as) United States
`a2) Patent Application Publication (0) Pub. No.: US 2008/0298328 Al
` Sharma (43) Pub. Date: Dec. 4, 2008
`
`
`
`US 20080298328A 1
`
`(54) TRUSTED WIRELESS COMMUNICATIONS
`WITH STATION-TO-STATION LINK
`ASSOCIATION
`Inventor:
`Us) Sharma, Beaverton, OR
`
`(76)
`
`Correspondence Address:
`INTEL CORPORATION
`c/o INTELLEVATE, LLC
`P.O. BOX 52050
`MINNEAPOLIS, MN 55402 (US)
`
`(21) Appl. No.:
`
`11/757,935
`
`(22)
`
`Filed:
`
`Jun. 4, 2007
`ar
`:
`.
`Publication Classification
`(52) UscL.sessessssusasesee°..“»sessuansesesee 370/338
`
`(51)
`
`Int. Cl.
`
`ABSTRACT
`(57)
`After establishing a direct station-to-station link (STSL) with
`asecondwireless client device ina centralized network,a first
`wireless client device may initiate a process with the second
`wireless device to secure the link. Prior to securing the link,
`any exchange of framesthat are routed through the interme-
`diate access point (AP) mayplacethe related security infor-
`mation in the payloadofthe frames.
`
`100—_
`
`140
`
`STAL-A
`
`STAL-B
`
`“|ae|
`
`STA-B
`
`STA-A
`
`STSL
`
`Data Co Exhibit 1051
`Data Co Exhibit 1051
`Data Co v. Bright Data
`
`Data Cov. Bright Data
`
`

`

`Patent Application Publication
`
`Dec. 4, 2008 Sheet 1 of 5
`
`US 2008/0298328 Al
`
`100—“_
`
`STAL-A
`
`STAL-B
`
`
`
`“ Lae|
`
`STA-A
`
`STA-B
`
`STSL
`
`FIG. 1
`
`

`

`Patent Application Publication
`
`Dec. 4, 2008 Sheet 2 of 5
`
`ESTABLISH
`STSL
`
`FORWARD
`MESSAGES
`
`ESTABLISH
`STSL
`
`MESSAGES US 2008/0298328 Al
`
`TRANSMIT R-A,
`R-B, R-AB,
`RSNIE-B, TIMER
`VAL
`
`CREATE RANDOM
`#RA
`
`LIST SUPPORTED
`CIPHER SUITES
`IN RSNIE-A
`
`TRANSMIT
`R-A, RSNIE-A
`
`FORWARD
`MESSAGES
`
`CREATE RANDOM
`#'S R-A, R-AB
`
`SELECT ONE
`CIPHER, PLACE
`IN RSNIE-B
`
`CALCULATE
`KEYID
`
`DETERMINE
`TIMER VAL
`
`FORWARD
`
`FIG. 2A
`
`

`

`Patent Application Publication
`
`Dec. 4, 2008 Sheet 3 of 5
`
`US 2008/0298328 Al
`
`FROM R-AB
`
`INITIATE 4-WAY
`HANDSHAKE,
`WHRE R-A=ANonce,
`R-B=SNonce,
`R-AB=PMK,
`KEYID = KEY IDENTIFIER
`
`4-WAY
`HANDSHAKE
`
`ENCRYPTED STSL
`COMMUNICATIONS
`WITH PTK DERIVED
`FROM R-AB
`
`VERIFY MAC-A,
`MAC-B, RSNIE-B
`ARE CORRECT
`
`CALCULATE
`KEYID
`
`ENCRYPTED STSL
`COMMUNICATIONS
`WITH PTK DERIVED
`
`

`

`Patent Application Publication
`
`Dec. 4, 2008 Sheet 4 of 5
`
`SOs
`
`pyaqyOss
`
`cyday
`zyqaqy
`
`
`
`/NOILVaNGAWVes
`
`
`
`(NON)TLNO
`
`(va)
`
`(WL)
`
`(vu)
`
`dlTOYLNOD
`
`AWVdsNVIM
`
`Yadav (zyaav)
`
`US 2008/0298328 Al
`
`€Sls
`
`LNSGNadSd0-SdAL
`
`
`
`(Xp‘SO1d)OANI
`
`FOYNOS
`
`Naayainssq
`
`

`

`Patent Application Publication
`
`Dec. 4, 2008 Sheet 5 of 5
`
`US 2008/0298328 Al
`
`TWAYSWIL
`a-SINSY
`
`1S3d
`
`Yyqdqv
`
`ydqv
`
`souNnosqINSS4@
`
`avSls
`
`FOYNOS NOISSSSAdy
`
`Va
`
`
`
`aaavainssq
`
`
`
`SALVILIN]V-VLS
`
`VvSls
`
`
`
`V-VLSOLSGNOdS3Y4-VLS
`
`

`

`US 2008/0298328 Al
`
`Dec. 4, 2008
`
`TRUSTED WIRELESS COMMUNICATIONS
`WITH STATION-TO-STATION LINK
`ASSOCIATION
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`[0001] This patent application is related to patent applica-
`tion Ser. No. 11/799,980, filed on May 3, 2007, andtitled
`“Direct Station-To-Station Link Between Wireless Network
`Devices”, which has the same inventor and is owned by the
`sameentity.
`
`BACKGROUND
`
`[0002] When twoclient devices (e.g., mobile devices) in a
`centralized wireless network establish a direct wireless link
`with each other, they may need to establish encryption and/or
`decryption keys to provide for trusted communications over
`this direct link. The conventional schemefor doing this, com-
`monly called PeerKey, requires any legacy access point (AP)
`in the networkto be upgraded. Upgradingall access points to
`implement such direct
`links on a wide scale would be
`extremely expensive.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`Some embodiments of the invention may be under-
`[0003]
`stood by referring to the following description and accompa-
`nying drawingsthatare usedto illustrate embodiments of the
`invention. In the drawings:
`[0004]
`FIG. 1 shows a diagram of a WLAN network with
`station-to-station link (STSL) capability, according to an
`embodimentof the invention.
`[0005]
`FIGS. 2A and 2B showa flow diagram of a method
`of establishing a trusted STSL, according to an embodiment
`of the invention.
`
`FIG. 3 shows a diagram of an STSL frame, accord-
`[0006]
`ing to an embodimentofthe invention.
`[0007]
`FIGS. 4A and 4B show twospecific types of STSL
`payloads, according to an embodimentofthe invention.
`
`DETAILED DESCRIPTION
`
`In the following description, numerous specific
`[0008]
`details are set forth. However, it is understood that embodi-
`ments of the invention may be practiced without these spe-
`cific details. In other instances, well-known circuits, struc-
`tures and techniques have not been shown in detail in order
`not to obscure an understanding of this description.
`[0009] References to “one embodiment”, “an embodi-
`ment”, “example embodiment”, “various embodiments”,
`etc.,
`indicate that the embodiment(s) of the invention so
`described may include particular features, structures, or char-
`acteristics, but not every embodiment necessarily includes
`the particular features, structures, or characteristics. Further,
`some embodiments may have some, all, or none of the fea-
`tures described for other embodiments.
`[0010]
`In the following description and claims, the terms
`“coupled”and“connected,”along with their derivatives, may
`be used. It should be understood that these terms are not
`
`intended as synonyms for each other. Rather, in particular
`embodiments, “connected” is used to indicate that two or
`more elements are in direct physicalor electrical contact with
`each other. “Coupled” is used to indicate that two or more
`elements co-operate or interact with each other, but they may
`or may notbe in direct physical or electrical contact.
`
`[0011] As used in the claims, unless otherwise specified the
`use ofthe ordinal adjectives “first”, “second”, “third”, etc., to
`describe a common element, merely indicate that different
`instances of like elements are being referred to, and are not
`intended to imply that the elements so described must be ina
`given sequence, either temporally, spatially, in ranking, or in
`any other manner.
`[0012] Various embodiments of the invention may be
`implemented in one or any combination of hardware, firm-
`ware, and software. The invention may also be implemented
`as instructions contained in or on a machine-readable
`medium, which may be read and executed by one or more
`processors to enable performanceofthe operations described
`herein. A machine-readable medium mayinclude any mecha-
`nism for storing, transmitting, and/or receiving information
`in a form readable by a machine (e.g., a computer). For
`example, a machine-readable medium may include a storage
`medium,such as but not limited to read only memory (ROM);
`random access memory (RAM); magnetic disk storage
`media; optical storage media; a flash memory device, etc. A
`machine-readable medium may also include a propagated
`signal which has been modulated to encode the instructions,
`such as but not limited to electromagnetic, optical, or acous-
`tical carrier wave signals.
`[0013] The term “wireless” and its derivatives may be used
`to describe circuits, devices, systems, methods, techniques,
`communications channels, etc., that communicate data by
`using modulated electromagnetic radiation through a non-
`solid medium. The term does not imply that the associated
`devices do not contain any wires, although in some embodi-
`ments they might not. The term “mobile wireless device”is
`usedto describe a wireless device that may be in motion while
`it is communicating.
`[0014] Various embodimentsofthe inventionrelate to per-
`mitting two client device which are establishing a direct sta-
`tion-to-station link (STSL) with each other, to establish keys
`for trusted communications over the STSL. The exchange of
`information neededto establish the keys, at least that part of
`the exchange that is routed through an intermediate access
`point (AP), may be contained in the payload section of the
`frames communicated between the two client devices. By
`placing this information in the payload section of the frames
`rather than in the frame format, existing APs may beable to
`handle this datatraffic without being modified to handle a new
`frame format.
`
`FIG. 1 shows a diagram of a WLAN network with
`[0015]
`station-to-station link (STSL) capability, according to an
`embodimentofthe invention. Within the context ofthis docu-
`ment, the term STSL will be used to indicate a wireless
`communicationslink directly between two devices, neither of
`whichis an access point, but both of which are communica-
`tively associated with an access point. In some embodiments
`this WLAN network may comply with formats, protocols,
`and restrictions outlined in standard IEEE 802.11-2007, pub-
`lished in 2007 by the Institute of Electrical and Electronic
`Engineers. In the illustrated network 100, a wireless client
`device 120 may establish a wireless communications link
`with an AP 140. Another wireless client device 130 may
`similarly establish a wireless communications link with the
`same AP 140. Other wireless client devices may also be
`present in the network, but for simplicity of illustration they
`are not shown.Each wireless client device is labeledasa STA,
`to be consistent with industry terminology, with device 120
`labeled as STA-A and device 130 labeled as STA-B. The
`
`

`

`US 2008/0298328 Al
`
`Dec. 4, 2008
`
`wireless link between STA-A and the AP is labeled STAL-A
`and the wireless link between STA-B and the AP is labeled
`
`STAL-B. Each wireless device in FIG, 1 may contain one or
`more antennasto facilitate the wireless communications.
`
`[0016] Normally, STA-A might communicate directly only
`with the AP, and STA-B might also communicate directly
`only with the AP, with any communications between STA-A
`and STA-B being routed through the AP, using conventional
`techniques. However, STA-A and STA-B mayalso establish
`a direct wireless link between themselves, with this station-
`to-station link labeled as STSL, so that subsequent commu-
`nications between STA-A and STA-B do nothaveto be routed
`
`through the AP. This STSL maybe established by sending the
`appropriate frames between STA-A and STA-Bthrough the
`AP, and using the contents of the payload section of these
`frames to set up the STSL. Byusing the payloadsectionin this
`manner, legacy AP’s may not have to be modified to handle
`the STSL setup exchange. This is an advantage over using the
`conventional Direct Link Setup (DLS) to establish a direct
`link.
`
`[0017] Once the STSL has been created between STA-A
`and STA-B, but before any normaldatatraffic is transferred
`over the STSL, the STSL may be securedby establishing keys
`for encryption, decryption, and integrity protection of that
`data traffic. Establishmentofthese keys may be accomplished
`by communicating frames containing the necessary informa-
`tion between STA-A and STA-B, using the payload section of
`those frames to contain the necessary information.
`[0018]
`FIGS. 2A and 2B showa flow diagram of a method
`of establishing a trusted STSL, according to an embodiment
`of the invention. In the illustrated flow diagram 200, three
`vertical columns separated by dashedlines indicate the opera-
`tions performed by devices designated STA-A, STA-B, and
`the associated AP, respectively (see FIG. 1). The process may
`begin at the top of FIG. 2A when STA-A and STA-Bestablish
`an STSL by communicating through the AP (which forwards
`frames between STA-A and STA-B), as shownat 201, 204,
`and 206. Once the STSL direct link is set up, STA-A and
`STA-B mayestablish keys for communicating trusted data
`with each other over the STSL. The remainder of FIGS. 2A
`
`mayselect a particular cipher from the ciphersuite list pro-
`vided by STA-A, and place that selected cipher into its own
`information element RSNIE-B. At 226, STA-B mayalso cal-
`culate a KeyID. In one embodiment, this KeyID may be
`calculated as
`
`KeyID=Truncate-128(hash(R-B, ADDR-B, R-A,
`ADDR-A))
`where ADDR-Ais the address of STA-A and ADDR-Bisthe
`address of STA-B. However, other embodiments may calcu-
`late the KeyID in other ways. Finally, at 228 STA-B may
`determine a timer value TimerVal, to be used as an expiry
`timer value for Master Key R-AB. At 230, STA-B maytrans-
`mit a frame to STA-A containing R-A, R-B, R-AB, RSNIE-B,
`and TimerVal. This frame may be routed to STA-A through
`the AP at 231.
`[0021] The flow diagram of FIG. 2A is continued in FIG.
`2B at point “X”. When STA-A receives the frame from STA-
`B, at 233 it may verify that addresses ADDR-A and ADDR-B
`represent
`the correct addresses for STA-A and STA-B,
`respectively, to make sure this frame is the correct frame for
`this process. STA-A mayalso verify that the cipher specified
`in RSNIE-B is one of the ciphers it previously listed in
`RSNIE-A.At 235, STA-A maycalculate the value of KeyID,
`using the same algorithm that was used by STA-B. Byinde-
`pendently calculating the value of KeyID in each STA,there
`is no need to send that value over the as-yet-unsecured chan-
`nel.
`
`[0022] At 237, STA-A mayinitiate a handshake exchange
`with STA-B, which continues the exchange at 240. Forthis
`handshake exchange, STA-A and STA-B may communicate
`directly with each other using the STSL,rather than routing
`their communications through the AP. In this particular
`example, the handshake exchange may conform to the proto-
`cols of the 4-way handshake defined in section 8.5.3 of IEEE
`802.11-2007, but other embodiments may use a different
`handshake exchange. In this particular 4-way handshake
`example, using the terminology of IEEE 802. 11-2007, R-A
`may correspond to the ANonce, R-B maycorrespond to the
`SNonce, R-AB maycorrespond to the pairwise master key
`(PMK), and KeyID maycorrespond with the Key Identifier.
`[0023] At 243 and 244, STA-A and STA-B may communi-
`cate encrypted data frames with each other, using a pairwise
`transient key (PTK) derived from the PMK (R-AB) as an
`encryption key. New PTK’s maybe derived from PMK from
`time to time during the periodthat this particular STSL is in
`effect.
`
`and 2B are devoted to a process for establishing these keys.
`This particular example assumes that STA-A initiates the
`process, but STA-B couldjust as easily initiateit.
`[0019] At 211, STA-A may create a random number,
`labeled R-A, to be used later. (Note: in this document, the
`term ‘random number’ may include any numberthat is gen-
`erated in either a truly random or a pseudo-random manner.
`[0024] FIG.3 showsa diagram of an STSL frame, accord-
`The degree of ‘randomness’ in the number may effect the
`ing to an embodimentofthe invention. This format may be
`level of security achieved, but does not affect the basic pro-
`used when STA-A and STA-B are communicating key
`cess described herein.) At 215, STA-A mayalso createalist
`exchange information with each other through the AP (see
`of the cipher suites that it supports, and putthis list into an
`219 and 231 of FIG. 2A). In the example of FIG.3, the basic
`information element labeled RSNIE-A. At 217, STA-A may
`format of a WLANframeis used. In some embodiments, the
`transmit a frame to STA-B containing the random number
`specific WLAN format shown may be used, but other
`R-A andthe information element RSNIE-A, as well as any
`embodiments maydiffer. In this format, the frame begins with
`other needed information to initiate the process. This frame
`a Frame Control section, which specifies various parameters
`may routed to STA-B through the intermediate AP, which
`of the frame, followed by a Duration/ID section, which
`forwards the information to STA-B at 219, using the format
`among other things indicates the length of the frame.
`shownin FIG. 3. This frame may be a data frame, and confi-
`[0025] This is shown followed by three addresses. ADDR1
`dentiality and authenticity of the frame may be maintained
`mayrepresent the receiving address RA ofthe device that is to
`using methods established earlier between STA-A andthe AP,
`directly receive this frame, which would be the AP whenthe
`and between STA-Bandthe AP.
`source STA initiates the frame, but would be the destination
`STA when the AP forwards that frame. ADDR2 mayrepre-
`sent the transmitting address TA, which would be the source
`STA whenthe frame is sent to the AP, but would be the AP
`
`[0020] After receiving this frame, at 222 STA-B maycreate
`it’s own random number R-B, as well as another random
`number R-ABto belater used as a master key. At224, STA-B
`
`

`

`US 2008/0298328 Al
`
`Dec. 4, 2008
`
`whenthat frameis forwardedto the destination STA. ADDR3
`may represent the destination STA. In the case of STA-A
`sending a frame to STA-B through the AP, the Source STA
`would be STA-A andthe Destination STA would be STA-B.
`
`[0026] These addresses may be followed by a Sequence
`Control section, to help in reconstructing a string of multiple
`frames that might be received out of order if some of them
`have to be re-transmitted due to errors in the received signal.
`A fourth address may optionally follow, but may be unused in
`this particular implementation. QoS CNTL maybe used to
`indicate that the protocols for Quality of Service communi-
`cations are being used. This is then followed by the payload
`section, and then a Frame Checksum section FCS which may
`be used to detect errors in the received frame (which could
`result in the aforementioned retransmissions).
`[0027] An expanded view ofthe payload section is shown
`in the bottom part of FIG. 3. The format of this payload
`section may be usedto indicatethis is a frame that pertains to
`an STSL connection between two client devices in the net-
`
`work. Although various fields within the payload are shown
`arranged in a particular order, other embodiments may use a
`different arrangement and/or somewhatdifferent fields than
`those shown.In the illustrated embodiment, a basic service
`set unique identifier (BSSUID)contains theset ofparameters
`necessary to identify the BSS uniquely. In some embodiments
`the BSSUID field will contain the BSS ID, the applicable
`regulatory class, and the channel number. A source address,
`labeled SOURCE ADDR,indicates the STA that created this
`payload and/oris initiating this frame. A destination address,
`labeled DEST ADDR,indicates the devicethat is the ultimate
`recipientof the information in the payload. Theseare the two
`devices that are involved in the STSL connection.
`
`[0028] These addresses may then be followed by the TYPE
`field, to indicate which of several types of STSL communi-
`cation is representedin this payload. For example, TYPE may
`indicate things such as, but not limited to: 1) a request to
`establish an STSL between twoclient devices, 2) a response
`to that request to establish an STSL,either acceptingorreject-
`ing the request, 3) a request to establish a trusted link by
`creating and exchanging keys, 4) a responseto the request to
`establish the trusted link. One or morefields, collectively
`labeled TYPE-DEPENDENT INFO, mayfollow the TYPE
`field. The nature and formatof these fields may be dependent
`on what was specified in the TYPEfield.
`[0029]
`FIGS. 4A and 4B show twospecific types of STSL
`payloads, according to an embodimentof the invention. The
`first four fields (BSSUID, SOURCE ADDR, DEST ADDR,
`and TYPE) of each of these are as previously described in
`FIG. 3, while the remaining sub-fields expand on the TYPE-
`DEPENDENTINFOofFIG.3.
`
`FIG. 4A showsthe format ofthe payload ofa request
`[0030]
`to establish a trusted link (for example, the frame forwarded
`by the AP at 219 of FIG. 2A). For this example, assumethat
`STA-A wishesto establish the trusted link. R-A may be the
`random numbergenerated by STA-A,as described earlier for
`FIG. 2A. RSNIE-A may contain the list of cipher suites
`supported by S'TA-A,also as described earlier for FIG. 2A.
`[0031]
`FIG. 4B shows the format of the payload of a
`response to the frame of FIG. 4A (for example, the frame
`forwarded by the AP at 231 in FIG. 2A). For this example,
`STA-B would be the device originating the response frame.
`R-A, R-B, and R-AB may represent the random numbers
`previous described for FIG. 2A. RSNIE-B and TimerVal may
`also represent the values described earlier for FIG. 2A.
`
`Because the information needed to establish the requisite
`keys is contained in the payload section of the WLANframe,
`older APs with lesser capabilities may be able to function in
`these exchanges without having to be upgraded.
`[0032] The foregoing description is intendedto be illustra-
`tive and not limiting. Variations will occurto those of skill in
`the art. Those variations are intended to be included in the
`
`various embodiments of the invention, which are limited only
`by the spirit and scope ofthe following claims.
`
`Whatis claimed is:
`
`1. A method, comprising:
`establishing a direct station-to-station communications
`link (STSL) with another client device in a centralized
`wireless network,
`in which the STSL is established
`using contents of payloads of one or more frames routed
`through an access point;
`initiating a process with the otherclient device to establish
`keys to be usedin trusted communications with the other
`client device over the STSL,said initiating to include
`using payloads of additional frames to the other client
`device routed through the access point.
`2. The method ofclaim 1, further comprising using a 4-way
`handshake communications exchange, the exchange routed
`directly through the STSL.
`3. The method ofclaim 1, wherein said initiating comprises
`transmitting a list of ciphers usable by the initiating client
`device.
`
`4. The method of claim 3, wherein said initiating further
`comprises receiving from the other client device one of the
`ciphers selected by the other client device from the list of
`ciphers.
`5. The methodofclaim 1, further comprising determining
`at least one random numberintheinitiating client device and
`receiving at least a second random number from the other
`client device.
`
`6. An apparatus, comprising a wireless communications
`client device to:
`establish a direct station-to-station communications link
`
`(STSL) with another client device in a centralized wire-
`less network, in which the STSL is established using
`contents of payloads of one or more frames routed
`through an access point;
`initiate a process with the other client device to establish
`keys to be usedin trusted communications with the other
`client device over the STSL,the process to include using
`payloads of additional frames to the otherclient device
`routed through the access point.
`7. The apparatus of claim 8, wherein the wireless commu-
`nications device is further to use a 4-way handshake commu-
`nications exchange,
`the exchange to be routed directly
`through the STSL.
`8. The apparatus of claim 6, wherein the process is to
`comprise transmitting a list of ciphers usable bythe initiating
`client device.
`
`9. The apparatus of claim 8, wherein the process is further
`to comprise receiving from the other client device one of the
`ciphers selected by the other client device from the list of
`ciphers.
`10. The apparatus of claim 6, wherein the process is to
`further comprise determining at least one random numberin
`the initiating client device and receiving at least a second
`random numberfrom the other client device.
`
`

`

`US 2008/0298328 Al
`
`Dec. 4, 2008
`
`11. An article comprising
`atangible machine-readable medium that contains instruc-
`tions, which when executed by one or more processors
`result in performing operations comprising:
`establishing a direct station-to-station communications
`link (STSL) with another client devicein a centralized
`wireless network, in which the STSL is established
`using contents of payloads of one or more frames
`routed through an access point;
`initiating a process with the other client device to estab-
`lish keys to be used in trusted communications with
`the other client device over the STSL,said initiating to
`include using payloads of additional frames to the
`other client device routed through the access point.
`
`12. The article of claim 11, wherein the operations further
`comprise using a 4-way handshake
`communications
`exchange, the exchange routed directly through the STSL.
`13. The article of claim 11, wherein the operation of initi-
`ating comprises transmitting a list of ciphers usable by the
`initiating client device.
`14. Thearticle of claim 13, wherein the operation of initi-
`ating further comprises receiving from the other client device
`one of the ciphers selected by the other client device from the
`list of ciphers.
`15. The article of claim 11, wherein the operations further
`comprise determining at least one random numberin the
`initiating client device and receiving at least a second random
`number from the other client device.
`uf
`uf
`uf
`uf
`
`uf
`
`