Establishing a wireless connection to a wireless access point

US 9,954,687 B2
Filed: 10/23/2015
Issued: 04/24/2018
Est. Priority Date: 01/06/2010
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a wireless connection, the method comprising:

receiving a selection of a network using a first name broadcast by a wireless access point;

obtaining, by a processor unit, a digital certificate having a second name from the wireless access point;

determining, by the processor unit, whether the digital certificate is valid by determining whether the digital certificate matches one of a number of digital certificates previously identified by the processor unit as being valid, and responsive to determining that the digital certificate does not match one of the number of digital certificates previously identified as being valid, requesting a user input as to whether to trust the digital certificate;

determining, by the processor unit, whether the second name in the digital certificate matches the first name broadcast by the wireless access point; and

responsive to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point, establishing, by the processor unit, the wireless connection to the wireless access point, wherein the step of establishing, by the processor unit, the wireless connection to the wireless access point comprises;

generating, by the processor unit, a session key for the wireless connection using the digital certificate responsive to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point; and

exchanging, by the processor unit, information with a server using the session key to encrypt and decrypt the information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for establishing a wireless connection. A digital certificate having a second name is obtained by a processor unit in response to receiving a selection of a network using a first name broadcast by a wireless access point. A determination is made by the processor unit as to whether the digital certificate is valid. A determination is made by the processor unit as to whether the second name in the digital certificate matches the first name broadcast by the wireless access point. The processor unit establishes the wireless connection to the wireless access point in response to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point.

27 Citations

View as Search Results

17 Claims

1. A method for establishing a wireless connection, the method comprising:
- receiving a selection of a network using a first name broadcast by a wireless access point;
  
  obtaining, by a processor unit, a digital certificate having a second name from the wireless access point;
  
  determining, by the processor unit, whether the digital certificate is valid by determining whether the digital certificate matches one of a number of digital certificates previously identified by the processor unit as being valid, and responsive to determining that the digital certificate does not match one of the number of digital certificates previously identified as being valid, requesting a user input as to whether to trust the digital certificate;
  
  determining, by the processor unit, whether the second name in the digital certificate matches the first name broadcast by the wireless access point; and
  
  responsive to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point, establishing, by the processor unit, the wireless connection to the wireless access point, wherein the step of establishing, by the processor unit, the wireless connection to the wireless access point comprises;
  
  generating, by the processor unit, a session key for the wireless connection using the digital certificate responsive to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point; and
  
  exchanging, by the processor unit, information with a server using the session key to encrypt and decrypt the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 16, 17)
- - 2. The method of claim 1 further comprising:
    - exchanging, by the processor unit, information with the network using the wireless connection established with the wireless access point.
  - 3. The method of claim 1, wherein the step of determining, by the processor unit, whether the digital certificate is valid comprises:
    - determining, by the processor unit, whether a digital signature in the digital certificate is signed by a trusted certificate authority.
  - 4. The method of claim 1, wherein the first name is a service set identifier and is broadcast using a frame extension that provides an extension to the service set identifier and includes element identifier, length and extended service set identifier fields.
  - 5. The method of claim 3, wherein the second name is a domain name of an entity that requested the digital certificate from the trusted certificate authority.
  - 6. The method of claim 1, wherein the wireless connection is an encrypted wireless connection.
  - 7. The method of claim 1, wherein the network is a wireless network specified by IEEE 802.11 standards.
  - 16. The method of claim 1, wherein the step of obtaining, by the processor unit, a digital certificate comprises:
    - sending, by the processor unit, an authentication request for network authentication to the wireless access point.
  - 17. The method of claim 1, wherein the digital certificate is used to authenticate an identity of a network and comprises a digital signature, a public key and the second name.

8. A computer comprising:
- a bus;
  
  a storage device connected to the bus;
  
  a processor unit connected to the bus; and
  
  program code stored on the storage device, for execution by the processor to receive a selection of a network using a first name broadcast by a wireless access point, obtain a digital certificate having a second name from the wireless access point, determine whether the digital certificate is valid by determining whether the digital certificate matches one of a number of digital certificates previously identified by the processor unit as being valid, and requesting a user input as to whether to trust the digital certificate responsive to determining that the digital certificate does not match one of the number of digital certificates previously identified as being valid, determine whether the second name in the digital certificate matches the first name broadcast by the wireless access point in response to determining that the digital certification is valid, and establish a wireless connection to the wireless access point using the digital certificate in response to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point by generating a session key for the wireless connection using the digital certificate responsive to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point, and exchanging information with a server using the session key to encrypt and decrypt the information.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computer of claim 8, wherein the program code is also executable by the processor to exchange information with the network using the wireless connection established with the wireless access point.
  - 10. The computer of claim 8, wherein the program code determines whether the digital certificate is valid by determining whether a digital signature in the digital certificate is signed by a trusted certificate authority to determine whether the digital certificate is valid.
  - 11. The computer of claim 8, wherein the first name is a service set identifier.
  - 12. The computer of claim 8, wherein the second name is a domain name.

13. A computer program product comprising:
- a non-transitory computer readable storage medium;
  
  first program code, stored on the non-transitory computer readable storage medium, responsive to receiving a selection of a network using a first name broadcast by a wireless access point, for obtaining a digital certificate having a second name from the wireless access point;
  
  second program code, stored on the non-transitory computer readable storage medium, for determining whether the digital certificate is valid by determining whether the digital certificate matches one of a number of digital certificates previously identified by the processor unit as being valid, and requesting a user input as to whether to trust the digital certificate responsive to determining that the digital certificate does not match one of the number of digital certificates previously identified as being valid;
  
  third program code, stored on the non-transitory computer readable storage medium, for determining whether the second name in the digital certificate matches the first name broadcast by the wireless access point in response to determining that the digital certification is valid; and
  
  fourth program code, stored on the non-transitory computer readable storage medium, responsive to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point, for establishing a wireless connection to the wireless access point using the digital certificate by generating a session key for the wireless connection using the digital certificate responsive to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point, and exchanging information with a server using the session key to encrypt and decrypt the information.
- View Dependent Claims (14, 15)
- - 14. The computer program product of claim 13 further comprising:
    - fifth program code, stored on the non-transitory computer readable storage medium, for exchanging information with the network using the wireless connection established with the wireless access point.
  - 15. The computer program product of claim 13, wherein the second program code comprises:
    - program code, stored on the non-transitory computer readable storage medium, for determining whether a digital signature in the digital certificate is signed by a trusted certificate authority to determine whether the digital certificate is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Cross, Thomas J., Dewey, David B., Takahashi, Takehiro
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Le, Canh

Application Number

US14/921,204
Publication Number

US 20160043871A1
Time in Patent Office

914 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04W 12/04   Key management, e.g. using ...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 84/12   WLAN [Wireless Local Area N...

Establishing a wireless connection to a wireless access point

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing a wireless connection to a wireless access point

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links