child access points in the access point set, and to initiate delivery of the further encrypted resource information, the processor is adapted to multicast the encrypted resource information to the plurality of child access points.
  - 9. The access point of claim 1 wherein the resource information comprises resource allocations for each of the plurality of child access points that are maintained in a resource allocation map, and to encrypt the resource information, the processor is further adapted to encrypt the resource allocation map using the first key.
  - 10. The access point of claim 9 wherein the resource allocation map provides resource allocations for access points, and is different from a mobile station resource allocation map providing resource allocations for direct use by the mobile station.
  - 11. The access point of claim 8 wherein the access point and at least the plurality of child access points form a multicast group and the processor is further adapted to:
    - gain entry into a network comprising the access point set; and
      
      join the multicast group.
  - 12. The access point of claim 1 wherein the resource information comprises resource allocations to use for the communications to be supported by the child access point.
  - 13. The access point of claim 1 wherein the resource information comprises a mapping of physical layer resources to logical communication channels.
  - 14. The access point of claim 13 wherein the resource information comprises a mapping of physical layer carriers or sub-carriers to logical communication channels or sub-channels.
  - 15. The access point of claim 1 wherein the resource information comprises modulation information to use for the communications to be supported by the child access point.
  - 16. The access point of claim 1 wherein information comprising the resource information is obtained over at least one wireless communication hop from a parent access point.
  - 17. The access point of claim 16 wherein the processor is further adapted to decrypt the information to recover the resource information.
  - 18. The access point of claim 1 wherein to obtain the resource information, the processor is further adapted to internally generate the resource information.
  - 19. The access point of claim 1 wherein the processor is further adapted to effect delivery of encrypted traffic content intended for the mobile station to the child access point, wherein the encrypted traffic content is encrypted using a traffic encryption key that is different from the first key.
  - 20. The access point of claim 19 wherein the processor is further adapted to further encrypt the encrypted traffic content with the first key.

21. An access point for use in a multiple hop access point set comprising:
- at least one wireless communication interface; and
  
  a processor associated with the at least one wireless communication interface and adapted to;
  
  receive from a parent access point encrypted resource information for communications, wherein the encrypted resource information is received over a single wireless communications hop from the parent access point, the parent access point residing in the access point set, wherein the encrypted resource is encrypted by a first key known to the access point providing per-hop security between the access point and the mobile station and further encrypted by a second key known to a mobile station and unknown to the access point provides end-to-end security between the parent access point and the mobile station;
  
  decrypt a portion of the encrypted resource information using a first key to obtain a portion of resource information;
  
  apply the portion of the resource information for communications with at least one of the parent access point, a child access point, and the mobile station via the at least one wireless communication interface.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The access point of claim 21 wherein the access point is a relay station that is at least one wireless communications hop away from a base station.
  - 23. The access point of claim 21 wherein the encrypted resource information is received via a plurality of wireless communications hops from the parent access point.
  - 24. The access point of claim 21 wherein the encrypted resource information is received via unicast delivery from the parent access point.
  - 25. The access point of claim 21 wherein the encrypted resource information is received via multicast delivery.
  - 26. The access point of claim 25 wherein the portion of the resource information comprises resource allocations for each of a plurality of access points that are maintained in a resource allocation map, and to decrypt the portion of the resource information, the processor is further adapted to decrypt the resource allocation map using the first key.
  - 27. The access point of claim 26 wherein the resource allocation map provides resource allocations for access points, and is different from a mobile station resource allocation map providing resource allocations for direct use by a mobile station.
  - 28. The access point of claim 21 wherein the portion of the resource information comprises resource allocations to use for the communications.
  - 29. The access point of claim 21 wherein the portion of the resource information comprises a mapping of physical layer resources to logical communication channels.
  - 30. The access point of claim 29 wherein the portion of the resource information comprises a mapping of physical layer carriers or sub-carriers to logical communication channels or sub-channels.
  - 31. The access point of claim 21 wherein the portion of the resource information comprises modulation information to use for the communications.

32. A method for use in a multiple hop access point set comprising:
- obtaining resource information for communications to be supported by a child access point in the access point set, wherein the child access point provides a communication link between the access point and a mobile station;
  
  encrypting the resource information using a first key to create encrypted resource information, wherein the first key is known to the mobile station and unknown to the child access point and provides end-to-end security between the access point and the mobile station;
  
  furthering encrypting the encrypted resource information using a second key to create further encrypted resource information, wherein the second key is known to the child access point and provides per-hop security between the child access point and the mobile station; and
  
  initiating delivery of the further encrypted resource information to the child access point via at least one wireless communication interface, wherein the further encrypted resource information is delivered over a single wireless communications hop to the child access point.

33. A method for use in a multiple hop access point set comprising:
- receiving from a parent access point encrypted resource information for communications, wherein the encrypted resource information is received over a single wireless communications hop from the parent access point, the parent access point residing in the access point set, wherein the encrypted resource is encrypted by a first key known to the access point providing per-hop security between the access point and the mobile station and further encrypted by a second key known to a mobile station and unknown to the access point provides end-to-end security between the parent access point and the mobile station;
  
  decrypting a portion of the encrypted resource information using a first key to obtain a portion of resource information;
  
  applying the portion of the resource information for communications with at least one of the parent access point, a child access point, and the mobile station via the at least one wireless communication interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Zhang, Hang, Zhu, Peiying, Fong, Mo-Han, Tong, Wen, Senarath, Gamini, Yu, Derek, Steer, David
Primary Examiner(s)
LANIER, BENJAMIN E

Application Number

US13/766,519
Publication Number

US 20130246784A1
Time in Patent Office

1,385 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04B 7/155   Ground-based stations H04B7...

H04L 63/0428   wherein the data content is...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0478   applying multiple layers of...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 12/122   Counter-measures against at...

H04W 28/16   Central resource management...

H04W 84/18   Self-organising networks, e...

H04W 88/04   adapted for relaying to or ...

H04W 88/08   Access point devices

Wireless access point security for multi-hop networks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Wireless access point security for multi-hop networks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others