WO2021151495A1

WO2021151495A1 - Devices, methods and computer programs for bootstrapping a group of node devices for wireless local area networking

Info

Publication number: WO2021151495A1
Application number: PCT/EP2020/052333
Authority: WO
Inventors: Sandeep TAMRAKAR; Pranvera KORTOCI; Jan-Erik Ekberg; Pekka Laitinen
Original assignee: Huawei Technologies Co., Ltd.
Priority date: 2020-01-30
Filing date: 2020-01-30
Publication date: 2021-08-05
Also published as: CN115039386A

Abstract

Devices, methods and computer programs for bootstrapping a group of node devices for wireless local area networking are disclosed. In particular, the disclosure relates to bootstrapping multiple node devices for wireless local area networking without requiring a controller device to establish a connection to each node device separately. The disclosure further relates to bootstrapping the multiple node devices with minimum user interaction. Typically, the user performing the bootstrapping needs physical access to only one node device out of the multiple node devices.

Description

DEVICES, METHODS AND COMPUTER PROGRAMS FOR BOOTSTRAPPING A GROUP OF NODE DEVICES FOR WIRELESS LOCAL AREA NETWORKING

TECHNICAL FIELD

The present disclosure relates to the field of wireless communications, and more particularly to bootstrapping a group of node devices for wireless local area networking, and related devices, methods and computer programs.

BACKGROUND

Internet of Things (IoT) devices such as sensors and actuators are nowadays ubiq uitous and part of our life. IoT devices used in a home environment may include e.g. smart locks, light bulbs, home appliances, weather sensors, and the like. A single household may include tens of IoT devices. Such devices need to be placed in appropriate locations and con figured to operate for the end user (e.g., the owner of a house). For instance, some devices might have to be installed on the ceiling while others can be placed at easy-to-reach locations, such as on top of drawers or by a television stand.

Typically, in order for a user to be able to access and use IoT devices, they first need to be configured to be in an operational mode. The process used to change a device from a non-operational mode to an operational mode is called bootstrapping.

Currently, the bootstrapping procedure is done individually so that each step of the bootstrapping procedure needs to be repeated for each IoT device. Furthermore, the user needs physical access to each IoT device, e.g. to press one or more buttons on each IoT device, and/or observe/scan one or more codes from each IoT device. That is, the user will have to reach each IoT device even when they are installed in non-accessible locations (such as on the ceiling) and bootstrap them. Moreover, an average user may have limited knowledge about technology, and as a result bootstrapping all the IoT devices individually is likely to become both a physical and mental burden, especially when the amount of IoT devices is large.

SUMMARY

This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. It is an objective of the present disclosure to allow bootstrapping a group of node devices for wireless local area networking. The foregoing and other objectives are achieved by the features of the independent claims. Further implementation forms are apparent from the dependent claims, the description and the figures.

According to a first aspect of the present disclosure, a node device for wireless local area networking is provided. The node device comprises a processor and a transceiver. The node device is configured to be included in a group of node devices for wireless local area networking. The processor is configured to obtain one of a leader node status assignment or a follower node status assignment for a bootstrapping process of the group of node devices. In response to obtaining the leader node status assignment, the processor is further configured to calculate a set membership test functionality value based on a unique device identifier of the node device and unique device identifiers of other node devices in the group of node devices; and broadcast, via the transceiver, a first service set identifier associated with a first access point for wireless local area networking, the first service set identifier being based on the calculated set membership test functionality value, thereby causing the node device to function as the first access point associated with the broadcast first service set identifier. In response to obtaining the follower node status assignment, the processor is further configured to connect, via the transceiver, to a second access point for wireless local area networking associated with a second service set identifier. The processor is configured to obtain the follower node status assignment by determining that the second service set identifier is based on a set membership test function ality value, and by further determining that a unique device identifier of the node device is a member of a set represented by the set membership test functionality value. The present disclosure allows bootstrapping multiple node devices for wireless local area networking with out requiring a controller device to establish a connection to each node device separately. The present disclosure further allows bootstrapping the multiple node devices with minimum user interaction. Typically, the user performing the bootstrapping needs physical access to only one node device out of the multiple node devices. The present disclosure further allows easy boot strapping of node devices that are in difficult-to-reach locations, such as those installed in ceil ings, for instance. The present disclosure further allows significantly reducing the time needed to bootstrap all the node devices, since, instead of bootstrapping each node device one by one, the user only needs to scan one node device in order to join the network and bootstrap all the node devices. The present disclosure further allows a secure way of bootstrapping the multiple node devices. For example, the leader node utilizes a unique service set identifier in the format of a set membership test functionality value, thereby reducing the possibility of an identity misbinding attack, as node devices join the group only upon verifying their unique device iden tifier against the service set identifier (set membership test functionality value). The present disclosure further allows a reliable mechanism to reset and/or release a node device from the group. That is, if a device needs to be removed from the group, the user can remove such a device while the group properties, i.e. the trust relationship and the bootstrapping, remain unchanged.

In an implementation form of the first aspect, the processor is further configured to receive the unique device identifiers of the other node devices in response to being broadcast by the other node devices, and the processor is further configured to obtain the leader node status assignment by receiving a leader node election indication from a universal election pro tocol periodically applied by the processor using the unique device identifier of the node device and the received unique device identifiers of the other node devices. When the leader node device collects the unique device identifiers of the node devices that will join the set member ship test functionality value based SSID network, the leader node device may be able to reject connection requests from unknown devices thereby reducing the possibility of misbinding.

In an implementation form of the first aspect, the universal election protocol com prises one of a mega-merger protocol or a yo-yo protocol. The use of a universal election pro tocol allows efficient election of the leader node.

In an implementation form of the first aspect, the processor is further configured to obtain the leader node status assignment by receiving a leader node selection instruction and the unique device identifiers of the other node devices from an external device. When a leader node device is selected by the external device, the selected leader node device can be used as a secondary controller device which can be used e.g. to factory reset node devices that have been previously bootstrapped e.g. when the user's device (controller device) changes. Such a feature may be desirable e.g. in hotel rooms with IoT devices where the user (guest) changes frequently and the IoT devices need to be re-bootstrapped with a controller device of a new user.

In an implementation form of the first aspect, in response to obtaining the leader node status assignment and at least one of the other node devices establishing a secure connec tion with the node device functioning as the first access point, the processor is further config ured to cause exchange, via the transceiver, of the unique device identifiers and operational credentials with the at least one of the other node devices, to thereby take ownership of the at least one of the other node devices for bootstrapping. When a follower node device connects to the access point, the leader node device can validate that the unique device identifier of the connected follower node device is in the list of received identifiers. Furthermore, the leader node device taking ownership of follower node devices allows performing a part of the boot strapping process before participation by the end user, thus simplifying and speeding up the bootstrapping process from the end-user perspective.

In an implementation form of the first aspect, in response to obtaining the leader node status assignment and the node device subsequently functioning as the first access point, the processor is further configured to receive, via the transceiver, the unique device identifiers and bootstrapping keys of at least one of the other node devices from a controller device external to the group of node devices, to thereby take ownership of the at least one of the other node devices for bootstrapping. The leader node device taking ownership of follower node devices allows performing a part of the bootstrapping process before participation by the end user, thus simplifying and speeding up the bootstrapping process from the end-user perspective.

In an implementation form of the first aspect, the processor is further configured to receive the second service set identifier in response to scanning for infrastructure mode wire less local area networks. The scanning allows obtaining the second service set identifier effectively.

In an implementation form of the first aspect, the set membership test functional ity comprises a bloom filter. A bloom filter provides an effective implementation of a set mem bership test functionality.

According to a second aspect of the present disclosure, a method is provided. The method comprises obtaining, by a node device for wireless local area networking configured to be included in a group of node devices for wireless local area networking, one of a leader node status assignment or a follower node status assignment for a bootstrapping process of the group of node devices. In response to obtaining the leader node status assignment, the method further comprises calculating, by the node device, a set membership test functionality value based on a unique device identifier of the node device and unique device identifiers of other node devices in the group of node devices; and broadcasting, by the node device, a first service set identifier associated with a first access point for wireless local area networking, the first service set iden tifier being based on the calculated set membership test functionality value, thereby causing the node device to function as the first access point associated with the broadcast first service set identifier. In response to obtaining the follower node status assignment, the method further comprises connecting, by the node device, to a second access point for wireless local area net working associated with a second service set identifier. The obtaining the follower node status assignment comprises determining that the second service set identifier is based on a set mem bership test functionality value, and further determining that a unique device identifier of the node device is a member of a set represented by the set membership test functionality value. The present disclosure allows bootstrapping multiple node devices for wireless local area net working without requiring a controller device to establish a connection to each node device separately. The present disclosure further allows bootstrapping the multiple node devices with minimum user interaction. Typically, the user performing the bootstrapping needs physical ac cess to only one node device out of the multiple node devices. The present disclosure further allows easy bootstrapping of node devices that are in difficult-to-reach locations, such as those installed in ceilings, for instance. The present disclosure further allows significantly reducing the time needed to bootstrap all the node devices, since instead of bootstrapping each node device one by one the user only needs to scan one node device in order to join the network and bootstrap all the node devices. The present disclosure further allows a secure way of bootstrapping the multiple node devices. For example, the leader node utilizes a unique service set identifier in the format of a set membership test functionality value, thereby reducing the possibility of an identity misbinding attack, as node devices join the group only upon verifying their unique device identifier against the service set identifier (set membership test functionality value). The present disclosure further allows a reliable mechanism to reset and/or release a node device from the group. That is, if a device needs to be removed from the group, the user can remove such a device while the group properties, i.e. the trust relationship and the bootstrapping, remain as is.

In an implementation form of the second aspect, the unique device identifiers of the other node devices are received in response to being broadcast by the other node devices, and the method further comprises obtaining the leader node status assignment by receiving a leader node election indication from a universal election protocol periodically applied by the node device using the unique device identifier of the node device and the received unique device identifiers of the other node devices. When the leader node device collects the unique device identifiers of the node devices that will join the set membership test functionality value based SSID network, the leader node device may be able to reject connection requests from unknown devices thereby reducing the possibility of misbinding.

In an implementation form of the second aspect, the universal election protocol comprises one of a mega-merger protocol or a yo-yo protocol. The use of a universal election protocol allows efficient election of the leader node.

In an implementation form of the second aspect, the method further comprises obtaining the leader node status assignment by receiving a leader node selection instruction and the unique device identifiers of the other node devices from an external device. When a leader node device is selected by the external device, the selected leader node device can be used as a secondary controller device which can be used e.g. to factory reset node devices that have been previously bootstrapped e.g. when the user's device (controller device) changes. Such a feature may be desirable e.g. in hotel rooms with IoT devices where the user (guest) changes frequently and the IoT devices need to be re-bootstrapped with a controller device of a new user.

In an implementation form of the second aspect, in response to obtaining the leader node status assignment and at least one of the other node devices establishing a secure connection with the node device functioning as the first access point, the method further com prises exchanging, by the node device, the unique device identifiers and operational credentials with the at least one of the other node devices, to thereby take ownership of the at least one of the other node devices for bootstrapping. When a follower node device connects to the access point, the leader node device can validate that the unique device identifier of the connected follower node device is in the list of received identifiers. Furthermore, the leader node device taking ownership of follower node devices allows performing a part of the bootstrapping pro cess before participation by the end user, thus simplifying and speeding up the bootstrapping process from the end-user perspective.

In an implementation form of the second aspect, in response to obtaining the leader node status assignment and the node device subsequently functioning as the first access point, the method further comprises receiving, by the node device, the unique device identifiers and bootstrapping keys of at least one of the other node devices from a controller device external to the group of node devices, to thereby take ownership of the at least one of the other node devices for bootstrapping. The leader node device taking ownership of follower node devices allows performing a part of the bootstrapping process before participation by the end user, thus simplifying and speeding up the bootstrapping process from the end-user perspective.

In an implementation form of the second aspect, the method further comprises receiving the second service set identifier in response to scanning for infrastructure mode wire less local area networks. The scanning allows obtaining the second service set identifier effectively.

In an implementation form of the second aspect, the set membership test func tionality comprises a bloom filter. A bloom filter provides an effective implementation of a set membership test functionality.

According to a third aspect of the present disclosure, a computer program product is provided. The computer program product comprises program code configured to perform the method according to the second aspect, when the computer program product is executed on a computer. The present disclosure allows bootstrapping multiple node devices for wireless local area networking without requiring a controller device to establish a connection to each node device separately. The present disclosure further allows bootstrapping the multiple node de vices with minimum user interaction. Typically, the user performing the bootstrapping needs physical access to only one node device out of the multiple node devices. The present disclosure further allows easy bootstrapping of node devices that are in difficult-to-reach locations, such as those installed in ceilings, for instance. The present disclosure further allows significantly reducing the time needed to bootstrap all the node devices, since instead of bootstrapping each node device one by one the user only needs to scan one node device in order to join the network and bootstrap all the node devices. The present disclosure further allows a secure way of bootstrapping the multiple node devices. For example, the leader node utilizes a unique service set identifier in the format of a set membership test functionality value, thereby reducing the possibility of an identity misbinding attack, as node devices join the group only upon verifying their unique device identifier against the service set identifier (set membership test functionality value). The present disclosure further allows a reliable mechanism to reset and/or release a node device from the group. That is, if a device needs to be removed from the group, the user can remove such a device while the group properties, i.e. the trust relationship and the bootstrapping, remain as is.

According to a fourth aspect of the present disclosure, a controller device for a group of node devices for wireless local area networking is provided. The group of node devices includes a leader node device assigned with a leader node status for a bootstrapping process of the group of node devices and functioning as an access point for wireless local area networking. The controller device comprises a transceiver and a processor. The processor is configured to obtain a unique device identifier and a bootstrapping key of a node device of the group of node devices, and a service set identifier associated with the access point and based on a set mem bership test functionality value. The processor is further configured to verify whether the ob tained unique device identifier is a member of a set represented by the set membership test functionality value. In response to the obtained unique device identifier being a member of the set represented by the set membership test functionality value, the processor is further config ured to establish, via the transceiver, an infrastructure mode connection of wireless communi cation with the access point; perform authentication with the node device of the group of node devices via the obtained bootstrapping key; and in response to the authentication being success ful, bootstrap the authenticated node device. The present disclosure allows bootstrapping mul tiple node devices for wireless local area networking without requiring a controller device to establish a connection to each node device separately. The present disclosure further allows bootstrapping the multiple node devices with minimum user interaction. Typically, the user performing the bootstrapping needs physical access to only one node device out of the multiple node devices. The present disclosure further allows easy bootstrapping of node devices that are in difficult-to-reach locations, such as those installed in ceilings, for instance. The present disclosure further allows significantly reducing the time needed to bootstrap ah the node de vices, since instead of bootstrapping each node device one by one the user only needs to scan one node device in order to join the network and bootstrap ah the node devices. The present disclosure further allows a secure way of bootstrapping the multiple node devices. For example, the leader node utilizes a unique service set identifier in the format of a set membership test functionality value, thereby reducing the possibility of an identity misbinding attack, as node devices join the group only upon verifying their unique device identifier against the service set identifier (set membership test functionality value). The present disclosure further allows a reliable mechanism to reset and/or release a node device from the group. That is, if a device needs to be removed from the group, the user can remove such a device while the group properties, i.e. the trust relationship and the bootstrapping, remain as is.

In an implementation form of the fourth aspect, the group of node devices further includes at least one follower node device assigned with a follower node status for the boot strapping process. The processor is further configured to perform authentication with at least one other node device via respective operational credentials; and in response to the authentica tion being successful, take ownership of and bootstrap the at least one other node device. Boot strapping the other node devices with the controller device allows finishing the bootstrapping process quickly and effectively.

In an implementation form of the fourth aspect, the controller device further com prises a machine-readable code scanner. The unique device identifier and the bootstrapping key of the node device of the group of node devices, and the service set identifier are obtained via scanning of a machine-readable code associated with the node device of the group of node devices, performed with the machine-readable code scanner. The code scanner allows obtaining the unique device identifier and the bootstrapping key of the node device, and the service set identifier accurately and effectively.

In an implementation form of the fourth aspect, the set membership test function ality comprises a bloom filter. A bloom filter provides an effective implementation of a set membership test functionality. According to a fifth aspect of the present disclosure, a method is provided. The method comprises obtaining, by a controller device for a group of node devices for wireless local area networking, a unique device identifier and a bootstrapping key of a node device of the group of node devices, and a service set identifier associated with an access point for wireless local area networking and based on a set membership test functionality value. The group of node devices includes a leader node device assigned with a leader node status for a bootstrapping process of the group of node devices and functioning as the access point. The method further comprises verifying, by the controller device, whether the obtained unique de vice identifier is a member of a set represented by the set membership test functionality value. In response to the obtained unique device identifier being a member of the set represented by the set membership test functionality value, the method further comprises establishing, by the controller device, an infrastructure mode connection of wireless communication with the access point; performing, by the controller device, authentication with the node device of the group of node devices via the obtained bootstrapping key; and in response to the authentication being successful, bootstrapping, by the controller device, the authenticated node device. The present disclosure allows bootstrapping multiple node devices for wireless local area networking with out requiring a controller device to establish a connection to each node device separately. The present disclosure further allows bootstrapping the multiple node devices with minimum user interaction. Typically, the user performing the bootstrapping needs physical access to only one node device out of the multiple node devices. The present disclosure further allows easy boot strapping of node devices that are in difficult-to-reach locations, such as those installed in ceil ings, for instance. The present disclosure further allows significantly reducing the time needed to bootstrap all the node devices, since instead of bootstrapping each node device one by one the user only needs to scan one node device in order to join the network and bootstrap all the node devices. The present disclosure further allows a secure way of bootstrapping the multiple node devices. For example, the leader node utilizes a unique service set identifier in the format of a set membership test functionality value, thereby reducing the possibility of an identity misbinding attack, as node devices join the group only upon verifying their unique device iden tifier against the service set identifier (set membership test functionality value). The present disclosure further allows a reliable mechanism to reset and/or release a node device from the group. That is, if a device needs to be removed from the group, the user can remove such a device while the group properties, i.e. the trust relationship and the bootstrapping, remain as is. In an implementation form of the fifth aspect, the group of node devices further includes at least one follower node device assigned with a follower node status for the boot strapping process. The method further comprises performing authentication with at least one other node device via respective operational credentials; and in response to the authentication being successful, taking ownership of and bootstrapping the authenticated at least one other node device. Bootstrapping the other node devices with the controller device allows finishing the bootstrapping process quickly and effectively.

In an implementation form of the fifth aspect, the controller device further com prises a machine-readable code scanner. The unique device identifier, the bootstrapping key of the node device of the group of node devices, and the service set identifier are obtained via scanning of a machine-readable code associated with the node device of the group of node devices, performed with the machine-readable code scanner. The code scanner allows obtaining the unique device identifier and the bootstrapping key of the node device, and the service set identifier accurately and effectively.

In an implementation form of the fifth aspect, the set membership test functional ity comprises a bloom filter. A bloom filter provides an effective implementation of a set mem bership test functionality.

According to a sixth aspect of the present disclosure, a computer program product is provided. The computer program product comprises program code configured to perform the method according to the fifth aspect, when the computer program product is executed on a computer. The present disclosure allows bootstrapping multiple node devices for wireless local area networking without requiring a controller device to establish a connection to each node device separately. The present disclosure further allows bootstrapping the multiple node de vices with minimum user interaction. Typically, the user performing the bootstrapping needs physical access to only one node device out of the multiple node devices. The present disclosure further allows easy bootstrapping of node devices that are in difficult-to-reach locations, such as those installed in ceilings, for instance. The present disclosure further allows significantly reducing the time needed to bootstrap all the node devices, since instead of bootstrapping each node device one by one the user only needs to scan one node device in order to join the network and bootstrap all the node devices. The present disclosure further allows a secure way of bootstrapping the multiple node devices. For example, the leader node utilizes a unique service set identifier in the format of a set membership test functionality value, thereby reducing the possibility of an identity misbinding attack, as node devices join the group only upon verifying their unique device identifier against the service set identifier (set membership test functionality value). The present disclosure further allows a reliable mechanism to reset and/or release a node device from the group. That is, if a device needs to be removed from the group, the user can remove such a device while the group properties, i.e. the trust relationship and the bootstrapping, remain as is.

Many of the features will be more readily appreciated as they become better un derstood by reference to the following detailed description considered in connection with the accompanying drawings.

DESCRIPTION OF THE DRAWINGS

In the following, example embodiments are described in more detail with refer ence to the attached figures and drawings, in which:

Fig. 1 A is a block diagram illustrating an example system in which various em bodiments of the present disclosure may be implemented;

Fig. IB is a block diagram illustrating a node device for wireless local area networking;

Fig. 1C is a block diagram illustrating a controller device for a group of node devices for wireless local area networking;

Fig. 2 is a flow diagram illustrating a method according to the present disclosure;

Fig. 3 is another flow diagram illustrating a method according to the present dis closure; and

Figs. 4A-4D are diagrams further illustrating the bootstrapping mechanisms of the example embodiments.

In the following, identical reference signs refer to identical or at least functionally equivalent features.

DETAILED DESCRIPTION

In the following description, reference is made to the accompanying drawings, which form part of the disclosure and show, by way of illustration, specific aspects of the pre sent disclosure. It is understood that other aspects may be utilized and structural or logical changes may be made without departing from the scope of the present disclosure. The following detailed description, therefore, is not to be taken in a limiting sense, as the scope of the present disclosure is defined in the appended claims.

For instance, it is understood that a disclosure in connection with a described method may also hold true for a corresponding device or system configured to perform the method and vice versa. For example, if a specific method step is described, a corresponding device may include a unit to perform the described method step, even if such unit is not explic itly described or illustrated in the figures. On the other hand, for example, if a specific apparatus is described based on functional units, a corresponding method may include a step performing the described functionality, even if such step is not explicitly described or illustrated in the figures. Further, it is understood that the features of the various example aspects described herein may be combined with each other, unless specifically noted otherwise.

In the following, a general description of conventional bootstrapping of Internet of Things (IoT) devices is provided.

As mentioned earlier, in order for a user to be able to access and use IoT devices, they typically first need to be configured to be in an operational mode. Herein, the process used to change a device from a non-operational mode to an operational mode is called bootstrapping.

Typically, the bootstrapping of IoT devices may comprise three main phases:

1) pairing a resource-constrained IoT device with a controller device, such as a smartphone;

2) taking ownership of the IoT device by exchanging identities and needed credentials for mutual authentication of the entities, and securing communication between such entities; and

3) configuring the device to be operational, that is, for the user to be able to monitor, control, and command the device.

IoT devices may be, e.g., internet protocol (IP)-capable. Typically, the bootstrapping procedure of IP-capable devices may include the following steps:

- an IoT device boots up in a Wi-Fi access point (AP) mode and advertises its own network with a human-recognizable SSID (service set identifier) name;

- a controller device joins the network with the SSID advertised by the IoT device;

- the controller device bootstraps the IoT device over the SSID network and follows the above described steps 1) to 3). As a result, the IoT device now has the necessary credentials to join the user’s home network;

- the IoT device switches from the AP mode to an operational mode;

- the IoT device joins the user’s private home Wi-Fi network;

- the user gains access and can now control the IoT device over his private home Wi-Fi network. Thus, a conventional bootstrapping procedure is done individually so that a con troller device needs to establish a connection to each IoT device separately. Furthermore, the user needs physical access to each IoT device. That is, the user will have to reach each IoT device even when they are installed in non-accessible locations (such as on the ceiling) and bootstrap them.

As will be discussed in more detail below, the bootstrapping procedure according to the present disclosure allows bootstrapping multiple node devices for wireless local area networking without requiring a controller device to establish a connection to each node device separately. The bootstrapping procedure according to the present disclosure further allows boot strapping the multiple node devices with minimum user interaction. For example, the user per forming the bootstrapping may need physical access to only one node device out of the multiple node devices.

An example use case of the present disclosure is a smart home/building where the IoT devices are installed by a building maintenance company for each apartment and then used by apartment owners/residents. Such an installation is usually done prior to the apartment owners/residents moving into the apartments. That is, users (e.g. apartment owners/residents) may not be involved in the installation, and may not even have physical access to all the IoT devices that were installed. Such devices can be installed e.g. in places like room ceilings, roof, and/or other non-easily-accessible locations. The bootstrapping procedure according to the pre sent disclosure allows these users (e.g. apartment owners/residents) who move into an apartment to take IoT devices into operation (bootstrap) at any time.

As will be described in more detail below, in at least some embodiments of the present disclosure, the bootstrapping process may include, e.g., three phases, such that the first two phases can take place, e.g., ahead of time without the involvement of users (or end-users), whereas the last phase (i.e. the phase in which a user takes ownership of the IoT devices) can happen at a later time with the users’ involvement.

Separating the bootstrapping procedure into these three phases in this way increases the degree of freedom of when an end-user may take ownership of IoT devices. For example, IoT devices can first be installed by a third party (e.g. a building maintenance company), and later the end-user can finish the bootstrapping procedure with only a small amount of interaction with the IoT devices at their convenience.

Next, example embodiments of a node device 110A for wireless local area networking and a controller device 120 for a group of node devices 110A-110F for wireless local area networking are described based on Figs. 1 A, IB and 1C. Some of the features of the described devices are optional features which provide further advantages.

Fig. 1A is a block diagram illustrating an example system 100 in which various embodiments of the present disclosure may be implemented. The system 100 comprises a wire less local area network (WLAN) or a Wi-Fi network 150, such as an IEEE 802.11 network. A group of node devices 1 lOA-110F, a controller device 120, and another external device (e.g. an installer device) 130 are wirelessly connected to the network 150. As discussed in more detail below, the node devices 110A-110F may comprise Internet-of- Things (IoT) devices, and the controller device 120 and the installer device 130 may be used to assist in the bootstrapping procedure.

Fig. IB is a block diagram that illustrates a node device 110A for wireless local area networking. In an embodiment, the node device 110A may comprise an Internet-of-Things (IoT) device capable of communication via wireless local area networking. Such IoT devices may include but are not limited to sensors, actuators, smart locks, light bulbs, home appliances, weather sensors, and the like. The node device 110A is configured to be included in a group of node devices 1 lOA-110F for wireless local area networking.

The node device 110A for wireless local area networking comprises at least one processor or a processing unit 112A and optionally at least one memory 113 A coupled to the at least one processor 112 A, which may be used to implement the functionalities described later in more detail. The node device 110A further comprises at least one transceiver 111A (or a receiving unit/receiver and/or a transmitting unit/transmitter) coupled to the at least one proces sor 112 A.

The at least one processor 112A may include, e.g., one or more of various processing devices, such as a co-processor, a microprocessor, a controller, a digital signal processor (DSP), a processing circuitry with or without an accompanying DSP, or various other processing devices including integrated circuits such as, for example, an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a microcontroller unit (MCU), a hardware accelerator, a special-purpose computer chip, or the like.

The at least one memory 113 A may be configured to store e.g. computer programs and the like. The at least one memory 113 A may include one or more volatile memory devices, one or more non-volatile memory devices, and/or a combination of one or more volatile memory devices and non-volatile memory devices. For example, the at least one memory 113 A may be embodied as magnetic storage devices (such as hard disk drives, etc.), optical magnetic storage devices, and semiconductor memories (such as mask ROM, PROM (programmable ROM), EPROM (erasable PROM), flash ROM, RAM (random access memory), etc ).

The processor 112A may be configured to broadcast, via the transceiver 111 A, a unique device identifier of the node device 110 A. The processor 112A may be further config ured to scan, via the transceiver 111A, for other node devices. Since in the examples of Figs. 1A-1C, the other node devices 110B-110F may also be broadcasting their respective unique device identifiers, the processor 112A may receive, via the transceiver 111A, unique device identifiers of at least some of the other node devices 110B- 11 OF in response to scanning for other node devices. A unique device identifier of at least some of the node devices 1 lOA-110F may comprise e.g. a universally unique identifier (UUID).

The processor 112A may be further configured to scan, via the transceiver 111 A, for infrastructure mode wireless local area networks. In the examples of Figs. 1A-1C, at least some of the other node devices 1 lOB-110F may also be scanning for infrastructure mode wire less local area networks.

For example, in order for the node devices 110A-110F to form a network, they may first discover each other, e.g. by exchanging messages via IEEE 802.11 management frames. That is, the node devices 110A-110F may be advertising their identity using 802.11 management frames and at the same time listening for the 802.11 frames to discover other de vices nearby. Once the node devices 110A-110F have discovered each other, they may, e.g., form an ad-hoc network, and then, e.g., interact among each other to establish a group leader node (described below in more detail).

In other words, an IEEE 802.11 network may operate in an ad-hoc mode or an infrastructure mode. The ad-hoc mode is also called independent basic service set (IBSS) mode, and all the devices operate in a peer-to-peer mode in it. In an infrastructure mode, all the devices connect to an access point. In at least some of the disclosed example embodiments, the node devices 110A-110F may connect with each other in ad-hoc mode to exchange their identities and elect a leader. Alternatively, the node devices 1 lOA-110F may use the infrastructure mode, thereby using IEEE 802.11 management frames to advertise their identity, listen for IEEE 802.11 management frames to discover the other devices nearby, and scan for available SSID networks. As will be described in more detail below, when using the ad-hoc mode, the first node device (elected leader) becomes an access point, and the other node devices switch to the infrastructure mode. When using the infrastructure mode, the elected leader node may change its access point SSID to a calculated set membership test functionality value (described below in more detail). The processor 112A is further configured to obtain a leader node status assign ment or a follower node status assignment for a bootstrapping process of the group of node devices 110A-110F.

In an embodiment of the node device 110A, the processor 112A may be config ured to obtain the leader node status assignment by receiving a leader node election indication from a universal election protocol. The universal election protocol may be periodically applied by the processor 112A using the unique device identifier of the node device 110A and the re ceived unique device identifiers of the other node devices 110B-110F. For example, the uni versal election protocol may comprise a mega-merger protocol or a yo-yo protocol.

In an embodiment, the nodes devices 1 lOA-110F may exchange election protocol messages to complete the election protocol, and this exchange of election protocol messages may comprise multiple rounds of messages depending on the protocol. An example includes a probabilistic approach in which a resourceful node sets a bit to indicate that the node is likely to become the leader and less resourceful nodes set the bit to e.g. 0 to indicate that they do not intend to be a leader. In a case in which there are two or more resourceful nodes indicating to become the leader, they may set or unset the bit e.g. by using probabilistic algorithms, or they may randomly turn the bit on or off until a leader among them is selected.

The mega-merger protocol is a universal election protocol that works by con structing a rooted spanning tree of a network, where the root is the elected leader in the final spanning tree. Rooted spanning trees are merged together until a tree which covers the whole network has been constructed.

The yo-yo protocol is a distributed protocol (or algorithm) aimed at minimum finding and leader election in a generic connected undirected graph. The yo-yo protocol pro ceeds by consecutive elimination and a graph-reduction technique called pruning. The yo-yo protocol is divided into a pre-processing phase followed by a cyclic repetition of a forward phase, called “Yo-“ and a backward one, called “-Yo”.

In other words, the processor 112A may be configured to periodically evaluate the universal election protocol using the received unique device identifiers and the unique de vice identifier of the node device 110 A. The periodical evaluation may be performed for a pre defined time. If the universal election protocol indicates that the node device 110A is elected as the leader, the processor 112A may be configured to stop broadcasting the unique device identifier of the node device 110A as well as stop scanning for the other node devices and the infrastructure mode wireless local area networks. Accordingly, the node device 110A becomes the leader node. Thus, when a leader node device is elected using the universal election protocol, the elected leader node device may provide a gateway via its access point for the follower node devices to connect to.

Diagram 410 of Fig. 4A further illustrates this. In the example of Fig. 4A, the node devices 1 lOA-110F support and are involved in a universal leadership election protocol, such as the mega-merger or yo-yo -protocols. Such protocols may e.g. construct a rooted span ning tree or implement a minimum-finding protocol, respectively. As a result, the root of the tree may become the leader of the network (group). The elected leader node device 110A may collect the unique device identifiers D1-D5 of the other node devices 1 lOB-110F that are mem bers of the network. Optionally, the elected leader node device 110A may also collect corre sponding bootstrapping keys (such as passphrases, shared secrets, or the like) S1-S5 of the other node devices 1 lOB-110F, e.g. when the other node devices 1 lOB-110F are configured to trust a leader node. This may have an advantage in that, during the final bootstrapping phase, a leader node device can verify that a controller device has knowledge of e.g. a shared secret of one of the nodes devices that the controller device interacts with, without having to send a query mes sage to this node device. Alternatively, during the verification phase, the leader node device may request a particular node device to verify that the controller device has interacted with it.

When the leader node device collects the unique device identifiers of the node devices that will join the bloom filter based SSID network, the leader node device may be able to reject connection requests from unknown devices to reduce the chance of misbinding.

In another embodiment of the node device 110A, the processor 112A may be con figured to obtain the leader node status assignment by receiving a leader node selection instruc tion and the unique device identifiers of the other node devices 110B- 11 OF from an external device 130, such as an installer device. The installer device 130 may comprise e.g. a device (e.g. a smartphone, a tablet computer, a smartwatch or other wearable device, a laptop com puter, or the like) that a party (such as a building maintenance company) installing the node devices 1 lOA-110F is using. In an embodiment, the installer device 130 and the controller de vice 120 (described in more detail below) may be integrated as a single device.

In other words, the processor 112A may be configured to receive an indication from the external/installer device 130 that the node device 110A has been selected to be the leader node, as well as a list of the unique device identifiers of the other node devices 11 OB- 11 OF. Accordingly, the node device 110A becomes the leader node.

Diagram 420 of Fig. 4B further illustrates this. In the example of Fig. 4B, the processor 112A of the selected leader node 110A may be further configured to authenticate the installer device 130. In order to do so, the leader node 110A may be provisioned with e.g. a trust anchor, thereby being able to e.g. validate a certificate of the installer device 130. After authenticating the installer device 130, the two entities (i.e. leader node 110A and the installer device 130) may establish a secure communication channel. The installer device 130 may trans fer to the leader node 110A the unique device identifiers D1-D5 of the other node devices 11 OB- 11 OF that will form the network. The installer device 130 may obtain the unique device identi fier information and optionally corresponding bootstrapping keys (such as passphrases, shared secrets, or the like) S1-S5 of the other node devices 110B-110F e.g. by scanning individual node devices or from other sources such as a centralized server.

In other words, when a leader node device is selected by the installer device 130, the selected leader node device may provide a gateway via its access point for the follower node devices to connect to. In this embodiment, the leader node device may not be directly involved in the bootstrapping. That is, there may be no partial bootstrapping with the follower node de vices. Instead, the leader node device acts as an access point to which all the follower node devices and the controller device may connect. The controller device has prior knowledge of the follower node devices, including e.g. the unique device identities and bootstrapping keys. This information may be obtained e.g. from a centralized server, or the user may scan this in formation e.g. from the follower node devices or e.g. from a printed paper or the like with this information. When the controller device joins the network operated by the leader node device, the controller device may receive the information on how to connect to the follower node de vices. For example, the controller device may query the leader node device with the identity of the follower node device and in return receive the IP address of the follower node device in the network.

In this case, the follower node devices do not need to trust the leader node device for bootstrapping. The leader node device acts as an access point facilitator. This may have the advantage of avoiding a situation in which the follower node devices begin in access point mode and the controller device joins the network of each follower node device to bootstrap them. However, bootstrapping still happens between a follower node device and the controller device within a single network operated by the leader node device.

The controller device 120 may be used e.g. to scan (or an end user may manually input with the controller device 120) bootstrapping keys (such as passphrases, shared secrets, or the like) S1-S6 of at least some of the node devices 110A-110F. To facilitate this, at least some of the node devices 110A-110F may further comprise an element configured to display human-readable or machine-readable codes (e.g. QR codes) that comprise information that can be used for secure bootstrapping. Herein, this element is referred to as an out-of-band channel. The out-of-band channel may include e.g. a label attached to an outer surface of a node device 110A-110F. In another example, the out-of-band channel may include e.g. a display device included in a node device 110A-110F and configured to display the human-readable or ma chine-readable code. In both cases the code may be static, but in the latter case the code may alternatively be dynamic (e.g. a code that is active only at a certain time).

When a leader node device is selected by the installer device, the selected leader node device can be used as a secondary controller device which can be used e.g. to factory reset node devices that have been previously bootstrapped e.g. when the user's device (controller device) changes. Such a feature may be desirable e.g. in hotel rooms with IoT devices where the user (guest) changes frequently and the IoT devices need to be re-bootstrapped with a con troller device of a new user.

In response to obtaining the leader node status assignment, the processor 112A is configured to calculate a set membership test functionality value based on a unique device iden tifier of the node device 110A and unique device identifiers of other node devices 1 lOB-110F in the group of node devices 1 lOA-110F.

For example, the set membership test functionality may comprise a bloom filter. The bloom filter is a space-efficient probabilistic data structure that may be used e.g. to check for set membership, i.e. whether element x is a member of set S.

An example of a bloom filter B is implemented by a single array of M bits, where M is the filter size. On filter creation, all M bits are set to 0. B_m represents a bit with index m where m ranges from [0, M-l] The bloom filter is then parameterized by a constant k that defines the number of hash functions. Then each hash function ho, hi,..., h_k-i maps an input element to an index in the range [0, M-l] Only insert (or add) and query operations may be permitted. Delete or remove operation may not be allowed.

To query for an element in the set, it is passed to each of the k hash functions to get k integer array indexes. If any of the bits at these indexes are 0, the element is not in the set. If all of the bits are 1, then the element may be in the set.

For example, when obtaining the leader node status assignment via the universal leadership election protocol, the leader node 110A may calculate a bloom filter value based on the collected unique device identifiers D1-D5 and the unique device identifier D6 of the leader node 110A.

As a further example, when obtaining the leader node status assignment via the selection instruction from the external device 130, the leader node 110A may calculate a bloom filter value using the unique device identifiers D1-D5 that the installer device 130 transferred, as well as the unique device identifier D6 of the leader node 110 A.

Further in response to obtaining the leader node status assignment, the processor 112A is configured to broadcast, via the transceiver 111 A, a first service set identifier (SSID) associated with a first access point for wireless local area networking, thereby causing the node device 110A to function as the first access point associated with the broadcast first SSID. The first SSID is based on the calculated set membership test functionality value.

In other words, the leader node device 110A may calculate a value with the set membership test functionality using the received identifiers and its own identifier and start a Wi-Fi access point whose SSID is based on this calculated value.

For example, when obtaining the leader node status assignment via the universal leadership election protocol, the leader node 110A may switch into AP (access point) mode and advertise the calculated bloom filter value as the SSID of the network. As a result, the SSID is unique for each network. Other node devices may then join the SSID network after verifying that their respective unique device identifiers are members of the bloom filter value.

As a further example, when obtaining the leader node status assignment via the selection instruction from the external device 130, the leader node 110A may turn into AP mode and advertise the calculated bloom filter value as its network SSID. Other node devices may then connect to the SSID network after verifying that their respective unique device identifiers are members of the bloom filter value. To prevent unknown node devices from joining the network, the leader node 110A may reject connections from any node device that is not in the list of the transferred unique device identifiers.

In response to obtaining the follower node status assignment, the processor 112A is configured to connect, via the transceiver 111 A, to a second access point for wireless local area networking associated with a second service set identifier (SSID). The processor 112A may be configured to receive the second SSID in response to scanning for infrastructure mode wireless local area networks. The processor 112A is configured to obtain the follower node status assignment by determining that the second SSID is based on a set membership test func tionality value, and by further determining that a unique device identifier of the node device 110A is a member of a set represented by the set membership test functionality value.

In other words, if any of the node devices 1 lOA-110F discovers a WiFi network that has an SSID which evaluates as true when run through a set membership test functionality with the unique device identifier of the node device in question, then the node device may stop broadcasting its own identity and stop scanning, and become a follower device. For example, node devices 1 lOA-110F may scan for networks with an SSID that is based on a bloom filter value. When they find such a network, the node devices verify that their own unique device identifier contributes to the bloom filter value. If the verification is successful, the node device knows it is connecting to the correct network. The other node de vices may trust the leader node device based on the principle of a so-called “resurrecting duck ling” imprinting model. That is, “when a device is powered on, it recognizes as its owner the first entity it connects to”.

In an embodiment of the node device 110A, in response to obtaining the leader node status assignment and at least one of the other node devices 11 OB- 11 OF establishing a secure connection (e.g. a TLS (transport layer security) / DTLS (datagram transport layer secu rity) connection) with the node device 110A functioning as the first access point, the processor 112A may be further configured to cause exchange, via the transceiver 111A, of the unique device identifiers and operational credentials keys with the at least one of the other node devices 1 lOB-110F, to thereby take ownership of the at least one of the other node devices 1 lOB-110F for bootstrapping. When follower node devices connect to the access point, the leader node device may validate that the unique device identifier of the connected follower node device is in the list of received identifiers.

For example, follower node devices may establish a TLS/DTLS connection for pairing with the leader node device which they may trust already. In turn, the leader node device may take ownership of the follower node devices. In an embodiment, the leader node device and the follower node devices may exchange identities, and the leader node device may provide the follower node devices with operational credentials for authenticating and securing future communications, as illustrated in diagram 430 of Fig. 4C. Examples of the operational creden tials may include an asymmetric key pair (e.g. generated by the follower node device(s) or imported from the leader node device), and optionally a certificate associated with the asym metric key pair and issued by the leader node device. In addition, the follower node device(s) may be provisioned with trust roots, such as root certificates that are explicitly trusted by the follower nodes and used to validate certificates of other entities. These locally_ issued certifi cates may form a local public key infrastructure (PKI) that can be used in various protocols to perform mutual authentication of end points and secure communications.

In another embodiment of the node device 110A, in response to obtaining the leader node status assignment and the node device 110A subsequently functioning as the first access point, the processor 112A may be further configured to receive, via the transceiver 111 A, the unique device identifiers and bootstrapping keys of at least one of the other node devices 1 lOB-110F from a controller device 120 external to the group of node devices 1 lOA-110F, to thereby take ownership of the at least one of the other node devices 1 lOB-110F for bootstrap ping.

In other words, the leader node device may receive and maintain a list of the unique device identifiers D1-D5 and corresponding bootstrapping keys (such as passphrases, shared secrets, or the like) S1-S5 of the follower node devices 1 lOB-110F in the network from the controller device 120 (such as the user’s smartphone). The controller device 120 may ac quire a priori the unique device identifiers of the follower node devices that will join the leader node device. In turn, the leader node device may take ownership of the follower node devices. More specifically, they may exchange identities and the leader node device may provide the follower node devices with operational credentials for authenticating and securing future com munications.

Fig. 1C is a block diagram that illustrates the controller device 120 for the group of node devices 110A-110F for wireless local area networking. In an embodiment, the controller device 120 may comprise a client device that may be any of various types of devices used directly by an end user entity and capable of capable of communication via wireless local area networking, such as a user equipment (UE). Such devices include but are not limited to smartphones, tablet computers, smartwatches and other wearable devices, laptop computers, and the like.

As discussed above in connection with Figs. 1 A and IB, the group of node devices 1 lOA-110F includes a leader node device 110A that has been assigned with a leader node status for a bootstrapping process of the group of node devices 110A-110F. The leader node device 110A functions as an access point for wireless local area networking. The group of node devices 1 lOA-110F may further include at least one follower node device 1 lOB-110F assigned with a follower node status for the bootstrapping process.

The controller device 120 comprises at least one processor or a processing unit 122 and optionally at least one memory 123 coupled to the at least one processor 122, which may be used to implement the functionalities described later in more detail. The controller de vice 120 further comprises at least one transceiver 121 (or a receiving unit/receiver and/or a transmitting unit/transmitter) coupled to the at least one processor 122. The controller device 120 may further comprise a machine-readable code scanner 124, such as a digital camera.

The at least one processor 122 may include e.g. one or more of various processing devices, such as a co-processor, a microprocessor, a controller, a digital signal processor (DSP), a processing circuitry with or without an accompanying DSP, or various other processing devices including integrated circuits such as, for example, an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a microcontroller unit (MCU), a hardware accelerator, a special-purpose computer chip, or the like.

The at least one memory 123 may be configured to store e.g. computer programs and the like. The at least one memory 123 may include one or more volatile memory devices, one or more non-volatile memory devices, and/or a combination of one or more volatile memory devices and non-volatile memory devices. For example, the at least one memory 123 may be embodied as magnetic storage devices (such as hard disk drives, etc.), optical magnetic storage devices, and semiconductor memories (such as mask ROM, PROM (programmable ROM), EPROM (erasable PROM), flash ROM, RAM (random access memory), etc ).

The processor 122 is configured to obtain a unique device identifier and a boot strapping key (such as a passphrase, shared secret, or the like) of a node device of the group of node devices 110A-110F, and a service set identifier (SSID) associated with the access point and based on a set membership test functionality value.

For example, the unique device identifier, the bootstrapping key of the node de vice of the group of node devices 1 lOA-110F, and the SSID may be obtained via scanning of a machine-readable code associated with the node device of the group of node devices 110A- 110F, performed with the machine-readable code scanner 124. The machine-readable code may comprise e.g. QR (quick response) code, a bar code, or the like. The machine-readable code may e.g. be printed or otherwise arranged on the node device.

The processor 122 is further configured to verify whether the obtained unique device identifier is a member of a set represented by the set membership test functionality value. The set membership test functionality may comprise a bloom filter, as discussed above in con nection with Fig. IB in more detail.

For example, as illustrated in diagram 440 of Fig. 4D, the controller device 120 may scan the QR code of any of the node devices 1 lOA-110F. The QR code may contain the unique identity of the node device itself, the passphrase or the like, and the bloom filter param eters.

In response to the obtained unique device identifier being a member of the set represented by the set membership test functionality value, the processor 122 is further config ured to establish, via the transceiver 121, an infrastructure mode connection of wireless com munication with the access point. For example, as illustrated in diagram 440 of Fig. 4D, the controller device 120 may identify the scanned node device and join the network that has the bloom filter value as an SSID if the node device it scanned is a member of the bloom filter value.

After establishing the infrastructure mode, the processor 122 is further configured to perform authentication with the node device of the group of node devices 110A-110F (e.g. the leader node device 110A) via the obtained bootstrapping key. In response to the authenti cation being successful, the processor 122 is further configured to bootstrap the authenticated node device. The processor 122 may be further configured to perform authentication with at least one node device (e.g. at least one follower node device 1 lOB-110F) via respective opera tional credentials, obtained e.g. from the leader node device 110A. As discussed above in con nection with Fig. IB, the leader node device 110A may provide the follower node devices 1 lOB-110F with operational credentials including a public key of an asymmetric key pair. The controller device 120 may receive the same public key(s) of the follower node devices 110B- 110F from the leader node device 110A for use in authenticating with the follower node devices 1 lOB-110F. Furthermore, at the end of the bootstrapping, the controller device 120 may issue certificates for the public keys. In addition to receiving the public keys, the controller device 120 may also receive information on how to connect to the follower node devices 1 lOB-110F (such as IP addresses) within the network (i.e. the SSID network operated by the leader node device 110A).

In response to the authentication being successful, the processor 122 may be fur ther configured to take ownership of and bootstrap the authenticated at least one other node device.

For example, as illustrated in diagram 440 of Fig. 4D, the controller device 120 may use the passphrase or the like obtained above to authenticate itself to the leader node device 110A. The node device that the controller device 120 scanned may or may not be the leader node device 110 A. The passphrase or the like allows the controller device 120 to bind with the leader node device 110A, and consequently with the follower devices 110B- 11 OF. For example, the leader node 110A may rely on the scanned device to verify the passphrase, or the leader node 110A may already have access to the passphrase or the like, via other means, to verify it. Such other means may include, for example, the leader node device 110A having a capability to scan the passphrase or the like, or the passphrase or the like may have been provided to the leader node device 110A by the controller device 120 or the installer device 130. Alternatively, the authentication mechanism may be based on a PKI in which case the leader node device 110A may only need the root certificate or the certification authority (CA) certificate of the device certificate of the follower node device. These root and CA certificates may be considered as explicitly trusted by the leader node device 110 A. The leader node device 110A may validate the device certificate of the follower node device and subsequently use PKI mechanisms to authenticate the follower node device.

Upon authenticating to the leader node device 110A, the controller device 120 may bootstraps with the leader node device 110 A. Consequently, the controller device 120 may authenticate all the node devices in the SSID network based on the operational credentials ex changed earlier. Finally, the controller device 120 may take ownership of the node devices and configure them with necessary credentials to join the user’s private home network. That is, even the leader node device 110A may cease being an access point and connect to user’s private home network instead.

Fig. 2 is a flow diagram illustrating a method 200 according to an embodiment.

At optional operation 201, a node device for wireless local area networking con figured to be included in a group of node devices for wireless local area networking may start broadcasting its unique device identifier, scanning for other node devices, and scanning for infrastructure mode wireless local area networks.

A leader node status assignment may be obtained at operation 202 by the node device. Alternatively, a follower node status assignment may be obtained at operation 210 by the node device. Both the leader node status assignment and the follower node status assignment are for a bootstrapping process of the group of node devices.

In response to obtaining the leader node status assignment at operation 202, at optional operation 203 the leader node device may stop broadcasting its unique device identifier as well as stop scanning for other node devices and for the infrastructure mode wireless local area networks.

At operation 204, a set membership test functionality value is calculated by the leader node device based on its unique device identifier and the unique device identifiers of the follower node devices.

At operation 205, a first service set identifier associated with a first access point for wireless local area networking is broadcast by the leader node device, thereby causing the leader node device to function as the first access point associated with the broadcast first service set identifier. The first service set identifier is based on the calculated set membership test func tionality value.

At optional operation 206, the leader node device may exchange the unique device identifiers and operational credentials with at least one connecting follower node device, to thereby take ownership of the connecting the follower node devices for bootstrapping at op tional operation 207. Furthermore, if a unique device identifier of a connecting follower node device is not among the unique device identifiers that were used to calculate the membership functionality value in operation 204, the connection may be denied by the leader node. If the unique device identifier of the connecting follower node device is among the unique device identifiers that were used to calculate the membership functionality value in operation 204, the connection may be granted by the leader node.

At optional operation 208, the leader node device may perform authentication with the controller device.

At optional operation 209, the leader node device may perform bootstrapping with the controller device.

In response to obtaining the follower node status assignment at operation 210, at optional operation 211, the follower node device may stop broadcasting its unique device iden tifier as well as stop scanning for other node devices and for the infrastructure mode wireless local area networks. The obtaining of the follower node status assignment comprises determin ing that a second service set identifier associated with a second access point for wireless local area networking is based on a set membership test functionality value, and further determining that the unique device identifier of the follower node device is a member of a set represented by this set membership test functionality value.

At operation 212, the follower node device connects to the second access point, thereby allowing the leader node device of the second access point to optionally take ownership of the follower node device.

At optional operation 213, the follower node device may perform authentication with the controller device.

At optional operation 214, the follower node device may perform bootstrapping with the controller device.

The method 200 may be performed by the node devices 110A-110F. The opera tions 201-214 can, for example, be performed by the at least one processor 112 A, the transceiver 111A, and the memory 113 A. Further features of the method 200 directly result from the functionalities and parameters of the node devices 1 lOA-110F and thus are not repeated here. The method 200 can be performed by a computer program.

Fig. 3 is another flow diagram illustrating a method according to an embodiment.

At operation 301, a controller device for a group of node devices for wireless local area networking obtains a unique device identifier and a bootstrapping key of a node device of the group of node devices, and a service set identifier associated with an access point for wire less local area networking and based on a set membership test functionality value. The group of node devices includes a leader node device assigned with a leader node status for a boot strapping process of the group of node devices and functioning as the access point. The group of node devices further includes at least one follower node device assigned with a follower node status for the bootstrapping process.

At operation 302, the controller device verifies whether the obtained unique de vice identifier is a member of a set represented by the set membership test functionality value.

In response to the obtained unique device identifier being a member of the set represented by the set membership test functionality value, the controller device establishes an infrastructure mode connection of wireless communication with the access point, at operation 303. Otherwise, the method may return to operation 301 or exit.

At operation 304, the controller device performs authentication with one of the node devices via the obtained bootstrapping key. In the example of Fig. 3, the controller device performs authentication with the leader node device.

In response to the authentication being successful, the controller device bootstraps the leader node device, at operation 305.

At optional operation 306, the controller device may perform authentication with the follower node device(s) via respective operational credentials obtained from the leader node device.

In response to the authentication being successful, the controller device may boot strap the follower node device(s) at optional operation 307.

The method 300 may be performed by the controller device 120. The operations 301-307 can, for example, be performed by the at least one processor 122, the transceiver 121, the memory 123, and the machine-readable code scanner 124. Further features of the method 300 directly result from the functionalities and parameters of the controller device 120 and thus are not repeated here. The method 300 can be performed by a computer program.

The functionality described herein can be performed, at least in part, by one or more computer program product components such as software components. According to an embodiment, the node devices 110A-110F and the controller device 120 comprise respective processors configured by program code when executed to execute the embodiments of the op erations and functionality described. Alternatively, or in addition, the functionality described herein can be performed, at least in part, by one or more hardware logic components. For ex ample, and without limitation, illustrative types of hardware logic components that can be used include Field-programmable Gate Arrays (FPGAs), Program-specific Integrated Circuits (ASICs), Program-specific Standard Products (ASSPs), System-on-a-chip systems (SOCs), Complex Programmable Logic Devices (CPLDs), and Graphics Processing Units (GPUs).

Any range or device value given herein may be extended or altered without losing the effect sought. Also any embodiment may be combined with another embodiment unless explicitly disallowed.

Although the subject matter has been described in language specific to structural features and/or acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as examples of implementing the claims and other equivalent features and acts are intended to be within the scope of the claims.

It will be understood that the benefits and advantages described above may relate to one embodiment or may relate to several embodiments. The embodiments are not limited to those that solve any or all of the stated problems or those that have any or all of the stated benefits and advantages. It will further be understood that reference to 'an' item may refer to one or more of those items.

The steps of the methods described herein may be carried out in any suitable order, or simultaneously where appropriate. Additionally, individual blocks may be deleted from any of the methods without departing from the spirit and scope of the subject matter described herein. Aspects of any of the embodiments described above may be combined with aspects of any of the other embodiments described to form further embodiments without losing the effect sought.

The term 'comprising' is used herein to mean including the method, blocks or el ements identified, but that such blocks or elements do not comprise an exclusive list and a method or apparatus may contain additional blocks or elements.

It will be understood that the above description is given by way of example only and that various modifications may be made by those skilled in the art. The above specification, examples and data provide a complete description of the structure and use of example embodi ments. Although various embodiments have been described above with a certain degree of par ticularity, or with reference to one or more individual embodiments, those skilled in the art could make numerous alterations to the disclosed embodiments without departing from the scope of this specification.

Claims

CLAIMS:

1. A node device (110A) for wireless local area networking, the node device (110A) comprising: a processor (112 A); and a transceiver (111 A), wherein the node device (110 A) is configured to be included in a group of node devices (1 lOA-110F) for wireless local area networking, and the processor (112 A) is configured to: obtain one of a leader node status assignment or a follower node status assignment for a bootstrapping process of the group of node devices (1 lOA-110F); in response to obtaining the leader node status assignment: calculate a set membership test functionality value based on a unique device identifier of the node device (110 A) and unique device identifiers of other node devices (11 OB- 11 OF) in the group of node devices (1 lOA-110F)110F; and broadcast, via the transceiver (111 A), a first service set identifier associated with a first access point for wireless local area networking, the first service set identifier being based on the calculated set membership test functionality value, thereby causing the node device (110A) to function as the first access point associated with the broadcast first service set identifier; and in response to obtaining the follower node status assignment: connect, via the transceiver (111 A), to a second access point for wireless local area networking associated with a second service set identifier, wherein the processor (112A) is configured to obtain the follower node status assignment by determining that the second service set identifier is based on a set membership test functionality value, and by further determining that a unique device identifier of the node device (110A) is a member of a set represented by the set membership test functionality value.

2. The node device (110A) according to claim 1, wherein the processor (112A) is further configured to receive the unique device identifiers of the other node devices (110B- 110F) in response to being broadcast by the other node devices (1 lOB-110F), and the processor (112 A) is further configured to obtain the leader node status assignment by receiving a leader node election indication from a universal election protocol periodically applied by the processor (112A) using the unique device identifier of the node device (110A) and the received unique device identifiers of the other node devices (1 lOB-110F).

3. The node device (110A) according to claim 2, wherein the universal election protocol comprises one of a mega-merger protocol or a yo-yo protocol.

4. The node device (110A) according to claim 1, wherein the processor (112A) is further configured to obtain the leader node status assignment by receiving a leader node selection instruction and the unique device identifiers of the other node devices (110B-110F) from an external device (130).

5. The node device (110A) according to any one of claims 1 to 4, wherein, in response to obtaining the leader node status assignment and at least one of the other node devices (1 lOB-110F) establishing a secure connection with the node device (110A) functioning as the first access point, the processor (112A) is further configured to cause exchange, via the transceiver (111 A), of the unique device identifiers and operational credentials with the at least one of the other node devices (1 lOB-110F), to thereby take ownership of the at least one of the other node devices (1 lOB-110F) for bootstrapping.

6. The node device (110A) according to any one of claims 1 to 4, wherein, in response to obtaining the leader node status assignment and the node device (110A) subsequently functioning as the first access point, the processor (112A) is further configured to receive, via the transceiver (111 A), the unique device identifiers and bootstrapping keys of at least one of the other node devices (1 lOB-110F) from a controller device (120) external to the group of node devices (1 lOA-110F), to thereby take ownership of the at least one of the other node devices (1 lOB-110F) for bootstrapping.

7. The node device (110A) according to claim 1, wherein the processor (112A) is further configured to receive the second service set identifier in response to scanning for infrastructure mode wireless local area networks.

8. The node device (110A) according to any one of claims 1 to 7, wherein the set membership test functionality comprises a bloom filter.

9. A method (200), comprising: obtaining, by a node device for wireless local area networking configured to be included in a group of node devices for wireless local area networking, one of a leader node status assignment (202) or a follower node status assignment (210) for a bootstrapping process of the group of node devices; in response to obtaining the leader node status assignment (202): calculating (204), by the node device, a set membership test functionality value based on a unique device identifier of the node device and unique device identifiers of other node devices in the group of node devices; and broadcasting (205), by the node device, a first service set identifier associated with a first access point for wireless local area networking, the first service set identifier being based on the calculated set membership test functionality value, thereby causing the node device to function as the first access point associated with the broadcast first service set identifier, and in response to obtaining the follower node status assignment (210): connecting (212), by the node device, to a second access point for wireless local area networking associated with a second service set identifier, wherein the obtaining the follower node status assignment (210) comprises determining that the second service set identifier is based on a set membership test functionality value, and further determining that a unique device identifier of the node device is a member of a set represented by the set membership test functionality value.

10. A computer program comprising program code configured to perform the method according to claim 9, when the computer program is executed on a computer.

11. A controller device (120) for a group of node devices (110A-110F) for wireless local area networking, the group of node devices (1 lOA-110F) including a leader node device (110A) assigned with a leader node status for a bootstrapping process of the group of node devices (110A-110F) and functioning as an access point for wireless local area networking, the controller device (120) comprising a transceiver (121) and a processor (122), wherein the processor (122) is configured to: obtain a unique device identifier and a bootstrapping key of a node device of the group of node devices (1 lOA-110F), and a service set identifier associated with the access point and based on a set membership test functionality value; verify whether the obtained unique device identifier is a member of a set represented by the set membership test functionality value; in response to the obtained unique device identifier being a member of the set represented by the set membership test functionality value, establish, via the transceiver (121), an infrastructure mode connection of wireless communication with the access point; perform authentication with the node device of the group of node devices (110A- 110F) via the obtained bootstrapping key; and in response to the authentication being successful, bootstrap the authenticated node device.

12. The controller device (120) according to claim 11, wherein the group of node devices (1 lOA-110F) further includes at least one follower node device (1 lOB-110F) assigned with a follower node status for the bootstrapping process, and the processor (122) is further configured to: perform authentication with at least one other node device via respective operational credentials; and in response to the authentication being successful, take ownership of and bootstrap the at least one authenticated other node device.

13. The controller device (120) according to claim 11 or 12, further comprising a machine-readable code scanner (124), wherein the unique device identifier, the bootstrapping key of the node device of the group of node devices (1 lOA-110F), and the service set identifier are obtained via scanning of a machine-readable code associated with the node device of the group of node devices (1 lOA-110F), performed with the machine-readable code scanner (124).

14. The controller device (120) according to any one of claims 11 to 13, wherein the set membership test functionality comprises a bloom filter.

15. A method (300), comprising: obtaining (301), by a controller device for a group of node devices for wireless local area networking, a unique device identifier and a bootstrapping key of a node device of the group of node devices, and a service set identifier associated with an access point for wireless local area networking and based on a set membership test functionality value, the group of node devices including a leader node device assigned with a leader node status for a bootstrapping process of the group of node devices and functioning as the access point; verifying (302), by the controller device, whether the obtained unique device identifier is a member of a set represented by the set membership test functionality value; in response to the obtained unique device identifier being a member of the set represented by the set membership test functionality value, establishing (303), by the controller device, an infrastructure mode connection of wireless communication with the access point; performing (304), by the controller device, authentication with the node device of the group of node devices via the obtained bootstrapping key; and in response to the authentication being successful, bootstrapping (305), by the controller device, the authenticated node device.

16. A computer program comprising program code configured to perform the method according to claim 15, when the computer program is executed on a computer.