公开(公告)号：CA2662846C

公开(公告)日：2013-10-01

申请号：CA2662846

申请日：2007-08-23

Applicant: MOTOROLA INC

Inventor： EMEOTT STEPHEN P ,  BRASKICH ANTHONY J

IPC: H04W12/04 ,  H04W12/06

Abstract: A method and apparatus for establishing security associations between nodes of an ad hoc wireless network includes two authentication steps: an initial first contact step (authentication, authorization, and accounting (AAA)-based authentication), and a "light-weight" step that reuses key material generated during first contact. A mesh authenticator within the network provides two roles. The first role is to implement an 802.1X port access entity (PAE), derive transient keys used for encryption with a supplicant mesh point via a four-way handshake and take care of back end communications with a key distributor. The second role is as a key distributor that implements a AAA-client and derives keys used to authenticate a mesh point during first contact or fast security association. The key distributor and the on-line authentication server can communicate to one another without these messages being transported over mesh links.

公开(公告)号：MX2009002508A

公开(公告)日：2009-05-22

申请号：MX2009002508

申请日：2007-08-23

Applicant: MOTOROLA INC

Inventor： EMEOTT STEPHEN P ,  BRASKICH ANTHONY J

IPC: H04L9/00

Abstract: Un método y aparato para establecer asociaciones de seguridad entre nodos de una red inalámbrica ad hoc incluye dos pasos de autenticación: un primer paso de contacto inicial (autenticación, autorización y autenticación basada en estadística (AJA - authentication, authorization, and accounting-based authentication)), y un paso "de peso ligero" que reutilizar el material de claves generado durante el primer contacto. Un autenticador de malla dentro de la red proporciona dos roles. El primer rol es implementar una entidad de acceso de puerto 802.lX (PAE - port access entity), derivar las claves transitorias utilizadas para la encriptación con un punto de malla solicitante mediante una sincronización inicial de cuatro vías y se encarga de las comunicaciones posteriores con un distribuidor de claves. El segundo rol es un distribuidor de claves que implementa un cliente A?IA y deriva las claves utilizadas para autenticar un punto de mella durante el primer contacto o asociación de seguridad rápida. El distribuidor de claves y el servidor de autenticacián en línea pueden comunicarse uno con otro sin que estos mensajes sean transportados por los enlaces de malla.

公开(公告)号：CA2663176A1

公开(公告)日：2008-03-13

申请号：CA2663176

申请日：2007-08-08

Applicant: MOTOROLA INC

Inventor： EMEOTT STEPHEN P ,  BRASKICH ANTHONY J

IPC: H04L9/00

Abstract: The disclosure relates to techniques and technologies for establishing a secure link between a mesh authenticator and a mesh key distributor for tran sporting security association messages. The secure link can allow the mesh k ey distributor to communicate results of an authentication process to the me sh authenticator.

公开(公告)号：BRPI0808892A2

公开(公告)日：2015-03-24

申请号：BRPI0808892

申请日：2008-03-04

Applicant: MOTOROLA INC

Inventor： BRASKICH ANTHONY J ,  BARKES CHARLES R ,  JR. ,  EMEOTT STEPHEN P ,  STRUTT GUENAEL T

IPC: H04L29/06

公开(公告)号：CA2662841A1

公开(公告)日：2008-03-13

申请号：CA2662841

申请日：2007-08-23

Applicant: MOTOROLA INC

Inventor： BRASKICH ANTHONY J ,  EMEOTT STEPHEN P

IPC: G06F21/00

Abstract: A method and system for secure processing of authentication key material in an ad hoc wireless network enables secure distribution of the authenticat ion key material between a mesh authenticator (110) and a mesh key distribut or (115), which may be separated by multiple wireless links. The method incl udes deriving a pairwise transient key for key distribution (PTK-KD) using a mesh key holder security information element (MKHSIE). A mesh authenticator pairwise master key (PMK-MA) is then requested using a first mesh encrypted key information element (MEKIE) that includes data origin information. Usin g the pairwise transient key for key distribution (PTK-KD), a second mesh en crypted key information element (MEKIE) is then decrypted to obtain the mesh authenticator pairwise master key (PMK-MA).

公开(公告)号：WO2008030679B1

公开(公告)日：2008-12-04

申请号：PCT/US2007075439

申请日：2007-08-08

Applicant: MOTOROLA INC ,  BRASKICH ANTHONY J ,  EMEOTT STEPHEN P

Inventor： BRASKICH ANTHONY J ,  EMEOTT STEPHEN P

IPC: H04L9/00

CPC classification number: H04L63/162 ,  H04L63/0892 ,  H04L63/123 ,  H04W12/06

Abstract: The disclosure relates to techniques and technologies for establishing a secure link between a mesh authenticator and a mesh key distributor for transporting security association messages. The secure link can allow the mesh key distributor to communicate results of an authentication process to the mesh authenticator.

Abstract translation: 本公开涉及用于在网格认证器和用于传送安全关联消息的网格密钥分发器之间建立安全链路的技术和技术。 安全链路可以允许网格密钥分发器将认证过程的结果传送到网格认证器。

公开(公告)号：WO2008030705A3

公开(公告)日：2008-08-14

申请号：PCT/US2007076594

申请日：2007-08-23

Applicant: MOTOROLA INC ,  EMEOTT STEPHEN P ,  BRASKICH ANTHONY J

Inventor： EMEOTT STEPHEN P ,  BRASKICH ANTHONY J

IPC: H04L9/00

CPC classification number: H04L9/0836 ,  H04L9/0838 ,  H04L9/321 ,  H04L9/3271 ,  H04L2209/80 ,  H04L2463/061 ,  H04W8/26 ,  H04W12/04 ,  H04W12/06 ,  H04W84/18

Abstract: A method and apparatus for establishing security associations between nodes of an ad hoc wireless network includes two authentication steps: an initial first contact step (authentication, authorization, and accounting (AAA)-based authentication), and a "light-weight" step that reuses key material generated during first contact. A mesh authenticator within the network provides two roles. The first role is to implement an 802.1X port access entity (PAE), derive transient keys used for encryption with a supplicant mesh point via a four-way handshake and take care of back end communications with a key distributor. The second role is as a key distributor that implements a AAA-client and derives keys used to authenticate a mesh point during first contact or fast security association. The key distributor and the on-line authentication server can communicate to one another without these messages being transported over mesh links.

Abstract translation: 一种用于在自组织无线网络的节点之间建立安全联系的方法和装置包括两个认证步骤：初始第一接触步骤（基于认证，授权和计费（AAA））的认证）和“轻重量”步骤， 重复使用第一次接触时产生的关键材料。 网络中的网格验证器提供两个角色。 第一个作用是实现802.1X端口访问实体（PAE），通过四次握手导出用于与请求方网格点进行加密的临时密钥，并处理与密钥分发者的后端通信。 第二个角色是实现AAA客户端的关键分销商，并在第一次联系或快速安全关联期间派生用于验证网格点的密钥。 密钥分配器和在线认证服务器可以彼此通信，而不会通过网状链路传输这些消息。

公开(公告)号：WO2008030678A3

公开(公告)日：2008-11-06

申请号：PCT/US2007075429

申请日：2007-08-08

Applicant: MOTOROLA INC ,  EMEOTT STEPHEN P ,  BARKER JR CHARLES R ,  BRASKICH ANTHONY J

Inventor： EMEOTT STEPHEN P ,  BARKER JR CHARLES R ,  BRASKICH ANTHONY J

IPC: H04L12/28 ,  H04L12/56

CPC classification number: H04W40/02 ,  H04L41/0226 ,  H04L45/566 ,  H04L63/0428 ,  H04L63/123 ,  H04L63/162 ,  H04W84/22

Abstract: A method of communication between a transmitter node and a receiver node in a multi-hop communication network (100), comprising: formatting information into a data structure to generate a mesh action frame (400), wherein the mesh action frame (400) comprises a header (420) comprising a source address (SA) that identifies such a node, a destination address (DA) that identifies a recipient node, a transmitter address (TA) that identifies a sender node, and a receiver address (RA) that identifies a receiver node; and a body field (430) comprising a mesh action data unit (434); and sending the mesh action action frame from the transmitter node.

Abstract translation: 一种在多跳通信网络（100）中的发射机节点和接收机节点之间的通信方法，包括：将信息格式化成数据结构以生成网格动作帧（400），其中所述网格动作帧（400）包括 包括识别这样的节点的源地址（SA），标识接收节点的目的地地址（DA），标识发送方节点的发送机地址（TA））和接收方地址（RA）的报头（420） 识别接收器节点; 以及包括网格动作数据单元（434）的主体场（430）; 并从发射机节点发送网格动作动作帧。

公开(公告)号：WO2006044251A3

公开(公告)日：2006-07-13

申请号：PCT/US2005036150

申请日：2005-10-11

Applicant: MOTOROLA INC ,  EMEOTT STEPHEN P ,  BRASKICH ANTHONY J

Inventor： EMEOTT STEPHEN P ,  BRASKICH ANTHONY J

IPC: H04M1/68 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W36/00 ,  H04W36/08 ,  H04W84/12

CPC classification number: H04W12/04 ,  H04L9/083 ,  H04L9/321 ,  H04L63/061 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/06 ,  H04W12/08 ,  H04W36/0016 ,  H04W36/08 ,  H04W84/12

Abstract: A wireless local area network system (100) supporting mobile radio telephony reduces the time to complete an authenticated handover from one access point (104) to another (108) by a mobile station (102) by performing some of the steps normally performed upon leaving one access point while still associated with that access point. More particularly, the mobile station causes a cryptographic key (204) to be preestablished (212) for use when handing over to a new access point. The cryptographic key is derived at the mobile station, and is also derived in the WLAN infrastructure and stored until the mobile station initiates a handover.

Abstract translation: 支持移动无线电话的无线局域网系统（100）通过执行离开时通常执行的一些步骤来减少由移动台（102）完成从一个接入点（104）到另一个接入点（108）的认证切换的时间 一个接入点仍然与该接入点相关联。 更具体地，移动台使加密密钥（204）预先建立（212），以在切换到新的接入点时使用。 加密密钥是在移动台导出的，并且也被导出到WLAN基础设施中并被存储直到移动台发起切换。

公开(公告)号：BRPI0716187A2

公开(公告)日：2013-11-12

申请号：BRPI0716187

申请日：2007-08-08

Applicant: MOTOROLA INC

Inventor： EMEOTT STEPHEN P ,  BARKER CHARLES R ,  BRASKICH ANTHONY J

IPC: H04L12/28

Abstract: The disclosure relates to techniques and technologies for efficiently transporting management information between mesh nodes across multiple hops or "mesh links" in a multi-hop mesh network. These techniques and technologies are general purpose and provide an extensible mechanism for transporting management traffic across a mesh network. These techniques and technologies can be applied in a number of applications relating, for example, to security, routing, radio measurements, mesh node management, etc.