ENCRYPTION OF DATA IN A COMMUNICATIONS NETWORK
Cross reference to related applications This application is a continuation in part of the US patent application No. 10 / 720,742, filed on November 24, 2003, and this application claims the benefits of the US patent application No. 60 / 702,717 , filed July 27, 2005, No. 60 / 705,720, filed August 2, 2005, and United States patent application No. 11 / 472,804, filed June 22, 2006, and each of the previous applications it is incorporated here for reference. Field of the Invention The invention relates to network protocols, and more particularly to encrypting data in a communication network. Background of the Invention Encryption is used in communication networks to obscure information so that a network node or a spy can not easily determine information without secret information called a key. A number is an algorithm to perform encryption. A block figure, such as the Advanced Encryption Standard (AES), is a symmetric key figure that encrypts a block of fixed length data called a "plain text block" using an encryption key to generate a "block of encrypted text. The digit text block can be decrypted using the encryption key to retrieve the flat text block. When a data stream to be encrypted is longer than the block size, the block number uses an "operation mode" to encrypt the data stream. In an operation mode, called the electronic codebook (ECB) mode, the stream is divided into blocks, and each block of plain text is individually encrypted using the encryption key. In ECB mode, since the identical flat text blocks in different parts of the stream are assigned to the same block of cipher text, some patterns in the original data stream may not be obscured. In another mode of operation, called the CBC mode, the stream is divided into blocks, and each block of plain text is processed based on a previous block of cipher text (using an XOR operation) before being encrypted. In CBC mode, each block of cipher text is dependent on all previous cipher text blocks, which helps to obscure the original text patterns. The first block of cipher text is processed based on an "initialization vector" since it does not have previous cipher text blocks. The initialization vector used in a CBC mode block figure, or in another type of figures, also provides a form of scrambling. Using a different initialization vector for different data streams makes it more difficult to obtain information about the original data stream or the encryption key of the encryption stream. The initialization vector is used (together with the encryption key) to decrypt the corresponding encrypted data stream, and (unlike the encryption key) it can be transmitted over a network together with the corresponding encrypted stream without compromising security. Brief Description of the Invention In one aspect, in general, the invention presents a method for communicating in a network. The method includes encapsulating content of a plurality of high-level data units from a high-level layer to generate a stream; dividing the stream into a plurality of segments; individually encrypting at least some segments, wherein an encrypted segment includes a plurality of encrypted blocks, and at least some of the encrypted blocks are encrypted based on at least one other encrypted block within the encrypted segment; and providing low-level data units to a physical layer that handles physical communication over the network, with at least some of the low-level data units containing a plurality of encrypted segments. Implementations of this aspect of the invention may incorporate one or more of the following characteristics. Each segment is divided into a plurality of data blocks; each encrypted segment is associated with header information; and a first block encrypted within a first encrypted segment within a first low level data unit is formed of a first data block using an encryption key and either a second block encrypted within the first encrypted segment or a vector of encryption. initialization derived at least in part from at least a portion of the information associated with the first segment associated with the first encrypted segment and a portion of the header information associated with the first low level data unit. The initialization vector is derived at least in part from header information associated with at least some function to receive the low level data apart from the encryption. Providing a low level data unit includes forming a sequence of physical layer blocks, with each physical layer block including an encrypted segment and the header information associated with the associated segment. The header information associated with the encrypted segment includes at least one integrity and header control sequence. The integrity control sequence comprises a cyclic redundancy control code computed based on the header and the encrypted segment. The initialization vector is derived at least in part both from the header information portion associated with the first encrypted segment and from the portion of the header information associated with the first low level data unit. The method further includes selecting the portion of header information associated with the first low level data unit based on which portions of said header information are more likely to be different for different low level data units. The portion of the header information associated with the low level data unit includes at least a portion of at least one of an identifier of a source and an identifier of a destination. The method further includes selecting the portion of the header information associated with the first encrypted segment based on which portions of said header information are likely to be different for different segments. The portion of the header information associated with the first encrypted segment includes at least a portion of one or more groups consisting of: a sequence number associated with the first encrypted segment; information identifying a position of the first encrypted segment within the low level data unit; and information identifying a position of a border between high-level data units within the segment from which the first encrypted segment was generated. Each encrypted segment is capable of being retransmitted independently. At least some segments are encoded using early error correction. The method further includes retransmitting a segment that has not been received successfully including re-encrypting the segment using a new initialization vector. The method further includes selecting a length of the segments to reduce padding associated with at least some segments. The selected length is a multiple of the size of the block of code used for encryption in block mode of the block of a segment. The length of the initialization vector is the same as the length of the number block size used for the encryption mode of the digit block of a segment.
The high level layer comprises a medium access control layer. In another aspect, in general, the invention presents an apparatus for transmitting information over a network. The apparatus includes circuits configured to couple a signal to a communication means; and a network interface module coupled to the circuits. The network interface module includes circuits configured to encapsulate content of a plurality of high-level data units from a high-level layer to generate a stream; dividing the stream into a plurality of segment; individually encrypt at least some segments; wherein an encrypted segment includes a plurality of encrypted blocks, and at least some of the encrypted blocks are encrypted based on at least one other encrypted block within the encrypted segment; and providing low-level data units to a physical layer that handles physical communication over the network, with at least some of the low-level data units including a plurality of encrypted segments. Among the various advantages of the invention (some of which can be achieved only in some of its various aspects and implementations) are the following. Greater communication efficiency can be achieved (in this case in terms of the head-to-header relationship) by deriving an initiation vector to encrypt and de-encrypt a segment in at least part of the header information associated with the segment or with the low level data unit that includes the segment. If the header information is associated with at least some function to receive the low-level data unit apart from encryption, then an additional header is not added due to the initialization vector. After the receiving station receives header information for the low level data unit, the only additional information required to derive an initialization vector for a given encrypted segment is the header information associated with that segment. By independently encrypting the segments including the derivation of an IV of the header information independently for each segment, then when an error that can not be corrected in a segment is detected, only the portion of the low-level data unit that includes that segment needs to be retransmitted to decode the segment. Other features and advantages of the invention will be found in the detailed description, drawings and claims. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a diagram of a network configuration. Figure 2 is a diagram of a reference network architecture. Figure 3 is a block diagram of a communication system. Figure 4 is a format for an MPDU. DETAILED DESCRIPTION OF THE INVENTION There are many possible implementations of the invention, too many to be described here. Some implementations that are presently preferred are described below. However, it can not be overemphasized, that these are descriptions of implementations of the invention, and not descriptions of the invention, which is not limited to the detailed implementations described in this section but is described in broader terms in the claims. As shown in Figure 1, a network configuration 2 includes a communication means 3 for a number of communication stations 6-10 (in this case, computing devices, or audiovisual devices) to communicate with each other. The communication means 3 may include one or more types of physical communication means such as coaxial cable, optical fiber, twisted pair without protection, or power lines, for example. The network configuration 2 can also include devices such as bridges or repeaters. The communication means 3 can connect the communication stations in the network configuration 2 according to any of a variety of topologies (in this case, bus, tree, star, maya). The communication stations communicate with each other according to a predetermined network architecture. The abstract objects that make up the layers of a network architecture are sometimes called communication protocols. A communication protocol provides a communication service that objects of higher level such as application processes, or higher level layers) use to transmit and receive information. For example, in some network architectures the lower level layers include physical layer communication (PHY) and middle access control layer (MAC) protocols. The PHY layers convert data to and from a signal waveform that is transmitted by the communication medium 3. The MAC layer is a sub-layer of a data link layer and provides an interface to the PHY layer, for example, according to the open systems interconnection network (OSI) architecture standard. The communication stations 6-10 include respective network interface modules 12-16 that implement the communication protocols in hardware, software, or a combination of hardware and software in the respective stations. The stations may have differences in the specific communication protocols used, and still may communicate with each other if the protocols are compatible. The communication protocol of a transmitting station transmits data to a communication protocol between units of a receiving station in the form of data units. In each station, the data units pass over and under the layers of the communication protocols (or "protocol stack"). A communication protocol receives a service data unit (SDU) from a higher layer protocol and encapsulates the SDU with protocol control information (PCl) (in this case as a header) to form a protocol data unit (ODU) to be provided in a lower layer as an SDU. Thus, each lower layer provides a service for the highest layer to ensure that the encapsulated SDU is delivered to a unit protocol. For example, the MAC layer protocol in a transmission station sends a MAC protocol unit (MPDU) to the MAC layer protocol in a receiving station. The MPDU includes PCl and other header information (in this case information in a tracking cyclic redundancy (CRC) header or code associated with the MAC layer and with upper layer SDUs together with an application layer load. MAC layer provides the MPDU to the PHY layer as a PHY service data unit (PSDU) to be transported by the communication means 3. A PHY protocol data unit (PPDU) refers to the modulated signal waveform which represents the PSDU that is transmitted by the communication means 3. Figure 2 shows example system interfaces and their associated data units for a portion of a reference network architecture 50 that can be used by the network configuration 2 This portion can be implemented in each station Three layers of network architecture are shown: Protocol adaptation layer (PAL) including one or more layers Bridge / PAL1 52, MAC 54, and physical layer (PHY) 56 , separated by an M1 interface 62 and a PS 64 interface, respectively. A higher level interface H1Í58 denotes the interface denotes the host interface number i, with an interface for each protocol supported. The H1i interface 58 defines the demarcation point for the host protocol data number i units 68 and the adaptation layer service data unit i (i) unit 69 to upper layers of the network architecture 50. For each protocol supported, the bridge can be implemented / PALi 52 can be partially implemented in firmware and / or hardware. Architecture examples 50 support IEEE 802.3 and isochronous stream protocols and also provide access to proprietary protocols of other networks through interface 60. Bridge / Pali 52 provides support for upper layer adaptation (HLA) functionality and / or functionality for bridges. Both HLA and bridge operations support the translation of host data packets including PAL (PALiPDU) 70 protocol units to MAC service data units (MSDUs) 71 and vice versa, and host address translation of the H1 interface 58 to addresses of the corresponding network interface 12-16 (in this case MAC addresses). The HLA and bridge operations also support the determination of traffic class and QoS parameters in addition to the establishment of currents in coordination with the MAC layer: Interface 62 is common for all protocol adaptation layers and defines the demarcation between a Bridge / PALi 52 given and MAC layer 54, with protocol data units (PALiPDUs) 70 being passed down from Bridge / PALi 52 to MAC layer 54 as MAC service data units (MSDUs) 71 and vice versa . The layer 54 of the media access control (MAC) processes service data units (MPDUs) 72 for delivery to the physical layer 56 as PHY service data units (PSDUs) 73. Processing of the MAC layer 54 includes, for example, service interface to PAL 52, network management, admission control, encryption, error control (ARQ), retransmission, escalation, framing, segmentation and reassembly, package encapsulation and de-encapsulation, channel access (free exploitation) of conflicts, managed sessions, CSMA / CA, etc.), time stamping, synchronization with multimedia clocks, and conflict-free sessions. The physical layer signaling interface (PS) 64 separates the MAC layer 54 and the PHY layer 56 with MAC protocol data units (PSDUs) 73 through the interface 64 and vice versa. The physical layer protocol (PHY) 56 provides several operations to transmit a PHY protocol data unit (PDU) signal 74 that includes symbols where the data of the PSDU 73 has been modulated according to a modulation scheme. For example, in an orthogonal frequency division multiplexing (OFDM) modulation scheme through a shared communication medium such as a power line means, the PHY 56 can provide early error correction coding (FEC), encryption, physical bearer identification, frame control decoding, error detection, and information needed for channel estimation and selection of a "tone map" of bearer frequencies to be used for OFDM communication. Any of a variety of communication system architectures can be used to implement the portion of the network interface module that converts data to and from a signal waveform that is transmitted by the communication medium. In the OFDM modulation, the data is transmitted in the form of OFDM "symbols". Each symbol has a predetermined time duration or symbol time Ts. Each symbol is generated from a superposition of N sinusoidal carrier waveforms that are orthogonal to each other and form the OFDM carriers. Each carrier has a stop frequency f, and a phase F, measured from the beginning of the symbol. For each of these mutually orthogonal carriers, a full number of periods of the sinusoidal waveform is contained within the symbol time Ts. Equivalently, each carrier frequency is an integral multiple of a frequency interval Af = 1 / Ts. The Fi phases and the amplitudes Ai of the carrier waveforms can be independently selected according to an appropriate modulation scheme) without affecting the orthogonality of the resulting modulated waveforms. The carriers occupy a frequency lag between the frequencies ñ and fN referred to as the OFDM bandwidth. Referring to Figure 3, a communication system 300 includes a transmitter 302 for transmitting signal (in this case a sequence of OFDM symbols) by a communication means 304 to a receiver 306. The transmitter 302 and the receiver 306 can be incorporated to a network interface module in each station. The communication means 304 can represent a path from one device to another through the power line network. In the transmitter 302, the modules implementing the OHY layer receive an MPDU from the MAC layer. The MPDU is sent to a coding module 320 to perform processing such as mixing, correction of errors and interlacing. The encoded data is fed to an allocation module 322 that takes groups of bits of data bits (in this case 1, 2, 3, 4, 6, 8 or 10 bits), depending on the constellation used for the current symbol ( in this case a constellation BSPK, QPSK, 8-QAM, 16-QAM), and assigns the data value represented by those bits to the corresponding amplitudes of the phase (I) and quadrature phase (Q) components of a carrier waveform of the current symbol. This results in each data value being associated with a corresponding complex number Ci = Ai exp (jFi) whose real part corresponds to component I and whose imaginary part corresponds to the component Q of the carrier with frequency stop f. Alternatively, any appropriate modulation scheme that associates data values with modulated carrier waveforms can be used. The allocation module 322 also determines which of the carrier frequencies f '\, ..., fN within the OFDM bandwidth are used by the system 300 to transmit information. For example, some carriers that experience attenuations can be avoided, and no information is transmitted on those carriers. Instead, the allocation module 322 uses coherent BPSK modulated with a binary value of the pseudo-noise (PN) sequence for that carrier. For some carriers (in this case a carrier = 10) that corresponds to restricted bands (in this case an amateur radio band) in a medium 304 that can radiate power, no energy is transmitted in those carriers (in this case A10 = 0 ). The allocation module 322 also determines the type of modulation to be used in each carrier (or "tones") according to a "tone map". The tone map can be a predetermined tone map, or a custom tone map determined by the receiving station. A discrete inverse Fourier transformation (IDFT) module 324 modulates the set of N resulting complex numbers (some of which may be zero for unused carriers) determined by the allocation module 322 to N orthogonal carrier waveforms with frequencies top f1, ..., fN. The modulated carriers are combined by the IDFT module 324 to form a discrete time symbol waveform S (N) (for a sampling rate fR), which can be written as
, ¥ Ete. (L) i «l
where the time index n goes from 1 to N, Ai is the amplitude and F is the carrier phase with frequency top of r "i = (i / N) fR and j = V-1. In some implementations, the transformation Discrete Fourier corresponds to a fast Fourier / FFT transformation) where each N is a power of 2. A 326 post-processing module combines a sequence of consecutive (potentially overlapping) symbols into a "set of symbols" that can be transmitted as a continuous block through the communication means 304. The postprocessing module 326 prefers a preamble to the set of symbols that can be used for automatic gain control (AGC) and symbol timing synchronization.To mitigate the interference between symbols and between carriers (in this case due to imperfections of the system 300 and / or the communication means 304) the post-processing module 326 can extend each symbol with a cyclic prefix which is a copy of the e the last part of the symbol. The post-processing module 326 may also perform other functions such as applying a pulse-forming window to sub-symbol sets within the symbol set 8 in this case using a raised cosine window or other type of pulse-forming window) and overlapping the subsets of symbols. An analog front end module 328 (AFE) couples an analogous signal containing a continuous time version (in this case low pass filter) of the symbol set with the communication medium 304. The effect of the transmission of the time version Continuous waveform S (t) by communication means 304 can be represented by convolution with a function g (t; t) representing a transmission impulse response by the communication means. The communication means 304 can add noise n (t), which can be random noise and / or narrow band noise emitted by a disturber. In the receiver 306, the modules implementing the cpa PHY receive a signal from the communication means 304 and generate an MPDU for the MAC layer. An AFE module 330 operates in conjunction with the automatic gain control module (AGC) 332 and a time synchronization module 334 to provide sampled signal data and timing information to a discrete Fourier Transform (DFT) module 336. After removing the cyclic prefix, the receiver 306 feeds the discrete time symbols sampled to the DFT module 336 to extract the sequence of N complex numbers representing the decoded data values (performing an N-dot DFT). The demodulator / decoder module 338 allocates the complex numbers to the corresponding bit sequences and performs the decoding of the bits (including de-interleaving and de-mixing). Any of the modules of the communication system 300 including the modules in the transmitter or receiver 306 may be implemented in hardware, software, or a combination of hardware and software. In some implementations, an MPDU may be generated from a current of MSDUs such that a one-to-one correspondence between an MSDU and an MPDU is not necessary. For example, in a MAC process, each of a series of frames (or sub-frames) is generated from one or more MSDUs and multiple MAC pools are concatenated in a MAC frame stream. The MAC macro stream is then segmented into segments (in this case, segments of fixed size) that can be included in an MPDU. Referring to Fig. 4, a frame current MAC 100 includes a DC current of MAC frames of potentially variable length. A segment 102 is formed from a portion of the MAC frame stream 100. Depending on the relative sizes of the segment 102 and MAC frames, a segment may contain a fraction of a MAC frame and / or multiple MAC frames. Thus, a segment may include zero, one or more boundaries between MAC frames. For each segment, the MAC layer locates the offset of the first MAC frame border within the segment. This border information is transmitted along with the segment and is used by the receiving station to demarcate the MAC frames of the received segments. The first MAC frame border in a segment is sufficient since other MAC frame borders (if any) can be determined from information from previous MAC frames (in this case frame length information). The MAC frame border information allows a receiving station to find the beginning of the next MAC frame if the receiving station needs to discard segments of a previous MAC frame and continue receiving with the following MAC frame. Each segment is also associated with a sequence number of segement (SSN). The SSN is initialized at zero for the first segment in a stream of MAC frames and incremented by one when a new segment is formed. The SSNs allow the reception of segments out of order and the detection of duplicates in the receiving station. The end of the frame stream MAC 100 may not contain enough data to fill a segment 102 completely at a time when they will be encapsulated in an MPDU (sent to the PHY layer as a PSDU). In such cases, the MAC frame current 100 can be filled (in this case with zeros) with a filling portion 104, so that a complete segment 102 can be formed. The filling of MAC frame streams to form the last segment (in this case "segment" in Figure 3) can be retracted until just before the segment is processed for sending to the PHY layer to allow time for the next MAC frame to be added to the MAC frame stream 100. A predetermined data value may be included at the beginning of the padding portion 104 to indicate the presence of a padding in the segment remnant. A segment 102 is treated as a directed entity for reliable delivery services by the MAC and PHY layers. Each segment 102 can be individually encrypted so that each segment can be decrypted at the receiving station without needing other segments. For example, a CBC mode block figure (in this case, a 128-bit AES digit in CBC mode) can be used when dividing MAC 100 frame stream data into blocks of data (or "plain text blocks"). ) of a given size (in this case 128 bits that are 16 bytes). The size of a segment can be selected to be a multiple of the size of the data blocks to eliminate the need to fill the last block of data in a segment. Thus, each encrypted segment 106 includes a predetermined number of encrypted blocks (or "ciphered text blocks"). The MAC layer sends each encrypted segment 106 within a PHY block (PB) 108 of an MPDU 110. A PB body field (PBB) 114 of a PB 108 carries the encrypted segment 106 as a load of a PB 108. Other fields of the PB 108 carry the header information (in this case information that is used by the PHY layer to transmit the encrypted segment 106). A PB 116 header, for example, includes fields for the SSN and the first offset (if any) of the MAC frame border associated with the segment. The header PB 116 may also include information indicating other characteristics of a segment, such as a type of current to which the segment in this case a data stream or a driving current belongs). A revision sequence PB (PBCS) 118 is used to check the integrity of the PB 108 received at the station. The Pécs is, for example, CRC code calculated in PBB 114 and header PB 116. Each segment 102 (and encrypted segment 106) corresponds to a different PB 108 (or FEC block) that can be retransmitted independently. Since the FEC encoding allows the PHY layer to detect errors in a PHY block base, the segments 102 having errors can be retransmitted without requiring retransmission of the segments 102 that do not have errors.
The size of a segment 102 can be selected to provide compensation between high and low efficiency. For example, the segments may be large enough so that the header information (in this case the header PB 116 and PBCS 118) associated with the segment 102 is small compared to the segment 102 (in this case a header relationship). at a small charge). The segment may be small enough to solar the effect of errors on a small amount of data around the error so that the latency for retransmitting information is low. A small segment can also reduce the potential size of the fill portion 104 of a final PB 108. An example of such compensation in a case with a data block of 16 bytes, a header of PB of 4 bytes 116, and a PBCS 118 of 4 bytes, is 512 bytes, which results in Pbs 108 of 512 bytes. An MPDU 110 also includes an MPDU header 120 (or "frame control" section) preceding the sequence of PBs 108. The MPDU header includes header information associated with the transmission of the MPDU and / or relevant information to all PBs 108 in the MPDU 110. The MPDU 110 is delivered to the PHY layer to be modulated in a PPDU signal and transmitted to the receiving stations. The information contained in the header MPDU 120 and the header PB 116 can be used by the receiving station to reassemble upper layer data units, such as the stream to which a segment 102 belongs.
Another aspect of the encryption process of the segments 102 for generating the encrypted segments 106 is the selection of an initialization vector (IV) used to initialize the encryption process. for example, in a CBC mode figure, a given encrypted block within an encrypted segment 106 is formed by combining 8 in this case using an XOR operation) a corresponding data block within segment 102 with an encrypted block preceding or (for the first encrypted block that is formed) an IV associated with the segment 102. The combined block is then encrypted using an encryption key. Both the encryption key and the IV must be known at the receiving station to appropriately decrypt an encrypted segment 106. A set of shared secret encryption keys can be known to both the receiving and broadcasting stations (in this case after being distributed from according to a secure protocol), and a field in the header 120 (an "encryption key selection" (EKS) field) can designate which of the encryption keys should be used to decrypt the segments 106 in the corresponding MPDU 110. The IV does not necessarily need to be kept secret as the encryption key; however, using the same IV or a highly predictable one with the same encryption key can increase vulnerability to certain cryptographic attacks. The IV used for the encryption of a given encrypted segment 106 may be sent together with the segment 8 in this case the header 116 PB); however, the aggregate header (in this case 16 bytes) can be significant compared to the segment size (in this case 512 bytes), reducing effectiveness. One way to decrease the header to send the IVs is to encrypt the entire MPDU load (multiple PBs), or a MAC frame, on a long string using CBC mode encryption, which would only require an IV. However, in this scenario if any portion of the string is corrupted, the data will be lost from that point forward in the chain since the encryption in CBC mode for subsequent encrypted blocks depends on that lost portion. Another way to decrease the header to send IVs is to send a new IV less often, and then do IVs for other PBs depending on those new IVs in a predetermined form (in this case increased and transformed according to a known random check function) . Nevertheless, in this scenario, if any of the new IVs is lost, the data encrypted with IVs dependent on the lost IVs will be lost. Another way to decrease the header to send IVs is to derive the Iv from the header information that is already associated with at least some function to receive the MPDU 110 in addition to the encryption, including header information associated with the segment 102 (in this case the header PB 116) and / or header information associated with the MPDU 110 (in this case the header MPDU 120). In an exemplary implementation, the IV for an encrypted segment 106 in a given PBB field 114 is obtained by concatenating fields of the corresponding PB header 116, fields of the header MPDU 120, and a "segment count" indicating the relative location of the segment 106 (and corresponding PB 108) in the MPDU 110. The segment count is a value that can be determined at a receiving station without the need to be sent or represented by any header information of the MPDU 110. The receiving station can simply increase the Segment count for each segment received in an MPDU. For multiple fields that could potentially be used to provide a portion of the IV, the fields that are most likely to vary from one MPDU 110 to the next, or from one PB 108 to the next, can be selected to provide an IV that is more unpredictable Even if there is a possibility that any of the fields remain the same, by selecting multiple fields (or portions of fields) that are prone to vary, the possibility that the entire IV remains the same from one MPDU 110 or PB 108 to the next is reduced. . In this example, since the segment count increases from one PB 108 to the next in a given MPDU 110, the IVs for consecutive encrypted segments 106 will not be equal. Examples of fields of an MPDU header 120 that can be selected for inclusion in the IV as prone to be different for different MPDUs are: source address, destination address, link identifier, EKS, pending PBs, bit load estimate , tone map index, MPDU count, and saturation count. Using the source and destination addresses ensures that the IV will be different for each pair of source / destination stations in communication; The IVs will also be different in each direction since the source becomes the destination and the destination becomes the source in the other direction. The link identifier identifies one of potentially multiple streams from a source to a destination. The EKS that is used by the receiver to determine which encryption key to use may depend on several additional factors such as a logical network to which the station belongs. The pending PBs represents a delay of PBs to be sent in accumulator and typically varies for different MPDUs. The bit load estimate is based on a data rate associated with a given tone map. The tone map index changes when a different tone map is used. The MPDU count changes for consecutive MPDUs. The saturation count counts down (in this case 3, 2, 1, 0) to send a saturated of MPDUs. Additionally, the IV could include a revision sequence for the MPDU header 120 that is computed as a function of all the other fields in the MPDU header, which would act as the random check value having a high possibility of changing when at least one of the other fields change. Examples of PB 116 header fields that can be selected for inclusion in the IV as prone to be different for different SSN PBs, MAC frame boundary displacement, and MAC frame boundary flag The SSN increases from one PB 108 to the next, as well as the segment count, but the SSN is not necessarily interrupted at 0 (or 1 or other initial value) at the beginning of the MPDU 110, as does the segment count Since the SSN increases even across the MPDU borders, the SSN is not repeated until it reaches its maximum value (in this case Nmax = 65,535 for a 16-bit SSN) When the SSN is repeated (after reaching its maximum? there is a high probability that at least some bits in the fields which vary have changed (in this case the segment count is likely to be different since it is not likely that a segment is in the same position within an MPDU as the previous segment in the same SSN), or that a new key of encppta Any pair of segments within Nmax + 1 distance will not have the same IV The MAC frame border flag indicates if there is at least one border between two MAC frames within the PB If there is at least one border, the displacement of MAC frame border indicates where the first boundary occurs in the PB These fields are likely to change if the sizes of the MAC frames vary or are not multiples of the segment size The combination of these fields used in the IV provides an IV that will be low probability of repeating for any given access key, which can provide an acceptable level of protection against cryptographic attacks. After the MPDU 110 is received at the receiving station, the PBCS 118 of each PB 108 is checked and the good PBs are decrypted. The Pbs 108 containing errors that can not be corrected are reported to the transmission station by a recognition signal and are re-encrypted and retransmitted using the current encryption key and a new IV derived from new MPDU header information that is being sent Many other implementations of the invention in addition to those described above are found in the spectrum of the invention, which is defined by the following claims.