WO2006129288A1 - Procede et dispositifs permettant de retirer individuellement un dispositif d'un reseau sans fil - Google Patents

Procede et dispositifs permettant de retirer individuellement un dispositif d'un reseau sans fil Download PDF

Info

Publication number
WO2006129288A1
WO2006129288A1 PCT/IB2006/051754 IB2006051754W WO2006129288A1 WO 2006129288 A1 WO2006129288 A1 WO 2006129288A1 IB 2006051754 W IB2006051754 W IB 2006051754W WO 2006129288 A1 WO2006129288 A1 WO 2006129288A1
Authority
WO
WIPO (PCT)
Prior art keywords
sta
skt
stas
wireless network
hereinafter
Prior art date
Application number
PCT/IB2006/051754
Other languages
English (en)
Inventor
Bozena Erdmann
Wolfgang O. Budde
Original Assignee
Koninklijke Philips Electronics N.V.
Philips Intellectual Property & Standards Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V., Philips Intellectual Property & Standards Gmbh filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2006129288A1 publication Critical patent/WO2006129288A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/30Connection release
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the invention relates to a method for individual removal of a device from a wireless network, and in particular from an IEEE 802.11 Wireless Local Area Network (WLAN).
  • the invention relates furthermore to devices arranged for individual removal of a device from a wireless network.
  • Wireless networks e.g. the IEEE 802.11 -based WLANs
  • easy and secure configuration methods such as SKT (Short-range Key Transmission) described in e.g. WO 2004/014040 Al (Applicant's reference PHDE020188), WO 2004/014039 Al (Applicant's reference PHDE020273) and WO 2004/014038 Al
  • the current enterprise-oriented state-of-the-art solution for configuring wireless devices with individual credentials uses IEEE 802. IX authentication, based on an authentication server such as a RADIUS server, an Extensible Authentication Protocol (EAP) and a Public Key Infrastructure (PKI).
  • EAP Extensible Authentication Protocol
  • PKI Public Key Infrastructure
  • the need for 802. IX, EAP and PKI support increases device cost, and required capabilities, as well as the implementation effort for device manufacturers.
  • For an end-user it also increases the configuration and maintenance effort in respect of the infrastructure, e.g. for an Access Point (AP) and RADIUS server, and the to- be-authenticated devices.
  • AP Access Point
  • RADIUS server Remote Authentication Protocol
  • the resulting network management complexity requires a rich User Interface (UI), where all items to be managed and all management options/actions are listed.
  • UI User Interface
  • the current state-of-the-art solution for configuring personal (home) wireless networks is based on a single Pre-shared Key (PSK), shared by all devices in the network.
  • PSK Pre-shared Key
  • any user of the network can impersonate any other user, join at any time, or snoop and successfully decode any traffic of any one of the other users. This does not allow for sufficient cryptographic separation of devices on the same network.
  • Applications like guest access are thereby complicated as they presently require reconfiguration of the entire network before and after a guest visit, or are even completely prevented.
  • the current home-oriented state-of-the-art solution for configuring wireless devices with different credentials is based on PSKs with some modifications of the Access Point (AP) internal implementation to allow multiple concurrent PSKs.
  • the PSKs can be either bound to a specific client station, and identified by its MAC address, or used by any client. Such PSKs are later referred to as "unassigned" or "common" PSKs.
  • An example is the open-source HostAP software (http://hostap.epitest.fi). Usage requires considerable Information Technology (IT) skills, as the current implementations are limited to PC software and are not yet available as standalone Access Point devices.
  • IT Information Technology
  • UI-less wireless Access Point a typical example is the UI-less wireless Access Point (AP).
  • AP UI-less wireless Access Point
  • PC in the network, e.g. to manage a RADIUS server;
  • RADIUS server a typical example is the UI-less wireless Access Point (AP).
  • PC in the network, e.g. to manage a RADIUS server;
  • IT skills for example for installing additional software, e.g. by way of configuration wizards, manually reconfiguring a PC and the like;
  • the method specifically allows for removing, i.e. disassociating, individual guest devices from the network without affecting remaining home devices and contemporary other guest devices.
  • the solution must not only be easy-to-use, but also functional for devices providing only minimum user interface functionality. Typically, this concerns “headless" devices, such as e.g. an Access Point, which rely on only a few LEDs and optionally some buttons for user interaction.
  • This object is achieved by the independent method claims.
  • the dependent claims provide advantageous embodiments.
  • STA wireless station
  • AP access point
  • the basic assumption is that the procedure for wireless network configuration uses a portable unit called Short-range Key Transmitter (SKT) item, and that the devices to- be-configured, AP and STAs, are equipped with an appropriate interface to communicate with the SKT, as defined by WO 2004/014040 Al. Furthermore, it is assumed that every home network will be equipped with two SKT items: a so-called “Home SKT” (HSKT), used for configuration of home devices, and a Guest SKT (GSKT), used for configuration of guest devices. For example, the Access Point could be sold pre-packaged with a HSKT and a GSKT.
  • SKT Short-range Key Transmitter
  • the system can accommodate multiple guest devices (GD) at the same time and that there is an easy and secure method for adding multiple guests.
  • every guest device will have individual and distinguishable credentials, different from those for home devices, which credentials are either generated by the home network per-guest and per- visit or brought in by the GD, as might be the case for, e.g. public key certificates.
  • the present invention provides easy user interaction for removal of individual guest accounts, using the same easy, secure and intuitive step of touching the devices with SKT.
  • Fig. 1 shows a block diagram illustrating the architecture of a wireless communication system whereto embodiments of the present invention are to be applied;
  • Fig. 2 shows a block diagram of a short-range key transmission item, an access point and a wireless station in accordance with an embodiment of the present invention
  • Fig. 3 shows a flow chart illustrating the operation steps of an individual removal of a wireless station according to an embodiment of the present invention.
  • Fig. 1 illustrates a representative wireless network 100 whereto embodiments of the present invention are to be applied.
  • an access point (AP) 101 is coupled to a plurality of wireless stations (STAs) 102, 103, 104 and 110 which, through a wireless link, are communicating with each other and to the AP via a plurality of wireless channels.
  • STAs wireless stations
  • STAs wireless stations
  • 103, 104 and 110 which, through a wireless link, are communicating with each other and to the AP via a plurality of wireless channels.
  • STAs wireless stations
  • STAs wireless stations
  • 103, 104 and 110 which, through a wireless link, are communicating with each other and to the AP via a plurality of wireless channels.
  • STAs wireless stations
  • STAs short-range key transmission item
  • the wireless station (STA) 110 could for example be a device that has to be removed, e.g. because it is a "guest" device, that was only temporarily to be part of the wireless network
  • Fig. 2 shows a portable, short-range key transmission item (SKT) 1, an access point (AP) 3 and a wireless station (STA) 4.
  • STA 4 is to be removed from the wireless network.
  • the SKT 1 comprises a memory 5 for storing individual identification data 6 or 9 of a STA, such a MAC address of a STA or PSK derivatives of a STA, like a PSK hash.
  • the SKT 1 further comprises an optional button 7 for triggering a transmission or reception of individual identification data 6 or 9, and a transmitter/receiver (transceiver) 8 used as a wireless interface for transmitting/receiving (transceiving) individual identification data 6 or 9.
  • the SKT 1 may also be already preconfigured with such data, for example pertaining to the STA 4. Then the SKT 1 would not require the receiver function 8 for receiving individual identification data.
  • the AP 3 is an apparatus equipped with a radio interface 12 operating in accordance with the IEEE 802.11 standard.
  • This radio interface 12 is controlled by a component denoted as driver software 13 and is used for transceiving useful data (music, video, general data, but also control data).
  • the driver software 13 may be operated by other software components via standardized software interfaces (APIs).
  • the AP 3 is also equipped with a receiving unit 14.
  • the receiving unit 14 comprises a receiver 15 provided as an interface for receiving individual identification data, for example the identification data 6 transmitted by transceiver 8.
  • the receiving unit 14 is provided with receiver software 16.
  • the STA 4 is, like the AP 3, an apparatus equipped with a radio interface 18 operating in accordance with the IEEE 802.11 standard. This radio interface 18 is controlled by a component denoted as driver software 19 and is used for transceiving useful data (music, video, general data, but also control data).
  • driver software 19 may be operated by other software components via standardized software interfaces (APIs).
  • the STA 4 is equipped with a transmitter unit 20.
  • the transmitter unit 20 comprises a transmitter 21 provided as an interface for transmitting individual identification data, for example identification data 10 to transceiver 8.
  • the transmitter unit 20 is provided with transmitter software 22. Triggered by the connection of the SKT 1, the software 22 may obtain individual identification data 10 for the STA 4, for example by obtaining the MAC address as defined in the IEEE 802.11 standard from the driver software 19 via interface 23, and transmit this to the SKT 1.
  • the STA 4 is furthermore provided with application software 24, required for operating the STA 4. Instead of being able to transmit individual identification data 9, the STA 4 may also be manufactured and sold together with an SKT that is preconfigured with such data, pertaining to the STA 4. In that case the SAT 4 would not require the transmitter unit 20 for transmitting individual identification data.
  • a user would like to remove the STA 4 from the home network, he approaches the AP 3 and possibly the STA 4 with an SKT, such as the SKT 1, for the exchange of individual identification data according to one of the below embodiments of the invention.
  • Starting point for each of the embodiments is a configured wireless network, consisting of at least one AP and a plurality of home- and/or guest-devices.
  • the home- and/or guest-devices have passed a registration procedure and have been assigned individual credentials, e.g. individual PSKs.
  • Fig. 3 shows a flow chart 300 illustrating the operation steps of a first embodiment according to the invention for removing an individual wireless station (STA), e.g. a guest device (GD) or a home device (HD), from a home network with an access point (AP):
  • STA individual wireless station
  • GD guest device
  • HD home device
  • the home user touches the STA with a writable SKT item.
  • the STA stores its individual identification data, e.g. a MAC address or PSK derivatives, like a PSK hash, on the SKT (step 301).
  • the STA if present in the home network as a GD, removes the guest access credentials from its configuration data. Since this optional step cannot be checked by the home network, it is more or less a clean-up action by the STA.
  • a GD can restore its own home settings, if it is capable of saving them for the duration of the guest access, in preparation of entering its own home network again. Afterwards, a clear feedback is given to the user that the STA finished writing, e.g. by LEDs or a simple text output.
  • the home user touches the home AP with the STA- written SKT (step 302).
  • the AP reads the STA's individual identification data and scans a list of associated STAs, i.e. a wireless client station list or another relevant list, e.g. a list of PSKs or PMKSAs, for the STA's individual identification data as read from the SKT. If the individual identification data is found (step 303), the STA credentials are removed from the association list on the AP, and any other relevant locations (step 304). Afterwards a clear feedback is given to the user that the STA removal was successful, e.g. by LEDs or simple text output.
  • step 303 If the STA's individual identification data cannot be found or cannot be removed by the AP (step 303), a clear feedback is given to the user that the procedure was unsuccessful, e.g. by LEDs or a simple text output, and an error procedure is triggered (step 305).
  • the above-described method is equally applicable to the removal of home and guest devices which are configured with individual credentials.
  • the error procedure following unsuccessful removal may, in one embodiment, trigger the user to repeat the whole removal procedure.
  • the error procedure could trigger removal of all guest devices, at the same time, without further checking of their individual identification data, either automatically or on a user action, e.g. after pushing a button on the AP. Success or failure of this operation is also indicated to the user.
  • a dedicated Removal SKT item (RSKT), different from a HSKT and a GSKT, is used solely for the purpose of removal of both home and guest devices.
  • RSKT Removal SKT item
  • a network-wide GSKT could be used for device removal, because it is generally emptied after GD configuration.
  • the network- wide HSKT and GSKT could be used for removal of a HD and a GD, respectively.
  • a STA has an individual SKT item (SKT*, or more specifically HSKT* and GSKT* for home and guest devices respectively), which is used. This requires visitors to bring their devices' GSKT* along with their devices.
  • SKT* the STA' s MAC address is stored as a fixed, read-only entry, whereas writable entries are provided for storing the credentials of the (visited) network.
  • the removal procedure is simplified to only one step, since the SKT* uniquely identifies the to-be-removed STA to the system.
  • the credentials of the corresponding STA are removed.
  • An individual HSKT* allows to remove HD credentials from the system, e.g. the AP, even if the HD was lost or stolen, preventing unauthorized access to the network using this HD.
  • a registration and removal procedure with a GSKT* is now described.
  • a user holds the GD's GSKT* to the home AP.
  • the GSKT* receives guest credentials.
  • the GSKT* is connected with the GD.
  • the AP verifies whether the GD and GSKT* match the MAC address used with the association. If the host, i.e. the home network owner providing guest access, wants to be sure to always have a possibility to individually remove a certain GD from the network, the guest may be asked to hand over the GSKT* to the home user for the duration of the visit. Only after successful removal of the GD, the GSKT* is handed back to the guest, so that the guest cannot leave without de-registration of the GD.
  • HSKT* or GSKT* saves the home user the trouble of using an emergency procedure, albeit it a user-friendly one: i.e. removal of all GDs at once - as proposed by this invention - or a state-of-the-art one, such as reconfiguring the entire network or manually removing the particular device in question, e.g. by using complicated PC-based management tools.
  • a STA could be pre-packaged with a dedicated read-only SKT item (MAC-SKT), holding only the STA's MAC address.
  • MAC-SKT dedicated read-only SKT item
  • the removal procedure could be executed with the MAC-SKT only, while touching with the GSKT only could result in an error message.
  • the MAC-SKT item of a particular guest device could remain connected to the home AP, or another central device, e.g. a home management console such as a PC, for the entire duration of the visit, validating the access.
  • Disconnecting the MAC-SKT from the AP will immediately result in removal of the particular GD from the system.
  • the AP could be equipped with a special slot for placing the SKT items. In the case of multiple guests, this will require the ability to read multiple SKT items simultaneously, which is possible, e.g. with RFID technology.
  • An exemplary guest configuration procedure could then be designed as follows.
  • the user touches the AP with both the MAC-SKT and the GSKT.
  • the user touches the GD, preferably with the GSKT alone, leaving the MAC-SKT to the host, or with both SKT items. Touching the AP with the GSKT only would result in an error message.
  • the SKT item used for the removal procedure is also used for device configuration, as is the case with a network-wide HSKT or GSKT and a STA's individual HSKT* or GSKT*, the STA, and more importantly the AP, must be able to unambiguously differentiate the removal procedure from the registration procedure.
  • the STA will know which procedure is required as a result of the user interaction, i.e. if the STA is touched for the first time with the GSKT belonging to this hosting network, identified by a network name, a GSKT identifier or other parameters, the STA triggers the (guest) registration procedure. If the STA is touched for the second time with the GSKT belonging to the hosting network, i.e. the STA is touched with the GSKT belonging to the hosting network it has already stored, the STA triggers the removal procedure. Further, the differentiation of the procedures could be based on the STA's association/connection status on a given network. As long as it is not connected to the hosting network, the STA initiates the configuration procedure every time it is touched with the SKT representing the same network. Once the STA successfully connects, the next touch with the SKT representing the same network will be interpreted as the removal procedure.
  • This implicit differentiation between the registration and removal procedures may, however, lead to unexpected behavior of devices if the user, for some reason, wants to reconnect or reconfigure a guest device without previously having disconnected it, or in other error-induced cases.
  • this problem can be solved by properly indicating the current state to the user and/or by including additional user interaction to trigger or confirm the action, e.g. a button push.
  • Dedicated triggers are required if the SKT item is not a physically independent item with a defined role, e.g. a HSKT or a GSKT, but instead a module integrated into the device, i.e. the AP or a STA.
  • the differentiation between the registration and removal procedures depends on the content of the GSKT itself. E.g. touching a STA with an SKT containing configuration credentials will trigger the registration procedure, whereas touching a STA with an "empty" SKT, e.g. an SKT containing only an SKT identifier and optionally also a network identifier, but no access credentials, will trigger the removal procedure. This will require that any access credentials are removed from the SKT as part of the registration procedure, either by the STA itself, by the AP or automatically after a reasonable timeout, if the SKT item is capable of independent operation.
  • the home AP must be able to unambiguously differentiate the removal procedure from the registration procedure, e.g. because it can happen that some unused credentials remain on the SKT. Therefore, the information written to the SKT in the registration procedure step must be different from the information written to the SKT by the STA in the removal procedure.
  • this can be achieved in the following way.
  • the AP generates and writes into the SKT only generic access credentials, such as keys, and none specific to a particular STA, because the AP does not have this knowledge yet; whereas the leaving STA, besides its generic access credentials, writes to the SKT also some STA- specific information, such as the STA-MAC address.
  • data written to the SKT in both steps could be entirely different, e.g. generic access credentials written by the AP in the "configuration procedure” and PSK derivatives written by the STA in the "removal procedure”.
  • Individual identification data e.g. generic access credentials written by the AP in the "configuration procedure” and PSK derivatives written by the STA in the "removal procedure”.
  • the STA writes only its MAC address to the SKT, because the MAC address is a hardware-dependent parameter, available even when the STA already ceased the communication, for whatever reason, e.g. an inactivity period, with a given host network, i.e. even if the STA removed session keys or removed the IP address.
  • the guest credentials can be invalidated and it is not necessary for the STA to still be able to communicate with the home network.
  • various configuration parameters such as e.g. MAC addresses or IP addresses, are known to be spoofable, i.e. they can be derived either directly from received network traffic or via snooping the network traffic of other devices. Therefore, in another embodiment, for security reasons, the list of parameters written by the STA into the SKT could be extended by or changed into items known only to this particular STA and the AP, such as:
  • a STA's PMK in case of WPA2-Enterprise, or a hash of it;
  • a STA's PSK in case of WPA2-Personal, or a hash of it;
  • a STA's session keys i.e. one or more STA's PTKs, or their hashes
  • a STA's access credentials e.g. a username, for the removal of authentication server credentials.
  • a hash could be calculated using the STA's KCK/KEK, which are securely derived from the PMK in the 4-way handshake as part of the PTK key. This protects the home network from malicious guest devices, which could try to force removal of some other legitimate client, either home or guest device, i.e. make a DoS attack. Removal of credentials on the STA:
  • the removal of guest access credentials by the STA could be triggered after some timeout, to avoid deletion of the guest credentials before the guest removal procedure is successful, i.e. if in the case of an error the repetition of the entire procedure is necessary.
  • some parameters identifying the hosting network should be present on the SKT, e.g. a SSID and/or the MAC address of the AP or a unique identifier of the SKT item if a network-owned SKT is used. Removal of credentials in the network:
  • the solution should be independent of the authentication method. All relevant entries for a given STA have to be removed.
  • WPA2-Enterprise this will typically mean removal of EAP-credentials from an 802. IX authentication server, e.g. a RADIUS server, as well as removal of all derived entries and parameters in the AP: PMKSA, PTKSA, an entry in the list of associated STAs, etc.
  • WPA2 -Personal this will mean removal of the dedicated PSK in the AP, as well as removal of all derived entries and parameters: PMKSA, PTKSA, an entry in the list of associated STAs, etc.
  • a means for this differentiation is provided by having two configuration items, the HSKT and the GSKT, or alternatively a STAs' individual HSKT* and GSKT*, which can be distinguished by a type identifier stored on each SKT item. In the case of an SKT item built into a device or an independent introducer device, this differentiation may be performed/triggered by the user selecting an appropriate application/role.
  • a fallback solution for a "removal of all guests” could be implemented that, e.g. either starts automatically after a single/repeated removal error, or on some specific user interaction, such as pushing the "guest removal button" on the AP, touching the AP with a HSKT or both a HSKT and a GSKT, etc.
  • a fallback solution is also needed in cases where the primary solution is not applicable (any more), e.g. when the guest already left and the user forgot to remove the guest credentials previously. Also, the fallback solution is an optimization for the case when all guests, e.g. a networked gaming team of eight people, leave at the same time or when there is only a single guest currently registered.
  • the method of the invention is practicable for removing guest devices (GDs) as well as home devices (HDs) within a wireless network.
  • the removal of a home device could be required, e.g. in the case when the home device is to be sold or disposed.
  • a HSKT or a STA's individual HSKT* should be used. Safe storage of a HSKT or a HSKT*, for the lifetime of the network or the particular device, prevents DoS (Denial of Service) attacks through device removal by malicious guests or insiders.
  • DoS Delivery of Service
  • a dedicated RSKT can be used.
  • HSKT* is used, it is enough for the HD to write its MAC address to the HSKT.
  • the HD it is enough for the HD to write its MAC address to the HSKT.
  • HD could in addition write other parameters, e.g. an IP address, a PMKID, a PTK etc., to improve security.
  • the latter is required when another SKT item, e.g. a RSKT or a GSKT, is used for home device removal.
  • Temporary removal of a HD can be seen as a security improvement, allowing to separately manage special classes of devices, e.g. portable devices, multihoming devices etc., to be used e.g. in a hostile network environment.
  • every HD has an individual HSKT*, for configuration of this HD into the system, e.g. with its username/certificate, connecting the HD with the HSKT* can be omitted in the removal procedure and the home AP can be directly touched with the HD's HSKT*.
  • the differentiation between configuration and removal procedures can be either user-interaction-based or SKT-content-based.
  • SKT serotonin
  • a contact SKT e.g. USB
  • a contactless SKT e.g.
  • IR may be employed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention se rapporte à un procédé permettant de retirer individuellement des dispositifs (domestiques ou invités) d'un réseau sans fil, en particulier un réseau WLAN 802.11, à l'aide d'un élément SKT (émetteur de clé à faible portée).
PCT/IB2006/051754 2005-06-03 2006-06-01 Procede et dispositifs permettant de retirer individuellement un dispositif d'un reseau sans fil WO2006129288A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
EP05104833.8 2005-06-03
EP05104833 2005-06-03
EP05111579 2005-12-01
EP05111579.8 2005-12-01

Publications (1)

Publication Number Publication Date
WO2006129288A1 true WO2006129288A1 (fr) 2006-12-07

Family

ID=36997846

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/051754 WO2006129288A1 (fr) 2005-06-03 2006-06-01 Procede et dispositifs permettant de retirer individuellement un dispositif d'un reseau sans fil

Country Status (1)

Country Link
WO (1) WO2006129288A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013081739A1 (fr) * 2011-11-30 2013-06-06 Motorola Solutions, Inc. Procédé et appareil de distribution de clé à l'aide d'une communication en champ proche
CN105809917A (zh) * 2014-12-29 2016-07-27 中国移动通信集团公司 一种物联网消息传输的方法及设备

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030078072A1 (en) * 2001-10-24 2003-04-24 Serceki Zeljko John Method for physically updating configuration information for devices in a wireless network
WO2004014039A1 (fr) * 2002-07-29 2004-02-12 Philips Intellectual Property & Standards Gmbh Systeme de securite destine a des appareils dans un reseau sans fil
EP1517480A1 (fr) * 2003-05-16 2005-03-23 Sony Corporation Dispositif de traitement de donnees, procede de traitement de controle d'acces et programme d'ordinateur

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030078072A1 (en) * 2001-10-24 2003-04-24 Serceki Zeljko John Method for physically updating configuration information for devices in a wireless network
WO2004014039A1 (fr) * 2002-07-29 2004-02-12 Philips Intellectual Property & Standards Gmbh Systeme de securite destine a des appareils dans un reseau sans fil
EP1517480A1 (fr) * 2003-05-16 2005-03-23 Sony Corporation Dispositif de traitement de donnees, procede de traitement de controle d'acces et programme d'ordinateur

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013081739A1 (fr) * 2011-11-30 2013-06-06 Motorola Solutions, Inc. Procédé et appareil de distribution de clé à l'aide d'une communication en champ proche
US9088552B2 (en) 2011-11-30 2015-07-21 Motorola Solutions, Inc. Method and apparatus for key distribution using near-field communication
CN105809917A (zh) * 2014-12-29 2016-07-27 中国移动通信集团公司 一种物联网消息传输的方法及设备

Similar Documents

Publication Publication Date Title
US8631471B2 (en) Automated seamless reconnection of client devices to a wireless network
US7948925B2 (en) Communication device and communication method
US20180249313A1 (en) Smart device, electronic apparatus, and nfc-based network connection method
US7607015B2 (en) Shared network access using different access keys
US8589687B2 (en) Architecture for supporting secure communication network setup in a wireless local area network (WLAN)
US8959601B2 (en) Client configuration during timing window
US8917651B2 (en) Associating wi-fi stations with an access point in a multi-access point infrastructure network
WO2006129287A1 (fr) Procede et dispositifs de gestion de l'acces a un reseau sans film
EP2740315B1 (fr) Procédé, dispositif et produit de programme informatique de configuration d'une connexion dans une communication de dispositif à dispositif
CN100486173C (zh) 使用便携式存储媒质配置瘦客户机设备的网络设置
EP2053887B1 (fr) Prise en charge patrimoniale pour configuration sans fil protégée
US7342906B1 (en) Distributed wireless network security system
US8208455B2 (en) Method and system for transporting configuration protocol messages across a distribution system (DS) in a wireless local area network (WLAN)
US8051463B2 (en) Method and system for distribution of configuration information among access points in a wireless local area network (WLAN) across a distribution system (DS)
EP2817992B1 (fr) Procédé et dispositif noeud de réseau permettant de commander l'exécution de sessions de configuration par bouton-poussoir consacrées à une technologie dans un réseau sans fil hétérogène ou homogène, et réseau sans fil hétérogène ou homogène
EP2291017B1 (fr) Procédé pour connexion de réseau
US20070190973A1 (en) Base station, wireless communication systems, base station control programs and base station control methods
CN101379795A (zh) 在由认证服务器检查客户机证书的同时由dhcp服务器进行地址分配
EP1875659A2 (fr) Administration de reseaux locaux sans fil
US20110314136A1 (en) Method and System for Improved Communication Network Setup
WO2006129288A1 (fr) Procede et dispositifs permettant de retirer individuellement un dispositif d'un reseau sans fil
Cisco Chapter 5 - Configuring the Client Adapter
KR20070040042A (ko) 무선랜 자동 설정 방법
US20230299954A1 (en) Secure provisioning of communications channels
Tanizawa et al. A wireless LAN architecture using PANA for secure network selection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06756036

Country of ref document: EP

Kind code of ref document: A1