摘要:
Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).
摘要:
Apparatuses for peer-to-peer network setup are presented. In one embodiment, an apparatus comprises a wireless processing unit to communicate with a master device. The wireless processing unit is operable to receive encoded data in a two-dimensional (2D) barcode. The encoded data comprise at least user information associated with the master device including a user identifier, a device identifier, or both. The encoded data further comprise network information including a network identifier, a password, and a profile lifetime value. In one embodiment, the apparatus further comprises a display unit to display at least part of the user information and the network information to a user. The wireless processing unit is operable to initiate a peer-to-peer network setup with the master device based at least on a response from the user.
摘要:
Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key—MSB=AES128(base_key_1, client_ID), (1) client_key—LSB=AES128(base_key_2, client_ID+pad), and (2) client_key=client_key_MSB∥client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.
摘要:
A system and method for discovery and/or authentication of clients to a network, particularly a managed network, substantially without requiring the client and/or access device to transmit an unencrypted address or identification.
摘要:
Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).
摘要:
A first message is transmitted over a communication channel to initiate a transaction. The first message contains a random number and a public key of a device. Continuing the transaction, a second message is received. The second message also contains a random number and a public key of a second device. At least one message is received that contains a proof-of-possession of the device's password, along with a credential that is encrypted with a credential key.
摘要:
Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure. A direct link comprising a new communication session is set up between first and second stations in a wireless local area network (WLAN) hosted by an access point (AP), the direct link comprising a new communication session. The AP generates a unique session key for the new communication session and transfers secured copies of the session key to each of the first and second stations in a manner under which only the first and second stations can obtain the session key. A security mechanism is then implemented on the unsecured direct link to secure the direct link between the first and second stations using a secure session key derived from the session key.
摘要:
Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key—MSB=AES128(base_key_1, client_ID), (1) client_key—LSB=AES128(base_key_2, client_ID+pad), and (2) client_key=client_key_MSB∥client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.
摘要:
A wireless device operating as an access point (AP) uses an idle mode service and an idle mode mechanism to provide the capability of powering down during idle times. The client and the AP may share a cooperative idle mode mechanism to efficiently manage power for all devices operating in the WLAN.
摘要:
Techniques to overlay ciphersuite negotiation on top of the mesh link establishment protocol without sacrificing security. Two cryptographic primitives may be utilized: (1) a message integrity code, which is denoted as mK, where K is an authentication key (mK may be utilized to detect forged messages); and (2) a cryptographic random number generator, which will be denoted as rng. The techniques may use rng to produce values that cannot be predicted by any polynomial time algorithm.