WO2004084458A2 - Techniques de gestion de session wlan avec rechriffrement securise et fermeture de session - Google Patents

Techniques de gestion de session wlan avec rechriffrement securise et fermeture de session Download PDF

Info

Publication number
WO2004084458A2
WO2004084458A2 PCT/US2004/007403 US2004007403W WO2004084458A2 WO 2004084458 A2 WO2004084458 A2 WO 2004084458A2 US 2004007403 W US2004007403 W US 2004007403W WO 2004084458 A2 WO2004084458 A2 WO 2004084458A2
Authority
WO
WIPO (PCT)
Prior art keywords
key
secure
mobile terminal
session key
session
Prior art date
Application number
PCT/US2004/007403
Other languages
English (en)
Other versions
WO2004084458A3 (fr
Inventor
Junbiao Zhang
Saurabh Mathur
Sachin Mody
Original Assignee
Thomson Licensing S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing S.A. filed Critical Thomson Licensing S.A.
Priority to EP04719770A priority Critical patent/EP1606899A4/fr
Priority to MXPA05009804A priority patent/MXPA05009804A/es
Priority to JP2006507069A priority patent/JP2006520571A/ja
Priority to US10/549,408 priority patent/US20060179305A1/en
Publication of WO2004084458A2 publication Critical patent/WO2004084458A2/fr
Publication of WO2004084458A3 publication Critical patent/WO2004084458A3/fr
Priority to US11/371,662 priority patent/US20070189537A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the invention relates to an apparatus and a method for providing a secure communications session in a local area network, and in particular, to an apparatus and method for providing secure communications session with a mobile terminal in a WLAN with periodic key update and a secure logoff.
  • WLAN wireless local area networks
  • AP access point
  • WLAN wireless local area network
  • AP access point
  • the WLAN When a user attempts to access service within a public WLAN coverage area, the WLAN first authenticates and authorizes user access, prior to granting network access. After authentication, the public WLAN opens a secure data channel to the mobile communications device to protect the privacy of data passing between the WLAN and the device.
  • the IEEE 802. Ix protocol for deployed equipment. Hence, the predominant authentication mechanism for WLANs utilize this standard.
  • the IEEE 802. Ix protocol was designed with private LAN access as its usage model. Hence, the IEEE 802. Ix protocol does not provide certain features that would improve the security in a public WLAN environment.
  • HTTPS Protocol Secured Sockets
  • a secure session key is established and shared by the user and the WLAN. All subsequent communication is encrypted using this session key.
  • the session key needs to be updated periodically. Indeed, if the initial session key is used as a Wired Equivalent Privacy (WEP) key, after a certain number of communication exchanges using the WEP key between the wireless user and the WLAN access point, a would be hacker may crack the key.
  • WEP Wired Equivalent Privacy
  • IEEE 802. Ix the protocol used for secure access control in a WLAN, where the session key is updated relies on an authentication server. In essence, each time the key is updated, the user needs to go through the authentication steps similar to the initial authentication. This procedure can be inefficient and impossible in some applications.
  • the WLAN technology can benefit from a method that once the user is authenticated and the session key is established, future key updates no longer require the participation of the authentication server.
  • What is desired is a method for providing secure communications session between a terminal and a communications network by using a session key for encrypting the communications between the terminal and the communications network, wherein the session key may be derived from a set of keys, including a secure key that is stored in the terminal and an access point of the communications network.
  • the secure key may also be used in providing a secure logoff mechanism.
  • the invention herein provides a method for improving the security of a mobile terminal in a WLAN environment by instead of installing one shared secret referred to as the initial session key on both the wireless user machine and the WLAN AP, during the user authentication phase, installing two shared keys.
  • One of the shared keys is used as the initial session key, and the other shared key is used as a secure seed. Since the initial authenticated communication is secure, once the two secured keys have been established it is virtually impossible for a would be hacker to crack this form of protection. And although the initial session key may eventually be cracked by the would be hacker, the secure seed always remains secure, as it is not used in any insecure communication.
  • An embodiment of the present invention includes the process whereby during a key update, a new key is generated and exchanged between the WLAN access point and the mobile terminal. Instead of directly using this new key, the access point and the mobile terminal use this new key together with the secure seed to generate the new session key.
  • the new session key may be generated by concatenating the secure seed with the new key, and then calculating a one way hash function such as the Message Digest 5 (MD5) hash algorithm to generate a fixed string. Since the would be hacker does not have the secure seed, even if it can crack the old session key, it would not succeed in obtaining the new session key.
  • MD5 Message Digest 5
  • An embodiment of the present invention also includes the process whereby during a session logoff the mobile terminal remains secure to prevent a would be hacker from logging off the authenticated mobile terminal.
  • the IEEE 802. Ix based scheme does not provide a secure logoff because the logoff request is carried in an unencrypted frame.
  • the mobile terminal sends an encrypted logoff request accompanied by the secure seed.
  • An embodiment of the present invention also includes a method for providing a secure communications session between a mobile terminal and a wireless local access network (WLAN), the method comprising the steps of: generating first and second secure keys; transmitting the first and second secure keys to the mobile terminal using a secure communications method, the first and second secure keys being stored in the mobile terminal for use during the secure communications session; encrypting and transmitting data to the mobile terminal using a current session key, and receiving and decrypting data received from the mobile terminal using the current session key, the first secure key initially being used as the current session key; and periodically generating a subsequent session key using the second secure key and using the subsequent session key as the current session key during subsequent communications between the WLAN and the mobile terminal.
  • WLAN wireless local access network
  • the present invention also includes an apparatus for providing a secure communications session between a mobile terminal and a WLAN, comprising a means for generating a first and second secure key and a means for transmitting the first and second secure key to the mobile terminal.
  • the mobile terminal stores the first and second secure keys for decryption of subsequently received data
  • the WLAN a means encrypts and transmits data to the mobile terminal using a current session key.
  • the WLAN a means to periodically generate a subsequent session keys uses the second secure key and uses subsequent session keys as the current session key during communications between the WLAN and the mobile terminal.
  • FIG. 1 is a block diagram of a communications system for practicing the method of the present principles for authenticating a mobile wireless communications device.
  • FIG. 2 is a flow diagram of the method of establishing two secure keys of the present invention.
  • FIG. 3 is a flow diagram of the method of establishing a secured log off procedure on the present invention.
  • FIG. 4 is a block diagram of an apparatus for implementing the present invention.
  • circuits and associated blocks and arrows represent functions of the process according to the present invention which may be implemented as electrical circuits and associated wires or data busses, which transport electrical signals.
  • one or more associated arrows may represent communication (e.g., data flow) between software routines, particularly when the present method or apparatus of the present invention is implemented as a digital process.
  • one or more mobile terminals represented by 140 ⁇ through 140 n communicate through an access point 130 n , local computer 120, in association with firewalls 122 and one or more virtual operators 150 1-n , such as authentication server 150 n.
  • Communication from terminals 140 1-n typically require accessing a secured data base or other resources, utilizing the Internet 110 and associated communication paths 154 and 152 that require a high degree of security from unauthorized entities, such as would be hackers.
  • the IEEE 802. Ix architecture encompasses several components and services that interact to provide station mobility transparent to the higher layers of a network stack.
  • the IEEE 802. Ix network defines stations such as access points 130 1-n and mobile terminals 140 ⁇ -n; as the components communication in the wireless medium 124 and contain the functionality of the IEEE 802. Ix protocols, that being MAC (Medium Access Control) 138 1-n , and corresponding PHY (Physical Layer) (not shown), and a connection 127 to the wireless medium.
  • the IEEE 802. Ix functions are implemented in the hardware and software of a wireless modem or a network access or interface card.
  • This invention proposes a method for implementing an identification means in the communication stream such that an access point 130 1-n compatible with the IEEE 802. Ix WLAN MAC layers for downlink traffic (i.e. from the an authentication server to the mobile terminal such as a laptop) may participate in the authentication of one or more wireless mobile devices 140 1-n ,, a local or back end server 120 and an authentication server 150.
  • the access 160 enables each mobile terminals 140 1-n ⁇ to securely access the WLAN 115 by authenticating both the mobile terminal itself, as well as its communication stream in accordance with the IEEE 802. Ix protocol.
  • the manner in which the access 160 enables such secure access can best be understood by reference to FIG. 1 in conjunction with FIG. 2.
  • the sequence of interactions that occurs over time among a mobile wireless communication device, say mobile terminal 140 n> the public WLAN 115, the local web server 120, and the authentication server 150 is described under the convention of an IEEE 802. Ix protocol, wherein the access point 130 n of FIG. 1 maintains a controlled port and an uncontrolled port, through which the access point exchanges information, with the mobile terminals 140 1-n .
  • the controlled port maintained by the access point 130 n serves as the entryway for non-authentication information, such as data traffic to pass through the access point 130 n as it flows between the local server 120 and the mobile terminals 140 ⁇ -n .
  • the access points 130 1-n keep the respective controlled port closed in accordance with the IEEE 802. Ix protocol, until the authentication of the pertinent mobile terminal 140 1-n communicates.
  • the access points 130 1-n always maintain the respective uncontrolled port open to permit the mobile terminals 140 1-n to exchange authentication data with an authentication server 150.
  • a method in accordance with the present invention for improving the security of a mobile terminal in 140 asthma in a WLAN environment installs two shared secrets instead of one shared secret, on both the mobile terminal 140 n and the WLAN access point 130 n during the user authentication phase.
  • One of the shared secrets is used as the initial session key and the other is used as a secure seed. Since the initial authentication is secure, these two keys would not be known to a would be hacker.
  • the keys may be generated and distributed to the mobile terminal and the WLAN, access point, using known methods, for example using an authentication server, for generating and distributing such keys. Although the initial session key may eventually be cracked by the would be hacker, the secure seed remains secure as it is not used in any insecure communication. More 1 particularly, the method of the present invention processes, through the access point 130 n, web requests from the mobile terminal 140 nj so as to embed a session id 215.
  • a method in accordance with the present invention improves the security of a mobile terminal in 140 n in a WLAN environment by comprising the steps of installing at least two shared secrets on both the mobile terminal 140 n and the WLAN access point 130 n during the user authentication phase, whereby a first secret is the initial session key and subsequent keys are utilized as secure seeds.
  • each mobile communication device such as each of devices 140 ⁇ -140 n
  • the authentication technique utilized in FIG. 2 depicts the sequence of communications that occurs over time among the mobile terminal 140 n , the access point 130 n , and the authentication server 150.
  • the mobile terminal 140 n transmits a request for access to the access point 130 n , during step 200 of FIG. 2.
  • the mobile terminal 140 n initiates the access request by way of a HTTPS access demand launched by a browser software program (not shown) executed by the mobile terminal 140 n .
  • the access point 130 n redirects the browser software in the mobile terminal 140 n to a local welcome page on the access point 130 n during step 202.
  • the mobile terminal 140 n initiates an authentication sequence by querying the access point 130 n for the identity of the appropriate authentication server during step 204.
  • the access point 130 n determines the identity of appropriate authentication server (e.g., server 150) during step 206 and then directs the browser software in the mobile terminal 140 incident to that server via an HTTP command during step 208.
  • mobile terminal 140 n Having now received the identity of the authentication server 150 during step 208, mobile terminal 140 n then sends its user credentials to the server during step 210 of FIG. 2.
  • the authentication server 150 Upon receipt of the user credentials from the mobile terminal 140 n , the authentication server 150 makes a determination whether the mobile terminal 140 n constitutes a valid user during step 212. If so, then the authentication server 150 replies to the mobile terminal 140 n during step 214 using a Wired Equivalent Privacy (WEP) encryption key, which the device invokes via an ActiveX command of an ActiveX control though the device browser software.
  • WEP Wired Equivalent Privacy
  • the ActiveX control is essentially an executable program that can be embedded inside a web page.
  • Many software browser programs such Microsoft Internet Explorer have the capability of displaying such web pages and invoking the embedded ActiveX controls, which can be downloaded from a remote server (e.g., the authentication server 150).
  • a remote server e.g., the authentication server 150.
  • ActiveX controls are restricted by the security mechanisms built into the browser software. In practice, most browser programs have several different selectable security levels. At the lowest level, any ActiveX control from the web can be invoked without restriction. In the highest level, no ActiveX control can be invoked from the browser software.
  • a method in accordance with the present invention comprises the step of, after authentication and authorization, generating a first key in step 217 and distributing the new key to the access point 130 n and the mobile terminal 140 n .
  • hi step 221 second key referenced to as secure seed 123 is distributed to the mobile terminal 140 n and the access point 130 n .
  • the mobile terminal and the access point communicate using the first key as the session to encrypt the data.
  • the access point 130 n and the mobile terminal 140 n employ the key 119 and the secure seed 123 to periodically generate 225a new session key 121, whereby the new session key is then used for subsequent communications between the mobile terminal and the access point.
  • the second key is always stored and kept as a secret in the mobile terminal and the access point during the communication session so that a would be hacker is unable to determine the second key.
  • Several techniques may be employed to further facilitate the management of the combined keys such as generating the new session key and concatenating the new session key to the secure seed prior to using it for security. Once having concatenated the combined session key and secure seed, the process may calculate a hash algorithm on the concatenated new session key and secure seed and generate a fixed string for further transmission.
  • a method for improving the security of a mobile terminal in a WLAN environment further comprises the steps of the mobile terminal 140 n sending during session logoff an encrypted logoff request accompanied by the secure seed such that the secure seed appears in the logoff request.
  • the mobile terminal 140 n remains secure to prevent a would be hacker from logging off an authenticated mobile terminal 140 n .
  • the IEEE 802. Ix based scheme cannot provide secure logoff because the logoff request is carried in an unencrypted frame.
  • the mobile terminal 140 n sends an encrypted logoff request 228 accompanied by the secure seed 123.
  • the access point 130 n comprises a means for generating a first and second secure key 410 and a means for transmitting 420 the first secure key 119 and the second secure key 123 to the mobile terminal 140 n .
  • the mobile terminal 140 n receives the first secure key 119 and second secure key 123 and stores the keys in a register 430 for use during the secure communications session.
  • the access point 130 n includes a means to encrypt 415 data and a means to transmit 420 data to the mobile terminal 140 n via the WLAN 115 using a current session key.
  • the mobile terminal 140 n includes a means to receive 450 and a means to decrypt data 435 received from the access point 130 n using the current session key 119, the first secure key initially being used as the current session key 119.
  • the access point 130 n includes a means to periodically generate 425 a subsequent session key using the second secure key and using the subsequent session key as the current session key during subsequent communications between the WLAN 115 and the mobile terminal 140chy.

Abstract

L'invention porte sur un procédé visant à renforcer la sécurité d'un terminal mobile dans un environnement WLAN en installant deux clés secrètes partagées au lieu d'une seule, la clé de session initiale, sur la machine utilisateur sans fil et sur le point d'accès WLAN pendant la phase d'authentification utilisateur. L'une des clés secrètes partagées est utilisée comme la clé de session initiale et l'autre est utilisée comme noyau sécurisé. Du fait que l'authentification initiale est sécurisée, ces deux clés ne sont pas connues des pirates informatiques. Bien que la clé de session initiale puisse être éventuellement fracturée par un pirate informatique, le noyau sécurisé reste sécurisé puisqu'il n'était pas utilisé dans une communication quelconque non sécurisée.
PCT/US2004/007403 2003-03-14 2004-03-11 Techniques de gestion de session wlan avec rechriffrement securise et fermeture de session WO2004084458A2 (fr)

Priority Applications (5)

Application Number Priority Date Filing Date Title
EP04719770A EP1606899A4 (fr) 2003-03-14 2004-03-11 Techniques de gestion de session wlan avec rechriffrement securise et fermeture de session
MXPA05009804A MXPA05009804A (es) 2003-03-14 2004-03-11 Tecnicas de manejo de sesion de red de area local inalambrica con claves dobles y salida de registro seguros.
JP2006507069A JP2006520571A (ja) 2003-03-14 2004-03-11 セキュア鍵及びログオフを用いるwlanセッション管理技術
US10/549,408 US20060179305A1 (en) 2004-03-11 2004-03-11 WLAN session management techniques with secure rekeying and logoff
US11/371,662 US20070189537A1 (en) 2003-03-14 2006-03-09 WLAN session management techniques with secure rekeying and logoff

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US45454203P 2003-03-14 2003-03-14
US60/454,542 2003-03-14

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/371,662 Continuation US20070189537A1 (en) 2003-03-14 2006-03-09 WLAN session management techniques with secure rekeying and logoff

Publications (2)

Publication Number Publication Date
WO2004084458A2 true WO2004084458A2 (fr) 2004-09-30
WO2004084458A3 WO2004084458A3 (fr) 2004-11-18

Family

ID=33029889

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/007403 WO2004084458A2 (fr) 2003-03-14 2004-03-11 Techniques de gestion de session wlan avec rechriffrement securise et fermeture de session

Country Status (7)

Country Link
EP (1) EP1606899A4 (fr)
JP (2) JP2006520571A (fr)
KR (2) KR20060053003A (fr)
CN (2) CN1759550A (fr)
MX (1) MXPA05009804A (fr)
MY (1) MY135833A (fr)
WO (1) WO2004084458A2 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1618731A1 (fr) * 2003-04-28 2006-01-25 Thomson Licensing Technique pour l'acces securise a un reseau local sans fil
JP2006180561A (ja) * 2003-03-14 2006-07-06 Thomson Licensing セキュア鍵及びログオフを用いるwlanセッション管理技術
WO2006115479A1 (fr) * 2005-04-22 2006-11-02 Thomson Licensing Procede et dispositif de fourniture d'acces sur et anonyme a un reseau local sans fil (wlan)
CN102752309A (zh) * 2005-04-22 2012-10-24 汤姆森特许公司 用于移动设备对无线局域网的安全匿名接入的方法
US9596605B2 (en) 2012-02-09 2017-03-14 Ruckus Wireless, Inc. Dynamic PSK for hotspots
WO2019067250A1 (fr) * 2017-09-29 2019-04-04 Plume Design, Inc Contrôle d'accès invité à des réseaux wi-fi
US11496902B2 (en) 2017-09-29 2022-11-08 Plume Design, Inc. Access to Wi-Fi networks via two-step and two-party control

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101454767B (zh) * 2006-04-24 2013-08-14 鲁库斯无线公司 安全无线网络中的动态认证
EP2013758B1 (fr) * 2006-04-24 2016-08-03 Ruckus Wireless, Inc. Authentification dynamique dans des reseaux sans fil securises
WO2008001904A1 (fr) 2006-06-30 2008-01-03 Nikon Corporation Appareil photo numérique
CN101682513A (zh) * 2007-06-11 2010-03-24 Nxp股份有限公司 认证方法以及用于执行认证的电子装置
KR101016277B1 (ko) * 2007-12-20 2011-02-22 건국대학교 산학협력단 보안성이 강화된 sⅰp 등록 및 sⅰp 세션 설정 방법 및장치
US10576256B2 (en) 2016-12-13 2020-03-03 Becton, Dickinson And Company Antiseptic applicator
CN111404666A (zh) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 一种密钥生成方法、终端设备及网络设备

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002508892A (ja) * 1997-03-10 2002-03-19 ガイ・エル・フィールダー 双方向認証および暗号化システム
FI113119B (fi) * 1997-09-15 2004-02-27 Nokia Corp Menetelmä tietoliikenneverkkojen lähetysten turvaamiseksi
DE69834431T3 (de) * 1998-01-02 2009-09-10 Cryptography Research Inc., San Francisco Leckresistentes kryptographisches verfahren und vorrichtung
US6151677A (en) * 1998-10-06 2000-11-21 L-3 Communications Corporation Programmable telecommunications security module for key encryption adaptable for tokenless use
US7028186B1 (en) * 2000-02-11 2006-04-11 Nokia, Inc. Key management methods for wireless LANs
JP2002077129A (ja) * 2000-08-24 2002-03-15 Nissin Electric Co Ltd 暗号通信方法
KR20060053003A (ko) * 2003-03-14 2006-05-19 톰슨 라이센싱 보안 리키잉과 로그 오프를 이용한 wlan 세션 관리기술

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of EP1606899A4 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006180561A (ja) * 2003-03-14 2006-07-06 Thomson Licensing セキュア鍵及びログオフを用いるwlanセッション管理技術
EP1618731A4 (fr) * 2003-04-28 2010-08-11 Thomson Licensing Technique pour l'acces securise a un reseau local sans fil
EP1618731A1 (fr) * 2003-04-28 2006-01-25 Thomson Licensing Technique pour l'acces securise a un reseau local sans fil
US8285992B2 (en) 2005-04-22 2012-10-09 Thomson Licensing Method and apparatuses for secure, anonymous wireless LAN (WLAN) access
JP2008538673A (ja) * 2005-04-22 2008-10-30 トムソン ライセンシング 安全な匿名の無線lanアクセス機構
JP4848421B2 (ja) * 2005-04-22 2011-12-28 トムソン ライセンシング 安全な匿名の無線lanアクセス機構
WO2006115479A1 (fr) * 2005-04-22 2006-11-02 Thomson Licensing Procede et dispositif de fourniture d'acces sur et anonyme a un reseau local sans fil (wlan)
CN102752309A (zh) * 2005-04-22 2012-10-24 汤姆森特许公司 用于移动设备对无线局域网的安全匿名接入的方法
EP3021553A1 (fr) * 2005-04-22 2016-05-18 Thomson Licensing Méthode et appareils d'accès à un réseau local sans fil (wlan) anonyme et sécurisé
US9596605B2 (en) 2012-02-09 2017-03-14 Ruckus Wireless, Inc. Dynamic PSK for hotspots
WO2019067250A1 (fr) * 2017-09-29 2019-04-04 Plume Design, Inc Contrôle d'accès invité à des réseaux wi-fi
US11496902B2 (en) 2017-09-29 2022-11-08 Plume Design, Inc. Access to Wi-Fi networks via two-step and two-party control
US11689925B2 (en) 2017-09-29 2023-06-27 Plume Design, Inc. Controlled guest access to Wi-Fi networks

Also Published As

Publication number Publication date
KR20060053003A (ko) 2006-05-19
KR20050116821A (ko) 2005-12-13
MY135833A (en) 2008-07-31
MXPA05009804A (es) 2006-05-19
CN1874222A (zh) 2006-12-06
JP2006180561A (ja) 2006-07-06
JP2006520571A (ja) 2006-09-07
CN1759550A (zh) 2006-04-12
EP1606899A4 (fr) 2011-11-02
EP1606899A2 (fr) 2005-12-21
WO2004084458A3 (fr) 2004-11-18

Similar Documents

Publication Publication Date Title
US20070189537A1 (en) WLAN session management techniques with secure rekeying and logoff
KR100832893B1 (ko) 무선 근거리 통신망으로 이동 단말의 보안 접근 방법 및 무선 링크를 통한 보안 데이터 통신 방법
JP3863852B2 (ja) 無線環境におけるネットワークへのアクセス制御方法及びこれを記録した記録媒体
EP1422875B1 (fr) Clef de transfert pour réseau sans fil
US8635456B2 (en) Remote secure authorization
US8161278B2 (en) System and method for distributing keys in a wireless network
EP1484856B1 (fr) Procede de distribution de cles de chiffrage dans un reseau lan sans fil
JP5597676B2 (ja) 鍵マテリアルの交換
JP2006180561A (ja) セキュア鍵及びログオフを用いるwlanセッション管理技術
US9392453B2 (en) Authentication
KR101309426B1 (ko) 모바일 네트워크에서 재귀 인증을 위한 방법 및 시스템
US20060059344A1 (en) Service authentication
EP1933498B1 (fr) Procede, systeme et dispositif de negociation a propos d'une cle de chiffrement partagee par equipement utilisateur et equipement externe
JP2006524017A (ja) 公的認証サーバで無線lanアクセスを制御するidマッピング機構
JP2006109449A (ja) 認証された無線局に暗号化キーを無線で提供するアクセスポイント
JP2007506329A (ja) Wlanセキュリティを向上させる方法
US20090028335A1 (en) System and method for secure access control in a wireless network
US7784086B2 (en) Method for secure packet identification
Sorman et al. Implementing improved WLAN security
Bakirdan et al. Security algorithms in wireless LAN: proprietary or nonproprietary
US20060173981A1 (en) Secure web browser based system administration for embedded platforms
WO2004084019A2 (fr) Gestion de systeme par navigateur web securise pour plates-formes imbriquees
KR100924315B1 (ko) 보안성이 강화된 무선랜 인증 시스템 및 그 방법
Nagesha et al. A Survey on Wireless Security Standards and Future Scope.
Rincon et al. On Securing Wireless LANs and Supporting Nomadic Users with Microsoft’s IPSec Implementation

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 20048063151

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 2006507069

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: PA/a/2005/009804

Country of ref document: MX

Ref document number: 1020057017159

Country of ref document: KR

ENP Entry into the national phase

Ref document number: 2006179305

Country of ref document: US

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 10549408

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2004719770

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020057017159

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2004719770

Country of ref document: EP

DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
WWP Wipo information: published in national office

Ref document number: 10549408

Country of ref document: US