ENHANCING SECURITY IN A WIRELESS NETWORK

US 20110302635A1
Filed: 08/15/2011
Published: 12/08/2011
Est. Priority Date: 04/13/2007
Status: Active Grant

First Claim

Patent Images

1. A method of enhancing security in a wireless mesh network including a plurality of network devices, the method comprising:

allocating a plurality of shared wireless links accessible to each of the plurality of network devices, wherein each link is associated with a communication timeslot of a predetermined duration and with a carrier frequency;

preventing unauthorized access to the plurality of shared wireless links by verifying a session key supplied by each of the plurality of network devices to access one of the plurality of shared wireless links;

transmitting an advertisement packet from a neighbor device, wherein the neighbor device is one of the plurality of network devices, including;

providing a link map identifying a set of join links in the advertisement packet, wherein the set of join links is a subset of the plurality of shared wireless links;

receiving a join request from a joining device over one of set of join links, wherein the join request is responsive to the advertisement packet and wherein the neighbor device is configured to receive incoming data over the one of set of join links; and

processing the join request, including;

authenticating the joining device by communicating with the joining device via the neighbor device over the one of set of join links; and

granting the joining device access to the plurality of shared wireless links by transmitting the session key to the joining device if the joining device is successfully authenticated.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of enhancing security in a wireless mesh communication network operating in a process control environment and including a plurality of wireless network devices includes processing a join request from a wireless device wishing to join the wireless mesh communication network, providing a limited network functionality to the wireless device if the join request is granted, requesting a complete approval of the wireless device; and granting a full network functionality to the wireless device if the complete approval of the wireless device is received.

Citations

13 Claims

1. A method of enhancing security in a wireless mesh network including a plurality of network devices, the method comprising:
- allocating a plurality of shared wireless links accessible to each of the plurality of network devices, wherein each link is associated with a communication timeslot of a predetermined duration and with a carrier frequency;
  
  preventing unauthorized access to the plurality of shared wireless links by verifying a session key supplied by each of the plurality of network devices to access one of the plurality of shared wireless links;
  
  transmitting an advertisement packet from a neighbor device, wherein the neighbor device is one of the plurality of network devices, including;
  
  providing a link map identifying a set of join links in the advertisement packet, wherein the set of join links is a subset of the plurality of shared wireless links;
  
  receiving a join request from a joining device over one of set of join links, wherein the join request is responsive to the advertisement packet and wherein the neighbor device is configured to receive incoming data over the one of set of join links; and
  
  processing the join request, including;
  
  authenticating the joining device by communicating with the joining device via the neighbor device over the one of set of join links; and
  
  granting the joining device access to the plurality of shared wireless links by transmitting the session key to the joining device if the joining device is successfully authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein transmitting an advertisement packet further includes transmitting an absolute slot number indicative of a number of communication timeslots scheduled since a formation time of the wireless mesh network.
  - 3. The method of claim 1, wherein transmitting an advertisement packet further includes transmitting network identity in the advertisement packet, wherein the joining device stores a device network identity and initiates a sequence of joining the wireless mesh network only if the stored predefined device network identity matches the network identity.
  - 4. The method of claim 1, wherein conditionally granting the joining device access to the wireless mesh includes transmitting at least one of a network key, a network management key, or a gateway key to the joining device, wherein each of the network key, a network management key, or a gateway key grants access to a separate function of the wireless mesh network.
  - 5. The method of claim 1, wherein receiving the join request includes:
    - receiving a join key stored in the joining device; and
      
      whereinprocessing the join request includes comparing the join key to a network join key copy stored in one of the plurality network devices.
  - 6. The method of claim 1, wherein processing the join request includes receiving a join nonce value from the joining device, wherein the join nonce value includes an address of the joining device and a nonce counter initialized when the joining device is programmed with the network identity.
  - 7. The method of claim 1, wherein the joining device listens for advertisement packets on each of a plurality of carrier frequencies associated with the wireless mesh network for a predetermined amount of time prior to initiating a sequence of joining the wireless mesh network.
  - 8. The method of claim 1, wherein the wireless mesh network implements the HART communication protocol and wherein processing the join request includes receiving a HART identification information.

9. A method of enhancing security of a wireless communication protocol servicing a plurality of wireless network devices in a mesh communication network, wherein the mesh communication network operates in a process control environment, the method comprising:
- defining a communication timeslot of a predetermined duration;
  
  generating a network schedule including at least one superframe having repeating superframe cycles, each having a number of communication timeslots;
  
  wherein each of the plurality of wireless network devices transmit and receives data according to the network schedule;
  
  maintaining an absolute slot number indicative of a number of communication timeslots scheduled since a start time of the wireless network; and
  
  sending a data packet associated with one of a plurality of layers associated with the wireless communication protocol from one of the plurality of wireless network devices to another one of the plurality of wireless network devices, including;
  
  generating a first message integrity code for the data packet based on the absolute slot number.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein generating a first message integrity code includes:
    - forming a nonce value from the absolute slot number;
      
      supplying the nonce value to a message integrity code generator; and
      
      supplying a network key to the message integrity code generator, wherein the network key is shared by each fully operational wireless network device in the plurality of wireless network devices.
  - 11. The method of claim 10, wherein the data packet is associated with a data link layer included in the plurality of layers associated with the wireless communication protocol;
    - and wherein generating a first message integrity code further includes;
      
      supplying a payload of the data packet to a non-enciphering input of the message integrity code generator; and
      
      supplying an empty string to the enciphering input of the message integrity code generator.
  - 12. The method of claim 9, wherein sending a data packet associated with one of a plurality of layers associated with the wireless communication protocol further includes:
    - enciphering the data packet on another one of the plurality of layers associated with the wireless communication protocol, including generating a second message integrity code associated with the another one of the plurality of layers based on a session-specific nonce counter.
  - 13. The method of claim 9, wherein generating a message integrity code for the data packet based on the absolute slot number includes merging the absolute slot number with a source address associated with the data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
FieldComm Group, Inc.
Original Assignee
Hart Communication Foundation (FieldComm Group, Inc.)
Inventors
Nixon, Mark J., Rotvold, Eric D., Pramanik, Robin S., Phinney, Tom, Lennvall, Tomas P., Zats, Yuri, Enns, Rick, Pratt, Wallace A. Jr.

Granted Patent

US 8,670,749 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G01D 21/00   Measuring or testing not ot...

H04W 24/00   Supervisory, monitoring or ...

H04W 56/0015   one node acting as a refere...

H04W 56/002   Mutual synchronization

H04W 80/00   Wireless network protocols ...

ENHANCING SECURITY IN A WIRELESS NETWORK

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

ENHANCING SECURITY IN A WIRELESS NETWORK

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links