Establishing a unique end-to-end management key

US 9,413,686 B2
Filed: 01/07/2008
Issued: 08/09/2016
Est. Priority Date: 06/04/2007
Status: Active Grant

First Claim

Patent Images

1. A method for authorizing end-to-end communication, the method comprising:

receiving, by a second station from a first station, a connection request message, the connection request message including a first pseudo-random number and a first identifier associated with the first station;

transmitting, by the second station, a key request message to an authorization server for an end-to-end management key, the key request message including the first identifier, the first pseudo-random number, a second identifier associated with the second station and a second pseudo-random number associated with the second station;

receiving, by the second station from the authorization server, a first response message that includes the end-to-end management key and a first nonce that is based, at least in part, on the second pseudo-random number; and

authenticating, by the second station, the end-to-end management key based, at least in part, on determining that the first nonce corresponds to the second pseudo-random number.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for communicating and authenticating end-to-end management keys to stations to facilitate communications between stations in the network. A nonce based upon a pseudo-random number generated by the station(s) can be included with the end-to-end management key (EMK). The station(s) can compare the nonce to the generated pseudo-random number to authenticate the EMK.

214 Citations

22 Claims

1. A method for authorizing end-to-end communication, the method comprising:
- receiving, by a second station from a first station, a connection request message, the connection request message including a first pseudo-random number and a first identifier associated with the first station;
  
  transmitting, by the second station, a key request message to an authorization server for an end-to-end management key, the key request message including the first identifier, the first pseudo-random number, a second identifier associated with the second station and a second pseudo-random number associated with the second station;
  
  receiving, by the second station from the authorization server, a first response message that includes the end-to-end management key and a first nonce that is based, at least in part, on the second pseudo-random number; and
  
  authenticating, by the second station, the end-to-end management key based, at least in part, on determining that the first nonce corresponds to the second pseudo-random number.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the first response message is encrypted using a second-station key associated with the second station and wherein the method further comprises decrypting the first response message using the second-station key.
  - 3. The method of claim 1, further comprising, receiving, by the first station from the authorization server, a second response message that includes the end-to-end management key and a second nonce that is based on the first pseudo-random number, wherein the second response message is encrypted using a first-station key associated with the first station.
  - 4. The method of claim 3, wherein the first station authenticates the end-to-end management key included in the second response message based on the second nonce.
  - 5. The method of claim 1,wherein the first nonce is derived by adjusting the second pseudo-random number according to a function known by the second station and the authorization server, andwherein said determining that the first nonce corresponds to the second pseudo-random number comprises adjusting, by the second station, the second pseudo-random number according to the function and comparing the adjusted second pseudo-random number to the first nonce.
  - 6. The method of claim 1, further comprising:
    - transmitting, by one of the first station and the second station to the other of the first station and the second station, a set key request to establish an end-to-end key for use in encrypting communications between the first station and the second station, the set key request encrypted using the end-to-end management key.

7. A method implemented by an authorization server comprising:
- receiving a request for an end-to-end management key to facilitate communication between a first station and a second station, the request including a first identifier associated with the first station, a first pseudo-random number generated by the first station, a second identifier associated with the second station, and a second pseudo-random number generated by the second station; and
  
  in response to receiving the request for the end-to-end management key, transmitting a first response message to the first station and a second response message to the second station,wherein the first response message is encrypted utilizing a first-station key, the first response message comprising the end-to-end management key and a first nonce that is based, at least in part, on the first pseudo-random number, andwherein the second response message is encrypted utilizing a second-station key associated with the second station, the second response message comprising the end-to-end management key and a second nonce that is based, at least in part, on the second pseudo-random number.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising generating the end-to-end management key in response to the request.
  - 9. The method of claim 7, wherein the first station sends a first request to the second station, the first request including the first pseudo-random number, and wherein the second station forwards at least a portion of the first request to the authorization server in the request for the end-to-end management key.
  - 10. The method of claim 7, wherein the first station and the second station decrypt the first response message and the second response message, respectively, and use the first nonce and the second nonce, respectively, to validate authenticity of the end-to-end management key.
  - 11. The method of claim 10, wherein the first station and the second station use the first nonce and the second nonce to validate the authenticity of the end-to-end management key, respectively, by adjusting the first pseudo-random number and the second pseudo-random number by a first function and a second function, respectively, and by comparing the adjusted first pseudo-random number and the adjusted second pseudo-random number with the first nonce and the second nonce, respectively.
  - 12. The method of claim 7, further comprising:
    - transmitting, by one of the first station and the second station to the other of the first station and the second station, a set key request to establish an end-to-end key for use in encrypting communications between the first station and the second station, the set key request encrypted using the end-to-end management key.

13. A system comprising:
- a first station configured to transmit a connection request message to a second station, the connection request message including a first identifier associated with the first station and a first pseudo-random number generated by the first station;
  
  the second station configured to transmit a request message to an authorization server for an end-to-end management key, the request message including the first identifier, the first pseudo-random number, a second identifier associated with the second station, and a second pseudo-random number generated by the second station; and
  
  the authorization server configured to receive the request message and provide a first response message to the first station and a second response message to the second station,the first response message including the end-to-end management key and a first nonce that is based, at least in part, on the first pseudo-random number, the first response message encrypted using a first-station key associated with the first station,the second response message including the end-to-end management key and a second nonce that is based, at least in part, on the second pseudo-random number, the second response message encrypted using a second-station key associated with the second station;
  
  wherein the first station authenticates the end-to-end management key included in the first response message based, at least in part, on determining that the first nonce corresponds to the first pseudo-random number; and
  
  wherein the second station authenticates the end-to-end management key included in the second response message based, at least in part, on determining that the second nonce corresponds to the second pseudo-random number.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein the first station decrypts the first response message using the first-station key, and the second station decrypts the second response message using the second-station key.
  - 15. The system of claim 13,wherein the first nonce is derived by adjusting the first pseudo-random number according to a first function,wherein the first station adjusts the first pseudo-random number according to the first function and compares the adjusted first pseudo-random number to the first nonce,wherein the second nonce is derived by adjusting the second pseudo-random number according to a second function, andwherein the second station adjusts the second pseudo-random number according to the second function and compares the adjusted second pseudo-random number to the second nonce.
  - 16. The system of claim 15,wherein the first station and the second station use the first nonce and the second nonce, respectively, to validate the authenticity of the end-to-end management key, by adjusting the first pseudo-random number and the second pseudo-random number by the first function and the second function, respectively, and by comparing the adjusted first pseudo-random number and the adjusted second pseudo-random number with the first nonce and the second nonce, respectively.
  - 17. The system of claim 13, wherein one of the first station and the second station transmits to the other of the first station and the second station, a set key request to establish an end-to-end key for use in encrypting communications between the first station and the second station, the set key request encrypted using the end-to-end management key.

18. An authorization server comprising:
- a processor, anda non-transitory computer-readable medium having stored thereon instructions, that when executed by the processor, cause the authorization server to;
  
  receive a request for an end-to-end management key, the request including a first station identifier associated with a first station, a first pseudo-random number generated by the first station, a second station identifier associate with a second station, and a second pseudo-random number generated by the second station,in response to the request, generate a first nonce based, at least in part, on the first pseudo-random number by adjusting the first pseudo-random number according to a first function, and generate a second nonce based on the second pseudo-random number by adjusting the second pseudo-random number according to a second function, andsend a first encrypted response message to the first station and a second encrypted response message to the second station, the first encrypted response message being encrypted using a first-station key and including the first nonce and the end-to-end management key, andthe second encrypted response message being encrypted using a second-station key and including the second nonce and the end-to-end management key.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The authorization server of claim 18, wherein the authorization server generates the end-to-end management key in response to the request.
  - 20. The authorization server of claim 18,wherein the first station sends a first request message to the second station, the first request message including the first pseudo-random number;
    - andwherein the second station forwards at least a portion of the first request message to the authorization server in the request for the end-to-end management key.
  - 21. The authorization server of claim 18,wherein the first station decrypts the first encrypted response message using the first-station key, and uses the first nonce to validate authenticity of the end-to-end management key included in the first encrypted response message;
    - andwherein the second station decrypts the second encrypted response message using the second-station key, and uses the second nonce to validate authenticity of the end-to-end management key included in the second encrypted response message.
  - 22. The authorization server of claim 18, wherein one of the first station and the second station transmits to the other of the first station and the second station, a set key request to establish an end-to-end key for use in encrypting the communications between the first station and the second station, the set key request encrypted using the end-to-end management key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm Atheros Incorporated (Qualcomm, Inc.)
Original Assignee
Qualcomm, Inc.
Inventors
Katar, Srinivas, Yonge, Lawrence W. III, Krishnam, Manjunath
Primary Examiner(s)
Hoffman, Brandon

Application Number

US11/970,339
Publication Number

US 20080298589A1
Time in Patent Office

3,137 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04B 2203/5445   Local network

H04L 12/2801   Broadband local area networks

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/413   with random access, e.g. ca...

H04L 12/44   Star or tree networks

H04L 45/12   Shortest path evaluation

H04L 45/121   by minimising delays

H04L 45/122   by minimising distances, e....

H04L 45/123   Evaluation of link metrics ...

H04L 45/125   based on throughput or band...

H04L 45/16   Multipoint routing

H04L 47/787   Bandwidth trade among domains

Establishing a unique end-to-end management key

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

214 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing a unique end-to-end management key

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

214 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links