U.S. patent application number 13/204361 was filed with the patent office on 2011-12-22 for method and system for improved communication network setup.
Invention is credited to Ted Edward Carter, David L. Cohen, Manas Deb, Mahesh Iyer, Henry S. Ptasinki, Manoj Thawani, Jeff Vadasz.
Application Number | 20110314136 13/204361 |
Document ID | / |
Family ID | 35910893 |
Filed Date | 2011-12-22 |
United States Patent
Application |
20110314136 |
Kind Code |
A1 |
Ptasinki; Henry S. ; et
al. |
December 22, 2011 |
Method and System for Improved Communication Network Setup
Abstract
Aspects of a method and system for improved communication
network setup may comprise receiving authentication enablement
information from a configurator station comprising indication of a
current state of a configurator timing window. In response to input
at a client station to communicate authentication response
information to the configurator station, receiving at the client
station, configuration information and/or status information
resulting from input at the client station. Other aspects of the
invention may comprise responding to input at a configurator
station to transmit authentication enablement information
comprising indication of a current state of a configurator timing
window, receiving authentication response information from the
client station based on the transmitted authentication enablement
information, and transmitting to the client station configuration
information and/or status information from the configurator station
based on the received authentication response information.
Inventors: |
Ptasinki; Henry S.; (San
Francisco, CA) ; Carter; Ted Edward; (Sunnyvale,
CA) ; Thawani; Manoj; (Sunnyvale, CA) ; Deb;
Manas; (San Jose, CA) ; Vadasz; Jeff; (Los
Altos, CA) ; Iyer; Mahesh; (Sunnyvale, CA) ;
Cohen; David L.; (Sunnyvale, CA) |
Family ID: |
35910893 |
Appl. No.: |
13/204361 |
Filed: |
August 5, 2011 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
11207302 |
Aug 18, 2005 |
7996664 |
|
|
13204361 |
|
|
|
|
60671120 |
Apr 14, 2005 |
|
|
|
60602396 |
Aug 18, 2004 |
|
|
|
Current U.S.
Class: |
709/220 |
Current CPC
Class: |
H04W 12/06 20130101;
H04W 12/50 20210101; H04L 63/08 20130101; H04W 12/61 20210101; H04W
84/12 20130101 |
Class at
Publication: |
709/220 |
International
Class: |
G06F 15/177 20060101
G06F015/177; G06F 21/20 20060101 G06F021/20 |
Claims
1-30. (canceled)
31. A method for enabling communication of information, the method
comprising: in response to an input at a client station,
communicating authentication response information from said client
station to a configurator station based on received authentication
enablement information, wherein said authentication enablement
information comprises indication of whether another client station
has been configured during a current configurator timing
window.
32. The method according to claim 31, comprising receiving at said
client station, one or both of: configuration information for
configuring said client station and/or status information, from
said configurator station.
33. The method according to claim 32, comprising receiving said
configuration information at a time instant after opening of a
client timing window and before closing of said client timing
window, wherein said client timing window is opened in response to
said input at said client station.
34. The method according to claim 31, comprising generating said
input based on activation of one or both of: a hardware button
coupled to said client station and/or a software enabled button on
said client station.
35. The method according to claim 31, wherein said communicated
authentication response information is based on a current state of
a client timing window, and said current state of said client
timing window is based on one or both of: a start time for opening
of said client timing window and/or an end time for closing of said
client timing window.
36. The method according to claim 36, comprising communicating said
authentication response information at a time instant after said
opening of said client timing window, and before said closing of
said client timing window.
37. The method according to claim 31, comprising locating said
configurator station based on said received authentication
enablement information.
38. A method for enabling communication of information, the method
comprising: in response to an input at a configurator station,
transmitting authentication enablement information to a client
station, wherein said authentication enablement information
comprises indication of whether another client station has been
configured during a current configurator timing window.
39. The method according to claim 38, comprising receiving
authentication response information from said client station based
on said transmitted authentication enablement information.
40. The method according to claim 39, comprising transmitting to
said client station, one or both of: configuration information
and/or status information, from said configurator station based on
said received authentication response information.
41. The method according to claim 40, comprising transmitting said
configuration information at a time instant after an opening of
said current configurator timing window, and before closing of said
current configurator timing window, and said configurator timing
window is opened in response to said input at said configurator
station.
42. The method according to claim 40, wherein said configuration
information comprises one or both of: a service set identifier
and/or a passphrase.
43. The method according to claim 42, comprising encrypting said
passphrase based on one or both of: a configurator key and/or a
client key.
44. The method according to claim 38, comprising generating said
input based on activation of one or both of: a hardware button
coupled to said configurator station and/or a software enabled
button on said configurator station.
45. The method according to claim 38, wherein said authentication
enablement information comprises one or both of: a window open
indication and/or a recently configured indication.
46. A system for enabling communication of information, the system
comprising: one or more processors and/or circuits for use in a
configurator station, said one or more processors and/or circuits
being operable to transmit, in response to an input at said
configurator station, authentication enablement information to a
client station, wherein said authentication enablement information
comprises indication of whether another client station has been
configured during a current configurator timing window.
47. The system according to claim 46, wherein said one or more
processors and/or circuits are operable to receive authentication
response information from said client station based on said
transmitted authentication enablement information.
48. The system according to claim 47, wherein said one or more
processors and/or circuits are operable to transmit to said client
station, one or both of: configuration information and/or status
information, from said configurator station based on said received
authentication response information.
49. The system according to claim 48, wherein said one or more
processors and/or circuits are operable to transmit said
configuration information at a time instant after an opening of
said current configurator timing window, and before closing of said
current configurator timing window, and said configurator timing
window is opened in response to said input at said configurator
station.
50. The system according to claim 46, wherein said one or more
processors and/or circuits are operable to generate said input
based on activation of one or both of: a hardware button coupled to
said configurator station and/or a software enabled button on said
configurator station.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS/INCORPORATION BY
REFERENCE
[0001] This application is a continuation of U.S. application Ser.
No. 11/207,302 filed Aug. 18, 2005, and also makes reference to,
claims priority to, and claims the benefit of U.S. Provisional
Application Ser. No. 60/671,120 filed Apr. 14, 2005 and U.S.
Provisional Application Ser. No. 60/602,396 filed Aug. 18, 2004
[0002] This application also makes reference to: [0003] U.S.
application Ser. No. ______ (Attorney Docket 16583US02) filed Aug.
18, 2005; [0004] U.S. application Ser. No. ______ (Attorney Docket
16584US02) filed Aug. 18, 2005; [0005] U.S. application Ser. No.
______ (Attorney Docket 16585US02) filed Aug. 18, 2005; [0006] U.S.
application Ser. No. ______(Attorney Docket 16586US02) filed Aug.
18, 2005; [0007] U.S. application Ser. No. ______ (Attorney Docket
16587US02) filed Aug. 18, 2005; [0008] U.S. application Ser. No.
______ (Attorney Docket 16588US02) filed Aug. 18, 2005; [0009] U.S.
application Ser. No. ______ (Attorney Docket 16589US02) filed Aug.
18, 2005; [0010] U.S. application Ser. No. ______ (Attorney Docket
16590US02) filed Aug. 18, 2005; [0011] U.S. application Ser. No.
______ (Attorney Docket 16630US02) filed Aug. 18, 2005; and [0012]
U.S. application Ser. No. ______ (Attorney Docket 16631US02) filed
Aug. 18, 2005.
[0013] All of the above referenced applications are hereby
incorporated herein by reference in their entirety.
FIELD OF THE INVENTION
[0014] Certain embodiments of the invention relate to wireless
network communication. More specifically, certain embodiments of
the invention relate to a method and system for improved
communication network setup.
BACKGROUND OF THE INVENTION
[0015] Currently, with some conventional systems, setting up a
wireless network generally requires significant interaction and
technical knowledge on the part of a user setting up the network,
especially when the user is configuring security options for the
network. For computer savvy users, the tasks associated with
setting up a wireless network can be time consuming. However, for
inexperienced computer users, the tasks associated with setting up
a wireless network can be more challenging and consumes
significantly greater time than required by computer savvy
users.
[0016] In general, 802.11-based networks require a significant
amount of user interaction during the configuration process.
Typically, with conventional 802.11-based networks, the user needs
to configure a station (STA) to associate to an access point (AP),
which may require a number of settings to be selected on the STA,
and some knowledge of the default configuration of the AP. The user
may then access an HTML-based menu on the new AP in order to set
various configuration parameters, many of which are difficult for
novice and for intermediate users to understand and set correctly.
New APs generally start with a configuration that provides no
network security, and which utilize a default network name (SSID)
that is selected by the manufacturer such as, for example,
"Manufacturer Name", "Default", or "wireless". With the
proliferation of 802.11 networks, users often experience confusion
and network problems when their new AP uses the same SSID as a
neighboring AP.
[0017] Further limitations and disadvantages of conventional and
traditional approaches will become apparent to one of skill in the
art, through comparison of such systems with some aspects of the
present invention as set forth in the remainder of the present
application with reference to the drawings.
BRIEF SUMMARY OF THE INVENTION
[0018] Certain embodiments of the invention may be found in a
method and system for improved communication network setup
substantially as shown in and/or described in connection with at
least one of the figures, as set forth more completely in the
claims.
[0019] These and other advantages, aspects and novel features of
the present invention, as well as details of an illustrated
embodiment thereof, will be more fully understood from the
following description and drawings.
BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS
[0020] FIG. 1 is a block diagram of an exemplary wireless network,
which may be utilized in connection with an embodiment of the
invention.
[0021] FIG. 2 is a block diagram of an exemplary system for
wireless data communications comprising an ESS with collocation of
configurators and access points (AP), in accordance with an
embodiment of the invention.
[0022] FIG. 3 is a block diagram of an exemplary secure
communication system, which may be utilized in connection with an
embodiment of the invention.
[0023] FIG. 4 is a block diagram of an exemplary encryption system,
which may be utilized in connection with an embodiment of the
invention.
[0024] FIG. 5 is a block diagram of an exemplary decryption system,
which may be utilized in connection with an embodiment of the
invention.
[0025] FIG. 6 is a diagram illustrating exemplary message exchanges
based on a protocol and initiated at the configurator, in
accordance with an embodiment of the invention.
[0026] FIG. 7 is a diagram illustrating exemplary message exchanges
based on a protocol and initiated at the client station, in
accordance with an embodiment of the invention.
[0027] FIG. 8a is a flowchart illustrating exemplary steps in a
discovery protocol, in accordance with an embodiment of the
invention.
[0028] FIG. 8b is a flowchart illustrating exemplary steps in a
discovery protocol with configuration validation, in accordance
with an embodiment of the invention.
[0029] FIG. 8c is a flowchart which is a continuation of FIG. 8b
illustrating exemplary steps in a discovery protocol with
configuration validation, in accordance with an embodiment of the
invention.
[0030] FIG. 9 is a flowchart illustrating exemplary steps performed
by a configurator, in accordance with an embodiment of the
invention.
[0031] FIG. 10 is a flowchart illustrating exemplary steps
performed by the client in the configuration protocol, in
accordance with an embodiment of the invention.
DETAILED DESCRIPTION OF THE INVENTION
[0032] Certain embodiments of the invention may be found in a
method and system for improved communication network setup. In IEEE
802.11 wireless local area network (WLAN) systems, wireless
terminal devices, or wireless terminals, for example personal
computers or personal digital assistants, may communicate via radio
frequency (RF) channels that may be monitored by unauthorized
parties at terminal devices that were not intended to participate
in the communication. In response, IEEE 802.11 provides
specifications that enable wireless terminal devices to communicate
utilizing encryption techniques. The utilization of encryption
techniques to securely exchange information between wireless
terminals may prevent unauthorized parties from determining the
information content carried in communications via a secure RF
channel. Prior to being enabled to utilize a WLAN, the wireless
terminal device may be required to obtain authorization through a
process that comprises authentication.
[0033] Enabling a wireless terminal device to obtain authorization
and to utilize encryption may require a user to manually configure
the wireless terminal. This manual configuration may require a user
to possess extensive knowledge about the WLAN that may exceed that
of a typical WLAN user. An aspect of the invention may comprise a
method that reduces user interaction and knowledge required to
configure a wireless terminal for secure communications in an IEEE
802.11 wireless local area network (WLAN). Components in a system,
in accordance with an embodiment of the invention, may comprise a
configurator, which may alternatively be referred to as a
configurator terminal, configurator device, or configurator
station, and a client, which may be alternatively referred to as a
client terminal, client device, or client station. A configurator
station, or a client station, may be referred to as a station.
[0034] The configurator may be a wireless and/or wired terminal
device, an Ethernet switching device, or other device in an IEEE
802 local area network (LAN) and/or WLAN. The configurator may be
located in an access point, for example. The configurator may
provide a service to configure clients, which may be wireless
terminal devices, thereby enabling the configured clients to
utilize secure RF channels with little interaction required from
the user. The client may be a wireless and/or wired terminal
device, an Ethernet switching device, or other device in an IEEE
802 LAN and/or WLAN.
[0035] FIG. 1 is a block diagram of an exemplary wireless network,
which may be utilized in connection with an embodiment of the
invention. Referring to FIG. 1, there is shown an access point (AP)
102, a plurality of client stations (STA) 104, 106, and 108, a
plurality of RF channels 114, 116, and 118, and a network 110. The
AP 102 may be utilized as a configurator. The STAs 104, 106, and
108 may be wireless terminals such as a PC, a laptop, or a PDA with
integrated or plug-in 801.11 capabilities. For example, the PC may
utilize a wireless NIC card and the laptop or PDA may comprise
integrated 801.11 capabilities. The network 110 may be a private or
public network, for example, a service provider or the
Internet.
[0036] In operation, in instances where the STAs 104, 106, and 108
are configured, they may communicate with the AP 102 via
corresponding secure RF channels 114, 116, and 118, respectively.
The AP 102 may communicate information received from a configured
STA 104, 106, or 108 via the Internet 110. In instances where the
STAs 104, 106, or 108 are unconfigured, they may communicate with
the configurator 102 to request configuration information. The
configurator 102 may configure a requesting STA 104, 106, or 108
via a corresponding RF channel 114, 116, or 118.
[0037] FIG. 2 is a block diagram of an exemplary system for
wireless data communications comprising an ESS with collocation of
configurators and access points (AP), in accordance with an
embodiment of the invention. With reference to FIG. 2 there is
shown a distribution system (DS) 210, an extended service set (ESS)
220, and an IEEE 802 LAN 222. The ESS 220 may comprise a first
basic service set (BSS) 202, and may include a second BSS 212, and
may also include additional BSSs. The first BSS 202 may comprise a
client station 204, and a collocated configurator station and
access point 208. The second BSS 212 may comprise a client station
214, and a collocated configurator station and access point 218.
The IEEE 802 LAN 222 may comprise a LAN station 224, and a portal
226.
[0038] The collocated configurator station and access point 208 may
be adapted to function as an access point or as a configurator
station. Throughout this application, for simplicity, collocated
configurator station and access point 208 may be referred to as
collocated device 208. Accordingly, the collocated device 208
functioning as an access point refers to the collocated
configurator station and access point 208 functioning as an access
point. Additionally, the collocated device 208 functioning as a
configurator refers to the collocated configurator station and
access point 208 functioning as a configurator.
[0039] A BSS 202 may comprise a plurality of proximately located
stations that may communicate wirelessly, via a wireless medium. A
BSS 202 that is also associated with an ESS 220 may be referred to
an infrastructure BSS. The wireless medium may comprise an RF
channel. The ESS 220, comprising a plurality of BSS 202 and 212,
for example, may be identified by a unique service set identifier
(SSID). The portal 226 may also be a member in the ESS 220.
Stations 204 and 214, associated with an ESS 220, may communicate
via a wireless medium and/or via a distribution system medium, for
example the DS 210. The DS 210 may comprise a distribution system
medium that further comprises a wired medium and/or a wireless
medium. A wired medium may comprise a physical communications
channel that enables STA 204 to transmit information via a
plurality of communications technologies, for example electrical or
optical signals. In an IEEE 802.11 WLAN, the collocated
configurator station and access point 208 or 218 may comprise the
functionality of an AP and the functionality of a configurator. In
an IEEE 802.11 WLAN, an AP may comprise the functionality of a
station.
[0040] The collocated device 208 functioning as an AP, may enable
STA 204 to transmit information via the DS 210. Portal 226 may
enable a LAN station 224, which is located in a traditional IEEE
802 LAN, to communicate with an IEEE 802.11 STA 204, via the DS
210. A traditional IEEE 802 LAN may comprise a wired medium. An
IEEE 802 LAN 222 may not comprise an IEEE 802.11 WLAN, for example
BSS 202. The DS 210 may utilize media access control (MAC) layer
IEEE 802 addressing and/or network layer addressing. If the DS 210
utilizes MAC layer IEEE 802 addressing, the collocated device 208
functioning as an AP, collocated configurator station and access
point 218 functioning as an AP, and/or the portal 226 may comprise
Ethernet switching device functionality. If the DS 210 utilizes
network layer addressing, the collocated device 208 functioning as
an AP, collocated configurator station and access point 218
functioning as an AP, and/or the portal 226 may comprise router
functionality.
[0041] The collocated device 208 functioning as a configurator may
configure a STA 204, thereby enabling the STA 204 to communicate
wirelessly in a secure IEEE 802.11 network that utilizes
encryption. The collocated device 208 functioning as a
configurator, may configure a STA 204 by communicating information
to the STA 204 comprising an SSID and an encryption key. The
encryption key may also be referred to as a passphrase. A
configured STA 204 may be authorized to utilize an IEEE 802.11
network based on the received configuration information from the
collocated device 208 functioning as a configurator. A process by
which the STA 204 is authenticated may comprise configuration of
the STA 204. Various embodiments of the invention comprise a method
and a system for configuring the STA 204 while requiring less
manual intervention from a user than is the case with some
conventional methods and/or systems for configuring the STA
204.
[0042] A non-AP station, for example, the client station 204 within
the BSS 202 may subsequently form an association with the
collocated device 208 functioning as an AP. The STA 204 may
communicate an association request to the collocated device 208
functioning as an AP, based on the SSID that was received by the
STA 204 during configuration. The collocated device 208 functioning
as an AP, may communicate an association response to the STA 204 to
indicate to the STA 204 the result of the association request. By
associating with the collocated device 208 functioning as an AP,
the station 204 may become a member of BSS 202. Furthermore, by
obtaining membership in BSS 202, the STA 204 may become authorized
to engage in secure wireless communication with other client
stations in the ESS 220. Similarly, non-AP client station 214
within a BSS 212 may form an association with the collocated
configurator station and access point 218 functioning as an AP,
enabling the STA 214 to become a member of BSS 212.
[0043] Subsequent to the formation of an association between the
client station 204 and the collocated device 208 functioning as an
AP, the collocated device 208 functioning as an AP, may communicate
accessibility information about the client station 204 to other APs
associated with the ESS 220, such as the collocated configurator
station and access point 218 functioning as an AP, and portals such
as the portal 226. In turn, the collocated configurator station and
access point 218 functioning as an AP, may communicate
accessibility information about the client station 204 to stations
in BSS 212. The portal 226, such as for example an Ethernet switch
or other device in a LAN, may communicate reachability information
about the client station 204 to stations in LAN 222, such as LAN
station 224. The communication of reachability information about
the client station 204 may enable stations that are not associated
in BSS 202, but are associated in ESS 220, to communicate with the
client station 204.
[0044] The DS 210 may provide an infrastructure that enables a
client station 204 in one BSS 202, which has been authenticated and
configured in accordance with various embodiments of the invention,
to engage in a secure wireless communication with a client station
214 in another BSS 212. The DS 210 may also enable a client station
204 in one BSS 202 to communicate with a LAN station 224 in a
non-802.11 LAN 222, such as a wired LAN. The collocated device 208
functioning as an AP, collocated configurator station and access
point 218 functioning as an AP, or portal 226 may provide a
facility by which a station in a BSS 202, BSS 212, or LAN 222 may
communicate information via the DS 210. The client station 204 in
BSS 202 may communicate information to a client station 214 in BSS
212 by transmitting the information to collocated device 208
functioning as an AP. The collocated device 208 functioning as an
AP may transmit the information via the DS 210 to the collocated
configurator station and access point 218 functioning as an AP,
which, in turn, may transmit the information to station 214 in BSS
212. The client station 204 may communicate information to a LAN
station 224 in LAN 222 by transmitting the information to
collocated device 208 functioning as an AP. The collocated device
208 functioning as an AP, may transmit the information via the DS
210 to the portal 226, which, in turn, may transmit the information
to the LAN station 224 in LAN 222.
[0045] FIG. 3 is a block diagram of an exemplary secure
communication system, which may be utilized in connection with an
embodiment of the invention. With reference to FIG. 3, there is
shown an encryption block 302, and a decryption block 304. The
encryption block 302 may comprise suitable logic, circuitry and/or
code that may be adapted to encrypt received information based on a
key provided by a key management service. The decryption block 304
may comprise suitable logic, circuitry and/or code that may be
adapted to decrypt received information based on a key provided by
a key management service. The encryption block 302 may be adapted
to encrypt, or code data so as to hide the information content from
an unauthorized eavesdropper who monitors a communication channel
over which the information is communicated. This encryption may
enable users of WLAN systems to obtain a level of privacy in
communications, which approximates that realized in wired LAN
systems. Prior to transmission via an RF channel, unencrypted data,
or plaintext, may be processed by the encryption block 302 into
encrypted data, or ciphertext, based on a key. Information
comprising the ciphertext may be securely transmitted via an RF
channel. An eavesdropper may be unable to extract the plaintext
from the ciphertext without gaining access to the key that was
utilized to generate the ciphertext from the plaintext. Information
received via a secure RF channel may be processed by the decryption
block 304, which may retrieve the original plaintext from the
received ciphertext based on a key. Various embodiments of the
invention may comprise a key management service that provides a
mechanism by which the encryption block 302 and the decryption
block 304 may utilize a common key that may be referred to as a
passphrase. A station, for example, a client station 204, may
comprise at least one of an encryption block 302 and/or decryption
block 304.
[0046] FIG. 4 is a block diagram of an exemplary encryption system,
which may be utilized in connection with an embodiment of the
invention. With reference to FIG. 4 there is shown a concatenation
block 402, a pseudo random number generator (PRNG) block 404, an
integrity algorithm block 406, a concatenation block 408, a logical
exclusive-or block 410, and a message block 412.
[0047] The concatenation block 402 may comprise suitable logic,
circuitry and/or code that may be adapted to receive input
comprising an initialization vector (IV), and a secret key. The IV
and secret key may be processed by the concatenation block 402 to
generate a seed. The PRNG block 404 may comprise suitable logic,
circuitry and/or code that may be adapted to generate a key
sequence based on a received seed. The integrity algorithm block
406 may comprise suitable logic, circuitry and/or code that may be
adapted to process received plaintext to generate an integrity
check value (ICV). The concatenation block 408 may process received
plaintext and ICV to produce concatenated plaintext. The logical
exclusive-or block 410 may process concatenated plaintext and a key
sequence to produce ciphertext. The message block 412 may process
received IV and ciphertext to generate information, which may be
transmitted via an RF channel in a secure communication.
[0048] In various embodiments of the invention, the secret key,
also referred to as a passphrase, may comprise an encryption key
that, in turn, comprises a portion of configuration information
that is communicated from a collocated device 208 functioning as a
configurator, to a client station 204 during authentication of the
client station 204. The IV may change periodically. The
concatenation block 402 may receive an IV and a passphrase from a
station 204 that transmits information via an RF channel. The PRNG
block 404 may receive a seed from the concatenation block 402. The
integrity algorithm block 406 may receive plaintext from a station
that transmits information via an RF channel. The concatenation
block 408 may receive an ICV from the integrity algorithm block
406, and plaintext from a station 204 that transmits information
via an RF channel. The logical exclusive-or block 410 may receive a
key sequence from the PRNG block 404, and concatenated plaintext
from the concatenation block 408. The message block 412 may receive
ciphertext from the logical exclusive-or block 410 and an IV from a
station 204 that transmits information via an RF channel. An
encryption block 302 may comprise a concatenation block 402, a PRNG
block 404, an integrity algorithm block 406, a concatenation block
408, a logical exclusive-or block 410, and/or a message block
412.
[0049] FIG. 5 is a block diagram of an exemplary decryption system,
which may be utilized in connection with an embodiment of the
invention. With reference to FIG. 5, there is shown a message block
502, a concatenation block 504, a PRNG block 506, a logical
exclusive-or block 508, a splitter block 510, an integrity
algorithm block 512, and a combiner block 514. The message block
502 may process received information, separating the received
information into constituent components comprising ciphertext and
IV. The concatenation block 504 may process received IV and secret
key to generate a seed. The PRNG block 506 may process a received
seed to generate a key sequence. The logical exclusive-or block 508
may process received key sequence and ciphertext to decrypt the
ciphertext. The splitter block 510 may process received
information, separating the received information into constituent
components comprising ICV and plaintext. The integrity algorithm
block 512 may generate an ICV' based on received plaintext. The
combiner block 514 may compare a received ICV' and ICV. The
combiner block 514 may generate an output which indicates whether
ICV'=ICV is true or false.
[0050] In operation the secret key may have been distributed to the
concatenation block 504 utilizing a key management service. The
message block 502 may receive information received by a station via
an RF channel. The concatenation block 504 may receive an IV from
the message block 502. The PRNG block 506 may receive a seed from
the concatenation block 504. The logical exclusive-or block 508 may
receive the key sequence from the PRNG block 506, and the
ciphertext from the message block 502. The splitter block 510 may
receive information from the logical exclusive-or block 508. The
integrity algorithm block 512 may receive plaintext from the
splitter block 510. The combiner block 514 may receive ICV from the
splitter block 510, and ICV' from the integrity algorithm block
512. If the combiner block 514 generates an output indicating
false, the received information may be determined to be in error
and discarded by a station 204 that received the information via an
RF channel. A decryption block 304 may comprise at least one of a
message block 502, a concatenation block 504, a PRNG block 506, a
logical exclusive-or block 508, a splitter block 510, an integrity
algorithm block 512, and a combiner block 514.
[0051] Various embodiments of the invention may not be limited to a
specific method of encryption. Accordingly, various embodiments of
the invention may utilize a plurality of encryption techniques such
as wired equivalent privacy (WEP), the Temporal Key Integrity
Protocol (TKIP) or the Counter Mode with CBC-MAC Protocol
(CCMP).
[0052] FIG. 6 is a diagram illustrating exemplary message exchanges
based on a protocol and initiated at the configurator, in
accordance with an embodiment of the invention. FIG. 6 presents an
exemplary exchange of messages between the collocated device 208
functioning as a configurator, and the client station 204, based on
the protocol. In step 602, the collocated device 208 functioning as
a configurator, may be configured. A collocated device 208
functioning as a configurator, which is not configured to supply
configuration information to a requesting client station 204 during
authentication may be referred to as an unconfigured collocated
device 208 functioning as a configurator. In an unconfigured
collocated device 208 functioning as a configurator, activation of
a button located thereon for a specified time duration may initiate
step 602. The time duration for which the button is activated may
correspond to, for example, a "short" button activation. In
instances where the collocated device 208 functions as a
configurator, configuration may comprise entering an SSID, and/or
entering a passphrase. The SSID and/or passphrase that is entered
and/or generated during the configuration may subsequently be
utilized when configuring client stations 204. If a passphrase is
not entered, the configurator may be adapted to generate one, which
may subsequently be utilized to configure client stations 204. The
entered and/or generated configuration information may be stored in
non-volatile memory, and/or in a storage device at the collocated
device 208, for example. When the collocated device 208 functions
as a configurator, it may retrieve the configuration information
from the non-volatile memory and/or storage device and use it to
configure client stations 204.
[0053] In a configured collocated device 208, functioning as a
configurator, activation of the button thereon for a specific time
duration may result in step 602 being bypassed, and step 604
initiated. The specific time duration for which the button is
activated may correspond to, for example, a short button
activation. In step 604, a configurator timing window may be opened
at the collocated device 208 functioning as a configurator. The
opening of the configurator timing window may correspond to the
start of a time duration during which a client station 204 may be
configured by the collocated device 208 functioning as a
configurator. The time during which the configurator timing window
remains open subsequent to a short button activation may be
configured at the collocated device 208 functioning as a
configurator.
[0054] In step 605, at a time instant subsequent to the opening of
the configurator timing window in step 604, the collocated device
208 functioning as an AP, may transmit IEEE 802.11 beacon frames
comprising authentication enablement information, in accordance
with an embodiment of the invention. The authentication enablement
information may indicate that the configurator timing window is
open, and that the collocated device 208 functioning as a
configurator is ready to configure a client station 204. In one
embodiment of the invention, the authentication enablement
information may comprise a flag field, window_open, which may be
set to a Boolean value to indicate whether the configurator timing
window is open or closed. A logical value window_open=TRUE, or a
numerical value window_open=1 may indicate that the configurator
timing window is open, for example. A logical value
window_open=FALSE, or a numerical value window_open=0 may indicate
that the configurator timing window is closed, for example. The
authentication enablement information may comprise a flag field,
recently_cfg, which may be set to a Boolean value to indicate
whether the collocated device 208 functioning as a configurator, is
ready to configure a client station 204. A logical value
recently_cfg=FALSE, or a numerical value recently_cfg=0 may
indicate that the collocated device 208 functioning as a
configurator, is ready to configure a client station 204, for
example. A logical value recently_cfg=TRUE, or a numerical value
recently_cfg=1 may indicate that the collocated device 208
functioning as a configurator, has already configured a client
station 204 during the current configurator timing window open time
interval and is not ready to configure a client station 204, for
example.
[0055] At a time instant when a configurator timing window is
opened, a subsequent first beacon message, associated with the step
605, transmitted by the collocated device 208 functioning as a
configurator. The message, associated with the step 605, may
comprise flags window_open=TRUE, indicating that the configurator
timing window is open, and recently_cfg=FALSE, indicating that the
collocated device 208 functioning as a configurator, is ready to
configure a client station 204. Beacon frames transmitted by the
collocated device 208 functioning as an AP, at instants in time
during which the configurator timing window is not open may not
comprise authentication enablement information. In step 605, these
beacon frames may be received by a client station 204.
[0056] In a client station 204, activation of the button, located
at a client station 204 may initiate step 606. In step 606, a
client timing window may be opened at the client station 204. The
opening of the client timing window may correspond to the start of
a time duration in which a client station 204 may request to be
configured by the collocated device 208 functioning as a
configurator. The client station 204 may also start a discovery
protocol. The discovery protocol comprises a process by which a
client station 204 may locate a collocated device 208 functioning
as a configurator, with which to initiate an authentication
exchange. The client station 204 may scan beacon frames received
from one or more collocated devices 208 functioning as either a
configurator or an access point. A beacon frame collocated device
208 functioning as a configurator may comprise authentication
enablement information. Subsequent to the opening of the client
timing window, the client station 204 may communicate
authentication response information to the collocated device 208
functioning as a configurator, via one or more messages associated
with the steps 608, 612, 616, 620 and 624. The client station 204
may communicate the one or more messages, associated with the steps
608, 612, 616, 620 and 624, comprising authentication response
information based on authentication enablement information
contained in the transmitted beacon frame during a time interval in
which the configurator timing window was open.
[0057] A button located at either the collocated device 208
functioning as a configurator, or the client station 204, may
comprise a hardware button, for example a physical button, and/or a
software enabled button, for example, a glyph or icon that is
displayed in a user interface.
[0058] Steps 608, 610, 612, and 614 may comprise message exchanges
based on IEEE 802.11 comprising an open authentication and join of
a basic service set (BSS) as defined in IEEE 802.11. The BSS
utilized during open authentication may utilize a different SSID
than that utilized by the infrastructure BSS 202. In step 608, an
authentication request message may be sent by the client station
204, to the collocated device 208 functioning as a configurator. In
step 610, the collocated device 208 functioning as a configurator,
may send an authentication response message to the client station
204. In step 612, the client station 204 may send an association
request message, associated with the step 612, to the collocated
device 208 functioning as a configurator. In step 614, the
collocated device 208 functioning as a configurator, may send an
association response message, associated with the step 614, to the
client station 204.
[0059] Steps 616, 618, 620, and 622 may comprise a packet exchange
based on the protocol, in accordance with various embodiments of
the invention. The packet exchange may utilize, but may not be
limited to, the Diffie-Hellman (DH) protocol. In step 616, the
client station 204 may communicate a hello packet to the collocated
device 208 functioning as a configurator. The hello packet,
associated with the step 616, may indicate to the collocated device
208 functioning as a configurator, that the client station 204 is
ready to be configured. In step 618, the collocated device 208
functioning as a configurator, may communicate a key1 message to
the client station 204. The key1 message, associated with the step
618, may comprise a configurator key. In step 620, the client
station 204 may communicate a key2 message to the collocated device
208 functioning as a configurator. The key2 message, associated
with the step 620, may comprise a client key.
[0060] In step 622, the collocated device 208 functioning as a
configurator, may communicate a configuration message to the client
station 204. The configuration message, associated with the step
622, may comprise configuration information that may be utilized to
authenticate a client station 204. The configuration information
communicated in the configuration message, associated with the step
622, may be encrypted based on the configurator key and/or the
client key. In step 624, the client station 204 may communicate a
status message to the collocated device 208 functioning as a
configurator. The status message 624 may be sent subsequent to
decryption of at least a portion of the configuration message 622.
The client station 204 may utilize the configurator key and/or the
client key to decrypt at least a portion of the configuration
message, associated with the step 622 that was previously encrypted
by the collocated device 208 functioning as a configurator. The
status message, associated with the step 624, may indicate whether
the client station 204 was successfully configured during the
packet exchange. If the client station was successfully configured,
the status message, associated with the step 624, may indicate
success. The collocated device 208 functioning as a configurator,
may store authentication information about the configured client
204 in persistent memory. Persistent memory may comprise any of a
plurality of device storage technologies that may be utilized to
maintain information about the configured client station 204 until
action is taken to release the stored information from persistent
memory. These actions may comprise manual intervention at the
collocated device 208 functioning as a configurator, by a user, or
automatic intervention by a software process executing at the
configurator.
[0061] In step 626, the client station 204 may rejoin the WLAN
based on the received configuration information. The steps
performed during the rejoin, associated with the step 626, may be
substantially as defined in IEEE 802.11. The rejoin, associated
with the step 626, may occur via a secure RF channel that utilizes
the received configuration information in step 622. For example,
the rejoin, associated with the step 626, may utilize the SSID that
was received by the client station during the packet exchange.
Subsequent to configuration of the client station 204, the
collocated device 208 functioning as a configurator, may not be
available to configure another client station 106 during the
current configurator registration window time interval. Beacon
frames may be transmitted by the collocated device 208 functioning
as an AP, subsequent to the configuration of the client station
204. These beacon frames may comprise information that indicates
that the configurator timing window is closed, and that the
collocated device 208 functioning as a configurator, has already
configured a client station 204 during the current configurator
timing window open time duration. This may indicate to a subsequent
client station 204 that receives the beacon frames that the
collocated device 208 functioning as a configurator, is not
currently ready to configure a client station 204.
[0062] In various embodiments of the invention, the packet
exchange, comprising the steps 616, 618, 620, 622 and 624, may be
performed by a collocated device 208 functioning as a configurator,
and a client station 204 that communicate wirelessly, via a
wireless medium. The collocated device 208 functioning as a
configurator, and client station 204 may also communicate during
the packet exchange via a wired medium, for example, via an
Ethernet LAN 222. If the collocated device 208 functioning as a
configurator, receives a packet, for example an authentication
request, associated with the step 608, from the client station 204,
via a wireless medium, subsequent packet exchanges between the
collocated device 208 functioning as a configurator, and client
station 204 may be communicated wirelessly. If the collocated
device 208 functioning as a configurator receives a packet from the
client station 204, via a wired medium, subsequent packet exchanges
between the collocated device 208 functioning as a configurator,
and client station 204 may be communicated via a wired medium. The
received packet may be, for example, hello packet, associated with
the step 616.
[0063] In operation, if the time duration for button activation at
the collocated device 208 functioning as a configurator corresponds
to a "long" button activation, the collocated device 208
functioning as a configurator may generate a new SSID and/or
passphrase. The new SSID and/or passphrase may replace an SSID
and/or passphrase that was stored in the collocated device 208
functioning as a configurator, as configuration information prior
to the long button activation. For either a configured, or
unconfigured collocated device 208 functioning as a configurator, a
long button activation may initiate step 602. Subsequent to a long
button activation, the configurator may also release, from
persistent memory, configuration information pertaining to
previously configured client stations 204. As a consequence,
previously configured client stations 204 may lose the ability to
engage in secure wireless communications via the BSS 202 or ESS
220. The client stations 204 may be required to repeat the process
of authentication with a collocated device 208 functioning as a
configurator, to regain the ability to engage in secure wireless
communications via the BSS 202 or ESS 220.
[0064] The exchange of authentication enablement information,
authentication response information and configuration information
in messages associated with the steps 605, 608, 610, 612, 614, 616,
618, 620, 622 and 624, between a collocated device 208 functioning
as a configurator, and a client station 204, may occur within a
time duration in which the configurator timing window is open. The
configurator timing window is closed after a time interval
corresponding to a configurator timing window open duration lapses
or ends. The exchange of authentication enablement information,
authentication response information and configuration information,
in messages associated with the steps 605, 608, 610, 612, 614, 616,
618, 620, 622 and 624, between a collocated device 208 functioning
as a configurator, and a client station 204, may occur within a
time duration in which the client timing window is open. After a
time interval corresponding to a client timing window open duration
lapses, the client timing window is closed.
[0065] FIG. 7 is a diagram illustrating exemplary message exchanges
based on a protocol and initiated at the client station, in
accordance with an embodiment of the invention. FIG. 7 is
substantially as described in FIG. 6 with the exception that the
button activation occurs at the client station 204, to open the
client timing window, at a time instant prior to a time instant at
which the button activation occurs at the collocated device 208
functioning as a configurator, to open the configurator timing
window. Subsequent to the button activation to open the client
timing window, associated with the step 706, at the client station
204, the client station 204 may wait to receive a beacon frame,
associated with the step 605. The beacon frame, associated with the
step 605, may comprise authentication enablement information from
the collocated device 208 functioning as an AP. Subsequent to
receiving the beacon frame, message exchanges in FIG. 7 are
substantially as described for FIG. 6.
[0066] FIG. 8a is a flowchart illustrating exemplary steps in a
discovery protocol, in accordance with an embodiment of the
invention. The discovery protocol comprises a process by which a
client station 204 may locate a collocated device 208 functioning
as a configurator, with which to initiate an authentication
exchange as described in FIG. 6, for example. With reference to
FIG. 8, in step 802, a button may be activated at the client
station 204. In step 804, a client window may be opened, a window
timer that may determine a time duration for which the client
window is to remain open may be started, the flag may be set
recently_cfg=FALSE, and the counter may be set open_window=0. The
flag recently_cfg may indicate whether a located configurator has
already configured a client in the current configurator timing
window open time interval. The counter open_window may indicate a
number of collocated configurator station and access points 208
functioning as configurators, located, by a client station 204, for
which the configurator timing window is open.
[0067] In step 806, the BSSID_LIST_SCAN directive may initiate a
scanning process at the client station 204. The scanning process
may comprise steps that are performed by the client station 204 to
locate a collocated device functioning as a configurator, for
example. A corresponding scan timer may be started that defines a
duration of a time interval during which the scanning process will
be executed at the client station 204. The identifier
BSSID_LIST_SCAN may, for example, represent an object identifier
(OID), in accordance with the network driver interface
specification (NDIS), that may be utilized to initiate a search for
APs at the client station 204. The client station 204 may attempt
to locate collocated configurator station and access points 208
functioning as APs, in a BSS 202. Step 808 may determine if the
scanning process time interval has expired. The client station may
attempt to scan for a time interval that comprises N.sub.scan
seconds, for example N.sub.scan=6, from the time instant at which
the scan timer was started. If the scanning time interval has not
expired, step 810 may continue scanning at step 808.
[0068] At step 812, the BSSID_LIST may comprise a listing of
information received from beacon frames received from collocated
configurator station and access points 208 functioning as APs that
were located by the client station 204 during the scan. The list
may comprise zero, or a plurality of entries. Each entry in the
list may comprise information that was received in a beacon frame
by the client station 204. The received beacon frame may or may not
comprise authentication enablement information. In step 814, the
BSSID_LIST may be scanned to detect information received from a
collocated device 208 functioning as a configurator. At step 816,
if a list entry is found, step 818 may determine if the beacon
frame associated with the entry contains the authentication
enablement information. If the beacon frame for the entry does
contain authentication enablement information, step 820 may
determine if the window_open flag is set in the list entry. If the
window_open flag is set to a value TRUE, this may indicate that a
collocated device 208, functioning as a configurator, has been
located that is ready to configure a client station 204. Step 822
may increment the value of the counter open_window. If the flag
window_open is not set to a value TRUE, step 824 may determine if
the flag recently_cfg is set to a value TRUE in the list entry. If
the flag recently_cfg is set to a value TRUE in the list entry,
step 826 may set the recently_cfg flag, which is utilized by the
discovery protocol, equal to a logical value TRUE.
[0069] If no entry is found at step 816, step 828 may determine if
the current value of the counter open_window is greater than 0. If
the value of the counter open_window is greater than 0, step 830
may determine if the current value of the counter open_window is
greater than the value N, where N may be a threshold value, N=1,
for example. If the counter open_window is not greater than N, step
832 may determine that at least one collocated device 208
functioning as a configurator, has been found. Subsequently, the
client station 204 may communicate a hello packet, associated with
the step 616, to the collocated device 208, functioning as a
configurator. If the value of the counter open_window is greater
than N, step 834 may generate an error indication. The error
indication generated in step 834 may be displayed in a user
interface at the client station 204.
[0070] If the value of the counter open_window is not found to be
greater than 0 at step 828, step 836 may determine if the client
timing window has been open for a period of time greater than the
configured timeout period for the client station 204. If the client
timing window has not been open for a period of time greater than
the timeout period the discovery process may continue to scan for
beacon frames received from a collocated device 208, functioning as
an access point at step 806. If the client timing window has been
open for a period of time greater than the timeout period, step 838
may determine if the flag recently_cfg is set to indicate a value
TRUE. If the flag recently_cfg=TRUE, step 840 may detect a
malicious client, and close the client timing window. A malicious
client may be an unauthorized wireless terminal device that has
been configured by the collocated device 208, functioning as a
configurator, during the current configurator timing window open
time duration. If the flag recently_cfg is not equal to TRUE, step
842 may detect a client window timeout. The client timing window
may be subsequently closed.
[0071] FIG. 8b is a flowchart illustrating exemplary steps in a
discovery protocol with configuration validation, in accordance
with an embodiment of the invention. FIG. 8b is substantially as
described in FIG. 8a. In FIG. 8b, the discovery protocol may be
repeated subsequent to step 832, at which the client station 204
may locate a collocated device 208 functioning as a configurator.
The discovery protocol may be repeated until a time instant at
which a current client timing window has been open for a time
duration greater than the timeout period.
[0072] FIG. 8c is a flowchart which is a continuation of FIG. 8b
illustrating exemplary steps in a discovery protocol with
configuration validation, in accordance with an embodiment of the
invention. Referring to FIG. 8c, subsequent to step 832 in FIG. 8b,
configuration of the client station 204 may be completed by
transmitting a status message indicating successful configuration
in step 844. The status message may be transmitted to the
collocated device 208 functioning as a configurator. In step 846 it
may be determined whether the client timing window has been open
for a period of time that is greater than the configured timeout
period of the client station 204. If the client timing window has
not been opened for a period of time that is greater than the
timeout period, the scanning process may repeat beginning at step
806. If the client timing window has been open for a period of time
that is greater than the timeout period, the client station 204 may
accept the configuration in step 848.
[0073] FIG. 9 is a flowchart illustrating exemplary steps performed
by a configurator, in accordance with an embodiment of the
invention. In step 902, the collocated device 208 functioning as a
configurator, may be configured by setting SSID and passphrase, and
setting the window open time. The window open time may comprise a
time duration during which the configurator timing window may
remain open within a single configurator timing window open time
interval. The collocated device 208 functioning as a configurator
may be configured either manually, or based on a long button
activation. In step 904, there may be a wait for a button at
collocated device 208 functioning as a configurator, to be
activated. In step 904, activating a button at the collocated
device 208 functioning as a configurator, may initiate the protocol
at the collocated device 208 functioning as a configurator. In step
906, the configurator timing window may be opened and a flashing
green light emitting diode (LED), for example, activated at the
collocated device 208 functioning as a configurator. In step 906,
if the LED, for example, at the collocated device 208 functioning
as a configurator, is activated to flashing green, it may indicate
that the collocated device 208 functioning as a configurator, is
configuring a client station 204, or ready to configure a client
station 204. In step 908, a configurator timing window timer may be
started at the collocated device 208 functioning as a configurator.
In step 910, the collocated device 208 functioning as a
configurator, may transmit beacon frames comprising authentication
enablement information, associated with the step 605. Step 912 may
determine if the configurator timing window has been open for a
period of time greater than the configured window open timing value
as specified in step 902. If the configurator timing window has
been open for a period of time greater than the configured timeout
value, step 930 may stop transmitting beacon frames from the
collocated device 208 functioning as a configurator, that comprise
authentication enablement information. Step 932 may close the
configurator timing window and return the LED, for example, at the
collocated device 208 functioning as a configurator, to the state
that was in effect prior to the most recent button press at the
collocated device 208 functioning as a configurator.
[0074] If no client stations 204 have been configured by the
collocated device 208 functioning as a configurator, since the most
recent long activation of the button at the collocated device 208
functioning as a configurator, the LED, for example, may be
deactivated at step 904. If client stations 204 have been
successfully authenticated and configured by the collocated device
208 functioning as a configurator, since the most recent long
activation of the button at the collocated device 208 functioning
as a configurator, the LED, for example, may be activated to solid
green at step 904. If the LED, for example, at the collocated
device 208 functioning as a configurator, is deactivated, it may
indicate that the collocated device 208 functioning as a
configurator is unconfigured. If the LED, for example, at the
collocated device 208 functioning as a configurator, is activated
to solid green, it may indicate that the collocated device 208
functioning as a configurator, is configured and has configured at
least one client station 204.
[0075] If the configurator timing window has not been open for a
period of time greater than the configured timeout value, step 914
may determine if a hello message, associated with the step 616, has
been received from a client 204. If a hello message, associated
with the step 616, has not been received at step 914, the
collocated device 208 functioning as a configurator, may continue
sending beacon frames, associated with the step 605, at step 910.
If a hello message, associated with the step 616, has been received
from a client station 204, in step 920, a key 1 message, associated
with the step 618, may be sent to the client station 204. In step
922, a key 2 message, associated with the step 620, may be received
from the client station 204. In step 924, the collocated device 208
functioning as a configurator, may determine whether the key
exchange, comprising messages key 1, associated with the step 618,
and key 2, associated with the step 620, was successful. If the key
exchange was successful, in step 926 the collocated device 208
functioning as a configurator, may transmit configuration
information, associated with the step 622, to the client station
204, and activate a solid green LED, for example, at the
configurator 204. If the key exchange was not successful, in step
928 the collocated device 208 functioning as a configurator, may
return a status message, associated with the step 624, to the
client station 204 indicating a failure. The collocated device 208
functioning as a configurator may activate a solid red LED, for
example, for example.
[0076] FIG. 10 is a flowchart illustrating exemplary steps
performed by the client in a configuration protocol, in accordance
with an embodiment of the invention. With reference to FIG. 10, in
step 1002, the start of the configuration protocol at the client
station 204 may wait until a button is activated at the client
station 204. In step 1004, a client timing window may be opened at
the client station 204. In step 1006 a window timer may be started
at the client station 204. The window timer may be utilized to
detect a timeout that marks the end of the open time interval for
the client timing window. In step 1010, the client station may
determine whether a timeout duration, which is a time interval for
the client timing window to remain open, has expired. If the client
timing window has been open for a period of time greater than
timeout duration, the client station 204 may close the client
timing window at step 1028.
[0077] If the client timing window has not been open for a period
of time greater than the timeout duration, step 1012 may determine
if a beacon message, associated with the step 605, comprising
authentication enablement information, has been received from the
collocated device 208 functioning as a configurator. If a beacon
message, associated with the step 605, has not been received from
the collocated device 208 functioning as a configurator, the client
may continue to wait at step 1010. If a beacon message, associated
with the step 605, has been received from the collocated device 208
functioning as a configurator, in step 1014 the client station 204
may transmit a hello message, associated with the step 616, to the
configurator 204. In step 1016, a key1 message, associated with the
step 618, may be received from the collocated device 208
functioning as a configurator. In step 1018, a key2 message,
associated with the step 620, may be transmitted to the collocated
device 208 functioning as a configurator. Step 1020 may determine
if the key exchange with the collocated device 208 functioning as a
configurator, comprising messages associated with the steps 618 and
620, was successful. If the key exchange was successful, at step
1022 a configuration message, associated with the step 622, may be
received from the collocated device 208 functioning as a
configurator, comprising an SSID and encrypted passphrase. If the
key exchange in step 1020 was not successful, at step 1030, a
status message, associated with the step 624, indicating failure
may be received from the collocated device 208 functioning as a
configurator. Subsequent to steps 1022 and/or 1030, step 1002 may
follow.
[0078] In one aspect of the invention, a method and a system for
enabling communication of information in a communication system are
provided. The system may comprise a client station 204 that
receives authentication enablement information from a configurator
station, for example a collocated device 208 functioning as a
configurator, comprising an indication of a current state of a
configurator timing window. The user desiring to initiate
configuration of a client device may then provide inputs,
activating a button at the client station 204 for example, to
communicate authentication response information to the configurator
station, for example the collocated device 208 functioning as a
configurator, based on the received authentication enablement
information. The client station 204 may subsequently receive the
desired configuration information, thereby enabling the client
station 204 to access a WLAN and to engage in secure communications
via the WLAN. Alternately, the client station 204 may receive
status information from the configurator station, for example the
collocated device 208 functioning as a configurator.
[0079] In another aspect of the invention, a system for enabling
communication of information in a communication system may comprise
pressing a button at a configurator station, for example a
collocated device 208 functioning as a configurator, to transmit
authentication enablement information to a client station 204. The
authentication enablement information may comprise an indication of
a current state of a configurator timing window. The indication of
the current state of the configurator timing window may define a
period of time during which a client station 204 may be configured
by the configurator station, for example the collocated device 208
functioning as a configurator. The configurator station, for
example the collocated device 208 functioning as a configurator,
may subsequently receive authentication response information from
the client station 204 based on the transmitted authentication
enablement information. The configurator station, for example the
collocated device 208 functioning as a configurator, may
subsequently transmit the desired configuration information,
thereby enabling the client station 204 to securely access a WLAN
and to engage in secure communications via the WLAN. Alternately,
the configurator, for example the collocated device 208 functioning
as a configurator, may transmit status information based on the
authentication response information received from the client
station 204.
[0080] Accordingly, the present invention may be realized in
hardware, software, or a combination of hardware and software. The
present invention may be realized in a centralized fashion in at
least one computer system, or in a distributed fashion where
different elements are spread across several interconnected
computer systems. Any kind of computer system or other apparatus
adapted for carrying out the methods described herein is suited. A
typical combination of hardware and software may be a
general-purpose computer system with a computer program that, when
being loaded and executed, controls the computer system such that
it carries out the methods described herein.
[0081] The present invention may also be embedded in a computer
program product, which comprises all the features enabling the
implementation of the methods described herein, and which when
loaded in a computer system is able to carry out these methods.
Computer program in the present context means any expression, in
any language, code or notation, of a set of instructions intended
to cause a system having an information processing capability to
perform a particular function either directly or after either or
both of the following: a) conversion to another language, code or
notation; b) reproduction in a different material form.
[0082] While the present invention has been described with
reference to certain embodiments, it will be understood by those
skilled in the art that various changes may be made and equivalents
may be substituted without departing from the scope of the present
invention. In addition, many modifications may be made to adapt a
particular situation or material to the teachings of the present
invention without departing from its scope. Therefore, it is
intended that the present invention not be limited to the
particular embodiment disclosed, but that the present invention
will include all embodiments falling within the scope of the
appended claims.
* * * * *