Method and apparatus for joining wireless service groups

US 9,846,741 B2
Filed: 11/20/2015
Issued: 12/19/2017
Est. Priority Date: 11/21/2014
Status: Active Grant

First Claim

Patent Images

1. A wireless device comprising:

a processor;

a memory coupled to the processor;

a Wi-Fi transceiver coupled to the processor;

a security mechanism configured to;

receive security requirements of a service group from an authorized member of the service group, wherein the security requirements regulate multicast transmissions within the service group;

join the service group by establishing pairwise authentication with the authorized member; and

initialize multicast protection based at least in part on the security requirements, wherein to initialize the multicast protection, the security mechanism is configured to determine, from the security requirements, that service group members are allowed to transmit unprotected multicast transmissions, are allowed to protect multicast transmissions using a group shared key, or are required to protect multicast transmissions using a source-generated key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments provide a system that provides wireless service groups. During operation, a wireless device'"'"'s advertising mechanism advertises a service group over Wi-Fi, wherein the service group comprises at least the wireless device and wherein the service group'"'"'s security requirements regulate multicast protection within the service group. In response to receiving a request from a second device to be admitted into the service group, the wireless device'"'"'s security mechanism admits the second device into the service group and sends the service group'"'"'s security requirements to the second device, thereby enabling the second device to initialize multicast protection in accordance with the service group'"'"'s security requirements.

19 Citations

20 Claims

1. A wireless device comprising:
- a processor;
  
  a memory coupled to the processor;
  
  a Wi-Fi transceiver coupled to the processor;
  
  a security mechanism configured to;
  
  receive security requirements of a service group from an authorized member of the service group, wherein the security requirements regulate multicast transmissions within the service group;
  
  join the service group by establishing pairwise authentication with the authorized member; and
  
  initialize multicast protection based at least in part on the security requirements, wherein to initialize the multicast protection, the security mechanism is configured to determine, from the security requirements, that service group members are allowed to transmit unprotected multicast transmissions, are allowed to protect multicast transmissions using a group shared key, or are required to protect multicast transmissions using a source-generated key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The device of claim 1, wherein to initialize the multicast protection, the security mechanism is further configured to use an identification (ID) of the service group to send and receive multicast transmissions within the service group in response to the service group members being allowed to transmit unprotected multicast transmissions.
  - 3. The device of claim 1, wherein to initialize the multicast protection, the security mechanism is further configured to obtain the group shared key from the authorized member, wherein the group shared key enables the device to securely send and receive multicast transmissions within the service group, in response to the service group members being allowed to protect multicast transmissions using the group shared key.
  - 4. The device of claim 1, wherein to initialize the multicast protection, the security mechanism is further configured to:
    - generate a first source-generated key in response to the service group members being required to protect multicast transmissions using the source-generated key; and
      
      for each recipient device within the service group that the device intends to send multicast transmissions to, send the first source-generated key to the recipient device, thereby enabling the recipient device to securely receive multicast transmissions from the device.
  - 5. The device of claim 4, wherein to send the first source-generated key to the recipient device, the security mechanism is configured to:
    - in response to the service group providing group shared authentication information, obtain the group shared authentication information from the authorized member; and
      
      use the group shared authentication information to securely transmit the first source-generated key to the recipient device.
  - 6. The device of claim 1, wherein the security mechanism is further configured to:
    - detect that a second device, which is a member of the service group, uses a second source-generated key to protect multicast transmissions from the second device;
      
      obtain the second source-generated key from the second device; and
      
      use the second source-generated key to securely receive a multicast transmission from the second device.
  - 7. The device of claim 3, wherein the security mechanism is further configured to:
    - determine, from the security requirements, that the service group comprises a persistent service group;
      
      in response to the determination that the service group comprises the persistent service group, persist the group shared key; and
      
      after the service group terminates, restart the service group by advertising an identification (ID) of the service group via an advertising mechanism of the device and reuse of the group shared key to securely send and receive multicast transmissions within the service group.
  - 8. The device of claim 4, wherein the security mechanism is further configured to:
    - determine, from the security requirements, that the service group comprises a persistent service group; and
      
      in response to the determination that the service group comprises the persistent service group, allow the recipient device to persist the first source-generated key, thereby enabling the recipient device to reuse the first source-generated key to security receive multicast transmissions from the first device after the service group is restarted.
  - 9. The device of claim 1, wherein the security mechanism is further configured to:
    - determine, from the security requirements, that the service group comprises a persistent service group;
      
      in response to the determination that the service group comprises the persistent service group and to the service group providing group shared authentication information, persist the group shared authentication information; and
      
      after the service group terminates, restarting the service group by advertising an identification of the service group via an advertising mechanism of the device and reuse the group shared authentication information to facilitate pairwise authentications between members of the restarted service group.

10. A computer-implemented method for joining a service group, the method comprising:
- receiving, at a first device, security requirements of the service group from an authorized member of the service group, wherein the security requirements regulate multicast transmissions within the service group;
  
  joining the service group by establishing pairwise authentication with the authorized member; and
  
  initializing multicast protection based at least in part on the security requirements, wherein the initializing comprises determining, from the security requirements, that service group members are allowed to transmit unprotected multicast transmissions, are allowed to protect multicast transmissions using a group shared key, or are required to protect multicast transmissions using a source-generated key.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer-implemented method of claim 10, wherein the initializing multicast protection further comprises:
    - using an identification (ID) of the service group to send and receive multicast transmissions within the service group in response to the service group members being allowed to transmit unprotected multicast transmissions.
  - 12. The computer-implemented method of claim 10, wherein the initializing multicast protection further comprises:
    - obtaining the group shared key from the authorized member, wherein the group shared key enables, the first device to securely send and receive multicast transmissions within the service group, in response to the service group members being allowed to protect multicast transmissions using the group shared key.
  - 13. The computer-implemented method of claim 10, wherein the initializing multicast protection further comprises:
    - generating a first source-generated key in response to the service group members being required to protect multicast transmissions using the source-generated key; and
      
      for each recipient device within the service group that the first device intends to send multicast transmissions to, sending the first source-generated key to the recipient device, thereby enabling the recipient device to securely receive multicast transmissions from the first device.
  - 14. The computer-implemented method of claim 13, wherein the sending the first source-generated key to the recipient device comprises:
    - in response to the service group providing group shared authentication information, obtaining the group shared authentication information from the authorized member; and
      
      using the group shared authentication information to securely transmit the first source-generated key to the recipient device.
  - 15. The computer-implemented method of claim 10, further comprising:
    - detecting that a second device, which is a member of the service group, uses a second source-generated key to protect multicast transmissions from the second device;
      
      obtaining the second source-generated key from the second device; and
      
      using the second source-generated key to securely receive a multicast transmission from the second device.
  - 16. The computer-implemented method of claim 12, further comprising:
    - determining, from the security requirements, that the service group comprises a persistent service group;
      
      in response to the determination that the service group comprises the persistent service group, persisting the group shared key; and
      
      after the service group terminates, restarting the service group by advertising an identification (ID) of the service group and reusing the group shared key to securely send and receive multicast transmissions within the service group.
  - 17. The computer-implemented method of claim 13, further comprising:
    - determining, from the security requirements, that the service group comprises a persistent service group; and
      
      in response to the determination that the service group comprises the persistent service group, allowing the recipient device to persist the first source-generated key, thereby enabling the recipient device to reuse the first source-generated key to securely receive multicast transmissions from the first device after the service group is restarted.
  - 18. The computer-implemented method of claim 10, further comprising:
    - determining, from the security requirements, that the service group comprises a persistent service group;
      
      in response to the determination that the service group comprises the persistent service group and to the service group providing group shared authentication information, persisting the group shared authentication information; and
      
      after the service group terminates, restarting the service group by advertising an identification of the service group and reusing the group shared authentication information to facilitate pairwise authentications between members of the restarted service group.

19. A non-transitory computer-readable medium storing instructions that, when executed by a computer, cause the computer to perform a method for joining a service group from a first device, the method comprising:
- receiving security requirements of the service group from an authorized member of the service group, wherein the security requirements regulate multicast transmissions within the service group;
  
  joining the service group by establishing pairwise authentication with the authorized member; and
  
  initializing multicast protection based at least in part on the security requirements, wherein the initializing comprises;
  
  determining, from the security requirements, that service group members are allowed to protect multicast transmissions using a group shared key; and
  
  obtaining the group shared key from the authorized member, wherein the group shared key enables the first device to securely send and receive multicast transmissions within the service group.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable medium of claim 19, wherein the method further comprises:
    - deter mining, from the security requirements, that service group comprises a persistent service group;
      
      in response to the determination that the service group comprises the persistent service group, persisting the group shared key; and
      
      after the service group terminates, restarting the service group by advertising an identification (ID) of the service group via an advertising mechanism of the device and reuse of the group shared key to securely send and receive multicast transmissions within the service group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Liu, Yong, Hartman, Christiaan A., Li, Guoqing, Wong, Chiu Ngok E., Yong, Su Khiong
Primary Examiner(s)
Gelin, Jean

Application Number

US14/947,752
Publication Number

US 20160295413A1
Time in Patent Office

760 Days
Field of Search

455410, 455411, 4554141, 455517, 455518, 455519
US Class Current
CPC Class Codes

G06F 16/334   Query execution G06F16/335 ...

G06F 16/93   Document management systems

G06V 30/224   of printed characters havin...

G06V 30/412   Layout analysis of document...

G06V 30/414   Extracting the geometrical ...

H04L 63/065   for group communications cr...

H04L 63/20   for managing network securi...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/50   Secure pairing of devices

H04W 4/08   User group management

H04W 84/12   WLAN [Wireless Local Area N...

Method and apparatus for joining wireless service groups

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for joining wireless service groups

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links