公开(公告)号：US12244695B2

公开(公告)日：2025-03-04

申请号：US18050083

申请日：2022-10-27

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ruiyao Yang ,  David Wilson ,  Zhou Wang ,  Youhe Zhang ,  Feng Ding

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/32

Abstract: A process includes accessing a first message that is sent from an access point device. The first message includes data representing a second message that is sent by a client device. The second message is part of an exchange of messages between the client device and the access point device associated with authentication of the client device and a derivation of a first key used to encrypt and decrypt data communicated between the client device and the access point device. The second message includes a first message integrity check value. The process includes identifying, based on the second message, a pre-shared key corresponding to the client device. The identification of the pre-shared key includes determining a second message integrity check value based on a candidate pre-shared key of a plurality of candidate pre-shared keys; comparing the second message integrity check value with the first message integrity check value; and based on a result of the comparison, selecting the given candidate pre-shared key as the pre-shared key. The process includes determining a user role based on the pre-shared key. The process includes causing a third message to be sent to the access point device, where the third message includes data representing the pre-shared key and data representing the user role.

公开(公告)号：US20240146512A1

公开(公告)日：2024-05-02

申请号：US18050083

申请日：2022-10-27

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ruiyao Yang ,  David Wilson ,  Zhou Wang ,  Youhe Zhang ,  Feng Ding

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0825 ,  H04L9/085 ,  H04L9/3242

Abstract: A process includes accessing a first message that is sent from an access point device. The first message includes data representing a second message that is sent by a client device. The second message is part of an exchange of messages between the client device and the access point device associated with authentication of the client device and a derivation of a first key used to encrypt and decrypt data communicated between the client device and the access point device. The second message includes a first message integrity check value. The process includes identifying, based on the second message, a pre-shared key corresponding to the client device. The identification of the pre-shared key includes determining a second message integrity check value based on a candidate pre-shared key of a plurality of candidate pre-shared keys; comparing the second message integrity check value with the first message integrity check value; and based on a result of the comparison, selecting the given candidate pre-shared key as the pre-shared key. The process includes determining a user role based on the pre-shared key. The process includes causing a third message to be sent to the access point device, where the third message includes data representing the pre-shared key and data representing the user role.