CN115396874A - Privacy enhancement for Pairwise Master Key Security Association (PMKSA) caching - Google Patents

Abstract

The present disclosure relates to systems, methods, and devices for privacy enhancement. A device may determine that a privacy key is shared among multiple Access Points (APs) in the same Extended Service Set (ESS). The device may send a protected and authenticated Pairwise Master Key Identifier (PMKID).

Description

Privacy enhancement for Pairwise Master Key Security Association (PMKSA) caching

Technical Field

The present disclosure relates to systems and methods for wireless communication, and more particularly to privacy enhancement of PMKSA caching.

Background

Wireless devices are becoming more prevalent and requests for access to wireless channels are increasing. The Institute of Electrical and Electronics Engineers (IEEE) is setting one or more standards to use Orthogonal Frequency Division Multiple Access (OFDMA) in channel allocation.

Drawings

Fig. 1 is a network diagram illustrating an example network environment for privacy enhancement in accordance with one or more example embodiments of the present disclosure.

Fig. 2 is a schematic diagram illustrating privacy enhancement according to one or more example embodiments of the present disclosure.

Figure 3 is a diagram illustrating a common four-way handshake procedure.

Fig. 4 is a flow diagram schematically illustrating an AP device side in a privacy enhancement system according to one or more example embodiments of the present disclosure.

Fig. 5 is a flow diagram schematically illustrating a non-AP device side in a privacy enhancing system according to one or more example embodiments of the present disclosure.

Fig. 6 is a functional diagram illustrating an example communication station that may be suitable for use as a user equipment in accordance with one or more example embodiments of the present disclosure.

Fig. 7 is a block diagram illustrating an example machine on which any of one or more techniques (e.g., methods) may be performed according to one or more example embodiments of the present disclosure.

Fig. 8 is a block diagram of a radio architecture according to some examples.

Fig. 9 is a block diagram illustrating an example front end module circuit for use in the radio architecture of fig. 8, according to one or more example embodiments of the present disclosure.

Fig. 10 illustrates an example radio IC circuit for use in the radio architecture of fig. 8, according to one or more example embodiments of the present disclosure.

Fig. 11 illustrates an example baseband processing circuit for use in the radio architecture of fig. 8, according to one or more example embodiments of the present disclosure.

Detailed Description

The following description and the drawings sufficiently illustrate specific embodiments to enable those skilled in the art to practice them. Other embodiments may include structural, logical, electrical, process, algorithmic, and other changes. Portions and features of some embodiments may be included in or substituted for those of others. Embodiments set forth in the claims encompass all available equivalents of those claims.

Fig. 1 is a network diagram illustrating an example network environment for privacy enhancement according to some example embodiments of the present disclosure. Wireless network 100 may include one or more user devices 120 that may communicate in accordance with the IEEE802.11 communication standard. The user device 120 may be a mobile device that is non-stationary (e.g., does not have a fixed location), or may be a stationary device.

In some implementations, user device 120 and access point 102 can include one or more computer systems similar to the functional diagram of fig. 6 and/or the example machine/system of fig. 7.

One or more illustrative user devices 120 may be operated by one or more users 110. It should be noted that any addressable unit may be a Station (STA). A STA may exhibit a number of different characteristics, each of which shapes its functionality. For example, a single addressable unit may be a portable STA, a quality of service (QoS) STA, a dependent STA, and a hidden STA at the same time. One or more of the illustrative user devices 120 and the AP102 may be STAs. One or more illustrative user devices 120 and/or APs 102 may operate as Personal Basic Service Set (PBSS) control points/access points (PCPs/APs). User device 120 (e.g., 122, 124, 126, or 128) and/or AP102 may include any suitable processor-driven device, including but not limited to a mobile device or a non-mobile device (e.g., a stationary device). For example, the user device 120 may include a User Equipment (UE), a Station (STA), an Access Point (AP), a software-enabled AP (SoftAP), a Personal Computer (PC), a wearable wireless device (e.g., bracelet, watch, glasses, ring, etc.), desktop computer, mobile computer, laptopComputer and super notebook ^TM <xnotran> , , , , , , (IoT) , , (PDA) , PDA , , , (, PDA ), , , , , , , , PCS , PDA , (GPS) , (DVB) , , , CSLL (carry small live large) , (UMD), PC (UMPC), (MID), "origami" , (DCC) , , , , A/V , (STB), (BD) , BD , (DVD) , (HD) DVD , DVD , HD DVD , (PVR), HD , , , , , , , , (PMP), (DVC), , </xnotran> Speakers, audio receivers, audio amplifiers, gaming devices, data sources, data receivers, digital cameras (DSCs), media players, smart phones, televisions, music players, and the like. Other devices, including smart devices (e.g., lights, climate controls, automotive components, household components, appliances, etc.), may also be included in the list.

As used herein, the term "internet of things (IoT) device" is used to refer to any object (e.g., appliance, sensor, etc.) that has an addressable interface (e.g., an Internet Protocol (IP) address, a bluetooth Identifier (ID), a Near Field Communication (NFC) ID, etc.) and is capable of sending information to one or more other devices through wired or wireless association. IoT devices may have passive communication interfaces (e.g., quick Response (QR) codes, radio Frequency Identification (RFID) tags, NFC tags, etc.) or active communication interfaces (e.g., modems, transceivers, transmitter-receivers, etc.). IoT devices may have a particular set of attributes (e.g., device status or state (e.g., whether the IoT device is on or off, idle or active, available for task execution or busy, etc.), cooling or heating functions, environmental monitoring or recording functions, lighting functions, sound emitting functions, etc.), which may be embedded in and/or controlled/monitored by a Central Processing Unit (CPU), microprocessor, application Specific Integrated Circuit (ASIC), etc., and configured to be associated with an IoT network (e.g., a local ad-hoc network or the internet). For example, ioT devices may include, but are not limited to, refrigerators, toasters, ovens, microwave ovens, freezers, dishwashers, hand tools, washers, dryers, furnaces, air conditioners, thermostats, televisions, light fixtures, dust collectors, sprinklers, electricity meters, gas meters, etc., as long as the devices are equipped with an addressable communication interface for communicating with the IoT network. IoT devices may also include cell phones, desktop computers, laptop computers, tablet computers, PDAs, and the like. Thus, an IoT network may be composed of "legacy" internet-accessible devices (e.g., laptop or desktop computers, cell phones, etc.) as well as devices that typically do not have internet association (e.g., dishwashers, etc.).

User equipment 120 and/or AP102 may also comprise mesh stations in a mesh (mesh) network, for example, according to one or more IEEE802.11 standards and/or 3GPP standards.

Any user device 120 (e.g., user devices 124, 126, 128) and AP102 may be configured to communicate with each other, wirelessly or by wire, via one or more communication networks 130 and/or 135. The user devices 120 may also communicate with each other peer-to-peer or directly, with or without an AP. Any of the communication networks 130 and/or 135 may include, but are not limited to, any of a combination of different types of suitable communication networks, such as a broadcast network, a wired network, a public network (e.g., the internet), a proprietary network, a wireless network, a cellular network, or any other suitable proprietary and/or public network. Further, any of communication networks 130 and/or 135 may have any suitable communication range associated therewith and may include, for example, a global network (e.g., the internet), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a Local Area Network (LAN), or a Personal Area Network (PAN). Further, any of the communication networks 130 and/or 135 may include any type of medium that may carry network traffic, including but not limited to coaxial cable, twisted pair, fiber optic, hybrid Fiber Coaxial (HFC) medium, microwave terrestrial transceiver, radio frequency communication medium, white space communication medium, ultra-high frequency communication medium, satellite communication medium, or any combination thereof.

Any user device 120 (e.g., user devices 124, 126, 128) and AP102 may include one or more communication antennas. The one or more communication antennas may be any suitable type of antenna corresponding to the communication protocol used by user devices 120 (e.g., user devices 124, 126, 128) and AP 102. Some non-limiting examples of suitable communication antennas include Wi-Fi antennas, IEEE802.11 standards family compliant antennas, directional antennas, non-directional antennas, dipole antennas, folded dipole antennas, patch antennas, multiple-input multiple-output (MIMO) antennas, omni-directional antennas, quasi-omni-directional antennas, and the like. One or more communication antennas can be communicatively coupled to the radios to transmit signals (e.g., communication signals) to user devices 120 and/or receive signals from user devices 120.

Any user device 120 (e.g., user devices 124, 126, 128) and AP102 may be configured to perform directional transmission and/or directional reception in connection with wireless communication in a wireless network. Any user device 120 (e.g., user devices 124, 126, 128) and AP102 may be configured to perform such directional transmission and/or reception using a set of multiple antenna arrays (e.g., DMG antenna arrays, etc.). Each of the plurality of antenna arrays may be used for transmission and/or reception in a particular respective direction or range of directions. Any user device 120 (e.g., user devices 124, 126, 128) and AP102 can be configured to perform any given directional transmission to one or more defined transmit sectors. Any user device 120 (e.g., user devices 124, 126, 128) and AP102 may be configured to perform any given directional reception from one or more defined reception sectors.

MIMO beamforming in a wireless network may be implemented using Radio Frequency (RF) beamforming and/or digital beamforming. In some embodiments, user device 120 and AP102 may be configured to perform MIMO beamforming using all or a subset of its one or more communication antennas when performing a given MIMO transmission.

Any user device 120 (e.g., user devices 124, 126, 128) and AP102 may include any suitable radio and/or transceiver for transmitting and/or receiving RF signals in a bandwidth and/or channel corresponding to a communication protocol used by any user device 120 and AP102 to communicate with each other. The radio may include hardware and/or software for modulating and/or demodulating communication signals according to a pre-established transmission protocol. The radio may also have hardware and/or software instructions to communicate via one or more Wi-Fi and/or Wi-Fi direct protocols standardized by the IEEE802.11 standard. In some example embodiments, the radio in cooperation with the communications antenna may be configured to communicate via a 2.4GHz channel (e.g., 802.11b, 802.11g, 802.11n, 802.11 ax), a 5GHz channel (e.g., 802.11n, 802.11ac, 802.11 ax), or a 6GHz channel (e.g., 802.11ad, 802.11 ay), an 800MHz channel (e.g., 802.11 ah). The communication antenna may operate at 28GHz and 40 GHz. It should be appreciated that this list of communication channels according to some 802.11 standards is only a partial list, and other 802.11 standards (e.g., next generation Wi-Fi or other standards) may be used. In some implementations, non-Wi-Fi protocols may be used for communication between devices, such as bluetooth, dedicated Short Range Communication (DSRC), ultra High Frequency (UHF) (e.g., IEEE802.11 af, IEEE 802.22), white band frequencies (e.g., white space), or other packetized radio communication. The radio may comprise any known receiver and baseband suitable for communicating via a communication protocol. The radio components may also include a Low Noise Amplifier (LNA), additional signal amplifiers, analog-to-digital (a/D) converters, one or more buffers, and a digital baseband.

Multi-link framework

While being endlessly pursued for achieving high throughput, the 802.11be protocol creates a framework that allows multi-link connection when connecting to a network (refer to fig. 2).

The two parties of communication are two multi-link devices, including a plurality of STAs which can establish links with each other. The detailed definitions are as follows.

Multi-link device (MLD): a logical entity containing one or more STAs. The logical entity has a MAC data service interface and primitives to Logical Link Control (LLC) and a single address associated with the interface that is available for communication in the Distribution System Medium (DSM).

It should be noted that the multilink device allows STAs within the multilink logical entity to have the same MAC address. And the exact name may be changed.

For the infrastructure framework there is a multi-link AP device comprising an AP on one side and a multi-link non-AP device comprising a non-AP device on the other side. The detailed definitions are as follows.

Multi-link AP device: a multi-link device, each STA within the multi-link device being an Extremely High Throughput (EHT) AP.

Multi-link non-AP device: a multi-link device, each STA within the multi-link device being a very high throughput non-AP (EHT) STA.

It should be noted that this framework is a natural extension of the single link operation between two STAs (AP and non-AP STAs) under the infrastructure framework.

MAC address of MLD

Each MLD has an MLD MAC address. Each STA of MLD also has a STA MAC address.

Different STAs of the MLD have different MAC addresses. The MAC address of the MLD may be the same as or different from one of the MAC addresses of the STAs of the MLD.

The MAC address of MLD is introduced to ensure that: the conventional mapping of AP and STA in the higher layer view is reserved in the multilink independently of the MAC address used by the STA of MLD, which is replaced by AP MLD and non-AP MLD.

Reasons for sending protected and authenticated PMKSA information

The Pairwise Master Key Identifier (PMKID) is an identifier used to represent a Pairwise Master Key Security Association (PMKSA) that results from a successful ieee802.1x authentication or pre-shared key (PSK) between the peer and the Authentication Server (AS).

If the PMKID loaded (carry) in the (re) association request frame is identified by the opposite end, the authentication between the two parties needed to derive the PMK or Master Pairwise Master Key (MPMK) can be skipped for authentication of fast roaming (FT) initial mobile domain association to save time needed for initial association. This mechanism is called PMKSA caching.

While PMKID is a powerful mechanism to save initial association complexity, it also introduces privacy risks. In particular, the wireless device may randomize (re) the MAC address used in the association request frame to avoid tracking. However, if the wireless device also uses PMKSA buffering, the unique PMKID is still loaded in the (re-) association request frame and can then still be tracked using PMKID instead of MAC address. Therefore, PMKID should be modified to enhance privacy.

Furthermore, previous solutions require that each AP or AP MLD in the same Extended Service Set (ESS) is aware of the modified PMKID so that STAs can use the modified PMKID between APs or AP MLDs in the same ESS. This can be done if each AP or AP MLD updates the central controller on the PMKID and associated PMK and always contacts the controller on the PMKID and corresponding PMK for each AP or AP MLD in the same ESS for a given PMK when processing the received PMKID and propagating the updated PMKID. However, the AP or AP MLD has no way to locally cache PMKIDs and corresponding PMKs and always needs to contact the central controller to assign varying PMKIDs to each AP or AP MLD in the same ESS, which has significant propagation requirements. Thus, in view of PMKSA caching, the protected and authenticated PMKSA information generated by the shared privacy key of each AP or AP MLD in the same ESS should be used to enhance privacy.

Protected and authenticated PMKSA information sending flow

In one or more embodiments below, the present disclosure is described by summarizing a flow between two entities, where the two entities may be a non-AP STA and AP or a non-AP MLD and AP MLD. Then, the protected and authenticated PMKSA information transmission flow is described in detail.

(1) MAC addresses of two entities for use in sending protected and authenticated PMKSA information

In the case where the two entities are a Non-AP STA and an AP, the Non-AP STA is identified by its STA MAC address (SPA) and the AP is identified by its MAC address (AA). Alternatively, the non-AP STA is identified by its private MAC address (SPA), which is transmitted with the encrypted message.

In the case where the two entities are Non-AP MLD and AP MLD, the Non-AP MLD is identified by its MLD MAC address (SPA) and the AP MLD is identified by its MLD MAC address (AA). Alternatively, the non-AP MLD is identified by its private MAC address (SPA), which is transmitted with the encrypted message.

(2) PMKSA information indicating support and use of protection and authentication

For the entity side responding to the (re) association request, indicating that protected and authenticated PMKSA information is supported:

for the AP, one bit in a robust secure network extension element (RSNXE) is used to indicate that the protected and authenticated PMKSA information is supported.

For the AP MLD, one bit in the RSNXE sent by each affiliated AP of the AP MLD is used to indicate that the protected and authenticated PMKSA information is supported. All affiliated APs of the AP MLD indicate that the value of the PMKSA information supporting protection and authentication is the same.

For the entity side that sends the (re) association request, indicating the use of protected and authenticated PMKSA information:

the PMKSA information indicating the use of protection and authentication may be one bit in an element defined for privacy purposes.

The indication to use protected and authenticated PMKSA information may multiplex capability bits (capability bits) and for both entities, if both protected and authenticated PMKSA information is supported, the protected and authenticated PMKSA information will be used.

An indication of the use of protected and authenticated PMKSA information may be loaded in the authentication frame (e.g., an element defined for privacy purposes or a capability bit in RSNXE).

(3) Generating protected and authenticated PMKSA information

Protected and authenticated PMKSA information is generated as ciphertext using an operating mode of a block cipher (e.g., AES-SIV, AES-GCM, AES-CCM), plaintext, and a common privacy key shared in an AP or AP MLD in the same ESS.

The plaintext is generated by concatenating plaintext PMKSA information and a random string, wherein the plaintext PMKSA information includes one or more of: PMKID, PMK, authentication and Key Management Protocol (AKMP), all authorization parameters specified by the AS or local configuration, and MAC addresses of the AP or AP MLD and non-AP STA or non-AP MLD, or a combination thereof.

APs or AP MLDs in the same ESS, e.g., the same Service Set Identifier (SSID), share a common privacy key, identified by a key field ID. The key domain ID is loaded in an element, such as a privacy enhanced element.

(4) Sending protected and authenticated PMKSA information

Figure 3 shows a four-way handshake between two entities. After the non-AP STA completes authentication and association with the AP, a four-way handshake is started.

Message 1: the AP transmits an EAPOL message with Anonce (random number) to the non-AP STA to generate a Pairwise Transient Key (PTK). The Non-AP STA knows the MAC address (AA) of the AP and has a PMK. Once the non-AP STA receives an Anonce from the AP, the non-AP STA has all the inputs to create the PTK.

PTK＝PRF(PMK+Anonce+SNonce+Mac(AA)+Mac(SPA))

And (2) message: a second message with Snonce and Message Integrity Check (MIC) is sent from the non-AP STA to the AP. Specifically, once the non-AP STA creates its PTK, the non-AP STA also transmits the SNonce required by the AP to generate the PTK. The AP can authenticate whether the message is corrupted or modified by the MIC sent by the non-AP STA. Once the AP receives the SNonce, the AP may also generate a PTK for unicast traffic encryption.

Message 3: EAPOL message 3, which contains GTK and MIC, is sent from the AP to the non-AP STA. The Non-AP STA compares the received MIC with its own MIC. When the two MICs are equal, the non-AP STA installs the key.

And (4) message: a fourth and final EPOL message is sent from the non-AP STA to the AP to confirm that the key has been installed.

Upon successful completion of the four-way handshake, the virtual control port that blocks all traffic will be opened and the encrypted traffic can now flow through. Now all unicast traffic will be encrypted by the PTK and all multicast traffic will be encrypted by the GTK created in the four-way handshake procedure.

The protected and authenticated PMKSA is, after generation, loaded in a message 3 Key Data Encapsulation (KDE) of a four-way handshake (format as shown in table 1), where message 3 is sent by the entity sending the (re-) association response, e.g. AP or AP MLD.

TABLE 1

The protected and authenticated PMKSA information is generated as follows:

the plaintext PMKSA information and the random character string are concatenated to generate a character string p. One example is as follows.

The plaintext PMKSA information should be prepended with one or more octets of padding, where the first byte indicates the length of the padding-e.g., if there are four octets of padding, the sequence will be 4-0-0-0, if there is only one octet of padding, the sequence will simply be 1-the length of the padding should change each time the encrypted PMKSA information is generated;

the padded plaintext PMKSA information should be concatenated to a random string of eight octets to generate a string p;

ciphertext c is generated as pk of a shared key and as p in plaintext on AP or AP MLD of the same ESS using an operating mode of a block cipher (e.g., AES-SIV, AES-GCM, AES-CCM);

the PMKSA information protected and authenticated is c.

The protected and authenticated PMKSA information is loaded by the entity initiating the connection in an element of the authentication frame or (re) association frame, e.g. a non-AP STA or a non-AP MLD, where the format of the element is shown in table 2.

TABLE 2

There may be a list of protected and authenticated PMKSA information in the format shown in table 3.

TABLE 3

(5) Decrypting protected and authenticated PMKSA information

The entity accepting the connection decrypts the protected and authenticated PMKSA information. The string c is extracted from the protected and authenticated PMKSA information element and plaintext is generated by decryption using the operation mode of the block cipher (i.e., AES-SIV, AES-GCM, AES-CCM), the privacy key, and the ciphertext. If the cryptographic decryption of all protected and authenticated PMKSA information fails, the authentication or association attempt fails. Otherwise, if the password decryption of the protected and authenticated PMKSA information is successful, the random character string is removed, and the rest part becomes the decrypted PMKSA information. The decrypted PMKSA information is then used to skip the process of generating PMK and PMKSA.

Communication flow of two entities supporting protected and authenticated PMKSA information

The key points of the protected and authenticated PMKSA information are explained above. As described above, the present disclosure relates to two entities, which may be a non-AP MLD and an AP MLD, or may be a non-AP STA and an AP. In the present disclosure, an example of the procedure between a non-AP STA and an AP is given. It is to be understood that the following description is intended to be illustrative, and not restrictive. This step is explained with reference to fig. 4 and 5, which show the actions of the non-AP STA and AP, respectively.

Step 401 of AP and step 501 of non-AP STA: and the Non-AP STA and the AP carry out open authentication. The Non-AP STA uses the first STA MAC address.

Step 402 of AP and step 502 of non-AP STA: the Non-AP STA and the AP do not need to use PMKID to perform first association request/response.

Step 403 of AP and step 503 of non-AP STA: and the Non-AP STA and the AP carry out 802.1X authentication. In this step, the non-AP STA and the AP obtain the first PMKID based on the first STA MAC address or the private MAC address of the non-AP STA, respectively.

Step 404 of AP and step 504 of non-AP STA: the Non-AP STA and the AP perform a first four-way handshake, wherein the Non-AP STA transmits its private MAC address, and the AP transmits protected and authenticated PMKSA information. It should be noted that the PMKSA is established between the private MAC address of the non-AP STA and the MAC address of the AP.

Non-AP STA step 505: the Non-AP STA disassociates from the AP.

Non-AP STA step 506: the STA MAC address of the Non-AP STA is changed from the first STA MAC address to the second STA MAC address.

Step 405 of AP and step 507 of non-AP STA: the Non-AP STA sends a second association request frame with the second STA MAC address and the protected and authenticated PMKSA information. The AP receives a second association request frame from the non-AP STA.

Step 406 of the AP: the AP decrypts the protected and authenticated PMKSA information and discovers the plaintext PMKSA information to recognize that the PMK applies to the non-AP STA's private MAC address and second MAC address and accepts the second association even if the STA MAC addresses are different at this time.

Step 407 of AP and step 508 of non-AP STA: since the AP identifies a non-AP STA that was previously successfully authenticated, the AP skips the 802.1X authentication and directly initiates a second four-way handshake. During the second four-way handshake, the non-AP STA passes on its private MAC address and the AP passes on another protected and authenticated PMKSA information. Although the protected and authenticated PMKSA information is different from the previous one, they all identify the same plaintext PMKSA information.

Steps 405 to 407 of the AP and steps 505 to 508 of the non-AP STA are repeatedly performed until the link between the AP and the STA is disconnected.

According to the above steps, the PMKID and the local buffer of PMK of each AP or AP MLD can be used all the time, the PMKID only needs to be propagated to the central controller or all the APs or AP MLDs in the same ESS once, and each AP only needs to be connected to the central controller once for unknown PMKID.

Furthermore, the PMK may also be included in the encryption, so that each AP may include the PMK directly in the encryption without contacting the central controller.

Fig. 6 illustrates a functional diagram of an exemplary communication station 600 in accordance with one or more example embodiments of the present disclosure. In one embodiment, fig. 6 illustrates a functional block diagram of a communication station that may be suitable for use as AP102 (fig. 1) or user equipment 120 (fig. 1) in accordance with some embodiments. Communication station 600 may also be suitable for use as a handheld device, mobile device, cellular telephone, smartphone, tablet computer, netbook, wireless terminal, laptop computer, wearable computer device, femtocell, high Data Rate (HDR) subscriber station, access point, access terminal, or other Personal Communication System (PCS) device.

Communication station 600 may include communication circuitry 602 and transceiver 610 for transmitting signals to and receiving signals from other communication stations using one or more antennas 601. The communication circuitry 602 may include circuitry that may operate physical layer (PHY) communication and/or MAC communication for controlling access to a wireless medium, and/or any other communication layer for transmitting and receiving signals. The communication station 600 may also include processing circuitry 606 and memory 608 arranged to perform the operations described herein. In some implementations, the communication circuitry 602 and the processing circuitry 606 may be configured to perform the operations detailed in the above figures, diagrams, and flows.

According to some embodiments, the communication circuitry 602 may be arranged to: contend for the wireless medium, and configure frames or packets for communication over the wireless medium. The communication circuitry 602 may be arranged to transmit and receive signals. The communication circuitry 602 may also include circuitry for modulation/demodulation, up/down conversion, filtering, amplification, and so forth. In some implementations, the processing circuitry 606 of the communication station 600 may include one or more processors. In other embodiments, two or more antennas 601 may be coupled to the communication circuitry 602 arranged to transmit and receive signals. The memory 608 may store information for configuring the processing circuit 606 to perform operations for configuring and transmitting message frames and to perform various operations described herein. Memory 608 may include any type of memory, including non-transitory memory, for storing information in a form readable by a machine (e.g., a computer). For example, memory 608 may include a computer-readable storage device, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk storage media, an optical storage media, a flash memory device, and other storage devices and media.

In some implementations, the communication station 600 may be part of a portable wireless communication device, such as a PDA, a laptop or portable computer with wireless communication capability, a web tablet, a wireless telephone, a smart phone, a wireless headset, a pager, an instant messaging device, a digital camera, an access point, a television, a medical device (e.g., a heart rate monitor, a blood pressure monitor, etc.), a wearable computer device, or another device that may receive and/or transmit information wirelessly.

In some embodiments, communication station 600 may include one or more antennas 601. Antenna 601 may include one or more directional or omnidirectional antennas, including, for example, dipole antennas, monopole antennas, patch antennas, loop antennas, microstrip antennas or other types of antennas suitable for transmission of RF signals. In some embodiments, instead of two or more antennas, a single antenna with multiple apertures may be used. In these embodiments, each aperture may be considered a separate antenna. In some MIMO embodiments, the antennas may be effectively separated for spatial diversity and different channel characteristics that may arise between the antennas and the antennas of the transmitting station.

In some implementations, the communication station 600 may include one or more of a keyboard, a display, a non-volatile memory port, multiple antennas, a graphics processor, an application processor, speakers, and other mobile device elements. The display may be a Liquid Crystal Display (LCD) screen including a touch screen.

Although communication station 600 is illustrated as having several separate functional elements, two or more of the functional elements may be combined and may be implemented by combinations of software-configured elements, such as processing elements including Digital Signal Processors (DSPs), and/or other hardware elements. For example, some elements may comprise one or more microprocessors, DSPs, field Programmable Gate Arrays (FPGAs), ASICs, radio-frequency integrated circuits (RFICs), and combinations of various hardware and logic circuitry for performing at least the functions described herein. In some embodiments, the functional elements of communication station 600 may refer to one or more processes operating on one or more processing elements.

Some embodiments may be implemented in one or a combination of hardware, firmware, and software. Other embodiments may also be implemented as instructions stored on a computer-readable storage device, which may be read and executed by at least one processor to perform the operations described herein. A computer-readable storage device may include any non-transitory memory mechanism for storing information in a form readable by a machine (e.g., a computer). For example, computer-readable storage devices may include ROM, RAM, magnetic disk storage media, optical storage media, flash memory devices, and other storage devices and media. In some embodiments, communication station 600 may include one or more processors and may be configured with instructions stored on a computer-readable storage device.

Fig. 7 illustrates a block diagram of an example of a machine 700 or system on which any one or more of the techniques (e.g., methods) discussed herein may be performed. In other embodiments, the machine 700 may operate as a standalone device or may be associated (e.g., networked) to other machines. In a networked deployment, the machine 700 may operate in the role of a server machine, a client machine, or both in server-client network environments. In an example, the machine 700 may operate in a peer-to-peer (P2P) (or other distributed) network environment as a peer machine. The machine 700 may be a PC, a tablet PC, a STB, a PDA, a mobile telephone, a wearable computer device, a network appliance, a network router, a web bridge, or any machine capable of executing instructions (sequential or otherwise) that specify actions to be taken by that machine (e.g., a base station). Further, while only a single machine is illustrated, the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein, such as cloud computing, software as a service (SaaS), or other computer cluster configurations.

Examples as described herein may include, or may operate on, logic or multiple components, modules, or mechanisms. A module is a tangible entity (e.g., hardware) capable, when operated, of performing specified operations. The modules include hardware. In an example, the hardware may be specifically configured to perform certain operations (e.g., hardwired). In another example, the hardware may include configurable execution units (e.g., transistors, circuits, etc.) and a computer readable medium containing instructions that configure the execution units to perform specific operations when operated. Configuration may occur under the direction of an execution unit or loading mechanism. Thus, when the device is operating, the execution unit is communicatively coupled to the computer-readable medium. In this example, an execution unit may be a member of more than one module. For example, in operation, an execution unit may be configured by a first set of instructions to implement a first module at one point in time and reconfigured by a second set of instructions to implement a second module at a second point in time.

The machine (e.g., computer system) 700 may include a hardware processor 702 (e.g., a CPU, a Graphics Processing Unit (GPU), a hardware processor core, or any combination thereof), a main memory 704 and a static memory 706, some or all of which may communicate with each other via an interconnect (e.g., bus) 708. The machine 700 may also include a power management device 732, a graphical display device 710, an alphanumeric input device 712 (e.g., a keyboard), and a User Interface (UI) navigation device 714 (e.g., a mouse). In an example, the graphical display device 710, the alphanumeric input device 712, and the UI navigation device 714 may be a touch screen display. The machine 700 may additionally include a storage device (i.e., drive unit) 716, a signal generation device 718 (e.g., a speaker), a privacy enhancement device 719, a network interface device/transceiver 720 coupled to an antenna 730, and one or more sensors 728 (e.g., a GPS sensor, compass, accelerometer, or other sensor). The machine 700 may include an output controller 734, such as a serial (e.g., universal Serial Bus (USB)), parallel, or other wired or wireless (e.g., infrared (IR), near Field Communication (NFC), etc.) association to communicate with or control one or more peripheral devices (e.g., printer, card reader, etc.). Operations according to one or more example embodiments of the present disclosure may be performed by a baseband processor. The baseband processor may be configured to generate a corresponding baseband signal. The baseband processor may also include a physical layer (PHY) and MAC circuitry, and may also interface with the hardware processor 702 for generating and processing baseband signals and controlling the operation of the main memory 704, storage 716 and/or privacy enhancing devices 719. The baseband processor may be provided on a single wireless circuit card, a single chip, or an Integrated Circuit (IC).

The storage 716 may include a machine-readable medium 722 on which is stored one or more sets of data structures or instructions 724 (e.g., software) embodying or used by any one or more of the techniques or functions described herein. The instructions 724 may also reside, completely or at least partially, within the main memory 704, within static memory 706, or within the hardware processor 702 during execution thereof by the machine 700. In an example, one or any combination of the hardware processor 702, the main memory 704, the static memory 706, or the storage device 716 may constitute machine-readable media.

The privacy enhancing device 719 may perform any of the operations and processes described and illustrated above.

It is to be understood that the above are only a subset of the privacy enhancing device 719 that may be configured to perform, and that other functions included throughout this disclosure may also be performed by the privacy enhancing device 719. .

While the machine-readable medium 722 is shown to be a single medium, the term "machine-readable medium" can include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that are configured to store the one or more instructions 724.

Various embodiments may be implemented in whole or in part in software and/or firmware. The software and/or firmware may take the form of instructions contained in or on a non-transitory computer-readable storage medium. Those instructions may then be read and executed by one or more processors to enable performance of the operations described herein. The instructions may be in any suitable form, such as but not limited to source code, compiled code, interpreted code, executable code, static code, dynamic code, and the like. Such computer-readable media may include any tangible, non-transitory media for storing information in one or more computer-readable forms, such as, but not limited to, ROM, RAM, magnetic disk storage media, optical storage media, flash memory, and the like.

The term "machine-readable medium" may include any medium that is capable of storing, encoding or carrying instructions for execution by the machine 700 and that cause the machine 700 to perform any one or more of the techniques of this disclosure, or that is capable of storing, encoding or carrying data structures used by or associated with such instructions. Non-limiting examples of machine-readable media may include solid-state memory, as well as optical and magnetic media. In an example, a mass machine-readable medium includes a machine-readable medium having a plurality of particles with a static mass. Specific examples of a mass machine-readable medium may include non-volatile memory, such as semiconductor memory devices (e.g., electrically programmable read-only memory (EPROM) or electrically erasable programmable read-only memory (EEPROM)) and flash memory devices); magnetic disks, such as internal hard disks and removable disks; magneto-optical disks; CD-ROM and DVD-ROM disks.

The instructions 724 may further be transmitted or received over a communication network 726 using a transmission medium via the network interface device/transceiver 720 using any one of a number of transmission protocols (e.g., frame relay, IP, transmission Control Protocol (TCP), user Datagram Protocol (UDP), hypertext transfer protocol (HTTP), etc.). Example communication networks may include a LAN, WAN, packet data network (e.g.,the internet), mobile telephone networks (e.g., cellular networks), plain Old Telephone (POTS) networks, wireless data networks (e.g., known as

Of the IEEE802.11 family of standards, called

IEEE802.16 family of standards), IEEE802.15.4 family of standards, and P2P networks, among others. In an example, the network interface device/transceiver 720 can include one or more physical jacks (e.g., ethernet jacks, coaxial jacks, or telephone jacks) or one or more antennas to associate with the communication network 726. In an example, the network interface device/transceiver 720 may include multiple antennas to wirelessly communicate using at least one of single-input multiple-output (SIMO), multiple-input multiple-output (MIMO), or multiple-input single-output (MISO) techniques. The term "transmission medium" shall be taken to include any intangible medium that is capable of storing, encoding or carrying instructions for execution by the machine 700, and includes digital or analog communications signals or other intangible medium to facilitate communication of such software.

The operations and processes described and illustrated above may be performed or carried out in any suitable order as desired in various implementations. Further, in some implementations, at least a portion of the operations may be performed in parallel. Further, in some implementations, fewer or more operations than described may be performed.

Fig. 8 is a block diagram of a radio architecture 105A, 105B, according to some embodiments, which may be implemented in any of the example AP102 and/or the example STA 120 of fig. 1. The radio architectures 105A, 105B may include radio Front End Module (FEM) circuits 804a-B, radio IC circuits 806a-B, and baseband processing circuits 808a-B. The radio architectures 105A, 105B as shown include WLAN functionality and Bluetooth (BT) functionality, but embodiments are not so limited. In this disclosure, "WLAN" and "Wi-Fi" are used interchangeably.

The FEM circuits 804a-b may include a WLAN or Wi-Fi FEM circuit 804a and a BT FEM circuit 804b. WLAN FEM circuitry 804a may include a receive signal path including circuitry configured to operate on WLAN RF signals received from one or more antennas 801, amplify the received signals, and provide an amplified version of the received signals to WLAN radio IC circuitry 806a for further processing. BT FEM circuitry 804b may include a receive signal path that may include circuitry configured to operate on BT RF signals received from one or more antennas 801, amplify the receive signal, and provide an amplified version of the receive signal to BT radio IC circuitry 806b for further processing. FEM circuitry 804a may also include a transmit signal path, which may include circuitry configured to amplify WLAN signals provided by radio IC circuitry 806a for wireless transmission through one or more antennas 801. Further, FEM circuitry 804b may also include a transmit signal path, which may include circuitry configured to amplify BT signals provided by radio IC circuitry 806b for wireless transmission through one or more antennas. In the embodiment of fig. 8, although FEM804a and FEM804b are shown as being different from each other, embodiments are not limited thereto and include within their scope: a FEM (not shown) is used that contains transmit and/or receive paths for both WLAN and BT signals, or one or more FEM circuits are used, where at least some of the FEM circuits share transmit and/or receive signal paths for both WLAN and BT signals.

The radio IC circuits 806a-b as shown may include a WLAN radio IC circuit 806a and a BT radio IC circuit 806b. WLAN radio IC circuitry 806a may include a receive signal path that may include circuitry to down-convert a WLAN RF signal received from FEM circuitry 804a and provide a baseband signal to WLAN baseband processing circuitry 808 a. The BT radio IC circuitry 806b may also include a receive signal path that may include circuitry to down-convert BT RF signals received from the FEM circuitry 804b and provide baseband signals to the BT baseband processing circuitry 808b. The WLAN radio IC circuitry 806a may also include a transmit signal path that may include circuitry to up-convert WLAN baseband signals provided by the WLAN baseband processing circuitry 808a and provide a WLAN RF output signal to the FEM circuitry 804a for subsequent wireless transmission through the one or more antennas 801. BT radio IC circuitry 806b may also include a transmit signal path that may include circuitry to up-convert BT baseband signals provided by BT baseband processing circuitry 808b and provide BT RF output signals to FEM circuitry 804b for subsequent wireless transmission via one or more antennas 801. In the embodiment of fig. 8, although the radio IC circuits 806a and 806b are shown as being different from each other, the embodiment is not limited thereto and included within their scope; a radio IC circuit (not shown) containing transmit and/or receive signal paths for both WLAN and BT signals is used, or one or more radio IC circuits are used, wherein at least some of the radio IC circuits share transmit and/or receive signal paths for both WLAN and BT signals.

The baseband processing circuits 808a-b may include a WLAN baseband processing circuit 808a and a BT baseband processing circuit 808b. The WLAN baseband processing circuitry 808a may include a memory, such as a set of RAM arrays of fast fourier transform or inverse fast fourier transform blocks (not shown) of the WLAN baseband processing circuitry 808 a. Each of the WLAN baseband circuitry 808a and BT baseband circuitry 808b may also include one or more processors and control logic to process signals received from a corresponding WLAN or BT receive signal path of the radio IC circuitry 806a-b and also to generate corresponding WLAN or BT baseband signals for a transmit signal path of the radio IC circuitry 806 a-b. Each of the baseband processing circuits 808a and 808b may also include PHY and MAC circuits and may also interface with devices for generating and processing baseband signals and controlling operation of the radio IC circuits 806 a-b.

Still referring to fig. 8, in accordance with the illustrated embodiment, the WLAN-BT coexistence circuit 813 may include logic to provide an interface between the WLAN baseband circuit 808a and the BT baseband circuit 808b to implement use cases requiring WLAN and BT coexistence. Further, a switch 803 may be provided between the WLAN FEM circuit 804a and the BT FEM circuit 804b to allow switching between WLAN and BT radios according to application needs. Further, while the antenna 801 is depicted as being associated with the WLAN FEM circuitry 804a and the BT FEM circuitry 804b, respectively, embodiments include within their scope: one or more antennas are shared between the WLAN and BT FEMs, or more than one antenna associated to each FEM804a or 804b is provided.

In some embodiments, the front-end module circuitry 804a-b, the radio IC circuitry 806a-b, and the baseband processing circuitry 808a-b may be provided on a single wireless circuit card (radio card) (e.g., wireless circuit card 802). In some other implementations, one or more antennas 801, FEM circuits 804a-b, and radio IC circuits 806a-b may be provided on a single wireless circuit card. In some other implementations, the radio IC circuits 806a-b and the baseband processing circuits 808a-b may be provided on a single chip or IC (e.g., IC 812).

In some implementations, wireless circuit card 802 may comprise a WLAN wireless circuit card and may be configured for Wi-Fi communication, although the scope of the implementations is not limited in this respect. In some of these embodiments, the radio architectures 105A, 105B may be configured to receive and transmit Orthogonal Frequency Division Multiplexed (OFDM) or OFDMA communication signals over a multicarrier communication channel. The OFDM or OFDMA signal may include a plurality of orthogonal subcarriers.

In some of these multicarrier implementations, the radio architectures 105A, 105B may be part of a Wi-Fi communication Station (STA) (e.g., a wireless Access Point (AP), a base station, or a mobile device including a Wi-Fi device). In some of these embodiments, the radio architecture 105A, 105B may be configured to: signals may be transmitted and received in accordance with particular communication standards and/or protocols, such as any of the IEEE standards, including the 802.11n-2009, IEEE 802.11-2012, IEEE 802.11-2016, 802.11n-2009, 802.11ac, 802.11ah, 802.11ad, 802.11ay, and/or 802.11ax standards, and/or specifications set forth for WLANs, although the scope of embodiments is not limited in this respect. The radio architectures 105A, 105B may also be adapted to transmit and/or receive communications in accordance with other techniques and standards.

In some embodiments, the radio architectures 105A, 105B may be configured for high-efficiency Wi-Fi (HEW) communications in accordance with the ieee802.11ax standard. In these embodiments, radio architectures 105A, 105B may be configured to communicate in accordance with OFDMA techniques, although the scope of the embodiments is not limited in this respect.

In some other embodiments, the radio architecture 105A, 105B may be configured to: transmit signals using one or more other modulation techniques and receive signals transmitted using one or more other modulation techniques such as spread spectrum modulation (e.g., direct sequence code division multiple access (DS-CDMA) and/or frequency hopping code division multiple access (FH-CDMA)), time Division Multiplexing (TDM) modulation, and/or Frequency Division Multiplexing (FDM) modulation, although the scope of the embodiments is not limited in this respect.

In some embodiments, as further shown in fig. 8, the BT baseband circuitry 808b may conform to a BT-associated standard, such as bluetooth, bluetooth 8.0, or bluetooth 6.0, or any other generation of the bluetooth standard.

In some implementations, the radio architecture 105A, 105B may include other wireless circuit cards, e.g., cellular wireless circuit cards configured for cellular (e.g., 5GPP such as LTE, LTE-Advanced, or 7G communications).

In some IEEE802.11 implementations, radio architectures 105A, 105B may be configured for communication over various channel bandwidths, including bandwidths having center frequencies of approximately 900MHz, 2.4GHz, 5GHz, and bandwidths of approximately 2MHz, 4MHz, 5MHz, 5.5MHz, 6MHz, 8MHz, 10MHz, 20MHz, 40MHz, 80MHz (continuous bandwidth), or 80+80MHz (160 MHz) (discontinuous bandwidth). In some embodiments, a 920MHz channel bandwidth may be used. However, the scope of embodiments is not limited to the above center frequencies.

Fig. 9 illustrates a WLAN FEM circuit 804a according to some embodiments. While the example of fig. 9 is described in connection with WLAN FEM circuitry 804a, the example of fig. 9 may be described in connection with example BT FEM circuitry 804b (fig. 8), other circuit configurations may also be suitable.

In some embodiments, FEM circuitry 804a may include a TX/RX (transmit/receive) switch 902 to switch between transmit mode and receive mode operation. FEM circuit 804a may include a receive signal path and a transmit signal path. The receive signal path of FEM circuitry 804a may include an LNA) 906 to amplify received RF signal 903 and provide an amplified received RF signal 907 as an output (e.g., to radio IC circuitry 806a-b (fig. 8)). The transmit signal path of circuit 804a may include: a Power Amplifier (PA) to amplify an input RF signal 909 (e.g., provided by radio IC circuits 806 a-b) and one or more filters 912, such as Band Pass Filters (BPFs), low Pass Filters (LPFs), or other types of filters, to generate an RF signal 915 for subsequent transmission via an example duplexer 914 (e.g., by one or more antennas 801 (fig. 8)).

In some dual mode implementations for Wi-Fi communications, FEM circuitry 804a may be configured to operate in the 2.4GHz spectrum or the 5GHz spectrum. In these embodiments, as shown, the receive signal path of FEM circuit 804a may include a receive signal path duplexer 904 to separate signals from each spectrum and provide a separate Low Noise Amplifier (LNA) 906 for each spectrum. In these embodiments, the transmit signal path of FEM circuit 804a may also include power amplifiers 910 and filters 912 (e.g., BPFs, LPFs, or another type of filter) for each spectrum, as well as a transmit signal path duplexer 904 to provide signals of one of the different spectrums onto a single transmit path for subsequent transmission through one or more antennas 801 (fig. 8). In some embodiments, BT communications may utilize a 2.4GHz signal path and may utilize the same FEM circuitry 804a as is used for WLAN communications.

Fig. 10 illustrates a radio IC circuit 806a according to some embodiments. The radio IC circuit 806a is one example of a circuit that may be suitable for use as the WLAN or BT radio IC circuits 806a/806b (fig. 8), but other circuit configurations may also be suitable. Alternatively, the example of fig. 10 may be described in connection with the example BT radio IC circuit 806b.

In some implementations, the radio IC circuit 806a can include a receive signal path and a transmit signal path. The receive signal path of radio IC circuit 806a may include at least a mixer circuit 1002 (e.g., a down-conversion mixer circuit), an amplifier circuit 1006, and a filter circuit 1008. The transmit signal path of the radio IC circuit 806a can include at least a filter circuit 1012 and a mixer circuit 1014 (e.g., an up-conversion mixer circuit). Radio IC circuitry 806a may also include synthesizer circuitry 1004 for synthesizing frequency 1005 for use by mixer circuitry 1002 and mixer circuitry 1014. According to some embodiments, mixer circuits 1002 and/or 1014 may each be configured to provide direct conversion functionality. The latter type of circuit presents a simpler architecture than standard superheterodyne mixer circuits and any flicker noise brought by it can be mitigated by using OFDM modulation, for example. Fig. 10 shows only a simplified version of a radio IC circuit, and may include (although not shown) embodiments in which each of the depicted circuits may include more than one component. For example, the mixer circuits 1014 may each include one or more mixers, and the filter circuits 1008 and/or 1012 may each include one or more filters, e.g., one or more BPFs and/or LPFs, as desired by the application. For example, when the mixer circuits are of the direct conversion type, they may each comprise two or more mixers.

In some embodiments, the mixer circuit 1002 may be configured to: the RF signal 907 received from the FEM circuits 804a-b (fig. 8) is downconverted based on the composite frequency 1005 provided by the synthesizer circuit 1004. The amplifier circuit 1006 may be configured to amplify the downconverted signal, and the filter circuit 1008 may include an LPF configured to: unwanted signals are removed from the down-converted signal to generate an output baseband signal 1007. The output baseband signal 1007 may be provided to baseband processing circuits 808a-b (fig. 8) for further processing. In some embodiments, the output baseband signal 1007 may be a zero frequency baseband signal, but this is not required. In some implementations, mixer circuit 1002 may include a passive mixer, although the scope of the implementations is not limited in this respect.

In some embodiments, the mixer circuit 1014 may be configured to: an input baseband signal 1011 is up-converted based on a composite frequency 1005 provided by the synthesizer circuit 1004 to generate an RF output signal 909 for the FEM circuits 804 a-b. The baseband signal 1011 may be provided by the baseband processing circuits 808a-b and may be filtered by the filter circuit 1012. Filter circuit 1012 may include an LPF or BPF, although the scope of the embodiments is not limited in this respect.

In some embodiments, mixer circuit 1002 and mixer circuit 1014 may each comprise two or more mixers and may be arranged for quadrature down-conversion and/or up-conversion, respectively, with the aid of synthesizer 1004. In some embodiments, mixer circuit 1002 and mixer circuit 1014 may each include two or more mixers, each configured for image rejection (e.g., hartley image rejection). In some embodiments, mixer circuit 1002 and mixer circuit 1014 may be arranged for direct down-conversion and/or direct up-conversion, respectively. In some implementations, mixer circuit 1002 and mixer circuit 1014 may be configured for superheterodyne operation, but this is not required.

According to one embodiment, the mixer circuit 1002 may include: quadrature passive mixers (e.g., for in-phase (I) and quadrature-phase (Q) paths). In such embodiments, RF input signal 907 from fig. 10 may be down-converted to provide I and Q baseband output signals to be sent to the baseband processor.

The quadrature passive mixers may be driven by zero and ninety degree time-varying LO switching signals provided by quadrature circuitry, which may be configured to receive an LO frequency (fLO), such as LO frequency 1005 of synthesizer 1004 (fig. 10), from a local oscillator or synthesizer. In some embodiments, the LO frequency may be the carrier frequency, while in other embodiments, the LO frequency may be a fraction of the carrier frequency (e.g., half the carrier frequency, one third of the carrier frequency). In some embodiments, the zero and ninety degree time-varying switching signals may be generated by a synthesizer, although the scope of the embodiments is not limited in this respect. In some embodiments, the LO signals may differ in duty cycle (the percentage of a cycle in which the LO signal is high) and/or offset (the difference between the start of the cycle). In some embodiments, the LO signal may have a duty cycle of 85% and an offset of 80%. In some embodiments, each branch of the mixer circuit (e.g., in-phase (I) and quadrature-phase (Q) paths) may operate at an 80% duty cycle, which may result in a significant reduction in power consumption.

RF input signal 907 (fig. 9) may comprise a balanced signal, although the scope of embodiments is not limited in this respect. The I and Q baseband output signals may be provided to a low noise amplifier (e.g., amplifier circuit 1006 (fig. 10)) or filter circuit 1008 (fig. 10).

In some embodiments, output baseband signal 1007 and input baseband signal 1011 may be analog baseband signals, although the scope of the embodiments is not limited in this respect. In some alternative embodiments, the output baseband signal 1007 and the input baseband signal 1011 may be digital baseband signals. In these alternative embodiments, the radio IC circuitry may include analog-to-digital converter (ADC) and digital-to-analog converter (DAC) circuitry.

In some dual-mode implementations, separate radio IC circuits may be provided to process signals in each spectrum or other spectrums not mentioned herein, although the scope of the embodiments is not limited in this respect.

In some implementations, the synthesizer circuit 1004 may be a fractional-N synthesizer or a fractional-N/N +1 synthesizer, although the scope of the implementations is not limited in this respect as other types of frequency synthesizers may be suitable. For example, the synthesizer circuit 1004 may be a delta-sigma synthesizer, a frequency multiplier, or a synthesizer including a phase locked loop with a frequency divider. According to some embodiments, the synthesizer circuit 1004 may comprise a digital synthesizer circuit. An advantage of using a digital synthesizer circuit is that although it may still include some analog components, its footprint may be much smaller than that of an analog synthesizer circuit. In some embodiments, the frequency input to the synthesizer circuit 1004 may be provided by a Voltage Controlled Oscillator (VCO), but this is not required. Baseband processing circuits 808a-b (fig. 8) may further provide divider control inputs depending on the desired output frequency 1005. In some implementations, the divider control input (e.g., N) can be determined from a look-up table (e.g., within a Wi-Fi card) based on a channel number and a channel center frequency determined or indicated by the example application processor 810. The application processor 810 may include or otherwise be associated with one of the example secure signal converter 101 or the example received signal converter 103 (e.g., depending on which device the example radio architecture is implemented in).

In some implementations, synthesizer circuit 1004 may be configured to generate a carrier frequency as output frequency 1005, while in other implementations, output frequency 1005 may be a portion of a carrier frequency (e.g., half of a carrier frequency, one third of a carrier frequency). In some implementations, the output frequency 1005 may be an LO frequency (fLO).

Fig. 11 illustrates a functional block diagram of a baseband processing circuit 808a according to some embodiments. The baseband processing circuit 808a is one example of a circuit that may be suitable for use as the baseband processing circuit 808a (fig. 8), but other circuit configurations may also be suitable. Alternatively, the example BT baseband processing circuit 808b of fig. 8 may be implemented using the example of fig. 10.

Baseband processing circuitry 808a may include a receive baseband processor (RX BBP) 1102 to process receive baseband signals 1009 provided by radio IC circuitry 806a-b (fig. 8) and a transmit baseband processor (TX BBP) 1104 to generate transmit baseband signals 1011 for use by radio IC circuitry 806 a-b. The baseband processing circuitry 808a may also include control logic 1106 to coordinate the operation of the baseband processing circuitry 808 a.

In some implementations (e.g., when analog baseband signals are conducted between the baseband processing circuits 808a-b and the radio IC circuits 806 a-b), the baseband processing circuit 808a may include an ADC1110 to convert the analog baseband signals 1109 received from the radio IC circuits 806a-b to digital baseband signals for RX BBP1102 processing. In these embodiments, baseband processing circuitry 808a may also include DAC1112 to convert the digital baseband signal from TX BBP1104 into an analog baseband signal 1111.

In some implementations, for example, where the OFDM signal or OFDMA signal is communicated by the baseband processor 808a, the transmit baseband processor 1104 may be configured to: an OFDM or OFDMA signal suitable for transmission is generated by performing an Inverse Fast Fourier Transform (IFFT). The receive baseband processor 1102 may be configured to: the received OFDM signal or OFDMA signal is processed by performing FFT. In some embodiments, the receive baseband processor 1102 may be configured to: the presence of OFDM signals or OFDMA signals is detected by performing auto-correlation to detect a preamble (e.g., a short preamble) and by performing cross-correlation to detect a long preamble. The preamble may be part of a predetermined frame structure for Wi-Fi communication.

Referring back to fig. 8, in some embodiments, antennas 801 (fig. 8) may each include one or more directional or omnidirectional antennas, including, for example, dipole antennas, monopole antennas, patch antennas, loop antennas, microstrip antennas or other types of antennas suitable for transmission of RF signals. In some MIMO implementations, the antennas may be effectively separated to take advantage of spatial diversity and the different channel characteristics that may result. Antennas 801 may each include a set of phased array antennas, but the embodiments are not so limited.

Although the radio architectures 105A, 105B are illustrated as having several separate functional elements, one or more of the functional elements may be combined and may be implemented by combinations of software-configured elements, such as processing elements including Digital Signal Processors (DSPs), and/or other hardware elements. For example, some elements may comprise one or more microprocessors, DSPs, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), radio Frequency Integrated Circuits (RFICs), and combinations of various hardware and logic circuitry for performing at least the functions described herein. In some implementations, a functional element may refer to one or more processes operating on one or more processing elements.

The word "exemplary" is used herein to mean "serving as an example, instance, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments. As used herein, the terms "computing device," "user device," "communication station," "handheld device," "mobile device," "wireless device," and "user equipment" (UE) refer to a wireless communication device, such as a cellular telephone, smartphone, tablet computer, netbook, wireless terminal, laptop computer, femtocell, high Data Rate (HDR) subscriber station, access point, printer, point-of-sale device, access terminal, or other Personal Communication System (PCS) device. The device may be mobile or stationary.

As used in this document, the term "communication" is intended to include either transmission or reception, or both. This may be particularly useful in the claims when describing the organization of data sent by one device and received by another device, but only the functionality of one of the devices is required to infringe the claims. Similarly, when the functionality of only one of the devices is claimed, the two-way data going between the two devices (both devices transmitting and receiving during going) may be described as "communicating. The term "communicate" as used herein with respect to wireless communication signals includes transmitting wireless communication signals and/or receiving wireless communication signals. For example, a wireless communication unit capable of communicating wireless communication signals may include a wireless transmitter for transmitting wireless communication signals to at least one other wireless communication unit, and/or a wireless communication receiver for receiving wireless communication signals from at least one other wireless communication unit.

As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.

The term "access point" (AP) as used herein may be a fixed station. An access point may also be referred to as an access node, a base station, an evolved node B (eNodeB), or some other similar terminology known in the art. An access terminal may also be called a mobile station, user Equipment (UE), a wireless communication device, or some other similar terminology known in the art. Embodiments disclosed herein relate generally to wireless networks. Some embodiments may relate to a wireless network operating according to one of the IEEE802.11 standards.

Some embodiments may be used in conjunction with various devices and systems, such as Personal Computers (PCs), desktop computers, mobile computers, laptop computers, notebook computers, tablet computers, server computers, handheld devices, personal Digital Assistant (PDA) devices, handheld PDA devices, onboard devices, off-board devices, hybrid devices, onboard devices, offboard devices, mobile or portable devices, consumer devices, non-mobile or non-portable devices, wireless communication stations, wireless communication devices, wireless Access Points (APs), wired or wireless routers, wired or wireless modems, video devices, audio-video (A/V) devices, wired or wireless networks, wireless local area networks, wireless video local area networks (WVANs), local Area Networks (LANs), wireless Local Area Networks (WLANs), personal Area Networks (PANs), wireless PANs (WPANs), and the like.

Some embodiments may be used in conjunction with the following devices: one-way and/or two-way radio communication systems, cellular radiotelephone communication systems, mobile telephones, cellular telephones, radiotelephones, personal Communication Systems (PCS) devices, PDA devices that include wireless communication devices, mobile or portable Global Positioning System (GPS) devices, devices that include GPS receivers or transceivers or chips, devices that include RFID elements or chips, multiple-input multiple-output (MIMO) transceivers or devices, single-input multiple-output (SIMO) transceivers or devices, multiple-input single-output (MISO) transceivers or devices, devices having one or more internal and/or external antennas, digital Video Broadcasting (DVB) devices or systems, multi-standard radio devices or systems, wired or wireless handheld devices (e.g., smart phones), wireless Application Protocol (WAP) devices, and the like.

Some embodiments may be used in conjunction with one or more types of wireless communication signals and/or systems that conform to one or more wireless communication protocols, such as Radio Frequency (RF), infrared (IR), frequency Division Multiplexing (FDM), orthogonal FDM (OFDM), time Division Multiplexing (TDM), time Division Multiple Access (TDMA), extended TDMA (E-TDMA), general Packet Radio Service (GPRS), extended GPRS, code Division Multiple Access (CDMA), wideband CDMA (WCDMA), CDMA2000, single carrier CDMA, multi-carrier modulation (MDM), discrete multiple access (DFM), and/or wireless communication systemsA tone (DMT),

Global Positioning System (GPS), wi-Fi, wi-Max, zigBee, ultra Wideband (UWB), global system for mobile communications (GSM), 2G, 2.5G, 3G, 3.5G, 4G, fifth generation (5G) mobile networks, 3GPP, long Term Evolution (LTE), LTE-Advance, enhanced data rates for GSM evolution (EDGE), and the like. Other embodiments may be used in various other devices, systems, and/or networks.

The following examples relate to further embodiments.

Example 1 may include an AP device in an Extended Service Set (ESS), the AP device comprising processing circuitry coupled with a memory, the processing circuitry configured to: determining to share a common privacy key among multiple AP devices of the same ESS, and generating different protected and authenticated Pairwise Master Key Security Association (PMKSA) information for each association with a non-Access Point (non-AP) device.

Example 2 may include the AP device of example 1 and/or some other example herein, wherein the AP devices sharing a common privacy key in the same ESS are identified by a key domain ID.

Example 3 may include the AP device of example 1 and/or some other example herein, wherein the protected and authenticated PMKSA information is generated using a block cipher mode of operation, a shared common key, and a string based on plaintext PMKSA information.

Example 4 may include the AP device of example 3 and/or some other example herein, wherein the string based on the plaintext PMKSA information is generated by concatenating the plaintext PMKSA information and a random string.

Example 5 may include the AP device of example 4 and/or some other example herein, wherein the plaintext PMKSA information comprises one or more of: a Pairwise Master Key Identifier (PMKID), a Pairwise Master Key (PMK), an expiration time of the PMK, all authorization parameters specified by an Authentication and Key Management Protocol (AKMP), an Authentication Server (AS) or local configuration, and Medium Access Control (MAC) addresses of the AP device and non-AP device, or a combination thereof.

Example 6 may include the AP device of example 1 and/or some other example herein, wherein after the protected and authenticated PMKSA information is generated, the protected and authenticated PMKSA information is loaded by a Key Data Encapsulation (KDE) and sent in message 3 of the first four-way handshake.

Example 7 may include the AP device of example 6 and/or some other example herein, wherein after the AP device receives the protected and authenticated PMKSA information, the AP device decrypts the protected and authenticated PMKSA information to obtain the PMKID.

Example 8 may include the AP device of example 7 and/or some other example herein, wherein, from the PMKID obtained from the protected and authenticated PMKSA information, the AP device may determine that: the obtained PMK identified by the PMKID is applicable to the private MAC address of the non-AP device.

Example 9 may include the AP device of example 1 and/or some other example herein, wherein the AP device is to indicate that protected and authenticated PMKSA information is supported.

Example 10 may include the AP device of example 1 and/or some other example herein, wherein the non-AP device comprises a non-AP multi-link device (MLD) or a non-AP STA, and the AP device comprises an AP MLD or AP.

Example 11 may include a non-AP device comprising processing circuitry coupled with a memory, the processing circuitry configured to:

in the first four-way handshake with the AP device, the protected and authenticated PMKSA information is received,

disassociating from the AP device(s),

change from a first MAC address to a second MAC address, an

Sending a (re) association request to the AP device, the (re) association requesting the received protected and authenticated PMKSA information, wherein the received protected and authenticated PMKSA information is loaded by an element in an authentication frame or a (re) association request frame.

Example 12 may include the non-AP device of example 11 and/or some other example herein, wherein the protected and authenticated PMKSA information is stored in a list.

Example 13 may include the non-AP device of example 11 and/or some other example herein, wherein the non-AP device is to indicate use of protected and authenticated PMKSA information.

Example 14 may include a non-transitory computer-readable medium storing computer-executable instructions that, when executed by one or more processors, cause performance of operations comprising: determining to share a common privacy key among multiple APs or AP MLDs of the same ESS, and generating different protected and authenticated PMKSA information for each association with a non-AP device.

Example 15 may include the non-transitory computer-readable medium of example 14 and/or some other example herein, wherein the APs or AP MLDs that share a common privacy key in the same ESS are identified by a key domain ID.

Example 16 may include the non-transitory computer-readable medium of example 14 and/or some other example herein, wherein the protected and authenticated PMKSA information is generated using a block cipher mode of operation, a shared common key, and a string based on plaintext PMKSA information.

Example 17 may include a method comprising: determining that multiple APs or AP MLDs in the same ESS are sharing a common privacy key and generating different protected and authenticated PMKSA information for each association with a non-AP device.

Example 18 may include the method of example 17 and/or some other example herein, wherein the APs or AP MLDs sharing a common privacy key in the same ESS are identified by a key domain ID.

Example 19 may include the method of example 17 and/or some other example herein, wherein the protected and authenticated PMKSA information is generated using a block cipher mode of operation, a shared common key, and a string based on plaintext PMKSA information.

Example 20 may include an apparatus comprising means for: determining to share a common privacy key among multiple APs or AP MLDs of the same ESS, and generating different protected and authenticated PMKSA information for each association with a non-AP device.

Example 21 may include the apparatus of example 20 and/or some other example herein, wherein the APs or AP MLDs sharing a common privacy key in a same ESS are identified by a key domain ID.

Example 22 may include the apparatus of example 20 and/or some other example herein, wherein the protected and authenticated PMKSA information is generated using a block cipher mode of operation, a shared common key, and a string based on plaintext PMKSA information.

Example 23 may include a method of communicating in a wireless network, as described above.

Example 24 may include a system to provide wireless network communications, as described above.

Example 25 may include the apparatus to provide wireless network communications as described above.

Embodiments according to the present disclosure are disclosed in particular in the accompanying claims relating to methods, storage media, devices and computer program products, wherein any feature mentioned in one claim category (e.g. method) may also be claimed in another claim category (e.g. system). The dependencies or references in the appended claims are chosen for formal reasons only. However, any subject matter resulting from an intentional reference to any previous claim (in particular multiple dependencies) may also be claimed, such that any combination of a claim and its features is disclosed and claimed regardless of the dependency selected in the appended claims. The subject matter that can be claimed comprises not only the combination of features set forth in the appended claims, but also any other combination of features in the claims, wherein each feature mentioned in the claims can be combined with any other feature or combination of features in the claims. Furthermore, any embodiments and features described or depicted herein may be claimed in a separate claim and/or in any combination with any embodiments or features described or depicted herein or with any features of the appended claims.

The foregoing description of one or more implementations provides illustration and description, but is not intended to be exhaustive or to limit the scope of the implementations to the precise form disclosed. Modifications and variations are possible in light of the above teachings or may be acquired from practice of various embodiments.

Certain aspects of the present disclosure are described above with reference to block diagrams and flowchart illustrations of systems, methods, apparatuses, and/or computer program products according to various implementations. It will be understood that one or more blocks of the block diagrams and flowchart illustrations, and combinations of blocks in the block diagrams and flowchart illustrations, respectively, can be implemented by computer-executable program instructions. Likewise, some blocks of the block diagrams and flow diagrams may not necessarily need to be performed in the order presented, or may not need to be performed at all, according to some implementations.

These computer-executable program instructions may be loaded onto a special purpose computer or other specific machine, processor, or other programmable data processing apparatus to produce a particular machine, such that the instructions which execute on the computer, processor, or other programmable data processing apparatus create means for implementing one or more functions specified in the flowchart block or blocks. These computer program instructions may also be stored in a computer-readable storage medium or memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means which implement the function specified in the flowchart block or blocks. By way of example, certain implementations may provide a computer program product comprising a computer readable storage medium having computer readable program code or program instructions embodied therewith, the computer readable program code adapted to be executed to implement one or more functions specified in the flow diagram block or blocks. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational elements or steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide elements or steps for implementing the functions specified in the flowchart block or blocks.

Accordingly, blocks of the block diagrams and flowchart illustrations support combinations of means for performing the specified functions, combinations of elements or steps for performing the specified functions and program instruction means for performing the specified functions. It will also be understood that each block of the block diagrams and flowchart illustrations, and combinations of blocks in the block diagrams and flowchart illustrations, can be implemented by special purpose, hardware-based computer systems that perform the specified functions, elements or steps, or combinations of special purpose hardware and computer instructions.

Conditional language, such as "may," "can," "might," or "may," unless expressly stated otherwise or otherwise understood within the context of usage, is generally intended to convey that certain implementations may include, while other implementations do not include, certain features, elements, and/or operations. Thus, such conditional language is not generally intended to imply: the features, elements, and/or operations may be required in any manner for one or more implementations or one or more implementations may necessarily include logic for deciding, with or without user input or prompting, whether these features, elements, and/or operations are included or are to be performed in any particular implementation.

Many modifications and other implementations of the disclosure set forth herein will come to mind to one skilled in the art to which this disclosure pertains having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the disclosure is not to be limited to the specific implementations disclosed and that modifications and other implementations are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims (22)

1. An Access Point (AP) device, the AP device being in an Extended Service Set (ESS), the AP device comprising processing circuitry coupled with a memory, the processing circuitry configured to:

determining to share a common privacy key among multiple AP devices of the same ESS, an

Different protected and authenticated Pairwise Master Key Security Association (PMKSA) information is generated for each association with a non-access point (non-AP) device.

2. The AP device of claim 1, wherein the AP devices sharing a common privacy key in the same ESS are identified by a key field ID.

3. The AP device of claim 1, wherein the protected and authenticated PMKSA information is generated using a block cipher mode of operation, a shared common key, and a string based on plaintext PMKSA information.

4. The AP device according to claim 3, wherein the character string based on plaintext PMKSA information is generated by concatenating the plaintext PMKSA information and a random character string.

5. The AP device of claim 4, wherein the plaintext PMKSA information comprises one or more of: a Pairwise Master Key Identifier (PMKID), a Pairwise Master Key (PMK), an expiration time of the PMK, all authorization parameters specified by an Authentication and Key Management Protocol (AKMP), an Authentication Server (AS) or local configuration, and Medium Access Control (MAC) addresses of the AP device and non-AP device, or a combination thereof.

6. The AP device of claim 1, wherein after the protected and authenticated PMKSA information is generated, the protected and authenticated PMKSA information is loaded by a Key Data Encapsulation (KDE) and sent in message 3 of the first four-way handshake.

7. The AP device of claim 6 wherein, after the AP device receives the protected and authenticated PMKSA information, the AP device decrypts the protected and authenticated PMKSA information to obtain the PMKID.

8. The AP device of claim 7, wherein, according to the PMKID obtained from the protected and authenticated PMKSA information, the AP device can determine, even if the MAC address of the non-AP device changes: the obtained PMK identified by the PMKID is applicable to the private MAC address of the non-AP device.

9. The AP device of claim 1, wherein the AP device indicates that protected and authenticated PMKSA information is supported.

10. The AP device of claim 1, wherein,

the non-AP device includes a non-AP multilink device (MLD) or a non-AP STA, and

the AP device comprises an AP MLD or an AP.

11. A non-AP device comprising processing circuitry coupled with a memory, the processing circuitry configured to:

in the first four-way handshake with the AP device, the protected and authenticated PMKSA information is received,

is disassociated with the AP device and,

change from a first MAC address to a second MAC address, an

Sending a (re) association request to the AP device with the received protected and authenticated PMKSA information, wherein the received protected and authenticated PMKSA information is loaded by an element in an authentication frame or a (re) association request frame.

12. The non-AP device of claim 11, wherein the protected and authenticated PMKSA information is stored in a list.

13. The non-AP device of claim 11, wherein the non-AP device indicates use of protected and authenticated PMKSA information.

14. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by one or more processors, perform operations comprising:

determining that a common privacy key is shared among multiple APs or AP MLDs of the same ESS, an

Different protected and authenticated PMKSA information is generated for each association with a non-AP device.

15. The non-transitory computer-readable medium of claim 14, wherein the APs or AP MLDs sharing a common privacy key in the same ESS are identified by a key domain ID.

16. The non-transitory computer-readable medium of claim 14, wherein the protected and authenticated PMKSA information is generated using a block cipher mode of operation, a shared common key, and a string based on plaintext PMKSA information.

17. A method, comprising:

determining that a common privacy key is shared among multiple APs or AP MLDs of the same ESS, an

Different protected and authenticated PMKSA information is generated for each association with a non-AP device.

18. The method of claim 17 wherein the APs or AP MLDs sharing a common privacy key in the same ESS are identified by a key domain ID.

19. The method of claim 17, wherein the protected and authenticated PMKSA information is generated using a block cipher mode of operation, a shared common key, and a string based on plaintext PMKSA information.

20. An apparatus comprising means to:

determining that a common privacy key is shared among multiple APs or AP MLDs of the same ESS, an

Different protected and authenticated PMKSA information is generated for each association with a non-AP device.

21. The apparatus of claim 20 wherein the APs or AP MLDs sharing a common privacy key in the same ESS are identified by a key domain ID.

22. The apparatus of claim 20, wherein the protected and authenticated PMKSA information is generated using a block cipher mode of operation, a shared common key, and a string based on plaintext PMKSA information.

Images