[go: up one dir, main page]

CN115604867A - Apparatus, medium, method, and apparatus for privacy enhancement - Google Patents

Apparatus, medium, method, and apparatus for privacy enhancement Download PDF

Info

Publication number
CN115604867A
CN115604867A CN202111554709.2A CN202111554709A CN115604867A CN 115604867 A CN115604867 A CN 115604867A CN 202111554709 A CN202111554709 A CN 202111554709A CN 115604867 A CN115604867 A CN 115604867A
Authority
CN
China
Prior art keywords
pmk
r0name
fto
ftr
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111554709.2A
Other languages
Chinese (zh)
Inventor
P-K·黄
I·皮尔
J·伯格
I·乌泽利
E·齐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Publication of CN115604867A publication Critical patent/CN115604867A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices
    • H04W88/10Access point devices adapted for operation in multiple networks, e.g. multi-mode access points

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Devices, media, methods, and apparatus for privacy enhancement are described. A device may determine a Pairwise Master Key (PMK) R0Name (PMKR 0 Name) associated with privacy enhancements. The device may cause the PMK R0name to be sent to a FT responder (FTR). The apparatus may cause the translated PMK R0name to be sent to another FTR for subsequent communication.

Description

Apparatus, medium, method, and apparatus for privacy enhancement
Technical Field
Embodiments of the present disclosure generally relate to systems and methods for wireless communication. More particularly, embodiments of the present disclosure relate to devices, media, methods, and apparatuses for privacy enhancement.
Background
Wireless devices are becoming widely popular and increasingly require access to wireless channels. The Institute of Electrical and Electronics Engineers (IEEE) is setting one or more standards that utilize Orthogonal Frequency Division Multiple Access (OFDMA) in channel allocation.
Disclosure of Invention
Embodiments of the present disclosure provide a fast Basic Service Set (BSS) transition (FT) initiator (FTO) comprising processing circuitry coupled to a storage device, the processing circuitry configured to: determining a Pairwise Master Key (PMK) R0name associated with privacy enhancements; cause the PMK R0name to be sent to a FT responder (FTR); and causing the translated PMK R0name to be sent to another FTR for subsequent communication.
Embodiments of the present disclosure also provide corresponding apparatuses, media, methods, and devices.
Drawings
The following detailed description refers to the accompanying drawings. The same reference numbers may be used in different drawings to identify the same or similar elements. In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular structures, architectures, interfaces, techniques, etc. in order to provide a thorough understanding of the various aspects of the various embodiments.
However, it will be apparent to those skilled in the art having the benefit of the present disclosure that the various aspects of the embodiments may be practiced in other examples that depart from these specific details. In certain instances, descriptions of well-known devices, circuits, and methods are omitted so as not to obscure the description of the respective embodiments with unnecessary detail.
Fig. 1 is a network diagram illustrating an example network environment for privacy enhancement in accordance with one or more example embodiments of the present disclosure.
Fig. 2 illustrates a block diagram of an example infrastructure framework upon which any of one or more techniques (e.g., methods) in accordance with one or more example embodiments of the present disclosure may be performed.
Fig. 3 illustrates a flow diagram of FT initial mobility domain association in an RSN (robust security network) upon which any one of one or more techniques (e.g., methods) according to one or more example embodiments of the present disclosure may be performed.
Fig. 4 illustrates a flow diagram of an over-the-air FT protocol in an RSN upon which any one of one or more techniques (e.g., methods) according to one or more example embodiments of the present disclosure may be performed.
Fig. 5 illustrates an FT key hierarchy diagram upon which any of one or more techniques (e.g., methods) according to one or more example embodiments of the present disclosure may be performed.
Fig. 6 shows an interaction diagram between an initial AP and a STA and between a target AP and a STA according to one or more example embodiments of the present disclosure.
Fig. 7 shows a diagram of a protected and authenticated PMKR0Name sub-element format in accordance with one or more example embodiments of the present disclosure.
Fig. 8 shows a diagram of a protected and authenticated PMKR0Name format in accordance with one or more example embodiments of the present disclosure.
Fig. 9 illustrates a diagram of an over-the-DS (by distribution system) FT protocol in an RSN according to one or more example embodiments of the present disclosure.
Fig. 10 shows a flowchart of an illustrative process for an illustrative privacy enhancement system in accordance with one or more exemplary embodiments of the present disclosure.
Fig. 11 illustrates a functional diagram of an exemplary communication station that may be suitable for use as a user equipment in accordance with one or more example embodiments of the present disclosure.
Fig. 12 illustrates a block diagram of an example machine on which any of one or more techniques (e.g., methods) may be performed in accordance with one or more example embodiments of the present disclosure.
Fig. 13 is a block diagram of a radio architecture in accordance with one or more example embodiments of the present disclosure.
Fig. 14 illustrates example front end module circuitry for use in the radio architecture of fig. 13, in accordance with one or more example embodiments of the present disclosure.
Fig. 15 shows an example radio IC circuit for use in the radio architecture of fig. 13, according to one or more example embodiments of the present disclosure.
Fig. 16 illustrates an example baseband processing circuit for use in the radio architecture of fig. 13, according to one or more example embodiments of the present disclosure.
Detailed Description
The following description and the drawings sufficiently illustrate specific embodiments to enable those skilled in the art to practice them. Other embodiments may include structural, logical, electrical, process, algorithmic, and other changes. Portions and features of some embodiments may be included in or substituted for those of others. Embodiments set forth in the claims encompass all available equivalents of those claims.
Consider an initiating entity and a responding entity, where a < initiating entity, responding entity > pair can be a < non-AP STA, AP > or a < non-AP MLD, AP MLD >, where AP denotes an access point and MLD denotes a multi-link device. When the initiating entity (or FTO) attempts to connect with the target responding entity using the over-the-air fast Basic Service Set (BSS) transition (FT) protocol, the PMKR0Name will be carried in the first authentication frame. The responding entity will then use the PMKR0Name to compute the PMKR1Name and check if it is a locally cached PMK-R1. If it does not have a locally cached PMK-R1, it will contact R0KH to retrieve PMK-R1 based on R0KH-ID carried in the first frame, and then PMK-R1 can be used to generate a PTK (pairwise temporal key).
It should be noted that in the above procedure, when the initiating entity performs FT protocol in the mobile domain, the same PMKR0Name will be transmitted in a clear manner in the first message of each connection, so PMKR0Name can be the source of tracing, which leads to privacy issues. There is currently no solution to this problem.
Embodiments of the present disclosure relate to systems, methods, and devices for PMKR0Name privacy enhancement.
In one embodiment, the privacy enhancement system may facilitate three options to address this issue.
Option 1: program to change PMKR0NameOld to PMKR0NameNew.
Option 2: the responder encrypts the PMKR0Name as a random string and sends it to the initiating entity for the next program to use. All responding entities in the mobile domain will share a key to encrypt the PMKR0Name and decrypt the random string.
Option 3: a first authentication frame carrying the PMKR0Name is sent over the Distribution System (DS) using the over-the-DS (on DS) FT protocol.
Any information in the first message of the over-the-air FT protocol cannot be used to track the originating entity.
The foregoing description is for the purpose of illustration and is not meant to be limiting. Many other examples, configurations, processes, algorithms, etc., are possible, some of which are described in more detail below. Example embodiments will now be described with reference to the accompanying drawings.
Fig. 1 is a network diagram illustrating an example network environment for privacy enhancement in accordance with some example embodiments of the present disclosure. Wireless network 100 may include one or more user devices 120 and one or more Access Points (APs) 102, which may communicate in accordance with the IEEE 802.11 communication standard. The user device 120 may be a mobile device that is non-stationary (e.g., does not have a fixed location), or may be a stationary device.
In some embodiments, user device 120 and AP 102 may include one or more computer systems similar to the functional diagram of fig. 11 and/or the example machine/system of fig. 12.
One or more illustrative user devices 120 and/or APs 102 may be operated by one or more users 110. It should be noted that any addressable unit may be a Station (STA). A STA may exhibit a number of different characteristics, each of which shapes its functionality. For example, singly canThe addressing units may be a portable STA, a quality of service (QoS) STA, a dependent STA, and a hidden STA at the same time. One or more of the illustrative user devices 120 and the AP 102 may be STAs. One or more illustrative user devices 120 and/or APs 102 may operate as Personal Basic Service Set (PBSS) control points/access points (PCPs/APs). User device 120 (e.g., 124, 126, or 128) and/or AP 102 may include any suitable processor-driven device, including but not limited to a mobile device or a non-mobile device (e.g., a stationary device). For example, user device 120 and/or AP 102 may include a user device (UE), a Station (STA), an Access Point (AP), a software-enabled AP (SoftAP), a Personal Computer (PC), a wearable wireless device (e.g., a bracelet, watch, glasses, ring, etc.), a desktop computer, a mobile computer, a laptop computer, a super-polar computer, etc TM A computer, a notebook computer, a tablet computer, a server computer, a handheld device, an Internet of things (IoT) device, a sensor device, a PDA device, a handheld PDA device, an onboard device, an off-board device, a hybrid device (e.g., incorporating cellular telephone functionality with PDA device functionality), a consumer device, an onboard device, an offboard device, a mobile or portable device, a non-mobile or non-portable device, a mobile telephone, a cellular telephone, a PCS device, a PDA device that includes a wireless communication device, a mobile or portable GPS device, a DVB device, a relatively small computing device, a non-desktop computer, a "desk all live large" (CSLL) device, an ultra-mobile device (UMD), an ultra-mobile PC (UMPC), a Mobile Internet Device (MID), <xnotran> "origami" , (DCC) , , , , A/V , (STB), (BD) , BD , (DVD) , (HD) DVD , DVD , HD DVD , (PVR), HD , , , , , , , , (PMP), (DVC), , , , , , , </xnotran>Data receivers, digital cameras (DSCs), media players, smart phones, televisions, music players, and the like. Other devices, including smart devices (e.g., lights, climate controls, automotive components, household components, appliances, etc.), may also be included in the list.
As used herein, the term "internet of things (IoT) device" is used to refer to any object (e.g., an appliance, a sensor, etc.) that has an addressable interface (e.g., an Internet Protocol (IP) address, a bluetooth Identifier (ID), a Near Field Communication (NFC) ID, etc.) and is capable of sending information to one or more other devices over a wired or wireless connection. IoT devices may have passive communication interfaces (e.g., quick Response (QR) codes, radio Frequency Identification (RFID) tags, NFC tags, etc.) or active communication interfaces (e.g., modems, transceivers, transmitter-receivers, etc.). IoT devices may have a particular set of attributes (e.g., device status or state (e.g., whether the IoT device is on or off, idle or active, available for task execution or busy, etc.), cooling or heating functions, environmental monitoring or recording functions, lighting functions, sound emitting functions, etc.), which may be embedded in and/or controlled/monitored by a Central Processing Unit (CPU), microprocessor, ASIC, etc., and configured to connect to an IoT network (e.g., a local ad-hoc network or the internet). For example, ioT devices may include, but are not limited to, refrigerators, toasters, ovens, microwave ovens, freezers, dishwashers, hand tools, washers, dryers, furnaces, air conditioners, thermostats, televisions, light fixtures, dust collectors, sprinklers, electricity meters, gas meters, etc., as long as the devices are equipped with an addressable communication interface for communicating with the IoT network. IoT devices may also include cell phones, desktop computers, laptop computers, tablet computers, personal Digital Assistants (PDAs), and the like. Thus, an IoT network may be composed of "legacy" internet-accessible devices (e.g., laptop or desktop computers, cell phones, etc.) as well as devices that typically do not have internet connectivity (e.g., dishwashers, etc.).
User equipment 120 and/or AP 102 may also comprise, for example, a mesh station in a mesh network, according to one or more IEEE 802.11 standards and/or 3GPP standards.
Any user device 120 (e.g., user devices 124, 126, 128) and AP 102 may be configured to communicate with each other, wirelessly or by wire, via one or more communication networks 130 and/or 135. User devices 120 may also communicate with each other peer-to-peer or directly, with or without AP 102. Any of the communication networks 130 and/or 135 may include, but are not limited to, any of a combination of different types of suitable communication networks, such as a broadcast network, a wired network, a public network (e.g., the internet), a proprietary network, a wireless network, a cellular network, or any other suitable proprietary and/or public network. Further, any of communication networks 130 and/or 135 may have any suitable communication range associated therewith and may include, for example, a global network (e.g., the internet), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a Local Area Network (LAN), or a Personal Area Network (PAN). Further, any of the communication networks 130 and/or 135 may include any type of medium that may carry network traffic, including but not limited to coaxial cable, twisted pair, fiber optic, hybrid Fiber Coaxial (HFC) medium, microwave terrestrial transceiver, radio frequency communication medium, white space communication medium, ultra-high frequency communication medium, satellite communication medium, or any combination thereof.
Any user device 120 (e.g., user devices 124, 126, 128) and AP 102 may include one or more communication antennas. The one or more communications antennas may be any suitable type of antenna corresponding to the communications protocol used by user devices 120 (e.g., user devices 124, 126, 128) and AP 102. Some non-limiting examples of suitable communication antennas include Wi-Fi antennas, institute of Electrical and Electronics Engineers (IEEE) 802.11 standards family compliant antennas, directional antennas, non-directional antennas, dipole antennas, folded dipole antennas, patch antennas, multiple-input multiple-output (MIMO) antennas, omni-directional antennas, quasi-omni-directional antennas, and the like. One or more communication antennas may be communicatively coupled to the radio to transmit signals (e.g., communication signals) to user device 120 and/or AP 102 and/or to receive signals from user device 120 and/or AP 102.
Any user device 120 (e.g., user devices 124, 126, 128) and AP 102 may be configured to perform directional transmission and/or directional reception in connection with wireless communication in a wireless network. Any user device 120 (e.g., user devices 124, 126, 128) and AP 102 may be configured to perform such directional transmission and/or reception using a set of multiple antenna arrays (e.g., DMG antenna arrays, etc.). Each of the plurality of antenna arrays may be used for transmission and/or reception in a particular respective direction or range of directions. Any user device 120 (e.g., user devices 124, 126, 128) and AP 102 can be configured to perform any given directional transmission to one or more defined transmit sectors. Any user device 120 (e.g., user devices 124, 126, 128) and AP 102 may be configured to perform any given directional reception from one or more defined reception sectors.
MIMO beamforming in wireless networks may be implemented using RF beamforming and/or digital beamforming. In some embodiments, in performing a given MIMO transmission, user device 120 and/or AP 102 may be configured to perform MIMO beamforming using all or a subset of its one or more communication antennas.
Any user device 120 (e.g., user devices 124, 126, 128) and AP 102 may include any suitable radio and/or transceiver for transmitting and/or receiving Radio Frequency (RF) signals in a bandwidth and/or channel corresponding to a communication protocol used by any user device 120 and AP 102 to communicate with each other. The radio may include hardware and/or software for modulating and/or demodulating communication signals according to a pre-established transmission protocol. The radio may also have hardware and/or software instructions to communicate via one or more Wi-Fi and/or Wi-Fi direct protocols standardized by the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard. In some example embodiments, the radio in cooperation with the communications antenna may be configured to communicate via 2.4GHz channels (e.g., 802.11b, 802.11g, 802.11n, 802.11 ax), 5GHz channels (e.g., 802.11n, 802.11ac, 802.11 ax), or 60GHz channels (e.g., 802.11ad, 802.11 ay), 800MHz channels (e.g., 802.11 ah). The communication antenna may operate at 28GHz and 40 GHz. It should be appreciated that this list of communication channels according to some 802.11 standards is only a partial list, and other 802.11 standards (e.g., next generation Wi-Fi or other standards) may be used. In some embodiments, non-Wi-Fi protocols may be used for communication between devices, such as bluetooth, dedicated Short Range Communication (DSRC), ultra High Frequency (UHF) (e.g., IEEE 802.11af, IEEE 802.22), white band frequencies (e.g., white space), or other packetized radio communication. The radio may comprise any known receiver and baseband suitable for communicating via a communication protocol. The radio components may also include a Low Noise Amplifier (LNA), additional signal amplifiers, analog-to-digital (a/D) converters, one or more buffers, and a digital baseband.
In one embodiment, and referring to fig. 1, user device 120 may communicate with one or more APs 102. For example, one or more APs 102 may implement privacy enhancement 142 with one or more user devices 120. One or more of the APs 102 may be a multi-link device (MLD) and one or more of the user devices 120 may be a non-AP MLD. Each of the one or more APs 102 may include a plurality of individual APs (e.g., AP1, AP2, … … APn, where n is an integer), and each of the one or more user devices 120 may include a plurality of individual STAs (e.g., STA1, STA2, … … STAn). The AP MLD and non-AP MLD may set up one or more links (e.g., link 1, link 2, … … link n) between each individual AP and STA. It is to be understood that the above description is intended to be illustrative, and not restrictive.
Fig. 2 illustrates a block diagram of an example infrastructure framework upon which any of one or more techniques (e.g., methods) in accordance with one or more example embodiments of the present disclosure may be performed.
While pursuing an endless pursuit to achieve high throughput, 802.11be created a framework that allows multiple links to be connected while connected to a network, as shown below.
Each party has two multi-link devices including multiple STAs that can establish links with each other. The detailed definitions are as follows.
Multi-link device (MLD): a logical entity containing one or more STAs. The logical entity has one MAC data service interface and primitive to the LLC and a single address associated with that interface that can be used for communication over DSM (distributed shared memory).
Note that the multilink device allows STAs within the multilink logical entity to have the same MAC address.
Note that the exact name may be changed.
For the infrastructure framework, there are multi-link AP devices (including the AP of one party) and multi-link non-AP devices (including the non-AP of the other party). The detailed definitions are as follows.
Multi-link AP device: a multi-link device, where each STA within the multi-link device is an EHT (enhanced high throughput) AP.
Multi-link non-AP device: a multi-link device, wherein each STA within the multi-link device is a non-AP EHT STA.
Note that this framework is a natural extension from single link operation between two STAs, namely AP and non-AP STAs under the infrastructure framework.
Each MLD has an MLD MAC address. Each STA of MLD also has a STA MAC address.
Different STAs of the MLD have different MAC addresses. The MAC address of the MLD may be the same as or different from one of the MAC addresses of the STAs of the MLD.
The MAC address of MLD is introduced to ensure that the conventional mapping from a higher layer perspective of AP and STA is preserved under multi-link, and the mapping is replaced with AP MLD and non-AP MLD independent of the MAC address used by the STA of MLD.
Fast Basic Service Set (BSS) transition (FT) is used to simplify the roaming process from one AP to another AP in the same mobility domain.
The definition of the mobility domain is as follows.
Basic Service Set (BSS): a group of Stations (STAs) that are successfully synchronized using the JOIN service primitive and a STA that uses the START primitive. Alternatively, a set of STAs matching a grid profile have been specified using a START primitive, where the matching of the grid profile has been verified by the scanning process. Membership in a BSS does not mean that wireless communication with all other members of the BSS is possible.
A mobile domain: a group of Basic Service Sets (BSSs) within the same Extended Service Set (ESS) support fast BSS transitions between them and are identified by the Mobile Domain Identifier (MDID) of the set.
Extended Service Set (ESS): the ESS is a union of infrastructure BSSs connected by the DS with the same SSID. The ESS does not include a DS.
FT has two parts:
1-FT initial mobility domain associations as described in 13.4FT initial mobility domain associations. This process describes the first step of associating with an AP in the mobility domain. A common procedure is FT initial mobile domain association in RSN, as described in FT initial mobile domain association in 13.4.2RSN.
2-FT protocol, as described in the 13.5FT protocol. This process describes how a STA moves from one AP to another AP in the mobility domain. A common procedure is over-the-air FT protocol authentication in the RSN, as described in the over-the-air FT protocol authentication in the RSN.
Fig. 3 illustrates a flow diagram of FT initial mobility domain association in an RSN upon which any one of one or more techniques (e.g., methods) according to one or more example embodiments of the present disclosure may be performed.
The basic flow of the initial association is as follows.
Authentication request/response exchanges to implement open system authentication, allowing any STA to join the DS.
An association request/response for exchanging mobile domain information in a Mobile Domain Element (MDE) and fast BSS transition element (FTE) FT information.
802.1X EAP (extended authentication protocol) authentication generates PMK-R0 for generating any PMK-R1, and PMK-R1 between the AP and STA pair.
The FT 4 handshake generates a PTK and passes GTK (group temporal key), IGTK (complete GTK), BIGTK (beacon IGTK).
Fig. 4 illustrates a flow diagram of an over-the-air FT protocol in an RSN upon which any one of one or more techniques (e.g., methods) according to one or more example embodiments of the present disclosure may be performed.
The basic flow of roaming is as follows.
The STA or FTO (FT initiator) performs FT authentication according to PMK-R1 between the STA and the target AP to generate the PTK. PMK-R1 is generated based on PMK-R0.
The STA or FTO performs a re-association request/response exchange with the target AP.
GTK, IGTK, BIGTK are communicated by the target AP in the FTE carried in the re-association response.
In the Authentication-Request (Authentication-Request) frame, the SA field of the header should be set to the MAC address of the FTO, and the DA field of the header should be set to the BSSID of the target AP.
In the Authentication-Response frame, the SA field of the header should be set to the BSSID of the target AP, and the DA field of the header should be set to the MAC address of the FTO.
Fig. 5 illustrates an FT key hierarchy diagram upon which any of one or more techniques (e.g., methods) according to one or more example embodiments of the present disclosure may be performed.
Fig. 6 illustrates an interaction diagram between an initial AP and a STA and between a target AP and a STA according to one or more example embodiments of the present disclosure.
The FT key hierarchy is explained as follows.
The AP side:
the R0 key holder (R0 KH) interacts with the IEEE 802.1X authenticator to receive the MSK (master session key) generated by EAP authentication. R0KH produces PMK-R0 and PMK-R1. Each PMK-R1 is used for AP and STA pairs.
The R1 key holder (R1 KH) interacts with the IEEE 802.1X authenticator to open the controlled port.
On the STA side:
the S0 key holder (S0 KH) interacts with the IEEE 802.1X function block in 4.9 (reference model) to receive the MSK resulting from EAP authentication or the FILS-FT resulting from FILS (fast initial link setup) authentication (11 ai).
The S1 key holder (S1 KH) interacts with the IEEE 802.1X entity to open the slave port (FT 4-way handshake).
In one or more embodiments, the privacy enhancement system may generalize the process between two entities, where the two entities may be between a non-AP STA and an AP or between a non-AP MLD and an AP MLD.
Detailed information for the first option of the PMKR0Name change procedure is described. The following protocol is proposed for description.
The first time the target response entity is connected, the first frame carries the PMKR0NameOld target response entity without any buffered PMK-R1.
The target response entity contacts R0KH according to PMKR0NameOld to obtain PMK-R0.
R0KH identifies PMK-R0 from a maintenance database of (PMKR 0NameOld, PMK-R0), R0KH calculates PMK-R1, and R1KH is sent to the responding entity.
R1KH calculates the PMKR1Name and maintains a database of (PMKR 0NameOld, PMKR1 Name) and (PMKR 1Name, PMKR 1).
After successful ligation, R1KH updated PMKR0NameOld to PMKR0NameNew.
After successful ligation, S1KH updates PMKR0NameOld to PMKR0NameNew.
R1KH sends PMKR0NameNew to R0KH.
R0KH updates the database of (PMKR 0NameOld, PMK-R0) to (PMKR 0NameNew, PMK-R0).
R0KH distributes PMKR0NameNew to all R1 KHs of PMK-R0, all R1 KHs update the database if any (PMKR 0NameOld, PMKR1 Name) → (PMKR 0NameNew, PMKR1 Name).
Later, when the initiating entity (S1 KH) is in an over-the-air FT protocol with any other responding entity in the same mobile domain, PMKR0NameNew is carried in the first frame.
For the first proposal to succeed, the proposal PMKR0NameNew is calculated as follows:
PMKR0NameNew = Truncate-128 (Hash ("FT-R0N" | KDK)), where KDK (key-derived key) is generated in PTKSA (PTK security association) using PMK-R1.
The calculations are completed after the over the air FT protocol is successful.
Note that PMKR1Name is not recalculated, and PMK-R1 is not recalculated by both the initiating entity and the responding entity.
Fig. 7 shows a diagram of a protected and authenticated PMKR0Name subelement format, according to one or more example embodiments of the present disclosure.
Details of the second option are described.
One common key is shared for responding entities in the same ESS.
The responding entities in the same ESS, i.e. the same SSID, sharing one common key, will be identified by the key field ID.
The key domain ID will be carried in an element, such as a privacy enhancing element.
For both entities, the protected and authenticated PMKR0Name is generated by the responding entity, carried in the FTE of the re-association response frame sent by the responding entity, carried in a new sub-element of the FTE, and/or further encrypted in the re-association response frame, so the 3 rd party cannot identify the new PMKR0Name.
The protected and authenticated PMKR0Name is generated as follows:
-concatenating the plaintext PMKR0Name with the random string to generate the string p. One example is as follows.
Plaintext PMKR0Name should be padded with 1 or more octets, where the first one represents the length of the padding, e.g. if there are 4 octets padded, the sequence will be 4-0-0-0, if there is only one padding octet, the sequence will simply be 1 — the length of the padding should be different each time an encrypted PMKR0Name is generated.
The padded plaintext PMKR0Name should be concatenated to a random string of 8 octets to produce string p;
generating a ciphertext c using the block cipher (ex AES-SIV, AES-GCM, AES-CCM) and PK as a shared key between responding entities in the ESS and p as an operation mode of plaintext;
ciphertext c is generated using a block cipher mode of operation (e.g., AES-SIV (advanced encryption Standard composite initialization vector), AES-GCM (AES Galois/counter mode), AES-CCM (AES cipher Block chaining-message authentication code)), PK being used as a shared key between responding entities in the ESS, and p being used as plaintext;
the protected and authenticated PMKR0Name is c.
The initiating entity then carries the protected and authenticated PMKR0Name in an element in an authentication frame or (re) association request frame.
Fig. 8 illustrates a diagram of a protected and authenticated PMKR0Name format in accordance with one or more example embodiments of the present disclosure.
The format of the element carrying the protected and authenticated PMKR0Name is shown in fig. 8.
The responding entity accepting the connection decrypts the protected and authenticated PMKR0Name as follows:
extracting a character string c from the protected and authenticated PMKR0Name element;
the plaintext p is generated by decryption using a block cipher mode of operation (e.g., AES-SIV, AES-GCM, AES-CCM), PK being the key, and c being the ciphertext.
If the cryptographic decryption of all protected and authenticated PMKR0 names fails, the authentication or association attempt fails.
Otherwise, if the password decryption of a protected and authenticated PMKR0Name is successful, the random character string is deleted, and the rest part becomes the decrypted PMKR0Name.
The decrypted PMKR0Name is then used to generate PMKR1Name or contact R0KH to obtain PMK-R1.
Details of the third option are described next.
When the responding entity indicates support of the over-the-DS FT protocol by setting the Fast BSS Transition over DS bit in the FT Capability and Policy field of the Mobility Domain element to 1, the initiating entity will initiate the translation using the over-the-DS protocol without exposing the PMKR0Name.
In this case, the FT request/response frame, rather than the authentication frame, is used as the first two frames.
Fig. 9 illustrates a diagram of an over-the-DS FT protocol in an RSN according to one or more example embodiments of the present disclosure.
An example of the flow when the responding entity is an AP and the initiating entity is a non-AP STA is shown in fig. 9.
For all 3 options, since PMKR1Name is unchanged and PMKR1Name is carried in the following reassociation response frame, it is further proposed to encrypt the reassociation request/response frame with a key using a symmetric cipher. The key may be a Key Confirmation Key (KCK), EAPOL-Key Encryption Key (KEK), KDK generated key, or Temporal Key (TK) (see PTK generation to see the different parts of the key).
In order for all 3 options to work, the offer capability indication is as follows:
-the responding entity indicates support for any of the following options: the indication may be in a new element of privacy capabilities. When the responding entity is an AP MLD, the affiliated APs will all have the same capability indication.
To avoid a downgrade attack, where a nefarious twin responding entity represents not supported, an indication from the responding entity may be provided to tell the originating entity to always use the provided privacy enhancement program.
It is to be understood that the above description is intended to be illustrative, and not restrictive.
Fig. 10 shows a flowchart of an illustrative process 1000 for an illustrative privacy enhancement system in accordance with one or more example embodiments of the present disclosure.
At block 1002, a device (e.g., user device 120 and/or AP 102 of fig. 1, which may be a fast Basic Service Set (BSS) transition (FT) initiator (FTO)) may determine a Pairwise Master Key (PMK) R0Name (PMKR 0 Name) associated with privacy enhancements.
At block 1004, the device may cause a PMK R0Name (PMKR 0 Name) to be sent to a FT responder (FTR).
At block 1006, the device may cause the translated PMK R0name to be sent to another FTR for subsequent communication.
It is to be understood that the above description is intended to be illustrative, and not restrictive.
Fig. 11 shows a functional diagram of an exemplary communication station 1100 in accordance with one or more example embodiments of the present disclosure. In one embodiment, fig. 11 illustrates a functional block diagram of a communication station that may be suitable for use as AP 102 (fig. 1) or user equipment 120 (fig. 1) in accordance with some embodiments. Communication station 1100 may also be suitable for use as a handheld device, mobile device, cellular telephone, smartphone, tablet computer, netbook, wireless terminal, laptop computer, wearable computer device, femtocell, high Data Rate (HDR) subscriber station, access point, access terminal, or other Personal Communication System (PCS) device.
Communication station 1100 may include communication circuitry 1102 and transceiver 1110 for transmitting signals to and receiving signals from other communication stations using one or more antennas 1101. Communications circuitry 1102 may include circuitry that may operate physical layer (PHY) communications and/or Medium Access Control (MAC) communications for controlling access to a wireless medium, and/or any other communications layers for transmitting and receiving signals. Communication station 1100 may also include processing circuitry 1106 and memory 1108 arranged to perform the operations described herein. In some embodiments, the communication circuitry 1102 and the processing circuitry 1106 may be configured to perform the operations detailed in the above figures, diagrams, and flows.
According to some embodiments, the communication circuit 1102 may be arranged to: contend for the wireless medium, and configure the frame or packet for communication over the wireless medium. The communication circuit 1102 may be arranged to transmit and receive signals. The communication circuit 1102 may also include circuits for modulation/demodulation, up/down conversion, filtering, amplification, and so forth. In some embodiments, processing circuitry 1106 of communication station 1100 may include one or more processors. In other embodiments, two or more antennas 1101 may be coupled to communication circuitry 1102 arranged to transmit and receive signals. Memory 1108 may store information for configuring processing circuit 1106 to perform operations for configuring and transmitting message frames and for performing various operations described herein. Memory 1108 can include any type of memory, including non-transitory memory, for storing information in a form readable by a machine (e.g., a computer). For example, memory 1108 may include a computer-readable storage device, a Read Only Memory (ROM), a Random Access Memory (RAM), magnetic disk storage media, optical storage media, flash memory devices, and other storage devices and media.
In some embodiments, the communication station 1100 may be part of a portable wireless communication device, such as a Personal Digital Assistant (PDA), a laptop or portable computer with wireless communication capability, a web tablet, a wireless telephone, a smart phone, a wireless headset, a pager, an instant messaging device, a digital camera, an access point, a television, a medical device (e.g., a heart rate monitor, a blood pressure monitor, etc.), a wearable computer device, or another device that may receive and/or transmit information wirelessly.
In some embodiments, communication station 1100 may include one or more antennas 1101. Antennas 1101 may include one or more directional or omnidirectional antennas, including, for example, dipole antennas, monopole antennas, patch antennas, loop antennas, microstrip antennas or other types of antennas suitable for transmission of RF signals. In some embodiments, instead of two or more antennas, a single antenna with multiple apertures may be used. In these embodiments, each aperture may be considered a separate antenna. In some multiple-input multiple-output (MIMO) embodiments, antennas may be effectively separated for spatial diversity and different channel characteristics that may result between each antenna and the antennas of the transmitting station.
In some embodiments, communication station 1100 may include one or more of a keyboard, a display, a non-volatile memory port, multiple antennas, a graphics processor, an application processor, speakers, and other mobile device elements. The display may be an LCD screen including a touch screen.
Although communication station 1100 is shown as having several separate functional elements, two or more of the functional elements may be combined and may be implemented by combinations of software-configured elements, such as processing elements including Digital Signal Processors (DSPs), and/or other hardware elements. For example, some elements may comprise one or more microprocessors, DSPs, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), radio Frequency Integrated Circuits (RFICs), and combinations of various hardware and logic circuitry for performing at least the functions described herein. In some embodiments, the functional elements of communication station 1100 may refer to one or more processes operating on one or more processing elements.
Some embodiments may be implemented in one or a combination of hardware, firmware, and software. Other embodiments may also be implemented as instructions stored on a computer-readable storage device, which may be read and executed by at least one processor to perform the operations described herein. A computer-readable storage device may include any non-transitory memory mechanism for storing information in a form readable by a machine (e.g., a computer). For example, a computer-readable storage device may include Read Only Memory (ROM), random Access Memory (RAM), magnetic disk storage media, optical storage media, flash memory devices, and other storage devices and media. In some embodiments, communication station 1100 may include one or more processors and may be configured with instructions stored on a computer-readable storage device.
Fig. 12 illustrates a block diagram of an example of a machine 1200 or system on which any one or more of the techniques (e.g., methods) discussed herein may be performed. In other embodiments, the machine 1200 may operate as a standalone device or may be connected (e.g., networked) to other machines. In a networked deployment, the machine 1200 may operate in the role of a server machine, a client machine, or both, in server-client network environments. In an example, the machine 1200 may operate in a peer-to-peer (P2P) (or other distributed) network environment. The machine 1200 may be a Personal Computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a mobile telephone, a wearable computer device, a network appliance, a network router, switch or bridge, or any machine capable of executing instructions (sequential or otherwise) that specify actions to be taken by that machine (e.g., a base station). Further, while only a single machine is illustrated, the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein, such as cloud computing, software as a service (SaaS), or other computer cluster configurations.
Examples as described herein may include, or may operate on, logic or multiple components, modules, or mechanisms. A module is a tangible entity (e.g., hardware) capable of performing specified operations when operated on. The modules include hardware. In an example, the hardware may be specifically configured to perform certain operations (e.g., hardwired). In another example, the hardware may include configurable execution units (e.g., transistors, circuits, etc.) and a computer readable medium containing instructions that configure the execution units to perform specific operations when operated. Configuration may occur under the direction of an execution unit or loading mechanism. Thus, when the device is operating, the execution unit is communicatively coupled to the computer-readable medium. In this example, an execution unit may be a member of more than one module. For example, in operation, an execution unit may be configured by a first set of instructions to implement a first module at one point in time and reconfigured by a second set of instructions to implement a second module at a second point in time.
The machine (e.g., computer system) 1200 may include a hardware processor 1202 (e.g., a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a hardware processor core, or any combination thereof), a main memory 1204, and a static memory 1206, some or all of which may communicate with each other via an interconnect (e.g., bus) 1208. The machine 1200 may also include a power management device 1232, a graphical display device 1210, an alphanumeric input device 1212 (e.g., a keyboard), and a User Interface (UI) navigation device 1214 (e.g., a mouse). In an example, the graphical display device 1210, alphanumeric input device 1212, and UI navigation device 1214 may be a touch screen display. The machine 1200 may additionally include a storage device (i.e., drive unit) 1216, a signal generation device 1218 (e.g., a speaker), a privacy enhancement device 1219, a network interface device/transceiver 1220 coupled to the antenna 1230, and one or more sensors 1228 (e.g., a Global Positioning System (GPS) sensor, compass, accelerometer, or other sensor). The machine 1200 may include an output controller 1234, such as a serial (e.g., universal Serial Bus (USB)) connection, a parallel connection, or other wired or wireless (e.g., infrared (IR), near Field Communication (NFC), etc.) connection to communicate with or control one or more peripheral devices (e.g., a printer, card reader, etc.). Operations according to one or more example embodiments of the present disclosure may be performed by a baseband processor. The baseband processor may be configured to generate a corresponding baseband signal. The baseband processor may also include physical layer (PHY) and media access control layer (MAC) circuitry, and may also interface with the hardware processor 1202 for generating and processing baseband signals and controlling operations of the main memory 1204, the storage 1216, and/or the privacy enhancing device 1219. The baseband processor may be provided on a single radio card, a single chip, or an Integrated Circuit (IC).
The storage 1216 may include a machine-readable medium 1222 on which is stored one or more sets of data structures or instructions 1224 (e.g., software) embodying or used by any one or more of the techniques or functions described herein. The instructions 1224 may also reside, completely or at least partially, within the main memory 1204, within static memory 1206, or within the hardware processor 1202 during execution thereof by the machine 1200. In an example, one or any combination of hardware processor 1202, main memory 1204, static memory 1206, or storage device 1216 may constitute a machine-readable medium.
The privacy enhancing device 1219 may perform or run any of the operations and processes (e.g., process 1000) described and illustrated above.
It should be understood that the above is only a subset of the content that the privacy enhancing device 1219 may be configured to perform, and that other functions included throughout this disclosure may also be performed by the privacy enhancing device 1219.
While the machine-readable medium 1222 is shown to be a single medium, the term "machine-readable medium" may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) configured to store the one or more instructions 1224.
Various embodiments may be implemented in whole or in part in software and/or firmware. The software and/or firmware may take the form of instructions contained in or on a non-transitory computer-readable storage medium. Those instructions may then be read and executed by one or more processors to enable performance of the operations described herein. The instructions may be in any suitable form, such as but not limited to source code, compiled code, interpreted code, executable code, static code, dynamic code, and the like. Such computer-readable media may include any tangible, non-transitory media for storing information in one or more computer-readable forms, such as, but not limited to, read Only Memory (ROM); random Access Memory (RAM); a magnetic disk storage medium; an optical storage medium; flash memory and the like
The term "machine-readable medium" may include any medium that is capable of storing, encoding or carrying instructions for execution by the machine 1200 and that cause the machine 1200 to perform any one or more of the techniques of the present disclosure, or that is capable of storing, encoding or carrying data structures used by or associated with such instructions. Non-limiting examples of machine-readable media may include solid-state memory, as well as optical and magnetic media. In an example, a mass machine-readable medium includes a machine-readable medium having a plurality of particles with a static mass. Specific examples of a mass machine-readable medium may include non-volatile memory, such as semiconductor memory devices (e.g., electrically programmable read-only memory (EPROM) or electrically erasable programmable read-only memory (EEPROM)) and flash memory devices); magnetic disks, such as internal hard disks and removable disks; magneto-optical disks; CD-ROM and DVD-ROM disks.
The instructions 1224 may also be transmitted or received over the communication network 1226 using a transmission medium via the network interface device/transceiver 1220 using any one of a number of transmission protocols (e.g., frame relay, internet Protocol (IP), transmission Control Protocol (TCP), user Datagram Protocol (UDP), hypertext transfer protocol (HTTP), etc.). Example communication networks can include a Local Area Network (LAN), a Wide Area Network (WAN), a packet data network (e.g., the internet), a mobile telephone network (e.g., a cellular network), a Plain Old Telephone (POTS) network, a wireless data network (e.g., referred to as
Figure BDA0003418317400000191
Of the Institute of Electrical and Electronics Engineers (IEEE) 802.11 family of standards, referred to as
Figure BDA0003418317400000192
IEEE 802.16 family of standards), IEEE 802.15.4 family of standards, and peer-to-peer (P2P) networks, etc. In an example, the network interface device/transceiver 1220 may include one or more physical jacks (e.g., ethernet jacks, coaxial jacks, or telephone jacks) or one or more antennas to connect to the communication network 1226. In an example, the network interface device/transceiver 1220 may include multiple antennas to wirelessly communicate using at least one of single-input multiple-output (SIMO), multiple-input multiple-output (MIMO), or multiple-input single-output (MISO) techniques. The term "transmission medium" shall be taken to include any intangible medium that is capable of storing, encoding or carrying instructions for execution by the machine 1200, and includes digital or analog communications signals or other intangible medium to facilitate communication of such software.
The operations and processes described and illustrated above may be performed or carried out in any suitable order as desired in various implementations. Further, in some implementations, at least a portion of the operations may be performed in parallel. Further, in some implementations, fewer or more operations than described may be performed.
Fig. 13 is a block diagram of radio architectures 1305A, 1305B, which may be implemented in any of the example AP 102 and/or the example STA 120 of fig. 1, in accordance with some embodiments. The radio architectures 1305A, 1305B may include radio Front End Module (FEM) circuits 1304a-B, radio IC circuits 1306a-B, and baseband processing circuits 1308a-B. The illustrated radio architectures 1305A, 1305B include Wireless Local Area Network (WLAN) functionality and Bluetooth (BT) functionality, but the embodiments are not so limited. In this disclosure, "WLAN" and "Wi-Fi" are used interchangeably.
The FEM circuits 1304a-b may include WLAN or Wi-Fi FEM circuits 1304a and Bluetooth (BT) FEM circuits 1304b. The WLAN FEM circuitry 1304a may include a receive signal path including circuitry configured to operate on WLAN RF signals received from the one or more antennas 1301, amplify the received signals, and provide an amplified version of the received signals to the WLAN radio IC circuitry 1306a for further processing. BT FEM circuitry 1304b may include a receive signal path that may include circuitry configured to operate on BT RF signals received from one or more antennas 1301, amplify the receive signal, and provide an amplified version of the receive signal to BT radio IC circuitry 1306b for further processing. FEM circuitry 1304a may also include a transmit signal path, which may include circuitry configured to amplify WLAN signals provided by radio IC circuitry 1306a for wireless transmission through one or more antennas 1301. Further, the FEM circuitry 1304b may also include a transmit signal path, which may include circuitry configured to amplify BT signals provided by the radio IC circuitry 1306b for wireless transmission through one or more antennas. In the embodiment of fig. 13, although FEM 1304a and FEM 1304b are shown as being different from each other, embodiments are not limited thereto and include within their scope: an FEM (not shown) is used that contains transmit and/or receive paths for both WLAN and BT signals, or one or more FEM circuits are used, where at least some FEM circuits share transmit and/or receive signal paths for both WLAN and BT signals.
The radio IC circuits 1306a-b as shown may include a WLAN radio IC circuit 1306a and a BT radio IC circuit 1306b. The WLAN radio IC circuitry 1306a may include a receive signal path that may include circuitry to down-convert a WLAN RF signal received from the FEM circuitry 1304a and provide a baseband signal to WLAN baseband processing circuitry 1308 a. The BT radio IC circuitry 1306b may also include a receive signal path, which may include circuitry to down-convert BT RF signals received from the FEM circuitry 1304b and provide baseband signals to the BT baseband processing circuitry 1308b. The WLAN radio IC circuitry 1306a may also include a transmit signal path, which may include circuitry to up-convert WLAN baseband signals provided by the WLAN baseband processing circuitry 1308a and provide WLAN RF output signals to the FEM circuitry 1304a for subsequent wireless transmission through the one or more antennas 1301. BT radio IC circuitry 1306b may also include a transmit signal path that may include circuitry to up-convert BT baseband signals provided by BT baseband processing circuitry 1308b and provide BT RF output signals to FEM circuitry 1304b for subsequent wireless transmission via one or more antennas 1301. In the embodiment of fig. 13, although radio IC circuits 1306a and 1306b are shown as being different from each other, embodiments are not limited thereto and are included within their scope; a radio IC circuit (not shown) containing transmit and/or receive signal paths for both WLAN and BT signals is used, or one or more radio IC circuits are used, wherein at least some of the radio IC circuits share transmit and/or receive signal paths for both WLAN and BT signals.
The baseband processing circuits 1308a-b may include a WLAN baseband processing circuit 1308a and a BT baseband processing circuit 1308b. The WLAN baseband processing circuitry 1308a may include a memory, such as a set of RAM arrays of fast fourier transform or inverse fast fourier transform blocks (not shown) of the WLAN baseband processing circuitry 1308 a. Each of the WLAN baseband circuitry 1308a and BT baseband circuitry 1308b may also include one or more processors and control logic to process signals received from a corresponding WLAN or BT receive signal path of radio IC circuitry 1306a-b and also to generate a corresponding WLAN or BT baseband signal for a transmit signal path of radio IC circuitry 1306 a-b. Each of the baseband processing circuits 1308a and 1308b may also include physical layer (PHY) and medium access control layer (MAC) circuits and may also interface with devices for generating and processing baseband signals and controlling the operation of the radio IC circuits 1306 a-b.
Still referring to fig. 13, in accordance with the illustrated embodiment, the WLAN-BT coexistence circuit 1313 may include logic to provide an interface between the WLAN baseband circuitry 1308a and the BT baseband circuitry 1308b to implement use cases requiring WLAN and BT coexistence. Further, a switch 1303 may be provided between the WLAN FEM circuit 1304a and the BT FEM circuit 1304b to allow switching between WLAN and BT radios according to application needs. Further, although the antenna 1301 is depicted as being connected to the WLAN FEM circuit 1304a and the BT FEM circuit 1304b, respectively, embodiments include within their scope: one or more antennas are shared between the WLAN and BT FEMs, or more than one antenna is provided connected to each FEM 1304a or 1304b.
In some embodiments, the front-end module circuits 1304a-b, radio IC circuits 1306a-b, and baseband processing circuits 1308a-b may be provided on a single radio card (e.g., radio card 1302). In some other embodiments, one or more antennas 1301, FEM circuits 1304a-b, and radio IC circuits 1306a-b may be provided on a single radio card. In some other embodiments, the radio IC circuits 1306a-b and the baseband processing circuits 1308a-b may be provided on a single chip or Integrated Circuit (IC) (e.g., IC 1312).
In some embodiments, radio card 1302 may comprise a WLAN radio card and may be configured for Wi-Fi communication, although the scope of the embodiments is not limited in this respect. In some of these embodiments, the radio architectures 1305A, 1305B may be configured to receive and transmit Orthogonal Frequency Division Multiplexed (OFDM) or Orthogonal Frequency Division Multiple Access (OFDMA) communication signals over a multicarrier communication channel. The OFDM or OFDMA signal may include a plurality of orthogonal subcarriers.
In some of these multicarrier embodiments, the radio architectures 1305A, 1305B may be part of a Wi-Fi communication Station (STA) (e.g., a wireless Access Point (AP), a base station, or a mobile device including a Wi-Fi device). In some of these embodiments, the radio architectures 1305A, 1305B may be configured to: signals may be transmitted and received in accordance with particular communication standards and/or protocols, such as any of the Institute of Electrical and Electronics Engineers (IEEE) standards including the 802.11n-2009, IEEE 802.11-2012, IEEE 802.11-2016, 802.11n-2009, 802.11ac, 802.11ah, 802.11ad, 802.11ay, and/or 802.11ax standards, and/or the specifications set forth for WLANs, although the scope of the embodiments is not limited in this respect. The radio architectures 1305A, 1305B may also be adapted to transmit and/or receive communications in accordance with other techniques and standards.
In some embodiments, the radio architectures 1305A, 1305B may be configured for high-efficiency Wi-Fi (HEW) communications according to the IEEE 802.11ax standard. In these embodiments, radio architectures 1305A, 1305B may be configured to communicate in accordance with OFDMA techniques, although the scope of the embodiments is not limited in this respect.
In some other embodiments, the radio architectures 1305A, 1305B may be configured to: transmit signals using one or more other modulation techniques and receive signals transmitted using one or more other modulation techniques such as spread spectrum modulation (e.g., direct sequence code division multiple access (DS-CDMA) and/or frequency hopping code division multiple access (FH-CDMA)), time Division Multiplexing (TDM) modulation, and/or Frequency Division Multiplexing (FDM) modulation, although the scope of the embodiments is not limited in this respect.
In some embodiments, as further shown in fig. 13, the BT baseband circuitry 1308b may conform to a Bluetooth (BT) connection standard, such as bluetooth, bluetooth 8.0, or bluetooth 6.0, or any other generation of the bluetooth standard.
In some embodiments, the radio architectures 1305A, 1305B may include other radio cards, such as cellular radio cards configured for cellular (e.g., 5GPP such as LTE, LTE-Advanced, or 7G communications).
In some IEEE 802.11 embodiments, radio architectures 1305A, 1305B may be configured for communication over a variety of channel bandwidths, including bandwidths having center frequencies of approximately 900MHz, 2.4GHz, 5GHz, and bandwidths of approximately 2MHz, 4MHz, 5MHz, 5.5MHz, 6MHz, 8MHz, 10MHz, 20MHz, 40MHz, 80MHz (continuous bandwidth), or 80+80MHz (160 MHz) (discontinuous bandwidth). In some embodiments, a 920MHz channel bandwidth may be used. However, the scope of the embodiments is not limited to the above center frequencies.
Fig. 14 illustrates a WLAN FEM circuit 1304a according to some embodiments. While the example of fig. 14 is described in connection with WLAN FEM circuitry 1304a, the example of fig. 14 may be described in connection with example BT FEM circuitry 1304b (fig. 13), other circuit configurations may also be suitable.
In some embodiments, the FEM circuitry 1304a may include a TX/RX switch 1402 to switch between transmit mode and receive mode operation. FEM circuit 1304a may include a receive signal path and a transmit signal path. The receive signal path of FEM circuitry 1304a may include a Low Noise Amplifier (LNA) 1406 to amplify the received RF signal 1403 and provide an amplified received RF signal 1407 as an output (e.g., to radio IC circuits 1306a-b (fig. 13)). The transmit signal path of circuit 1304a may include: a Power Amplifier (PA) to amplify an input RF signal 1409 (e.g., provided by radio IC circuits 1306 a-b) and one or more filters 1412, such as Band Pass Filters (BPFs), low Pass Filters (LPFs), or other types of filters, to generate an RF signal 1415 for subsequent transmission via an example duplexer 1414 (e.g., through one or more antennas 1301 (fig. 13)).
In some dual-mode embodiments for Wi-Fi communication, FEM circuitry 1304a may be configured to operate in the 2.4GHz spectrum or the 5GHz spectrum. In these embodiments, the receive signal path of the FEM circuitry 1304a may include a receive signal path duplexer 1404 to separate the signals from each spectrum and provide a separate LNA 1406 for each spectrum, as shown. In these embodiments, the transmit signal path of the FEM circuitry 1304a may also include a power amplifier 1410 and a filter 1412 (e.g., a BPF, LPF, or another type of filter) for each spectrum and a transmit signal path duplexer 1404 to provide signals of one of the different spectrums onto a single transmit path for subsequent transmission through one or more antennas 1301 (fig. 13). In some embodiments, BT communications may utilize a 2.4GHz signal path and may utilize the same FEM circuitry 1304a as is used for WLAN communications.
Fig. 15 shows a radio IC circuit 1306a in accordance with some embodiments. The radio IC circuit 1306a is one example of a circuit that may be suitable for use as the WLAN or BT radio IC circuits 1306a/1306b (fig. 13), although other circuit configurations may also be suitable. Alternatively, the example of fig. 15 may be described in connection with the example BT radio IC circuit 1306b.
In some embodiments, radio IC circuit 1306a may include a receive signal path and a transmit signal path. The receive signal path of radio IC circuitry 1306a may include at least mixer circuitry 1502 (e.g., down-conversion mixer circuitry), amplifier circuitry 1506, and filter circuitry 1508. The transmit signal path of radio IC circuit 1306a may include at least a filter circuit 1512 and a mixer circuit 1514 (e.g., an up-conversion mixer circuit). Radio IC circuit 1306a may also include synthesizer circuit 1504 for synthesizing frequency 1505 for use by mixer circuit 1502 and mixer circuit 1514. According to some embodiments, mixer circuits 1502 and/or 1514 may each be configured to provide direct conversion functionality. The latter type of circuit presents a simpler architecture than standard superheterodyne mixer circuits and any flicker noise brought by it can be mitigated by e.g. using OFDM modulation. Fig. 15 shows only a simplified version of the radio IC circuitry, and may include (although not shown) embodiments in which each of the depicted circuits may include more than one component. For example, mixer circuits 1514 may each include one or more mixers, and filter circuits 1508 and/or 1512 may each include one or more filters, e.g., one or more BPFs and/or LPFs, as desired by the application. For example, when the mixer circuits are of the direct conversion type, they may each comprise two or more mixers.
In some embodiments, the mixer circuit 1502 may be configured to: the RF signal 1407 received from the FEM circuits 1304a-b (fig. 13) is downconverted based on the composite frequency 1505 provided by the synthesizer circuit 1504. The amplifier circuit 1506 may be configured to amplify the downconverted signal, and the filter circuit 1508 may include an LPF configured to: unwanted signals are removed from the down-converted signal to generate an output baseband signal 1507. The output baseband signal 1507 may be provided to baseband processing circuits 1308a-b (FIG. 13) for further processing. In some embodiments, the output baseband signal 1507 may be a zero frequency baseband signal, although this is not required. In some embodiments, mixer circuit 1502 may comprise a passive mixer, although the scope of the embodiments is not limited in this respect.
In some embodiments, mixer circuit 1514 may be configured to: the input baseband signal 1511 is up-converted based on the synthesized frequency 1505 provided by the synthesizer circuit 1504 to generate the RF output signal 1409 for the FEM circuits 1304 a-b. The baseband signal 1511 may be provided by baseband processing circuits 1308a-b and may be filtered by filter circuit 1512. Filter circuit 1512 may include an LPF or BPF, although the scope of the embodiments is not limited in this respect.
In some embodiments, mixer circuit 1502 and mixer circuit 1514 may each comprise two or more mixers and may be arranged for quadrature down-conversion and/or up-conversion, respectively, with the aid of synthesizer 1504. In some embodiments, mixer circuit 1502 and mixer circuit 1514 may each include two or more mixers, each configured for image rejection (e.g., hartley image rejection). In some embodiments, mixer circuit 1502 and mixer circuit 1514 may be arranged for direct down-conversion and/or direct up-conversion, respectively. In some embodiments, mixer circuit 1502 and mixer circuit 1514 may be configured for super-heterodyne operation, although this is not required.
According to one embodiment, the mixer circuit 1502 may include: quadrature passive mixers (e.g., for in-phase (I) and quadrature-phase (Q) paths). In such an embodiment, the RF input signal 1407 from fig. 15 may be down-converted to provide I and Q baseband output signals to be sent to the baseband processor.
The quadrature passive mixers may be driven by zero and ninety degree time-varying LO switching signals provided by quadrature circuitry, which may be configured to receive an LO frequency (fLO), such as LO frequency 1505 of synthesizer 1504 (fig. 15), from a local oscillator or synthesizer. In some embodiments, the LO frequency may be the carrier frequency, while in other embodiments the LO frequency may be a fraction of the carrier frequency (e.g., half the carrier frequency, one third of the carrier frequency). In some embodiments, zero and ninety degree time-varying switching signals may be generated by a synthesizer, although the scope of the embodiments is not limited in this respect.
In some embodiments, the LO signals may differ in duty cycle (percentage of a cycle in which the LO signal is high) and/or offset (difference between the start of the cycle). In some embodiments, the LO signal may have a duty cycle of 85% and an offset of 80%. In some embodiments, each branch of the mixer circuit (e.g., in-phase (I) and quadrature-phase (Q) paths) may operate at an 80% duty cycle, which may result in a significant reduction in power consumption.
The RF input signal 1407 (fig. 14) may comprise a balanced signal, although the scope of the embodiments is not limited in this respect. The I and Q baseband output signals may be provided to a low noise amplifier (e.g., amplifier circuit 1506 (fig. 15)) or filter circuit 1508 (fig. 15).
In some embodiments, output baseband signal 1507 and input baseband signal 1511 may be analog baseband signals, although the scope of the embodiments is not limited in this respect. In some alternative embodiments, the output baseband signal 807 and the input baseband signal 811 may be digital baseband signals. In these alternative embodiments, the radio IC circuitry may include analog-to-digital converter (ADC) and digital-to-analog converter (DAC) circuitry.
In some dual-mode embodiments, separate radio IC circuitry may be provided to process signals for each spectrum or other spectrum not mentioned herein, although the scope of the embodiments is not limited in this respect.
In some embodiments, synthesizer circuit 1504 may be a fractional-N synthesizer or a fractional-N/N +1 synthesizer, although the scope of the embodiments is not limited in this respect as other types of frequency synthesizers may be suitable. For example, the synthesizer circuit 1504 may be a delta-sigma synthesizer, a frequency multiplier, or a synthesizer including a phase locked loop with a frequency divider. According to some embodiments, the synthesizer circuit 1504 may comprise a digital synthesizer circuit. An advantage of using a digital synthesizer circuit is that although it may still include some analog components, its footprint may be much smaller than that of an analog synthesizer circuit. In some embodiments, the frequency input to the synthesizer circuit 1504 may be provided by a Voltage Controlled Oscillator (VCO), but this is not required. The baseband processing circuits 1308a-b (fig. 13) may further provide divider control inputs depending on the desired output frequency 1505. In some embodiments, the divider control input (e.g., N) may be determined from a look-up table (e.g., within a Wi-Fi card) based on the channel number and channel center frequency determined or indicated by the example application processor 1310. The application processor 1310 may include or otherwise be connected to one of the example secure signal converter 13101 or the example receive signal converter 13103 (e.g., depending on which device the example radio architecture is implemented in).
In some embodiments, the synthesizer circuit 1504 may be configured to generate a carrier frequency as the output frequency 1505, while in other embodiments the output frequency 1505 may be a portion of the carrier frequency (e.g., half the carrier frequency, one third of the carrier frequency). In some embodiments, output frequency 1505 may be an LO frequency (fLO).
FIG. 16 illustrates a functional block diagram of the baseband processing circuit 1308a, according to some embodiments. The baseband processing circuit 1308a is one example of a circuit that may be suitable for use as the baseband processing circuit 1308a (fig. 13), but other circuit configurations may also be suitable. Alternatively, the example BT baseband processing circuit 1308b of fig. 13 may be implemented using the example of fig. 15.
Baseband processing circuitry 1308a may include a receive baseband processor (RX BBP) 1602 to process receive baseband signals 1509 provided by radio IC circuitry 1306a-b (fig. 13) and a transmit baseband processor (TX BBP) 1604 to generate transmit baseband signals 1511 for radio IC circuitry 1306 a-b. The baseband processing circuits 1308a may also include control logic 1606 for coordinating operation of the baseband processing circuits 1308 a.
In some embodiments (e.g., when analog baseband signals are exchanged between the baseband processing circuits 1308a-b and the radio IC circuits 1306 a-b), the baseband processing circuits 1308a may include an ADC 1610 to convert analog baseband signals 1609 received from the radio IC circuits 1306a-b to digital baseband signals for RX BBP 1602 processing. In these embodiments, the baseband processing circuit 1308a may also include a DAC 1612 to convert the digital baseband signal from the TX BBP 1604 to an analog baseband signal 1611.
In some embodiments, for example, where the OFDM signal or OFDMA signal is communicated by the baseband processor 1308a, the transmit baseband processor 1604 may be configured to: an OFDM or OFDMA signal suitable for transmission is generated by performing an Inverse Fast Fourier Transform (IFFT). The receive baseband processor 1602 may be configured to: the received OFDM signal or OFDMA signal is processed by performing FFT. In some embodiments, the receive baseband processor 1602 may be configured to: the presence of the OFDM signal or the OFDMA signal is detected by performing autocorrelation to detect a preamble (e.g., a short preamble) and by performing cross-correlation to detect a long preamble. The preamble may be part of a predetermined frame structure for Wi-Fi communication.
Referring back to fig. 13, in some embodiments, antennas 1301 (fig. 13) may each include one or more directional or omnidirectional antennas, including, for example, dipole antennas, monopole antennas, patch antennas, loop antennas, microstrip antennas or other types of antennas suitable for transmission of RF signals. In some multiple-input multiple-output (MIMO) embodiments, antennas may be effectively separated to take advantage of spatial diversity and the different channel characteristics that may result. Antennas 1301 may each include a set of phased array antennas, but the embodiments are not limited thereto.
Although the radio architectures 105A, 105B are illustrated as having several separate functional elements, one or more of the functional elements may be combined and may be implemented by combinations of software-configured elements, such as processing elements including Digital Signal Processors (DSPs), and/or other hardware elements. For example, some elements may comprise one or more microprocessors, DSPs, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), radio Frequency Integrated Circuits (RFICs), and combinations of various hardware and logic circuitry for performing at least the functions described herein. In some embodiments, a functional element may refer to one or more processes operating on one or more processing elements.
The word "exemplary" is used herein to mean "serving as an example, instance, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments. As used herein, the terms "computing device," "user device," "communication station," "handheld device," "mobile device," "wireless device," and "user equipment" (UE) refer to a wireless communication device, such as a cellular telephone, smartphone, tablet computer, netbook, wireless terminal, laptop computer, femtocell, high Data Rate (HDR) subscriber station, access point, printer, point-of-sale device, access terminal, or other Personal Communication System (PCS) device. The device may be mobile or stationary.
As used in this document, the term "communication" is intended to include either transmission or reception, or both. This may be particularly useful in the claims when describing the organization of data sent by one device and received by another device, but only the functionality of one of the devices is required to infringe the claims. Similarly, when the functionality of only one of the devices is claimed, the two-way data exchange between the two devices (the two devices transmitting and receiving during the exchange) may be described as "communicating. The term "communicate" as used herein with respect to wireless communication signals includes transmitting wireless communication signals and/or receiving wireless communication signals. For example, a wireless communication unit capable of communicating wireless communication signals may include a wireless transmitter for transmitting wireless communication signals to at least one other wireless communication unit, and/or a wireless communication receiver for receiving wireless communication signals from at least one other wireless communication unit.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
The term "access point" (AP) as used herein may be a fixed station. An access point may also be referred to as an access node, a base station, an evolved node B (eNodeB), or some other similar terminology known in the art. An access terminal may also be called a mobile station, user Equipment (UE), a wireless communication device, or some other similar terminology known in the art. Embodiments disclosed herein relate generally to wireless networks. Some embodiments may relate to a wireless network operating according to one of the IEEE 802.11 standards.
Some embodiments may be used in conjunction with various devices and systems, such as Personal Computers (PCs), desktop computers, mobile computers, laptop computers, notebook computers, tablet computers, server computers, handheld devices, personal Digital Assistant (PDA) devices, handheld PDA devices, onboard devices, off-board devices, hybrid devices, onboard devices, offboard devices, mobile or portable devices, consumer devices, non-mobile or non-portable devices, wireless communication stations, wireless communication devices, wireless Access Points (APs), wired or wireless routers, wired or wireless modems, video devices, audio-video (A/V) devices, wired or wireless networks, wireless local area networks, wireless Video Area Networks (WVANs), local Area Networks (LANs), wireless Local Area Networks (WLANs), personal Area Networks (PANs), wireless PANs (WPANs), and the like.
Some embodiments may be used in conjunction with the following devices: one-way and/or two-way radio communication systems, cellular radiotelephone communication systems, mobile telephones, cellular telephones, radiotelephones, personal Communication Systems (PCS) devices, PDA devices that include wireless communication devices, mobile or portable Global Positioning System (GPS) devices, devices that include GPS receivers or transceivers or chips, devices that include RFID elements or chips, multiple-input multiple-output (MIMO) transceivers or devices, single-input multiple-output (SIMO) transceivers or devices, multiple-input single-output (MISO) transceivers or devices, devices having one or more internal and/or external antennas, digital Video Broadcasting (DVB) devices or systems, multi-standard radio devices or systems, wired or wireless handheld devices (e.g., smart phones), wireless Application Protocol (WAP) devices, and the like.
Some embodiments may be used in conjunction with one or more types of wireless communication signals and/or systems that conform to one or more wireless communication protocols, such as Radio Frequency (RF), infrared (IR), frequency Division Multiplexing (FDM), orthogonal FDM (OFDM), time Division Multiplexing (TDM), time Division Multiple Access (TDMA), extended TDMA (E-TDMA), general Packet Radio Service (GPRS), extended GPRS, code Division Multiple Access (CDMA), wideband CDMA (WCDMA), CDMA 2000, single carrier CDMA, multi-carrier modulation (MDM), discrete multi-tone (DMT), bluetooth, global Positioning System (GPS), wi-Fi, wi-Max, zigBee, ultra Wideband (UWB), global system for mobile communication (GSM), 2G, 2.5G, 3G, 3.5G, 4G, fifth generation (5G) mobile networks, 3GPP, long Term Evolution (LTE), LTE-Advance, enhanced data rates for GSM evolution (EDGE), and so forth. Other embodiments may be used in various other devices, systems, and/or networks.
The following examples pertain to further embodiments.
Example 1 may include a fast Basic Service Set (BSS) transition (FT) initiator (FTO), the FTO comprising processing circuitry coupled to a storage device, the processing circuitry configured to: determining a Pairwise Master Key (PMK) R0name associated with privacy enhancements; cause the PMK R0name to be sent to a FT responder (FTR); and causing the translated PMK R0name to be sent to another FTR for subsequent communication.
Example 2 may include the FTO of example 1 and/or some other example herein, wherein the translated PMK R0name is formed by: changing the PMK R0name to a new PMK R0name, the new PMK R0name identifying the same PMK-R0.
Example 3 may include the FTO of example 2 and/or some other example herein, wherein the new PMK R0name is sent by the FTR to an R0 key holder (R0 KH) such that the R0KH can identify the same PMK-R0.
Example 4 may include the FTO of example 3 and/or some other example herein, wherein the new PMK R0name is sent by the R0KH to other FTRs within a same mobility domain.
Example 5 may include the FTO of example 2 and/or some other example herein, wherein the change in the PMK R0name is performed after the FT protocol succeeds and using a hash algorithm with a new derived key as an input.
Example 6 may include the FTO of example 1 and/or some other example herein, wherein the translated PMK R0name is formed by: and encrypting the PMK R0name into a random character string by FTR, and sending the random character string to FTO.
Example 7 may include the FTO of example 6 and/or some other example herein, wherein the random string is transmitted to and received and decrypted by another FTR to obtain the PMK R0name.
Example 8 may include the FTO of example 6 and/or some other example herein, wherein the random string is carried by a fast BSS transition element (FTE) or is carried by an additional element in a reassociation response frame.
Example 9 may include the FTO of example 6 and/or some other example herein, wherein the encryption uses FTR-shared keys within the same mobility domain or the same Extended Service Set (ESS).
Example 10 may include the FTO of example 1 and/or some other example herein, wherein the FTO and the FTR are multi-link devices (MLDs), or the FTO and the FTR are stations.
Example 11 may include the FTO of example 1 and/or some other example herein, wherein the PMK R0name is included in a first authentication frame on a Distribution System (DS).
Example 12 may include a non-transitory computer-readable medium storing computer-executable instructions that, when executed by one or more processors, cause performance of the following: determining a Pairwise Master Key (PMK) R0name associated with privacy enhancements; cause the PMK R0name to be sent to a FT responder (FTR); and causing the translated PMK R0name to be sent to another FTR for subsequent communication.
Example 13 may include the non-transitory computer-readable medium of example 12 and/or some other example herein, wherein the converted PMK R0name is formed by: changing the PMK R0name to a new PMK R0name, the new PMK R0name identifying the same PMK-R0.
Example 14 may include the non-transitory computer-readable medium of example 12 and/or some other example herein, wherein the transformed PMK R0name is formed by: and encrypting the PMK R0name into a random character string by FTR, and sending the random character string to FTO.
Example 15 may include a method comprising: determining, by one or more processors of a fast Basic Service Set (BSS) transition (FT) initiator (FTO), a Pairwise Master Key (PMK) R0name associated with privacy enhancements; cause the PMK R0name to be sent to a FT responder (FTR); and causing the translated PMK R0name to be sent to another FTR for subsequent communication.
Example 16 may include the method of example 15 and/or some other example herein, wherein the converted PMK R0name is formed by: changing the PMK R0name to a new PMK R0name, the new PMK R0name identifying the same PMK-R0.
Example 17 may include the method of example 15 and/or some other example herein, wherein the converted PMK R0name is formed by: and encrypting the PMK R0name into a random character string by FTR, and sending the random character string to FTO.
Example 18 may include an apparatus comprising: means for determining a Pairwise Master Key (PMK) R0name associated with privacy enhancements; means for causing the PMK R0name to be sent to a FT responder (FTR); and means for causing the translated PMK R0name to be sent to another FTR for subsequent communication.
Example 19 may include the apparatus of example 18 and/or some other example herein, wherein the converted PMK R0name is formed by: changing the PMK R0name to a new PMK R0name, the new PMK R0name identifying the same PMK-R0.
Example 20 may include the apparatus of example 18 and/or some other example herein, wherein the converted PMK R0name is formed by: and encrypting the PMK R0name into a random character string by FTR, and sending the random character string to FTO.
Example 21 may include one or more non-transitory computer-readable media comprising instructions to cause an electronic device, when executed by one or more processors of the electronic device, to perform one or more elements of a method described in or related to any of examples 1-20, or to perform any other method or process described herein.
Example 22 may include an apparatus comprising logic, modules, and/or circuitry to perform one or more elements of a method described in or related to any of examples 1-20, or to perform any other method or process described herein.
Example 23 may include, or portions of, a method, technique, or process described in or related to any of examples 1-20.
Example 24 may include an apparatus comprising: one or more processors and one or more computer-readable media comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform a method, technique, or process described in or related to any of examples 1-20, or portions thereof.
Example 25 may include a method of communicating in a wireless network as shown and described herein.
Example 26 may include a system for providing wireless communications as shown and described herein.
Example 27 may include a device to provide wireless communications as shown and described herein.
Embodiments in accordance with the present disclosure are disclosed in particular in the accompanying claims directed to methods, storage media, devices and computer program products, wherein any feature mentioned in one claim category (e.g., method) may also be claimed in another claim category (e.g., system). The dependencies or references in the appended claims are chosen solely for formal reasons. However, any subject matter resulting from an intentional reference to any previous claim (in particular multiple dependencies) may also be claimed, such that any combination of a claim and its features is disclosed and can be claimed, irrespective of the dependency selected in the appended claims. The subject matter that can be claimed comprises not only the combinations of features set forth in the appended claims, but also any other combination of features in the claims, wherein each feature mentioned in the claims can be combined with any other feature or combination of other features in the claims. Furthermore, any embodiments and features described or depicted herein may be claimed in a separate claim and/or in any combination with any embodiment or feature described or depicted herein or with any feature of the appended claims.
The foregoing description of one or more implementations provides illustration and description, but is not intended to be exhaustive or to limit the scope of the embodiments to the precise form disclosed. Modifications and variations are possible in light of the above teachings or may be acquired from practice of various embodiments.
Certain aspects of the present disclosure are described above with reference to block diagrams and flowchart illustrations of systems, methods, apparatuses, and/or computer program products according to various implementations. It will be understood that one or more blocks of the block diagrams and flowchart illustrations, and combinations of blocks in the block diagrams and flowchart illustrations, respectively, can be implemented by computer-executable program instructions. Likewise, some blocks of the block diagrams and flow diagrams may not necessarily need to be performed in the order presented, or may not need to be performed at all, according to some implementations.
These computer-executable program instructions may be loaded onto a special purpose computer or other specific machine, processor, or other programmable data processing apparatus to produce a particular machine, such that the instructions which execute on the computer, processor, or other programmable data processing apparatus create means for implementing one or more functions specified in the flowchart block or blocks. These computer program instructions may also be stored in a computer-readable storage medium or memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means which implement the function specified in the flowchart block or blocks. As an example, certain implementations may provide a computer program product comprising a computer-readable storage medium having computer-readable program code or program instructions embodied therein, the computer-readable program code adapted to be executed to implement one or more functions specified in the flowchart block or blocks. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational elements or steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide elements or steps for implementing the functions specified in the flowchart block or blocks.
Accordingly, blocks of the block diagrams and flowchart illustrations support combinations of means for performing the specified functions, combinations of elements or steps for performing the specified functions and program instruction means for performing the specified functions. It will also be understood that each block of the block diagrams and flowchart illustrations, and combinations of blocks in the block diagrams and flowchart illustrations, can be implemented by special purpose, hardware-based computer systems that perform the specified functions, elements or steps, or combinations of special purpose hardware and computer instructions.
Conditional language, such as "may," "can," "might," or "may," unless expressly stated otherwise or otherwise understood within the context of usage, is generally intended to convey that certain implementations may include, while other implementations do not include, certain features, elements, and/or operations. Thus, such conditional language is not generally intended to imply that features, elements, and/or operations are in any way required for one or more implementations or that one or more implementations necessarily include logic for making decisions, with or without user input or prompting, whether or not such features, elements, and/or operations are included or are to be performed in any particular implementation.
Many modifications and other implementations of the disclosure set forth herein will come to mind to one skilled in the art to which this disclosure pertains having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the disclosure is not to be limited to the specific implementations disclosed and that modifications and other implementations are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims (20)

1. A fast Basic Service Set (BSS) transition (FT) initiator (FTO), the FTO comprising processing circuitry coupled to a storage device, the processing circuitry configured to:
determining a Pairwise Master Key (PMK) R0name associated with privacy enhancement;
cause the PMK R0name to be sent to a FT responder (FTR); and
such that the translated PMK R0name is sent to another FTR for subsequent communication.
2. The FTO of claim 1, wherein the translated PMK R0name is formed by:
changing the PMK R0name to a new PMK R0name, the new PMK R0name identifying the same PMK-R0.
3. FTO according to claim 2, wherein said new PMK R0name is sent by the FTR to an R0 Key holder (R0 KH), enabling the R0KH to recognize the same PMK-R0.
4. FTO according to claim 3, wherein said new PMK R0name is sent by said R0KH to other FTRs within the same mobility domain.
5. The FTO of claim 2, wherein the change of PMK R0name is performed after FT protocol success and uses a hashing algorithm with a new derived key as input.
6. The FTO of claim 1, wherein the translated PMK R0name is formed by:
and encrypting the PMK R0name into a random character string by FTR, and sending the random character string to FTO.
7. FTO according to claim 6, wherein said random string is sent to and received and decrypted by another FTR, obtaining said PMK R0name.
8. The FTO of claim 6, wherein said random string is carried by a fast BSS transition element (FTE) or by an additional element in a reassociation response frame.
9. The FTO of claim 6, wherein encryption uses FTR-shared keys within the same mobility domain or the same Extended Service Set (ESS).
10. The FTO of claim 1, wherein the FTO and the FTR are multi-link devices (MLDs) or the FTO and the FTR are stations.
11. The FTO of claim 1, wherein the PMK R0name is included in a first authentication frame on a Distribution System (DS).
12. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by one or more processors, cause performance of the following operations:
determining a Pairwise Master Key (PMK) R0name associated with privacy enhancements;
cause the PMK R0name to be sent to a FT responder (FTR); and
such that the translated PMK R0name is sent to another FTR for subsequent communication.
13. The non-transitory computer-readable medium of claim 12, wherein the converted PMK R0name is formed by:
changing the PMK R0name to a new PMK R0name, the new PMK R0name identifying the same PMK-R0.
14. The non-transitory computer-readable medium of claim 12, wherein the converted PMK R0name is formed by:
and encrypting the PMK R0name into a random character string by FTR, and sending the random character string to FTO.
15. A method, comprising:
determining, by one or more processors of a fast Basic Service Set (BSS) transition (FT) initiator (FTO), a Pairwise Master Key (PMK) R0name associated with privacy enhancements;
cause the PMK R0name to be sent to a FT responder (FTR); and
such that the translated PMK R0name is sent to another FTR for subsequent communication.
16. The method of claim 15, wherein the converted PMK R0name is formed by:
changing the PMK R0name to a new PMK R0name, the new PMK R0name identifying the same PMK-R0.
17. The method of claim 15, wherein the converted PMK R0name is formed by:
and encrypting the PMK R0name into a random character string by FTR, and sending the random character string to FTO.
18. An apparatus, comprising:
means for determining a Pairwise Master Key (PMK) R0name associated with privacy enhancements;
means for causing the PMK R0name to be sent to a FT responder (FTR); and
means for causing the translated PMK R0name to be sent to another FTR for subsequent communication.
19. The apparatus of claim 18, wherein the converted PMK R0name is formed by:
changing the PMK R0name to a new PMK R0name, the new PMK R0name identifying the same PMK-R0.
20. The apparatus of claim 18, wherein the converted PMK R0name is formed by:
and encrypting the PMK R0name into a random character string by FTR, and sending the random character string to FTO.
CN202111554709.2A 2021-07-08 2021-12-17 Apparatus, medium, method, and apparatus for privacy enhancement Pending CN115604867A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202163219639P 2021-07-08 2021-07-08
US63/219,639 2021-07-08

Publications (1)

Publication Number Publication Date
CN115604867A true CN115604867A (en) 2023-01-13

Family

ID=84841791

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111554709.2A Pending CN115604867A (en) 2021-07-08 2021-12-17 Apparatus, medium, method, and apparatus for privacy enhancement

Country Status (1)

Country Link
CN (1) CN115604867A (en)

Similar Documents

Publication Publication Date Title
US12212970B2 (en) Security for multi-link operation
US12200121B2 (en) Enhanced security for multi-link wireless operations
US11973679B2 (en) Enhanced frame exchange and multi-link device messaging for secure communications
US20240155339A1 (en) Multi-link device resetup and transition with station device address authentication
US20190349758A1 (en) Ultrasound-assisted wi-fi and bluetooth authentication
US20220116833A1 (en) Enhanced wi-fi fast roaming transition for mobile devices
US20210345105A1 (en) 4-way handshake optimization
US11805561B2 (en) Multi-link device re-setup and transition
US12010516B2 (en) Multi-link device security association query
US20250119733A1 (en) Enhanced security keys for wi-fi association frames
EP4293963A1 (en) Secure medium access control (mac) header
US20250126482A1 (en) Eapol-key encryption key derivation and encryption in authentication frame
CN115396874A (en) Privacy enhancement for Pairwise Master Key Security Association (PMKSA) caching
CN115397046A (en) Privacy enhancement to avoid element fingerprints
US20210127273A1 (en) Enhanced beacon protection rekeying and attack detection for wireless communications
US20230239139A1 (en) Methods and arrangements for encryption of group addressed management frames
CN115226097A (en) Change procedure for pairwise master key identifiers for privacy enhancement
CN115604867A (en) Apparatus, medium, method, and apparatus for privacy enhancement
US20250088364A1 (en) Privacy enhancement for pairwise master key security association caching to prevent active attack
EP4539526A1 (en) Privacy enhancement for pairwise master key security association caching and randomize medium access control address
EP4258717A1 (en) Key negotiation for association frame encryption
EP4362517A1 (en) Message integrity code (mic) length indication in fast basic service set transition element (fte)
US20250267524A1 (en) Ultra high reliability roaming with context transfer and reduced transition delay
EP4412150A1 (en) Trigger frame protection
US12081980B2 (en) Apparatus and method for Wi-Fi network profile verification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination