[go: up one dir, main page]

WO2012026932A1 - Method and apparatus for over-the-air configuration of a wireless device - Google Patents

Method and apparatus for over-the-air configuration of a wireless device Download PDF

Info

Publication number
WO2012026932A1
WO2012026932A1 PCT/US2010/046659 US2010046659W WO2012026932A1 WO 2012026932 A1 WO2012026932 A1 WO 2012026932A1 US 2010046659 W US2010046659 W US 2010046659W WO 2012026932 A1 WO2012026932 A1 WO 2012026932A1
Authority
WO
WIPO (PCT)
Prior art keywords
secure session
session key
authentication
wireless device
region
Prior art date
Application number
PCT/US2010/046659
Other languages
French (fr)
Inventor
Hang Liu
Mingquan Wu
John Q. Li
Xiuping Lu
Ramkumar Perumanam
Saurabh Mathur
Original Assignee
Thomson Licensing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing filed Critical Thomson Licensing
Priority to PCT/US2010/046659 priority Critical patent/WO2012026932A1/en
Publication of WO2012026932A1 publication Critical patent/WO2012026932A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/18Selecting a network or a communication service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to a method and apparatus for configuring a wireless device that wishes to join a network over- the- air and in particular, without connecting the wireless device using any cables or wires.
  • the present invention aids the device in discovering which wireless network to join and aids the device in joining the discovered wireless network as well as configuring the device.
  • Wireless networks are becoming increasingly pervasive. More and more devices are equipped with wireless connectivity capabilities, for example, set top boxes, wireless relay nodes, music boxes, speakers, etc. Some configuration is required for these devices in order for them to join a wireless network. For example, a wireless device needs to have the same network ID or extended service set ID as the access point (AP) and/or base station (BS) in order to associate with the AP. In another example, a wireless device needs to have the same network ID and/or mesh ID in order to join a wireless mesh network or ad hoc network or peer-to-peer network. It is difficult to configure many wireless devices because they do not have a good input method such as a keyboard or a good output method such as a display.
  • AP access point
  • BS base station
  • It is difficult to configure many wireless devices because they do not have a good input method such as a keyboard or a good output method such as a display.
  • the present invention relates to a method and apparatus for configuring a wireless device that wishes to join a network over- the- air and in particular, without connecting the wireless device using any cables or wires.
  • a method and apparatus are described including scanning channels to discover wireless networks operating in a region, transmitting a pre-association request to one of the wireless networks operating in the region, receiving a pre-association response from the one of the wireless networks operating in the region, establishing a secure session key with the one of the wireless networks operating in the region, receiving one of configuration information and a request to download a configuration file from the one of the wireless networks operating in the region, performing configuration responsive to one of the configuration information and the downloaded configuration file and associating with the one of the wireless network operating in the region responsive to the configuration.
  • Also described are a method and apparatus including receiving a pre-association request, transmitting a pre-association response responsive to the pre-association request, establishing a secure session key and transmitting one of configuration information and a request to download a configuration file.
  • Fig. 1 is a schematic diagram including a new wireless device which wishes to join one or more wireless networks.
  • Fig. 2 is an exemplary screen shot of a user interface that a system administrator might see and use in order to configure a new wireless device in accordance with the principles of the present invention.
  • Fig. 3 is an exemplary user interface for entering authentication and/or configuration information for a new wireless device in accordance with the principles of the present invention.
  • Fig. 4a is an exemplary "Add or Remove Network Device" menu for a new wireless device in accordance with the principles of the present invention.
  • Fig. 4b is an exemplary "Add New Network Device” wizard for a new wireless device in accordance with the principles of the present invention.
  • Fig. 5 is an exemplary method for establishing a secure session and for the exchange of information for pre-association and configuration for a new wireless device in accordance with the principles of the present invention.
  • Fig. 6 is a schematic diagram illustrating the situation where the management server is hosted in a device that is one or more hops away from the network node with which the new wireless device communicates to pre-associate.
  • Fig. 7 is a flowchart for the over-the-air configuration of a new wireless device in accordance with the principles of the present invention from the perspective of the new wireless device.
  • Fig. 8 is a flowchart for the over-the-air configuration of a new wireless device in accordance with the principles of the present invention from the perspective of the management server.
  • Fig. 9 is a block diagram of an exemplary wireless device in accordance with the principles of the present invention.
  • Described herein is a method to configure a wireless device over-the-air without connecting the device to a host using a cable or a wire.
  • a new wireless device wishing to join one or more wireless networks scans all the channels and discovers the wireless networks operating in its neighborhood when it is booted up or after reset. It will try to join each of the available networks periodically until authentication is performed successfully and the device is configured and joins at least one network successfully.
  • Fig. 1 is a schematic diagram including a new wireless device which wishes to join one or more wireless networks.
  • an IEEE 802.11 wireless device is used as an example to explain the over-the-air configuration method of the present invention.
  • the method of the present invention can be used for any wireless devices, including but not limited to devices with WiFi, WiMax, WPan, or cellular interfaces, such as but not limited to computers, laptops, dual mode smart phones or any equivalent devices.
  • the wireless networks can be wireless LAN networks, wireless mesh networks, cellular networks, ad hoc wireless networks, and peer-to-peer wireless networks or any other equivalent wireless networks.
  • the wireless device when a wireless device is booted up initially or after reset, the wireless device performs an initial over-the-air configuration by scanning the channels and discovering wireless networks operating in its vicinity with network IDs or extended service set IDs (ESSIDs) as ESSID1, ESSID2, ...ESSIDn. Some of these networks may operate on different channels and some of these networks may operate on the same channel.
  • the scan can be active by exchanging probe request and probe reply messages or can be passive by the new wireless device listening for and to the beacon messages.
  • Beacon messages are a form of control messages.
  • the wireless device tries to pre-associate with the access point (AP) or base station (BS) or gateway (GW) or node of network ESSID1 and pre-join network ESSID1.
  • the wireless device exchanges information with the AP or BS or GW or node of network ESSID 1 and informs (transmits to) the AP or BS or GW or node of its intent to associate with the AP or BS or GW or node of network ESSID 1.
  • the AP or BS or GW or node of network ESSID 1 then records the information of the new wireless device, including its type, manufacture, and media access control or hardware address.
  • AP or BS or GW or node of network ESSID 1 wants to configure the new wireless device and to associate with this new wireless device according to the new device information
  • AP or BS or GW or node of network ESSID 1 starts the authentication process with the new wireless device as described below. Otherwise, the new wireless device tries to pre-associate with the access point (AP) or base station (BS) or gateway (GW) or node of the next network ESSID2 and pre-join network ESSID2 using the same procedure.
  • the new wireless device tries to pre-join each of the available networks in a round-robin fashion until the new wireless device is configured, associates with and joins at least one network successfully. If the device is reset later, it will start the initial over- the- air configuration procedure again. The reset can be performed by pushing a reset button on the wireless device or sending a command to the wireless device.
  • An administrator of network ESSID/ can access the management server on the AP or BS or GW or node of network ESSID/ locally or remotely from a control client terminal or station.
  • the control client station can be a laptop computer, a desktop computer, a mobile phone, or any other equivalent device.
  • the access method to the management server can be web based, command line, telenet, secure shell (ssh), or any other equivalent remote access methods.
  • the management server also associates with a web server and the control client terminal is equipped with a web browser.
  • the connection between the control client terminal and the management server of network ESSID/ can be wired or wireless.
  • the administrator of network ESSIDi accesses the management server on the AP or BS or GW or node of network ESSIDi locally or remotely from a terminal, the administrator may be required to be authenticated, for example by entering a password or using other authentication mechanisms.
  • the connection between the control client terminal and the management server of network ESSIDi can be secure, for example established by setting up a secure tunnel using mechanisms such as TLS(SSL), IP security (IPSec), or IEEE 802. Hi.
  • a user interface will display that new hardware (wireless device) has been found and ask the administrator to try to associate with the new hardware and provide information of the hardware, e.g. the device's type, manufacture, hardware address, etc.
  • the user interface will ask the administrator whether the administrator wants to allow this new wireless device to associate with network ESSIDi and guide the administrator to configure the new wireless device.
  • Fig. 2 is an exemplary screen shot of a user interface that a system administrator might see and use in order to configure a new wireless device in accordance with the principles of the present invention. If the administrator recognizes that the wireless device is what he or she wants to configure over- the- air and he or she wants to allow this new wireless device to join network ESSIDi, the administrator clicks "yes" on the UI screen (menu) and enters the necessary security information for authentication.
  • the information includes serial number, hardware or MAC address, order number, and authentication codes or authentication phrases.
  • the serial number, hardware or MAC address, order number, and authentication codes or authentication phrases can be obtained from the order receipt and/or on the device label.
  • Some information such as hardware or MAC address can also be pre-filled based on the information exchanged between the new wireless device and the management server in the pre-association phase.
  • the administrator can also enter configuration information such as node name, password, etc. The password can be used to remotely access the new wireless device later.
  • FIG. 3 An exemplary UI for entering authentication and/or configuration information is shown in Fig. 3. After the information is entered, the management server of network ESSID/ records the information and uses it for the authentication with the new wireless device and the configuration of new wireless device over-the-air.
  • the new wireless device found indicator will not be displayed any more.
  • the administrator wants to configure the same new wireless device later the administrator can click the "Add or Remove Network Device” button on the dashboard.
  • An exemplary "Add or Remove Network Device” menu is displayed as illustrated in Fig. 4a.
  • the administrator can click the "Search for New Network Device” button to get an exemplary "Add New Network Device” wizard as shown in Fig. 4b.
  • the management server will show all the new devices that are trying to pre-associate with the wireless network but have not yet been configured and associated with the wireless network after the administrator clicks "Next" on the "Add New Network Device” wizard.
  • Fig. 5 illustrates an exemplary method to establish a secure session and exchange information for pre-association and configuration in accordance with the present invention.
  • the new wireless device sends a pre-association request to the management server that contains the device information such as device type, manufacturer, hardware or MAC address, etc.
  • the management server of network ESSID/ sends a pre-association reply back to the new wireless device.
  • the pre-association reply contains the information to indicate whether the management server wants to configure the new wireless device over-the-air.
  • the management server of network ESSID/ wants to configure the new wireless device, the management server starts the authentication process with the new wireless device. Otherwise, the new wireless device tries to pre-associate with the access point (AP) or base station (BS) or gateway (GW) or node of next network ESSID/+1 and pre-join network ESSIDi+1. The new device tries to pre-join each of available networks in a round-robin fashion until the wireless device is configured and has associated with and joined at least one wireless network. Referring still to Fig. 5, starting the authentication process, the new wireless device and the management server first establish a secure session for communications between them.
  • AP access point
  • BS base station
  • GW gateway
  • One method to establish a secure session is to use the Diffie-Hellman key exchange agreement, which does not require any pre-distributed keys.
  • the new wireless device and the management server exchange their own key values that are computed from their random private numbers. The information exchange can be done over a communications channel that is not secure and does not require the two parties to have any prior knowledge of each other.
  • the new wireless device and the management server can establish a shared secret session key. This shared secret session key can then be used to encrypt subsequent communications between them using a symmetric key cipher.
  • the new wireless device sends (communicates, forwards, transmits) an authentication request to the management server.
  • the management server sends an authentication reply including the serial number and/or the authentication code to the new wireless device.
  • the serial number and the authentication code are entered by the administrator through the UI.
  • the management server then sends (communicates, transmits, forwards) an authentication request to the new wireless device.
  • the new wireless device authenticates the management server by comparing the received serial number and/or the authentication code with the ones pre-stored (e.g., by the factory) in the wireless device.
  • the device sends authentication reply to the management server to indicate the authentication result.
  • the device can send another authentication code to the management server so that the management server can authenticate the device.
  • the messages exchanged between the new device and the management server, in the authentication phase are encrypted using the Diffie-Hellman secure session key.
  • the management server After successful authentication, the management server sends the configuration information to the new wireless device. The management server can also ask the new wireless device to download the configuration file.
  • the configuration messages or files are encrypted using the Diffie-Hellman secure session key and the integrity of configuration messages or files is thus protected.
  • One method to protect the integrity of configuration messages or files is to use keyed Message-Digest algorithm 5 (MD5), which is a hash function. With keyed MD5, the sender transmits a message plus the hashed digest of the message and a secret key, where the secret key can be generated from the serial number or another authentication code and is known to both the sender and the receiver. The receiver matches the secret key to confirm the message with MD5.
  • MD5 Message-Digest algorithm 5
  • wireless device After the wireless device receives the new configuration information, the wireless device reconfigures itself, associates with an AP or BS or GW or node, and joins the network.
  • Fig. 6 is a schematic diagram of an alternative embodiment illustrating the situation where the management server of network ESSID/ is hosted in a device that is one or more hops away from the AP or BS or GW or network node with which the new wireless device communicates to pre-associate.
  • the AP or BS or GW or node of network ESSID/ relays the information or messages exchanged between the management server and the new wireless device so that the new wireless device can be configured over-the-air and join the network using the method described above.
  • Fig. 7 is a flowchart for the over-the-air configuration of a new wireless device over-the-air in accordance with the principles of the present invention from the perspective of the new wireless device.
  • the new wireless device scans the channels to obtain a list of wireless networks ESSID/ in the neighborhood (area, vicinity).
  • a counter for the available wireless networks is initialized. Note that the counter could be an up-counter or a down-counter. The initialization value depends on whether the counter is arranged as an up-counter or a down-counter.
  • the wireless device sends (communicates, forwards, transmits) a pre-association request to the management server of network ESSIDL
  • a timer is initialized.
  • the timer is tested to determine if the timer has expired. If the timer has not expired then a test is performed at 730 to determine if the wireless device has received a pre-association response from the management server of network ESSIDL If the wireless device has received a pre-association response from the management server of network ESSID/ then a test is performed at 735 to determine if the management server of network ESSID/ wants to configure the new wireless device over-the-air. If the management server of network ESSID/ wants to configure the new wireless device over-the-air then at 740 a secure session key is established and mutual authentication is performed with the management server as illustrated in Fig. 5. At 745 a test is performed to determine if a secure session was established and mutual authentication was successful.
  • the wireless device receives configuration information (or a configuration file) from the management server of network ESSIDL
  • the wireless device performs configuration in accordance with the configuration received (or from the configuration file received or downloaded).
  • the wireless device associates with network ESSID/ using its new configuration. If a secure session was not established or mutual authentication was not successful then at 765 the counter is tested to see if all of the networks in the vicinity (area, neighborhood) have been approached to join. If based on the value of the counter all of the networks in the vicinity (area, neighborhood) have been approached to join then processing returns to 705.
  • the counter is incremented (or decremented depending on if the counter is arranged as an up-counter or a down-counter) and processing proceeds to 715. If the management server of network ESSID/ does not want to configure the new wireless device over- the-air then processing proceeds to 765. If a pre-association response has not been received then processing proceeds to 725. If the timer has expired then processing proceeds to 765.
  • Fig. 8 is a flowchart for the over-the-air configuration of a new wireless device in accordance with the principles of the present invention from the perspective of the management server.
  • the management server receives a pre-association request from a new wireless device.
  • the management server sends (communicates, forwards, transmits) a pre-association response (reply) and indicates whether the management server wants to configure the new wireless device.
  • a test is performed to determine if the management server wants to configure the new wireless device over-the-air.
  • the management server establishes a secure session key and attempts to perform mutual authentication with the new wireless device in accordance with Fig. 5.
  • a test is performed to determine if a secure session was established and mutual authentication was successful.
  • the management server sends (communicates, forwards, transmits) the wireless device configuration information (or a file) or asks the wireless device to download a configuration file (request to download). If a secure session was not established or mutual authentication was not successful then processing ends. If the management server does not want to configure the new wireless device over-the-air then processing ends.
  • an administrator can login to the management server in advance to enter the information for authentication and configuration of the new wireless device.
  • the administrator can click the "Manually Add New Device” button on the "Add or Remove Network Device” menu to get new device authentication and configuration information table and then enter the authentication and configuration information of the new wireless device.
  • the new wireless device will be automatically authenticated and configured when the wireless device tries to pre-associate and pre-join the network.
  • a wireless device (station, node, gateway, AP, base station) can be a transmitter, a receiver or a transceiver
  • a single block diagram is used showing a wireless communication module having a radio transmitter or receiver. That is, the radio transmitter or receiver can be a transmitter, a receiver or a transceiver.
  • the present invention includes a host computing system and a communication module (wireless).
  • the host processing system can be a general- purpose computer or a specific-purpose computing system.
  • the host computing system can include a central processing unit (CPU), a memory and an input or output (I/O) interface.
  • CPU central processing unit
  • I/O input or output
  • the wireless communication module can include a MAC and baseband processor, radio transmitter or receiver, and one or more antennas.
  • An antenna transmits and receives the radio signals.
  • the radio transmitter or receiver performs radio signal processing.
  • the MAC and baseband processor performs MAC control and data framing, modulation and demodulation, coding and decoding for the transmission and receiving.
  • At least one embodiment of the present invention can be implemented as a routine in the host computing system or wireless communication module to process the transmission and receiving of data and control signal. That is, the block diagram of Figure 9 may be implemented as hardware, software, firmware, a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), a reduced instruction set computer (RISC) or any combination thereof.
  • FPGA field programmable gate array
  • ASIC application specific integrated circuit
  • RISC reduced instruction set computer
  • the exemplary processes illustrated in the various flowcharts and text above are operationally implemented in either the host processing system or the wireless communication module or a combination of the host processing system and the communication module.
  • the block diagram thus fully enables the various methods or processes to be practiced in hardware, software, firmware, a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), a reduced instruction set computer (RISC) or any combination thereof.
  • FPGA field programmable gate array
  • ASIC application specific integrated circuit
  • RISC reduced instruction set computer
  • the transceiver module when the device of Fig. 9 is operating as a wireless device, includes means for scanning channels to discover wireless networks operating in a region, means for transmitting a pre-association request to one of the wireless networks operating in the region, means for receiving a pre- association response from one of the wireless networks operating in the region and means for receiving one of configuration information and a request to download a configuration file from one of the wireless networks operating in the region.
  • the control logic module of the device of Fig. 9 includes means for establishing a secure session key with one of the wireless networks operating in the region, means for performing configuration responsive to one of the configuration information and the downloaded configuration file and means for associating with one of said wireless network operating in the region responsive to the configuration.
  • the transceiver module when the device of Fig. 9 is operating as one of a base station or access point or gateway, the transceiver module includes means for receiving a pre- association request, means for transmitting a pre-association response and means for transmitting one of configuration information and a request to download a configuration file.
  • the control logic module of the device of Fig. 9 includes means for establishing a secure session key.
  • the present invention may be implemented in various forms of hardware, software, firmware, special purpose processors, or a combination thereof.
  • the present invention is implemented as a combination of hardware and software.
  • the software is preferably implemented as an application program tangibly embodied on a program storage device.
  • the application program may be uploaded to, and executed by, a machine comprising any suitable architecture.
  • the machine is implemented on a computer platform having hardware such as one or more central processing units (CPU), a random access memory (RAM), and input or output (I or O) interface(s).
  • CPU central processing units
  • RAM random access memory
  • I or O input or output
  • the computer platform also includes an operating system and microinstruction code.
  • various processes and functions described herein may either be part of the microinstruction code or part of the application program (or a combination thereof), which is executed via the operating system.
  • various other peripheral devices may be connected to the computer platform such as an additional data storage device and a printing device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and apparatus are described including scanning channels to discover wireless networks operating in a region, transmitting a pre-association request to one of the wireless networks operating in the region, receiving a pre-association response from the one of the wireless networks operating in the region, establishing a secure session key with the one of the wireless networks operating in the region, receiving one of configuration information and a request to download a configuration file from the one of the wireless networks operating in the region, performing configuration responsive to one of the configuration information and the downloaded configuration file and associating with the one of the wireless network operating in the region responsive to the configuration. Also described are a method and apparatus including receiving a pre-association request, transmitting a pre-association response responsive to the pre-association request, establishing a secure session key and transmitting one of configuration information and a request to download a configuration file.

Description

METHOD AND APPARATUS FOR OVER-THE-AIR CONFIGURATION OF A
WIRELESS DEVICE FIELD OF THE INVENTION
The present invention relates to a method and apparatus for configuring a wireless device that wishes to join a network over- the- air and in particular, without connecting the wireless device using any cables or wires. The present invention aids the device in discovering which wireless network to join and aids the device in joining the discovered wireless network as well as configuring the device.
BACKGROUND OF THE INVENTION
Wireless networks are becoming increasingly pervasive. More and more devices are equipped with wireless connectivity capabilities, for example, set top boxes, wireless relay nodes, music boxes, speakers, etc. Some configuration is required for these devices in order for them to join a wireless network. For example, a wireless device needs to have the same network ID or extended service set ID as the access point (AP) and/or base station (BS) in order to associate with the AP. In another example, a wireless device needs to have the same network ID and/or mesh ID in order to join a wireless mesh network or ad hoc network or peer-to-peer network. It is difficult to configure many wireless devices because they do not have a good input method such as a keyboard or a good output method such as a display.
In the prior art, connecting the wireless device to a host computer through a wired interface, e.g. USB cable or Ethernet cable has been proposed. Then the wireless device could be configured. However, this method is not desirable in certain situations because a person has to move the device to a proper location and connect the device with a cable or wire.
SUMMARY OF THE INVENTION
The present invention relates to a method and apparatus for configuring a wireless device that wishes to join a network over- the- air and in particular, without connecting the wireless device using any cables or wires. A method and apparatus are described including scanning channels to discover wireless networks operating in a region, transmitting a pre-association request to one of the wireless networks operating in the region, receiving a pre-association response from the one of the wireless networks operating in the region, establishing a secure session key with the one of the wireless networks operating in the region, receiving one of configuration information and a request to download a configuration file from the one of the wireless networks operating in the region, performing configuration responsive to one of the configuration information and the downloaded configuration file and associating with the one of the wireless network operating in the region responsive to the configuration. Also described are a method and apparatus including receiving a pre-association request, transmitting a pre-association response responsive to the pre-association request, establishing a secure session key and transmitting one of configuration information and a request to download a configuration file. BRIEF DESCRIPTION OF THE DRAWINGS
The present invention is best understood from the following detailed description when read in conjunction with the accompanying drawings. The drawings include the following figures briefly described below:
Fig. 1 is a schematic diagram including a new wireless device which wishes to join one or more wireless networks.
Fig. 2 is an exemplary screen shot of a user interface that a system administrator might see and use in order to configure a new wireless device in accordance with the principles of the present invention.
Fig. 3 is an exemplary user interface for entering authentication and/or configuration information for a new wireless device in accordance with the principles of the present invention.
Fig. 4a is an exemplary "Add or Remove Network Device" menu for a new wireless device in accordance with the principles of the present invention.
Fig. 4b is an exemplary "Add New Network Device" wizard for a new wireless device in accordance with the principles of the present invention.
Fig. 5 is an exemplary method for establishing a secure session and for the exchange of information for pre-association and configuration for a new wireless device in accordance with the principles of the present invention. Fig. 6 is a schematic diagram illustrating the situation where the management server is hosted in a device that is one or more hops away from the network node with which the new wireless device communicates to pre-associate.
Fig. 7 is a flowchart for the over-the-air configuration of a new wireless device in accordance with the principles of the present invention from the perspective of the new wireless device.
Fig. 8 is a flowchart for the over-the-air configuration of a new wireless device in accordance with the principles of the present invention from the perspective of the management server.
Fig. 9 is a block diagram of an exemplary wireless device in accordance with the principles of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Described herein is a method to configure a wireless device over-the-air without connecting the device to a host using a cable or a wire. In the present invention, initially a new wireless device wishing to join one or more wireless networks scans all the channels and discovers the wireless networks operating in its neighborhood when it is booted up or after reset. It will try to join each of the available networks periodically until authentication is performed successfully and the device is configured and joins at least one network successfully.
Fig. 1 is a schematic diagram including a new wireless device which wishes to join one or more wireless networks. In Fig. 1, an IEEE 802.11 wireless device is used as an example to explain the over-the-air configuration method of the present invention. The method of the present invention can be used for any wireless devices, including but not limited to devices with WiFi, WiMax, WPan, or cellular interfaces, such as but not limited to computers, laptops, dual mode smart phones or any equivalent devices. The wireless networks can be wireless LAN networks, wireless mesh networks, cellular networks, ad hoc wireless networks, and peer-to-peer wireless networks or any other equivalent wireless networks.
In an exemplary embodiment of the present invention, when a wireless device is booted up initially or after reset, the wireless device performs an initial over-the-air configuration by scanning the channels and discovering wireless networks operating in its vicinity with network IDs or extended service set IDs (ESSIDs) as ESSID1, ESSID2, ...ESSIDn. Some of these networks may operate on different channels and some of these networks may operate on the same channel. The scan can be active by exchanging probe request and probe reply messages or can be passive by the new wireless device listening for and to the beacon messages. Beacon messages are a form of control messages. Then the wireless device tries to pre-associate with the access point (AP) or base station (BS) or gateway (GW) or node of network ESSID1 and pre-join network ESSID1. The wireless device exchanges information with the AP or BS or GW or node of network ESSID 1 and informs (transmits to) the AP or BS or GW or node of its intent to associate with the AP or BS or GW or node of network ESSID 1. The AP or BS or GW or node of network ESSID 1 then records the information of the new wireless device, including its type, manufacture, and media access control or hardware address. If the AP or BS or GW or node of network ESSID 1 wants to configure the new wireless device and to associate with this new wireless device according to the new device information, AP or BS or GW or node of network ESSID 1 starts the authentication process with the new wireless device as described below. Otherwise, the new wireless device tries to pre-associate with the access point (AP) or base station (BS) or gateway (GW) or node of the next network ESSID2 and pre-join network ESSID2 using the same procedure. The new wireless device tries to pre-join each of the available networks in a round-robin fashion until the new wireless device is configured, associates with and joins at least one network successfully. If the device is reset later, it will start the initial over- the- air configuration procedure again. The reset can be performed by pushing a reset button on the wireless device or sending a command to the wireless device.
The AP or BS or GW or node of wireless network ESSID/ 0=1... n) hosts a management server. An administrator of network ESSID/ can access the management server on the AP or BS or GW or node of network ESSID/ locally or remotely from a control client terminal or station. The control client station can be a laptop computer, a desktop computer, a mobile phone, or any other equivalent device. The access method to the management server can be web based, command line, telenet, secure shell (ssh), or any other equivalent remote access methods. In the web based access to the management server, the management server also associates with a web server and the control client terminal is equipped with a web browser. The connection between the control client terminal and the management server of network ESSID/ can be wired or wireless. When the administrator of network ESSIDi accesses the management server on the AP or BS or GW or node of network ESSIDi locally or remotely from a terminal, the administrator may be required to be authenticated, for example by entering a password or using other authentication mechanisms. The connection between the control client terminal and the management server of network ESSIDi can be secure, for example established by setting up a secure tunnel using mechanisms such as TLS(SSL), IP security (IPSec), or IEEE 802. Hi. After the administrator accesses the dashboard (interface) of the network management server hosted on the AP or BS or GW or node of network ESSIDi, a user interface (UI) will display that new hardware (wireless device) has been found and ask the administrator to try to associate with the new hardware and provide information of the hardware, e.g. the device's type, manufacture, hardware address, etc. The user interface will ask the administrator whether the administrator wants to allow this new wireless device to associate with network ESSIDi and guide the administrator to configure the new wireless device.
Fig. 2 is an exemplary screen shot of a user interface that a system administrator might see and use in order to configure a new wireless device in accordance with the principles of the present invention. If the administrator recognizes that the wireless device is what he or she wants to configure over- the- air and he or she wants to allow this new wireless device to join network ESSIDi, the administrator clicks "yes" on the UI screen (menu) and enters the necessary security information for authentication. The information includes serial number, hardware or MAC address, order number, and authentication codes or authentication phrases. The serial number, hardware or MAC address, order number, and authentication codes or authentication phrases can be obtained from the order receipt and/or on the device label. Some information such as hardware or MAC address can also be pre-filled based on the information exchanged between the new wireless device and the management server in the pre-association phase. The administrator can also enter configuration information such as node name, password, etc. The password can be used to remotely access the new wireless device later.
An exemplary UI for entering authentication and/or configuration information is shown in Fig. 3. After the information is entered, the management server of network ESSID/ records the information and uses it for the authentication with the new wireless device and the configuration of new wireless device over-the-air.
If the administrator does not want to configure this new wireless device or allow this new wireless device to associate with network ESSID/, the administrator clicks "no" on the dashboard in Fig. 2. The new wireless device found indicator will not be displayed any more. If the administrator wants to configure the same new wireless device later, the administrator can click the "Add or Remove Network Device" button on the dashboard. An exemplary "Add or Remove Network Device" menu is displayed as illustrated in Fig. 4a. The administrator can click the "Search for New Network Device" button to get an exemplary "Add New Network Device" wizard as shown in Fig. 4b. The management server will show all the new devices that are trying to pre-associate with the wireless network but have not yet been configured and associated with the wireless network after the administrator clicks "Next" on the "Add New Network Device" wizard.
When the new device tries to pre-associate with the AP or BS or GW or node of network ESSID/ and pre -join network ESSID/, the management server on the AP or BS or GW or node communicates with the new wireless device to authenticate it. Fig. 5 illustrates an exemplary method to establish a secure session and exchange information for pre-association and configuration in accordance with the present invention. The new wireless device sends a pre-association request to the management server that contains the device information such as device type, manufacturer, hardware or MAC address, etc. The management server of network ESSID/ sends a pre-association reply back to the new wireless device. The pre-association reply contains the information to indicate whether the management server wants to configure the new wireless device over-the-air. If the management server of network ESSID/ wants to configure the new wireless device, the management server starts the authentication process with the new wireless device. Otherwise, the new wireless device tries to pre-associate with the access point (AP) or base station (BS) or gateway (GW) or node of next network ESSID/+1 and pre-join network ESSIDi+1. The new device tries to pre-join each of available networks in a round-robin fashion until the wireless device is configured and has associated with and joined at least one wireless network. Referring still to Fig. 5, starting the authentication process, the new wireless device and the management server first establish a secure session for communications between them. One method to establish a secure session is to use the Diffie-Hellman key exchange agreement, which does not require any pre-distributed keys. With the Diffie-Hellman key agreement, the new wireless device and the management server exchange their own key values that are computed from their random private numbers. The information exchange can be done over a communications channel that is not secure and does not require the two parties to have any prior knowledge of each other. Using the exchanged information, the new wireless device and the management server can establish a shared secret session key. This shared secret session key can then be used to encrypt subsequent communications between them using a symmetric key cipher. After the secure session is established, the new wireless device sends (communicates, forwards, transmits) an authentication request to the management server. The management server sends an authentication reply including the serial number and/or the authentication code to the new wireless device. The serial number and the authentication code are entered by the administrator through the UI. The management server then sends (communicates, transmits, forwards) an authentication request to the new wireless device. The new wireless device authenticates the management server by comparing the received serial number and/or the authentication code with the ones pre-stored (e.g., by the factory) in the wireless device. The device sends authentication reply to the management server to indicate the authentication result. In addition, the device can send another authentication code to the management server so that the management server can authenticate the device. The messages exchanged between the new device and the management server, in the authentication phase, are encrypted using the Diffie-Hellman secure session key. After successful authentication, the management server sends the configuration information to the new wireless device. The management server can also ask the new wireless device to download the configuration file. The configuration messages or files are encrypted using the Diffie-Hellman secure session key and the integrity of configuration messages or files is thus protected. One method to protect the integrity of configuration messages or files is to use keyed Message-Digest algorithm 5 (MD5), which is a hash function. With keyed MD5, the sender transmits a message plus the hashed digest of the message and a secret key, where the secret key can be generated from the serial number or another authentication code and is known to both the sender and the receiver. The receiver matches the secret key to confirm the message with MD5. Other security methods including public -key algorithms, digital signature, and SHA hash algorithms can also be used for authentication, encryption, and message integrity checking. After the wireless device receives the new configuration information, the wireless device reconfigures itself, associates with an AP or BS or GW or node, and joins the network.
Fig. 6 is a schematic diagram of an alternative embodiment illustrating the situation where the management server of network ESSID/ is hosted in a device that is one or more hops away from the AP or BS or GW or network node with which the new wireless device communicates to pre-associate. In this case, the AP or BS or GW or node of network ESSID/ relays the information or messages exchanged between the management server and the new wireless device so that the new wireless device can be configured over-the-air and join the network using the method described above.
Fig. 7 is a flowchart for the over-the-air configuration of a new wireless device over-the-air in accordance with the principles of the present invention from the perspective of the new wireless device. At 705 the new wireless device scans the channels to obtain a list of wireless networks ESSID/ in the neighborhood (area, vicinity). At 710 a counter for the available wireless networks is initialized. Note that the counter could be an up-counter or a down-counter. The initialization value depends on whether the counter is arranged as an up-counter or a down-counter. At 715 the wireless device sends (communicates, forwards, transmits) a pre-association request to the management server of network ESSIDL At 720 a timer is initialized. At 725 the timer is tested to determine if the timer has expired. If the timer has not expired then a test is performed at 730 to determine if the wireless device has received a pre-association response from the management server of network ESSIDL If the wireless device has received a pre-association response from the management server of network ESSID/ then a test is performed at 735 to determine if the management server of network ESSID/ wants to configure the new wireless device over-the-air. If the management server of network ESSID/ wants to configure the new wireless device over-the-air then at 740 a secure session key is established and mutual authentication is performed with the management server as illustrated in Fig. 5. At 745 a test is performed to determine if a secure session was established and mutual authentication was successful. If a secure session was established and mutual authentication was successful then at 750 the wireless device receives configuration information (or a configuration file) from the management server of network ESSIDL At 755 the wireless device performs configuration in accordance with the configuration received (or from the configuration file received or downloaded). At 760 the wireless device associates with network ESSID/ using its new configuration. If a secure session was not established or mutual authentication was not successful then at 765 the counter is tested to see if all of the networks in the vicinity (area, neighborhood) have been approached to join. If based on the value of the counter all of the networks in the vicinity (area, neighborhood) have been approached to join then processing returns to 705. If based on the value of the counter all of the networks in the vicinity (area, neighborhood) have not been approached to join then at 770 the counter is incremented (or decremented depending on if the counter is arranged as an up-counter or a down-counter) and processing proceeds to 715. If the management server of network ESSID/ does not want to configure the new wireless device over- the-air then processing proceeds to 765. If a pre-association response has not been received then processing proceeds to 725. If the timer has expired then processing proceeds to 765.
Fig. 8 is a flowchart for the over-the-air configuration of a new wireless device in accordance with the principles of the present invention from the perspective of the management server. At 805 the management server receives a pre-association request from a new wireless device. At 810 the management server sends (communicates, forwards, transmits) a pre-association response (reply) and indicates whether the management server wants to configure the new wireless device. At 815 a test is performed to determine if the management server wants to configure the new wireless device over-the-air. At 820 the management server establishes a secure session key and attempts to perform mutual authentication with the new wireless device in accordance with Fig. 5. At 825 a test is performed to determine if a secure session was established and mutual authentication was successful. If a secure session was established and mutual authentication was successful then at 830 the management server sends (communicates, forwards, transmits) the wireless device configuration information (or a file) or asks the wireless device to download a configuration file (request to download). If a secure session was not established or mutual authentication was not successful then processing ends. If the management server does not want to configure the new wireless device over-the-air then processing ends.
In another alternative embodiment, an administrator can login to the management server in advance to enter the information for authentication and configuration of the new wireless device. The administrator can click the "Manually Add New Device" button on the "Add or Remove Network Device" menu to get new device authentication and configuration information table and then enter the authentication and configuration information of the new wireless device. The new wireless device will be automatically authenticated and configured when the wireless device tries to pre-associate and pre-join the network.
Referring now to Fig. 9, which is a block diagram of an exemplary wireless device implementation of the present invention. Since a wireless device (station, node, gateway, AP, base station) can be a transmitter, a receiver or a transceiver, a single block diagram is used showing a wireless communication module having a radio transmitter or receiver. That is, the radio transmitter or receiver can be a transmitter, a receiver or a transceiver. The present invention includes a host computing system and a communication module (wireless). The host processing system can be a general- purpose computer or a specific-purpose computing system. The host computing system can include a central processing unit (CPU), a memory and an input or output (I/O) interface. The wireless communication module can include a MAC and baseband processor, radio transmitter or receiver, and one or more antennas. An antenna transmits and receives the radio signals. The radio transmitter or receiver performs radio signal processing. The MAC and baseband processor performs MAC control and data framing, modulation and demodulation, coding and decoding for the transmission and receiving. At least one embodiment of the present invention can be implemented as a routine in the host computing system or wireless communication module to process the transmission and receiving of data and control signal. That is, the block diagram of Figure 9 may be implemented as hardware, software, firmware, a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), a reduced instruction set computer (RISC) or any combination thereof. Further, the exemplary processes illustrated in the various flowcharts and text above are operationally implemented in either the host processing system or the wireless communication module or a combination of the host processing system and the communication module. The block diagram thus fully enables the various methods or processes to be practiced in hardware, software, firmware, a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), a reduced instruction set computer (RISC) or any combination thereof.
Specifically, when the device of Fig. 9 is operating as a wireless device, the transceiver module includes means for scanning channels to discover wireless networks operating in a region, means for transmitting a pre-association request to one of the wireless networks operating in the region, means for receiving a pre- association response from one of the wireless networks operating in the region and means for receiving one of configuration information and a request to download a configuration file from one of the wireless networks operating in the region. The control logic module of the device of Fig. 9 includes means for establishing a secure session key with one of the wireless networks operating in the region, means for performing configuration responsive to one of the configuration information and the downloaded configuration file and means for associating with one of said wireless network operating in the region responsive to the configuration.
Specifically, when the device of Fig. 9 is operating as one of a base station or access point or gateway, the transceiver module includes means for receiving a pre- association request, means for transmitting a pre-association response and means for transmitting one of configuration information and a request to download a configuration file. The control logic module of the device of Fig. 9 includes means for establishing a secure session key.
It is to be understood that the present invention may be implemented in various forms of hardware, software, firmware, special purpose processors, or a combination thereof. Preferably, the present invention is implemented as a combination of hardware and software. Moreover, the software is preferably implemented as an application program tangibly embodied on a program storage device. The application program may be uploaded to, and executed by, a machine comprising any suitable architecture. Preferably, the machine is implemented on a computer platform having hardware such as one or more central processing units (CPU), a random access memory (RAM), and input or output (I or O) interface(s). The computer platform also includes an operating system and microinstruction code. The various processes and functions described herein may either be part of the microinstruction code or part of the application program (or a combination thereof), which is executed via the operating system. In addition, various other peripheral devices may be connected to the computer platform such as an additional data storage device and a printing device.
It is to be further understood that, because some of the constituent system components and method steps depicted in the accompanying figures are preferably implemented in software, the actual connections between the system components (or the process steps) may differ depending upon the manner in which the present invention is programmed. Given the teachings herein, one of ordinary skill in the related art will be able to contemplate these and similar implementations or configurations of the present invention.

Claims

CLAIMS:
1. A method, said method comprising:
scanning channels to discover wireless networks operating in a region; transmitting a pre-association request to one of said wireless networks operating in said region;
receiving a pre-association response from said one of said wireless networks operating in said region;
establishing a secure session key with said one of said wireless networks operating in said region;
receiving one of configuration information and a request (asks) to download a configuration file from said one of said wireless networks operating in said region;
performing configuration responsive to one of said configuration information and said downloaded configuration file; and
associating with said one of said wireless network operating in said region responsive to said configuration.
2. The method according to claim 1, wherein said establishing act further comprises:
transmitting a first authentication request encrypted with said secure session key;
receiving a first authentication reply encrypted with said secure session key;
receiving a second authentication request encrypted with said secure session key; and
transmitting a second authentication reply encrypted with said secure session key.
3. The method according to claim 1, wherein said secure session key is shared and secret.
4. The method according to claim 1, wherein said establishing act is performed using a Dillie-Hellman key exchange.
5. The method according to claim 1, wherein said configuration information and said configuration file are protected with message integrity and encryption.
6. The method according to claim 2, wherein said first authentication reply includes a serial number and an authentication code.
7. The method according to claim 2, wherein said first authentication reply includes one of a serial number and an authentication code.
8. A method, said method comprising:
receiving a pre-association request;
transmitting a pre-association response responsive to said pre- association request;
establishing a secure session key; and
transmitting one of configuration information and a request (ask) to download a configuration file.
9. The method according to claim 8, wherein said establishing act further comprises:
receiving a first authentication request encrypted with said secure session key;
transmitting a first authentication reply encrypted with said secure session key;
transmitting a second authentication request encrypted with said secure session key; and
receiving a second authentication reply encrypted with said secure session key.
10. The method according to claim 8, wherein said secure session key is shared and secret.
11. The method according to claim 8 wherein said establishing act is performed using a Dillie-Hellman key exchange.
12. The method according to claim 8, wherein said configuration information and said configuration file are protected with message integrity and encryption.
13. The method according to claim 9, wherein said first authentication reply includes a serial number and an authentication code.
14. The method according to claim 9, wherein said first authentication reply includes one of a serial number and an authentication code.
15. A wireless device comprising: means for scanning channels to discover wireless networks operating in a region;
means for transmitting a pre-association request to one of said wireless networks operating in said region;
means for receiving a pre-association response from said one of said wireless networks operating in said region;
means for establishing a secure session key with said one of said wireless networks operating in said region;
means for receiving one of configuration information and a request (ask) to download a configuration file from said one of said wireless networks operating in said region;
means for performing configuration responsive to one of said configuration information and said downloaded configuration file; and
means for associating with said one of said wireless network operating in said region responsive to said configuration.
16. The wireless device according to claim 15, wherein said means for establishing further comprises:
means for transmitting a first authentication request encrypted with said secure session key;
means for receiving a first authentication reply encrypted with said secure session key;
means for receiving a second authentication request encrypted with said secure session key; and
means for transmitting a second authentication reply encrypted with said secure session key.
17. An apparatus method comprising:
means for receiving a pre-association request;
means for transmitting a pre-association response;
means for establishing a secure session key; and
means for transmitting one of configuration information and a request (ask) to download a configuration file.
18. The apparatus according to claim 17, wherein said establishing act further comprises: means for receiving a first authentication request encrypted with said secure session key;
means for transmitting a first authentication reply encrypted with said secure session key;
means for transmitting a second authentication request encrypted with said secure session key; and
means for receiving a second authentication reply encrypted with said secure session key.
19. The apparatus according to claim 1, wherein said apparatus is one of an access point, a base station and a gateway.
PCT/US2010/046659 2010-08-25 2010-08-25 Method and apparatus for over-the-air configuration of a wireless device WO2012026932A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2010/046659 WO2012026932A1 (en) 2010-08-25 2010-08-25 Method and apparatus for over-the-air configuration of a wireless device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2010/046659 WO2012026932A1 (en) 2010-08-25 2010-08-25 Method and apparatus for over-the-air configuration of a wireless device

Publications (1)

Publication Number Publication Date
WO2012026932A1 true WO2012026932A1 (en) 2012-03-01

Family

ID=43533575

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2010/046659 WO2012026932A1 (en) 2010-08-25 2010-08-25 Method and apparatus for over-the-air configuration of a wireless device

Country Status (1)

Country Link
WO (1) WO2012026932A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016003311A1 (en) * 2014-07-04 2016-01-07 Google Inc. Device bootstrap to wireless network
WO2017070487A1 (en) * 2015-10-23 2017-04-27 Interdigital Patent Holdings, Inc. Methods for concurrent link setup and downlink data retrieval for high efficiency wlan
US20190116087A1 (en) * 2017-10-13 2019-04-18 BLX.io LLC CONFIGURATION FOR IoT DEVICE SETUP
US10969944B2 (en) 2010-12-23 2021-04-06 Microsoft Technology Licensing, Llc Application reporting in an application-selectable user interface
US11962692B2 (en) * 2017-04-12 2024-04-16 Malikie Innovations Limited Encrypting data in a pre-associated state

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070079113A1 (en) * 2005-09-30 2007-04-05 Amol Kulkarni Automatic secure device introduction and configuration
EP1887730A1 (en) * 2006-08-09 2008-02-13 Samsung Electronics Co., Ltd. Apparatus and method for managing stations associated with WPA-PSK wireless network
US20100165879A1 (en) * 2008-12-31 2010-07-01 Microsoft Corporation Wireless provisioning a device for a network using a soft access point

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070079113A1 (en) * 2005-09-30 2007-04-05 Amol Kulkarni Automatic secure device introduction and configuration
EP1887730A1 (en) * 2006-08-09 2008-02-13 Samsung Electronics Co., Ltd. Apparatus and method for managing stations associated with WPA-PSK wireless network
US20100165879A1 (en) * 2008-12-31 2010-07-01 Microsoft Corporation Wireless provisioning a device for a network using a soft access point

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ASOKAN N: "Initializing Security Associations for Personal Devices", INTERNET CITATION, 3 March 2009 (2009-03-03), pages 23PP, XP007917386, Retrieved from the Internet <URL:http://asokan.org/asokan/research/fc-tutorial.pdf> [retrieved on 20110302] *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10969944B2 (en) 2010-12-23 2021-04-06 Microsoft Technology Licensing, Llc Application reporting in an application-selectable user interface
US11126333B2 (en) 2010-12-23 2021-09-21 Microsoft Technology Licensing, Llc Application reporting in an application-selectable user interface
WO2016003311A1 (en) * 2014-07-04 2016-01-07 Google Inc. Device bootstrap to wireless network
WO2017070487A1 (en) * 2015-10-23 2017-04-27 Interdigital Patent Holdings, Inc. Methods for concurrent link setup and downlink data retrieval for high efficiency wlan
CN109417755A (en) * 2015-10-23 2019-03-01 交互数字专利控股公司 Method for concurrent link establishment and downlink data retrieval for efficient WLAN
US11160112B2 (en) 2015-10-23 2021-10-26 Interdigital Patent Holdings, Inc. Methods for concurrent link setup and downlink data retrieval for high efficiency WLAN
US11678382B2 (en) 2015-10-23 2023-06-13 Interdigital Patent Holdings, Inc. Methods for concurrent link setup and downlink data retrieval for high efficiency WLAN
US12069738B2 (en) 2015-10-23 2024-08-20 Interdigital Patent Holdings, Inc. Methods for concurrent link setup and downlink data retrieval for high efficiency WLAN
US11962692B2 (en) * 2017-04-12 2024-04-16 Malikie Innovations Limited Encrypting data in a pre-associated state
US20190116087A1 (en) * 2017-10-13 2019-04-18 BLX.io LLC CONFIGURATION FOR IoT DEVICE SETUP
US11469941B2 (en) * 2017-10-13 2022-10-11 BLX.io LLC Configuration for IoT device setup

Similar Documents

Publication Publication Date Title
US20250036334A1 (en) Terminal Device, Access Point, Communication Device, and Computer Programs Therefor
EP2617222B1 (en) Dynamic account creation with secured hotspot network
US9154935B2 (en) Wireless home mesh network bridging adaptor
EP1161031B1 (en) Access point device and authentication method thereof
KR102062162B1 (en) Security authentication method, configuration method and related devices
WO2014029100A1 (en) Wireless local area network device configuration method, corresponding device and system
EP2392095A2 (en) Authentication for a multi-tier wireless home mesh network
CN104205782A (en) Push button configuration for hybrid network devices
WO2023280194A1 (en) Network connection management method and apparatus, readable medium, program product, and electronic device
JP7387275B2 (en) Communication devices, communication methods and programs
JP2014509468A (en) Method and system for out-of-band delivery of wireless network credentials
WO2018040524A1 (en) Method and device for sharing hotspots
EP4120787A1 (en) Terminal device verification method and apparatus
WO2012026932A1 (en) Method and apparatus for over-the-air configuration of a wireless device
WO2022228455A1 (en) Communication method and related apparatus
JP5721183B2 (en) Wireless LAN communication system, wireless LAN base unit, communication connection establishment method, and program
EP4216590A1 (en) Network connection system and network connection method thereof
CN117158011A (en) Pre-configured headless WIFI equipment and related systems, methods and equipment
CN115362747B (en) Terminal device verification method and device
US20250133395A1 (en) Supporting multiple pre-shared keys in wi-fi networks
CN117561749A (en) Pre-configured headless WIFI equipment and related systems, methods and equipment
KR100654441B1 (en) Wireless network access control method and device
KR20240117604A (en) Method and apparatus for facilitating secure WiFi pairing
US20110013610A1 (en) Communication method and wireless apparatus using the communication method
US11412377B2 (en) Method of configuring a multimedia device intended to be connected to an interconnection device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10773746

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10773746

Country of ref document: EP

Kind code of ref document: A1