[go: up one dir, main page]

WO2006129288A1 - Method and devices for individual removal of a device from a wireless network - Google Patents

Method and devices for individual removal of a device from a wireless network Download PDF

Info

Publication number
WO2006129288A1
WO2006129288A1 PCT/IB2006/051754 IB2006051754W WO2006129288A1 WO 2006129288 A1 WO2006129288 A1 WO 2006129288A1 IB 2006051754 W IB2006051754 W IB 2006051754W WO 2006129288 A1 WO2006129288 A1 WO 2006129288A1
Authority
WO
WIPO (PCT)
Prior art keywords
sta
skt
stas
wireless network
hereinafter
Prior art date
Application number
PCT/IB2006/051754
Other languages
French (fr)
Inventor
Bozena Erdmann
Wolfgang O. Budde
Original Assignee
Koninklijke Philips Electronics N.V.
Philips Intellectual Property & Standards Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V., Philips Intellectual Property & Standards Gmbh filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2006129288A1 publication Critical patent/WO2006129288A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/30Connection release
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the invention relates to a method for individual removal of a device from a wireless network, and in particular from an IEEE 802.11 Wireless Local Area Network (WLAN).
  • the invention relates furthermore to devices arranged for individual removal of a device from a wireless network.
  • Wireless networks e.g. the IEEE 802.11 -based WLANs
  • easy and secure configuration methods such as SKT (Short-range Key Transmission) described in e.g. WO 2004/014040 Al (Applicant's reference PHDE020188), WO 2004/014039 Al (Applicant's reference PHDE020273) and WO 2004/014038 Al
  • the current enterprise-oriented state-of-the-art solution for configuring wireless devices with individual credentials uses IEEE 802. IX authentication, based on an authentication server such as a RADIUS server, an Extensible Authentication Protocol (EAP) and a Public Key Infrastructure (PKI).
  • EAP Extensible Authentication Protocol
  • PKI Public Key Infrastructure
  • the need for 802. IX, EAP and PKI support increases device cost, and required capabilities, as well as the implementation effort for device manufacturers.
  • For an end-user it also increases the configuration and maintenance effort in respect of the infrastructure, e.g. for an Access Point (AP) and RADIUS server, and the to- be-authenticated devices.
  • AP Access Point
  • RADIUS server Remote Authentication Protocol
  • the resulting network management complexity requires a rich User Interface (UI), where all items to be managed and all management options/actions are listed.
  • UI User Interface
  • the current state-of-the-art solution for configuring personal (home) wireless networks is based on a single Pre-shared Key (PSK), shared by all devices in the network.
  • PSK Pre-shared Key
  • any user of the network can impersonate any other user, join at any time, or snoop and successfully decode any traffic of any one of the other users. This does not allow for sufficient cryptographic separation of devices on the same network.
  • Applications like guest access are thereby complicated as they presently require reconfiguration of the entire network before and after a guest visit, or are even completely prevented.
  • the current home-oriented state-of-the-art solution for configuring wireless devices with different credentials is based on PSKs with some modifications of the Access Point (AP) internal implementation to allow multiple concurrent PSKs.
  • the PSKs can be either bound to a specific client station, and identified by its MAC address, or used by any client. Such PSKs are later referred to as "unassigned" or "common" PSKs.
  • An example is the open-source HostAP software (http://hostap.epitest.fi). Usage requires considerable Information Technology (IT) skills, as the current implementations are limited to PC software and are not yet available as standalone Access Point devices.
  • IT Information Technology
  • UI-less wireless Access Point a typical example is the UI-less wireless Access Point (AP).
  • AP UI-less wireless Access Point
  • PC in the network, e.g. to manage a RADIUS server;
  • RADIUS server a typical example is the UI-less wireless Access Point (AP).
  • PC in the network, e.g. to manage a RADIUS server;
  • IT skills for example for installing additional software, e.g. by way of configuration wizards, manually reconfiguring a PC and the like;
  • the method specifically allows for removing, i.e. disassociating, individual guest devices from the network without affecting remaining home devices and contemporary other guest devices.
  • the solution must not only be easy-to-use, but also functional for devices providing only minimum user interface functionality. Typically, this concerns “headless" devices, such as e.g. an Access Point, which rely on only a few LEDs and optionally some buttons for user interaction.
  • This object is achieved by the independent method claims.
  • the dependent claims provide advantageous embodiments.
  • STA wireless station
  • AP access point
  • the basic assumption is that the procedure for wireless network configuration uses a portable unit called Short-range Key Transmitter (SKT) item, and that the devices to- be-configured, AP and STAs, are equipped with an appropriate interface to communicate with the SKT, as defined by WO 2004/014040 Al. Furthermore, it is assumed that every home network will be equipped with two SKT items: a so-called “Home SKT” (HSKT), used for configuration of home devices, and a Guest SKT (GSKT), used for configuration of guest devices. For example, the Access Point could be sold pre-packaged with a HSKT and a GSKT.
  • SKT Short-range Key Transmitter
  • the system can accommodate multiple guest devices (GD) at the same time and that there is an easy and secure method for adding multiple guests.
  • every guest device will have individual and distinguishable credentials, different from those for home devices, which credentials are either generated by the home network per-guest and per- visit or brought in by the GD, as might be the case for, e.g. public key certificates.
  • the present invention provides easy user interaction for removal of individual guest accounts, using the same easy, secure and intuitive step of touching the devices with SKT.
  • Fig. 1 shows a block diagram illustrating the architecture of a wireless communication system whereto embodiments of the present invention are to be applied;
  • Fig. 2 shows a block diagram of a short-range key transmission item, an access point and a wireless station in accordance with an embodiment of the present invention
  • Fig. 3 shows a flow chart illustrating the operation steps of an individual removal of a wireless station according to an embodiment of the present invention.
  • Fig. 1 illustrates a representative wireless network 100 whereto embodiments of the present invention are to be applied.
  • an access point (AP) 101 is coupled to a plurality of wireless stations (STAs) 102, 103, 104 and 110 which, through a wireless link, are communicating with each other and to the AP via a plurality of wireless channels.
  • STAs wireless stations
  • STAs wireless stations
  • 103, 104 and 110 which, through a wireless link, are communicating with each other and to the AP via a plurality of wireless channels.
  • STAs wireless stations
  • STAs wireless stations
  • 103, 104 and 110 which, through a wireless link, are communicating with each other and to the AP via a plurality of wireless channels.
  • STAs wireless stations
  • STAs short-range key transmission item
  • the wireless station (STA) 110 could for example be a device that has to be removed, e.g. because it is a "guest" device, that was only temporarily to be part of the wireless network
  • Fig. 2 shows a portable, short-range key transmission item (SKT) 1, an access point (AP) 3 and a wireless station (STA) 4.
  • STA 4 is to be removed from the wireless network.
  • the SKT 1 comprises a memory 5 for storing individual identification data 6 or 9 of a STA, such a MAC address of a STA or PSK derivatives of a STA, like a PSK hash.
  • the SKT 1 further comprises an optional button 7 for triggering a transmission or reception of individual identification data 6 or 9, and a transmitter/receiver (transceiver) 8 used as a wireless interface for transmitting/receiving (transceiving) individual identification data 6 or 9.
  • the SKT 1 may also be already preconfigured with such data, for example pertaining to the STA 4. Then the SKT 1 would not require the receiver function 8 for receiving individual identification data.
  • the AP 3 is an apparatus equipped with a radio interface 12 operating in accordance with the IEEE 802.11 standard.
  • This radio interface 12 is controlled by a component denoted as driver software 13 and is used for transceiving useful data (music, video, general data, but also control data).
  • the driver software 13 may be operated by other software components via standardized software interfaces (APIs).
  • the AP 3 is also equipped with a receiving unit 14.
  • the receiving unit 14 comprises a receiver 15 provided as an interface for receiving individual identification data, for example the identification data 6 transmitted by transceiver 8.
  • the receiving unit 14 is provided with receiver software 16.
  • the STA 4 is, like the AP 3, an apparatus equipped with a radio interface 18 operating in accordance with the IEEE 802.11 standard. This radio interface 18 is controlled by a component denoted as driver software 19 and is used for transceiving useful data (music, video, general data, but also control data).
  • driver software 19 may be operated by other software components via standardized software interfaces (APIs).
  • the STA 4 is equipped with a transmitter unit 20.
  • the transmitter unit 20 comprises a transmitter 21 provided as an interface for transmitting individual identification data, for example identification data 10 to transceiver 8.
  • the transmitter unit 20 is provided with transmitter software 22. Triggered by the connection of the SKT 1, the software 22 may obtain individual identification data 10 for the STA 4, for example by obtaining the MAC address as defined in the IEEE 802.11 standard from the driver software 19 via interface 23, and transmit this to the SKT 1.
  • the STA 4 is furthermore provided with application software 24, required for operating the STA 4. Instead of being able to transmit individual identification data 9, the STA 4 may also be manufactured and sold together with an SKT that is preconfigured with such data, pertaining to the STA 4. In that case the SAT 4 would not require the transmitter unit 20 for transmitting individual identification data.
  • a user would like to remove the STA 4 from the home network, he approaches the AP 3 and possibly the STA 4 with an SKT, such as the SKT 1, for the exchange of individual identification data according to one of the below embodiments of the invention.
  • Starting point for each of the embodiments is a configured wireless network, consisting of at least one AP and a plurality of home- and/or guest-devices.
  • the home- and/or guest-devices have passed a registration procedure and have been assigned individual credentials, e.g. individual PSKs.
  • Fig. 3 shows a flow chart 300 illustrating the operation steps of a first embodiment according to the invention for removing an individual wireless station (STA), e.g. a guest device (GD) or a home device (HD), from a home network with an access point (AP):
  • STA individual wireless station
  • GD guest device
  • HD home device
  • the home user touches the STA with a writable SKT item.
  • the STA stores its individual identification data, e.g. a MAC address or PSK derivatives, like a PSK hash, on the SKT (step 301).
  • the STA if present in the home network as a GD, removes the guest access credentials from its configuration data. Since this optional step cannot be checked by the home network, it is more or less a clean-up action by the STA.
  • a GD can restore its own home settings, if it is capable of saving them for the duration of the guest access, in preparation of entering its own home network again. Afterwards, a clear feedback is given to the user that the STA finished writing, e.g. by LEDs or a simple text output.
  • the home user touches the home AP with the STA- written SKT (step 302).
  • the AP reads the STA's individual identification data and scans a list of associated STAs, i.e. a wireless client station list or another relevant list, e.g. a list of PSKs or PMKSAs, for the STA's individual identification data as read from the SKT. If the individual identification data is found (step 303), the STA credentials are removed from the association list on the AP, and any other relevant locations (step 304). Afterwards a clear feedback is given to the user that the STA removal was successful, e.g. by LEDs or simple text output.
  • step 303 If the STA's individual identification data cannot be found or cannot be removed by the AP (step 303), a clear feedback is given to the user that the procedure was unsuccessful, e.g. by LEDs or a simple text output, and an error procedure is triggered (step 305).
  • the above-described method is equally applicable to the removal of home and guest devices which are configured with individual credentials.
  • the error procedure following unsuccessful removal may, in one embodiment, trigger the user to repeat the whole removal procedure.
  • the error procedure could trigger removal of all guest devices, at the same time, without further checking of their individual identification data, either automatically or on a user action, e.g. after pushing a button on the AP. Success or failure of this operation is also indicated to the user.
  • a dedicated Removal SKT item (RSKT), different from a HSKT and a GSKT, is used solely for the purpose of removal of both home and guest devices.
  • RSKT Removal SKT item
  • a network-wide GSKT could be used for device removal, because it is generally emptied after GD configuration.
  • the network- wide HSKT and GSKT could be used for removal of a HD and a GD, respectively.
  • a STA has an individual SKT item (SKT*, or more specifically HSKT* and GSKT* for home and guest devices respectively), which is used. This requires visitors to bring their devices' GSKT* along with their devices.
  • SKT* the STA' s MAC address is stored as a fixed, read-only entry, whereas writable entries are provided for storing the credentials of the (visited) network.
  • the removal procedure is simplified to only one step, since the SKT* uniquely identifies the to-be-removed STA to the system.
  • the credentials of the corresponding STA are removed.
  • An individual HSKT* allows to remove HD credentials from the system, e.g. the AP, even if the HD was lost or stolen, preventing unauthorized access to the network using this HD.
  • a registration and removal procedure with a GSKT* is now described.
  • a user holds the GD's GSKT* to the home AP.
  • the GSKT* receives guest credentials.
  • the GSKT* is connected with the GD.
  • the AP verifies whether the GD and GSKT* match the MAC address used with the association. If the host, i.e. the home network owner providing guest access, wants to be sure to always have a possibility to individually remove a certain GD from the network, the guest may be asked to hand over the GSKT* to the home user for the duration of the visit. Only after successful removal of the GD, the GSKT* is handed back to the guest, so that the guest cannot leave without de-registration of the GD.
  • HSKT* or GSKT* saves the home user the trouble of using an emergency procedure, albeit it a user-friendly one: i.e. removal of all GDs at once - as proposed by this invention - or a state-of-the-art one, such as reconfiguring the entire network or manually removing the particular device in question, e.g. by using complicated PC-based management tools.
  • a STA could be pre-packaged with a dedicated read-only SKT item (MAC-SKT), holding only the STA's MAC address.
  • MAC-SKT dedicated read-only SKT item
  • the removal procedure could be executed with the MAC-SKT only, while touching with the GSKT only could result in an error message.
  • the MAC-SKT item of a particular guest device could remain connected to the home AP, or another central device, e.g. a home management console such as a PC, for the entire duration of the visit, validating the access.
  • Disconnecting the MAC-SKT from the AP will immediately result in removal of the particular GD from the system.
  • the AP could be equipped with a special slot for placing the SKT items. In the case of multiple guests, this will require the ability to read multiple SKT items simultaneously, which is possible, e.g. with RFID technology.
  • An exemplary guest configuration procedure could then be designed as follows.
  • the user touches the AP with both the MAC-SKT and the GSKT.
  • the user touches the GD, preferably with the GSKT alone, leaving the MAC-SKT to the host, or with both SKT items. Touching the AP with the GSKT only would result in an error message.
  • the SKT item used for the removal procedure is also used for device configuration, as is the case with a network-wide HSKT or GSKT and a STA's individual HSKT* or GSKT*, the STA, and more importantly the AP, must be able to unambiguously differentiate the removal procedure from the registration procedure.
  • the STA will know which procedure is required as a result of the user interaction, i.e. if the STA is touched for the first time with the GSKT belonging to this hosting network, identified by a network name, a GSKT identifier or other parameters, the STA triggers the (guest) registration procedure. If the STA is touched for the second time with the GSKT belonging to the hosting network, i.e. the STA is touched with the GSKT belonging to the hosting network it has already stored, the STA triggers the removal procedure. Further, the differentiation of the procedures could be based on the STA's association/connection status on a given network. As long as it is not connected to the hosting network, the STA initiates the configuration procedure every time it is touched with the SKT representing the same network. Once the STA successfully connects, the next touch with the SKT representing the same network will be interpreted as the removal procedure.
  • This implicit differentiation between the registration and removal procedures may, however, lead to unexpected behavior of devices if the user, for some reason, wants to reconnect or reconfigure a guest device without previously having disconnected it, or in other error-induced cases.
  • this problem can be solved by properly indicating the current state to the user and/or by including additional user interaction to trigger or confirm the action, e.g. a button push.
  • Dedicated triggers are required if the SKT item is not a physically independent item with a defined role, e.g. a HSKT or a GSKT, but instead a module integrated into the device, i.e. the AP or a STA.
  • the differentiation between the registration and removal procedures depends on the content of the GSKT itself. E.g. touching a STA with an SKT containing configuration credentials will trigger the registration procedure, whereas touching a STA with an "empty" SKT, e.g. an SKT containing only an SKT identifier and optionally also a network identifier, but no access credentials, will trigger the removal procedure. This will require that any access credentials are removed from the SKT as part of the registration procedure, either by the STA itself, by the AP or automatically after a reasonable timeout, if the SKT item is capable of independent operation.
  • the home AP must be able to unambiguously differentiate the removal procedure from the registration procedure, e.g. because it can happen that some unused credentials remain on the SKT. Therefore, the information written to the SKT in the registration procedure step must be different from the information written to the SKT by the STA in the removal procedure.
  • this can be achieved in the following way.
  • the AP generates and writes into the SKT only generic access credentials, such as keys, and none specific to a particular STA, because the AP does not have this knowledge yet; whereas the leaving STA, besides its generic access credentials, writes to the SKT also some STA- specific information, such as the STA-MAC address.
  • data written to the SKT in both steps could be entirely different, e.g. generic access credentials written by the AP in the "configuration procedure” and PSK derivatives written by the STA in the "removal procedure”.
  • Individual identification data e.g. generic access credentials written by the AP in the "configuration procedure” and PSK derivatives written by the STA in the "removal procedure”.
  • the STA writes only its MAC address to the SKT, because the MAC address is a hardware-dependent parameter, available even when the STA already ceased the communication, for whatever reason, e.g. an inactivity period, with a given host network, i.e. even if the STA removed session keys or removed the IP address.
  • the guest credentials can be invalidated and it is not necessary for the STA to still be able to communicate with the home network.
  • various configuration parameters such as e.g. MAC addresses or IP addresses, are known to be spoofable, i.e. they can be derived either directly from received network traffic or via snooping the network traffic of other devices. Therefore, in another embodiment, for security reasons, the list of parameters written by the STA into the SKT could be extended by or changed into items known only to this particular STA and the AP, such as:
  • a STA's PMK in case of WPA2-Enterprise, or a hash of it;
  • a STA's PSK in case of WPA2-Personal, or a hash of it;
  • a STA's session keys i.e. one or more STA's PTKs, or their hashes
  • a STA's access credentials e.g. a username, for the removal of authentication server credentials.
  • a hash could be calculated using the STA's KCK/KEK, which are securely derived from the PMK in the 4-way handshake as part of the PTK key. This protects the home network from malicious guest devices, which could try to force removal of some other legitimate client, either home or guest device, i.e. make a DoS attack. Removal of credentials on the STA:
  • the removal of guest access credentials by the STA could be triggered after some timeout, to avoid deletion of the guest credentials before the guest removal procedure is successful, i.e. if in the case of an error the repetition of the entire procedure is necessary.
  • some parameters identifying the hosting network should be present on the SKT, e.g. a SSID and/or the MAC address of the AP or a unique identifier of the SKT item if a network-owned SKT is used. Removal of credentials in the network:
  • the solution should be independent of the authentication method. All relevant entries for a given STA have to be removed.
  • WPA2-Enterprise this will typically mean removal of EAP-credentials from an 802. IX authentication server, e.g. a RADIUS server, as well as removal of all derived entries and parameters in the AP: PMKSA, PTKSA, an entry in the list of associated STAs, etc.
  • WPA2 -Personal this will mean removal of the dedicated PSK in the AP, as well as removal of all derived entries and parameters: PMKSA, PTKSA, an entry in the list of associated STAs, etc.
  • a means for this differentiation is provided by having two configuration items, the HSKT and the GSKT, or alternatively a STAs' individual HSKT* and GSKT*, which can be distinguished by a type identifier stored on each SKT item. In the case of an SKT item built into a device or an independent introducer device, this differentiation may be performed/triggered by the user selecting an appropriate application/role.
  • a fallback solution for a "removal of all guests” could be implemented that, e.g. either starts automatically after a single/repeated removal error, or on some specific user interaction, such as pushing the "guest removal button" on the AP, touching the AP with a HSKT or both a HSKT and a GSKT, etc.
  • a fallback solution is also needed in cases where the primary solution is not applicable (any more), e.g. when the guest already left and the user forgot to remove the guest credentials previously. Also, the fallback solution is an optimization for the case when all guests, e.g. a networked gaming team of eight people, leave at the same time or when there is only a single guest currently registered.
  • the method of the invention is practicable for removing guest devices (GDs) as well as home devices (HDs) within a wireless network.
  • the removal of a home device could be required, e.g. in the case when the home device is to be sold or disposed.
  • a HSKT or a STA's individual HSKT* should be used. Safe storage of a HSKT or a HSKT*, for the lifetime of the network or the particular device, prevents DoS (Denial of Service) attacks through device removal by malicious guests or insiders.
  • DoS Delivery of Service
  • a dedicated RSKT can be used.
  • HSKT* is used, it is enough for the HD to write its MAC address to the HSKT.
  • the HD it is enough for the HD to write its MAC address to the HSKT.
  • HD could in addition write other parameters, e.g. an IP address, a PMKID, a PTK etc., to improve security.
  • the latter is required when another SKT item, e.g. a RSKT or a GSKT, is used for home device removal.
  • Temporary removal of a HD can be seen as a security improvement, allowing to separately manage special classes of devices, e.g. portable devices, multihoming devices etc., to be used e.g. in a hostile network environment.
  • every HD has an individual HSKT*, for configuration of this HD into the system, e.g. with its username/certificate, connecting the HD with the HSKT* can be omitted in the removal procedure and the home AP can be directly touched with the HD's HSKT*.
  • the differentiation between configuration and removal procedures can be either user-interaction-based or SKT-content-based.
  • SKT serotonin
  • a contact SKT e.g. USB
  • a contactless SKT e.g.
  • IR may be employed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to a method for individual removal of (home- or guest-) devices within a wireless network, especially for 802.11 WLAN, using a SKT (Short-range Key Transmitter) item.

Description

Method and devices for individual removal of a device from a wireless network
The invention relates to a method for individual removal of a device from a wireless network, and in particular from an IEEE 802.11 Wireless Local Area Network (WLAN). The invention relates furthermore to devices arranged for individual removal of a device from a wireless network.
Wireless networks, e.g. the IEEE 802.11 -based WLANs, become more and more ubiquitous. As easy and secure configuration methods such as SKT (Short-range Key Transmission) described in e.g. WO 2004/014040 Al (Applicant's reference PHDE020188), WO 2004/014039 Al (Applicant's reference PHDE020273) and WO 2004/014038 Al
(Applicant's reference PHDE030047) will allow for fast, smooth and reliable wireless setup, users will get accustomed to the freedom of location and movement given by wireless technologies, and will add more and more devices to their wireless network, while possibly wanting to give their home devices different credentials, e.g. for security reasons. Thus, the complexity of the system will grow.
As already described in WO 2004/014040 Al, after being able to "lock" the wireless network from unwanted access by unknown devices/people, by applying (advanced) wireless security standards for authentication and encryption, the users will also want to open their protected wireless network in a controlled way to wireless devices of their friends, to share resources, devices and contents. Once understanding the benefits of "connected guests", they may want to accommodate multiple guests at the same time, e.g. several visiting family members or a couple of friends visiting for a "LAN-Party". The complexity of the system, and with it the complexity of its management, grows.
The current enterprise-oriented state-of-the-art solution for configuring wireless devices with individual credentials uses IEEE 802. IX authentication, based on an authentication server such as a RADIUS server, an Extensible Authentication Protocol (EAP) and a Public Key Infrastructure (PKI). The need for 802. IX, EAP and PKI support increases device cost, and required capabilities, as well as the implementation effort for device manufacturers. For an end-user, it also increases the configuration and maintenance effort in respect of the infrastructure, e.g. for an Access Point (AP) and RADIUS server, and the to- be-authenticated devices. The resulting network management complexity requires a rich User Interface (UI), where all items to be managed and all management options/actions are listed.
The current state-of-the-art solution for configuring personal (home) wireless networks is based on a single Pre-shared Key (PSK), shared by all devices in the network. As a result, any user of the network can impersonate any other user, join at any time, or snoop and successfully decode any traffic of any one of the other users. This does not allow for sufficient cryptographic separation of devices on the same network. Applications like guest access are thereby complicated as they presently require reconfiguration of the entire network before and after a guest visit, or are even completely prevented.
The current home-oriented state-of-the-art solution for configuring wireless devices with different credentials is based on PSKs with some modifications of the Access Point (AP) internal implementation to allow multiple concurrent PSKs. The PSKs can be either bound to a specific client station, and identified by its MAC address, or used by any client. Such PSKs are later referred to as "unassigned" or "common" PSKs. An example is the open-source HostAP software (http://hostap.epitest.fi). Usage requires considerable Information Technology (IT) skills, as the current implementations are limited to PC software and are not yet available as standalone Access Point devices.
Summarizing, state-of-the-art manual configuration and access control management of per-device WLAN credentials, whether based on IEEE 802. IX authentication or on, possibly multiple, PSKs, has several drawbacks:
It requires a rich UI, i.e. with a display and keyboard, on devices that are to be managed, and which may not be available: a typical example is the UI-less wireless Access Point (AP). Alternatively it requires a PC in the network, e.g. to manage a RADIUS server; - It usually requires some IT skills, for example for installing additional software, e.g. by way of configuration wizards, manually reconfiguring a PC and the like;
It mostly uses technical jargon for referring to devices, e.g. MAC and IP addresses, objects, e.g. credentials, and functions, e.g. associate and disassociate;
Alternatively, it requires the user to give all the relevant objects a user-friendly name;
Typically, it is very complicated, requires reading a manual, and obeying an exact sequence of steps, etc.;
It often requires manual insertion of long and complicated parameters, e.g. a 32 bytes PSK; It requires the user to take complicated policy decisions, e.g. which EAP method and pairwise cipher to be used, etc.
It is an object of the invention, inter alia, to provide an easy-to-use, secure and home-environment-suitable method for the management of individual accounts for a wireless network, and for an IEEE 802.11 WLAN in particular. The method specifically allows for removing, i.e. disassociating, individual guest devices from the network without affecting remaining home devices and contemporary other guest devices. The solution must not only be easy-to-use, but also functional for devices providing only minimum user interface functionality. Typically, this concerns "headless" devices, such as e.g. an Access Point, which rely on only a few LEDs and optionally some buttons for user interaction. This means that the paradigm of "selecting devices from a list, and specifying which one to remove" does not work under these constraints, and a new paradigm needs to be found. This object is achieved by the independent method claims. The dependent claims provide advantageous embodiments.
Further objects of the invention are a wireless station (STA) and an access point (AP) arranged for the individual removal of a device from a wireless network.
The basic assumption is that the procedure for wireless network configuration uses a portable unit called Short-range Key Transmitter (SKT) item, and that the devices to- be-configured, AP and STAs, are equipped with an appropriate interface to communicate with the SKT, as defined by WO 2004/014040 Al. Furthermore, it is assumed that every home network will be equipped with two SKT items: a so-called "Home SKT" (HSKT), used for configuration of home devices, and a Guest SKT (GSKT), used for configuration of guest devices. For example, the Access Point could be sold pre-packaged with a HSKT and a GSKT.
Furthermore, it is assumed that the system can accommodate multiple guest devices (GD) at the same time and that there is an easy and secure method for adding multiple guests. Furthermore, every guest device will have individual and distinguishable credentials, different from those for home devices, which credentials are either generated by the home network per-guest and per- visit or brought in by the GD, as might be the case for, e.g. public key certificates. Complementary to all this, the present invention provides easy user interaction for removal of individual guest accounts, using the same easy, secure and intuitive step of touching the devices with SKT.
The above and other aspects of the invention will be apparent from and elucidated with reference to the embodiments described hereinafter.
In the drawings:
Fig. 1 shows a block diagram illustrating the architecture of a wireless communication system whereto embodiments of the present invention are to be applied;
Fig. 2 shows a block diagram of a short-range key transmission item, an access point and a wireless station in accordance with an embodiment of the present invention; and
Fig. 3 shows a flow chart illustrating the operation steps of an individual removal of a wireless station according to an embodiment of the present invention.
In the following part, for indicating any kind of SKT data exchange, the terms "SKT step", "touch (SKT)" or "connect (SKT)" are interchangeably used.
Fig. 1 illustrates a representative wireless network 100 whereto embodiments of the present invention are to be applied. As shown in Fig. 1, an access point (AP) 101 is coupled to a plurality of wireless stations (STAs) 102, 103, 104 and 110 which, through a wireless link, are communicating with each other and to the AP via a plurality of wireless channels. Also shown in Fig. 1 is a short-range key transmission item (SKT) 120 for individual removal of a device from the wireless network 100 in accordance with the invention. The wireless station (STA) 110 could for example be a device that has to be removed, e.g. because it is a "guest" device, that was only temporarily to be part of the wireless network 100.
The setup for individual removal of devices in a home network, here consisting of wireless and wired apparatuses (not shown) will be described with reference to Fig. 2, which shows a portable, short-range key transmission item (SKT) 1, an access point (AP) 3 and a wireless station (STA) 4. The STA 4 is to be removed from the wireless network.
The SKT 1 comprises a memory 5 for storing individual identification data 6 or 9 of a STA, such a MAC address of a STA or PSK derivatives of a STA, like a PSK hash. The SKT 1 further comprises an optional button 7 for triggering a transmission or reception of individual identification data 6 or 9, and a transmitter/receiver (transceiver) 8 used as a wireless interface for transmitting/receiving (transceiving) individual identification data 6 or 9. Instead of being able to receive individual identification data 6 or 9, the SKT 1 may also be already preconfigured with such data, for example pertaining to the STA 4. Then the SKT 1 would not require the receiver function 8 for receiving individual identification data. In particular, this may be the case if the SKT 1 would be an SKT that was manufactured and sold together with the STA 4. The SKT 1 has a short range of maximally about 50 cm. The AP 3 is an apparatus equipped with a radio interface 12 operating in accordance with the IEEE 802.11 standard. This radio interface 12 is controlled by a component denoted as driver software 13 and is used for transceiving useful data (music, video, general data, but also control data). The driver software 13 may be operated by other software components via standardized software interfaces (APIs). The AP 3 is also equipped with a receiving unit 14. The receiving unit 14 comprises a receiver 15 provided as an interface for receiving individual identification data, for example the identification data 6 transmitted by transceiver 8. The receiving unit 14 is provided with receiver software 16. After receiving individual identification data 6 from the SKT 1, the software 16 may pass this on via a standardized management interface 17 to the driver software 13. The AP 3 is furthermore provided with application software 18, required for operating the AP 3. The STA 4 is, like the AP 3, an apparatus equipped with a radio interface 18 operating in accordance with the IEEE 802.11 standard. This radio interface 18 is controlled by a component denoted as driver software 19 and is used for transceiving useful data (music, video, general data, but also control data). The driver software 19 may be operated by other software components via standardized software interfaces (APIs). The STA 4 is equipped with a transmitter unit 20. The transmitter unit 20 comprises a transmitter 21 provided as an interface for transmitting individual identification data, for example identification data 10 to transceiver 8. The transmitter unit 20 is provided with transmitter software 22. Triggered by the connection of the SKT 1, the software 22 may obtain individual identification data 10 for the STA 4, for example by obtaining the MAC address as defined in the IEEE 802.11 standard from the driver software 19 via interface 23, and transmit this to the SKT 1. The STA 4 is furthermore provided with application software 24, required for operating the STA 4. Instead of being able to transmit individual identification data 9, the STA 4 may also be manufactured and sold together with an SKT that is preconfigured with such data, pertaining to the STA 4. In that case the SAT 4 would not require the transmitter unit 20 for transmitting individual identification data.
If now a user would like to remove the STA 4 from the home network, he approaches the AP 3 and possibly the STA 4 with an SKT, such as the SKT 1, for the exchange of individual identification data according to one of the below embodiments of the invention. Starting point for each of the embodiments is a configured wireless network, consisting of at least one AP and a plurality of home- and/or guest-devices. The home- and/or guest-devices have passed a registration procedure and have been assigned individual credentials, e.g. individual PSKs. Fig. 3 shows a flow chart 300 illustrating the operation steps of a first embodiment according to the invention for removing an individual wireless station (STA), e.g. a guest device (GD) or a home device (HD), from a home network with an access point (AP):
Before the STA leaves the network, i.e. while the STA is still connected, the home user touches the STA with a writable SKT item. The STA stores its individual identification data, e.g. a MAC address or PSK derivatives, like a PSK hash, on the SKT (step 301). Optionally, the STA, if present in the home network as a GD, removes the guest access credentials from its configuration data. Since this optional step cannot be checked by the home network, it is more or less a clean-up action by the STA. In addition, a GD can restore its own home settings, if it is capable of saving them for the duration of the guest access, in preparation of entering its own home network again. Afterwards, a clear feedback is given to the user that the STA finished writing, e.g. by LEDs or a simple text output.
Subsequently, the home user touches the home AP with the STA- written SKT (step 302). The AP reads the STA's individual identification data and scans a list of associated STAs, i.e. a wireless client station list or another relevant list, e.g. a list of PSKs or PMKSAs, for the STA's individual identification data as read from the SKT. If the individual identification data is found (step 303), the STA credentials are removed from the association list on the AP, and any other relevant locations (step 304). Afterwards a clear feedback is given to the user that the STA removal was successful, e.g. by LEDs or simple text output. If the STA's individual identification data cannot be found or cannot be removed by the AP (step 303), a clear feedback is given to the user that the procedure was unsuccessful, e.g. by LEDs or a simple text output, and an error procedure is triggered (step 305).
The above-described method is equally applicable to the removal of home and guest devices which are configured with individual credentials. The error procedure following unsuccessful removal may, in one embodiment, trigger the user to repeat the whole removal procedure. In another embodiment, or in addition to the above, e.g. after a repeated error, the error procedure could trigger removal of all guest devices, at the same time, without further checking of their individual identification data, either automatically or on a user action, e.g. after pushing a button on the AP. Success or failure of this operation is also indicated to the user.
In one particular embodiment, a dedicated Removal SKT item (RSKT), different from a HSKT and a GSKT, is used solely for the purpose of removal of both home and guest devices. In another embodiment, a network-wide GSKT could be used for device removal, because it is generally emptied after GD configuration. In yet another embodiment, the network- wide HSKT and GSKT could be used for removal of a HD and a GD, respectively.
In another embodiment, a STA has an individual SKT item (SKT*, or more specifically HSKT* and GSKT* for home and guest devices respectively), which is used. This requires visitors to bring their devices' GSKT* along with their devices. On the SKT*, the STA' s MAC address is stored as a fixed, read-only entry, whereas writable entries are provided for storing the credentials of the (visited) network.
Assuming that the STA's individual SKT* was used for a registration procedure of the STA with the home network, the removal procedure is simplified to only one step, since the SKT* uniquely identifies the to-be-removed STA to the system. After the SKT* is connected to the AP, the credentials of the corresponding STA are removed. An individual HSKT* allows to remove HD credentials from the system, e.g. the AP, even if the HD was lost or stolen, preventing unauthorized access to the network using this HD.
For a better understanding, an exemplary registration and removal procedure with a GSKT* is now described. A user holds the GD's GSKT* to the home AP. Thereby, the GSKT* receives guest credentials. Subsequently, the GSKT* is connected with the GD. As soon as the GD associates with the AP, the AP verifies whether the GD and GSKT* match the MAC address used with the association. If the host, i.e. the home network owner providing guest access, wants to be sure to always have a possibility to individually remove a certain GD from the network, the guest may be asked to hand over the GSKT* to the home user for the duration of the visit. Only after successful removal of the GD, the GSKT* is handed back to the guest, so that the guest cannot leave without de-registration of the GD.
Usage of a HSKT* or GSKT* saves the home user the trouble of using an emergency procedure, albeit it a user-friendly one: i.e. removal of all GDs at once - as proposed by this invention - or a state-of-the-art one, such as reconfiguring the entire network or manually removing the particular device in question, e.g. by using complicated PC-based management tools.
In yet another embodiment, a STA could be pre-packaged with a dedicated read-only SKT item (MAC-SKT), holding only the STA's MAC address. Assuming that in order to perform the registration procedure the STA's MAC-SKT was used jointly with a different read/write SKT item, e.g. a network-wide GSKT, the removal procedure could be executed with the MAC-SKT only, while touching with the GSKT only could result in an error message. In an interesting further embodiment, the MAC-SKT item of a particular guest device could remain connected to the home AP, or another central device, e.g. a home management console such as a PC, for the entire duration of the visit, validating the access. Disconnecting the MAC-SKT from the AP will immediately result in removal of the particular GD from the system. In this connection, the AP could be equipped with a special slot for placing the SKT items. In the case of multiple guests, this will require the ability to read multiple SKT items simultaneously, which is possible, e.g. with RFID technology.
An exemplary guest configuration procedure could then be designed as follows. The user touches the AP with both the MAC-SKT and the GSKT. Next, the user touches the GD, preferably with the GSKT alone, leaving the MAC-SKT to the host, or with both SKT items. Touching the AP with the GSKT only would result in an error message. Unambiguous differentiation of procedures:
If the SKT item used for the removal procedure is also used for device configuration, as is the case with a network-wide HSKT or GSKT and a STA's individual HSKT* or GSKT*, the STA, and more importantly the AP, must be able to unambiguously differentiate the removal procedure from the registration procedure.
In one embodiment, the STA will know which procedure is required as a result of the user interaction, i.e. if the STA is touched for the first time with the GSKT belonging to this hosting network, identified by a network name, a GSKT identifier or other parameters, the STA triggers the (guest) registration procedure. If the STA is touched for the second time with the GSKT belonging to the hosting network, i.e. the STA is touched with the GSKT belonging to the hosting network it has already stored, the STA triggers the removal procedure. Further, the differentiation of the procedures could be based on the STA's association/connection status on a given network. As long as it is not connected to the hosting network, the STA initiates the configuration procedure every time it is touched with the SKT representing the same network. Once the STA successfully connects, the next touch with the SKT representing the same network will be interpreted as the removal procedure.
This implicit differentiation between the registration and removal procedures may, however, lead to unexpected behavior of devices if the user, for some reason, wants to reconnect or reconfigure a guest device without previously having disconnected it, or in other error-induced cases. Of course, this problem can be solved by properly indicating the current state to the user and/or by including additional user interaction to trigger or confirm the action, e.g. a button push. Dedicated triggers are required if the SKT item is not a physically independent item with a defined role, e.g. a HSKT or a GSKT, but instead a module integrated into the device, i.e. the AP or a STA.
In another embodiment, the differentiation between the registration and removal procedures depends on the content of the GSKT itself. E.g. touching a STA with an SKT containing configuration credentials will trigger the registration procedure, whereas touching a STA with an "empty" SKT, e.g. an SKT containing only an SKT identifier and optionally also a network identifier, but no access credentials, will trigger the removal procedure. This will require that any access credentials are removed from the SKT as part of the registration procedure, either by the STA itself, by the AP or automatically after a reasonable timeout, if the SKT item is capable of independent operation.
Also the home AP must be able to unambiguously differentiate the removal procedure from the registration procedure, e.g. because it can happen that some unused credentials remain on the SKT. Therefore, the information written to the SKT in the registration procedure step must be different from the information written to the SKT by the STA in the removal procedure.
In one embodiment, this can be achieved in the following way. The AP generates and writes into the SKT only generic access credentials, such as keys, and none specific to a particular STA, because the AP does not have this knowledge yet; whereas the leaving STA, besides its generic access credentials, writes to the SKT also some STA- specific information, such as the STA-MAC address.
In another embodiment, data written to the SKT in both steps could be entirely different, e.g. generic access credentials written by the AP in the "configuration procedure" and PSK derivatives written by the STA in the "removal procedure". Individual identification data:
In one embodiment, the STA writes only its MAC address to the SKT, because the MAC address is a hardware-dependent parameter, available even when the STA already ceased the communication, for whatever reason, e.g. an inactivity period, with a given host network, i.e. even if the STA removed session keys or removed the IP address. This means that as long as the STA is present, the guest credentials can be invalidated and it is not necessary for the STA to still be able to communicate with the home network. However, various configuration parameters, such as e.g. MAC addresses or IP addresses, are known to be spoofable, i.e. they can be derived either directly from received network traffic or via snooping the network traffic of other devices. Therefore, in another embodiment, for security reasons, the list of parameters written by the STA into the SKT could be extended by or changed into items known only to this particular STA and the AP, such as:
A STA's PMK, in case of WPA2-Enterprise, or a hash of it;
A STA's PSK, in case of WPA2-Personal, or a hash of it;
A STA's session keys, i.e. one or more STA's PTKs, or their hashes;
A STA's access credentials, e.g. a username, for the removal of authentication server credentials.
A hash could be calculated using the STA's KCK/KEK, which are securely derived from the PMK in the 4-way handshake as part of the PTK key. This protects the home network from malicious guest devices, which could try to force removal of some other legitimate client, either home or guest device, i.e. make a DoS attack. Removal of credentials on the STA:
The removal of guest access credentials by the STA could be triggered after some timeout, to avoid deletion of the guest credentials before the guest removal procedure is successful, i.e. if in the case of an error the repetition of the entire procedure is necessary. In a further extension, for the STA to know which guest access settings are to be removed, in case the STA has multiple guest access accounts for different networks, some parameters identifying the hosting network should be present on the SKT, e.g. a SSID and/or the MAC address of the AP or a unique identifier of the SKT item if a network-owned SKT is used. Removal of credentials in the network:
The solution should be independent of the authentication method. All relevant entries for a given STA have to be removed. In the case of WPA2-Enterprise this will typically mean removal of EAP-credentials from an 802. IX authentication server, e.g. a RADIUS server, as well as removal of all derived entries and parameters in the AP: PMKSA, PTKSA, an entry in the list of associated STAs, etc. In the case of WPA2 -Personal this will mean removal of the dedicated PSK in the AP, as well as removal of all derived entries and parameters: PMKSA, PTKSA, an entry in the list of associated STAs, etc.
It may just as well result in removal of credentials or items specific to other protocols or other network layers, e.g. an IP address lease from a DHCP server, entries in UPnP ACLs lists, IPSec Security Associations, etc. STA differentiation:
It would be beneficial if the hosting AP could differentiate between HDs and GDs, e.g. store them in different association lists and/or have an additional parameter describing the STA status, such as sta status = {home, guest}. A means for this differentiation is provided by having two configuration items, the HSKT and the GSKT, or alternatively a STAs' individual HSKT* and GSKT*, which can be distinguished by a type identifier stored on each SKT item. In the case of an SKT item built into a device or an independent introducer device, this differentiation may be performed/triggered by the user selecting an appropriate application/role.
This allows certain restrictions to be placed on the removal procedure, so that, e.g., when a GSKT is used, only GDs, i.e. STAs known to the AP to be in the guest status, can be removed. This protects the home network from malicious GDs, which could try to force a disassociation of some legitimate home client, i.e. make a DoS attack. A special error procedure is required for the case when the AP cannot find locally the STA's identification data read from an SKT item, which can be caused by a malicious leaving STA writing fake data to the SKT, e.g. to remain connected or to disconnect another STA instead of itself. In this case, a fallback solution for a "removal of all guests" could be implemented that, e.g. either starts automatically after a single/repeated removal error, or on some specific user interaction, such as pushing the "guest removal button" on the AP, touching the AP with a HSKT or both a HSKT and a GSKT, etc.
Fallback solutions involving a HSKT are preferred, because the interaction is intuitive for the user. It is like saying to the AP "return to the home-only configuration". Due to the importance and safe storage of the HSKT, this method cannot easily be abused by a malicious guest.
A fallback solution is also needed in cases where the primary solution is not applicable (any more), e.g. when the guest already left and the user forgot to remove the guest credentials previously. Also, the fallback solution is an optimization for the case when all guests, e.g. a networked gaming team of eight people, leave at the same time or when there is only a single guest currently registered.
Applicability to Home Devices:
The method of the invention is practicable for removing guest devices (GDs) as well as home devices (HDs) within a wireless network. The removal of a home device could be required, e.g. in the case when the home device is to be sold or disposed.
For home device removal, preferably a HSKT or a STA's individual HSKT* should be used. Safe storage of a HSKT or a HSKT*, for the lifetime of the network or the particular device, prevents DoS (Denial of Service) attacks through device removal by malicious guests or insiders. Alternatively, a dedicated RSKT can be used.
Among home devices trust is explicitly assumed. Thus, if a HSKT or a
HSKT* is used, it is enough for the HD to write its MAC address to the HSKT. However, the
HD could in addition write other parameters, e.g. an IP address, a PMKID, a PTK etc., to improve security. The latter is required when another SKT item, e.g. a RSKT or a GSKT, is used for home device removal. Temporary removal of a HD can be seen as a security improvement, allowing to separately manage special classes of devices, e.g. portable devices, multihoming devices etc., to be used e.g. in a hostile network environment. Thus, it may be beneficial to hide, e.g. encrypt, or inactivate home credentials instead of deleting them.
If every HD has an individual HSKT*, for configuration of this HD into the system, e.g. with its username/certificate, connecting the HD with the HSKT* can be omitted in the removal procedure and the home AP can be directly touched with the HD's HSKT*.
As described above, the differentiation between configuration and removal procedures can be either user-interaction-based or SKT-content-based.
SKT types: It has been found that a RFID/NFC card/tag is one prominent example of a
SKT, but the applicability of the solution proposed by the invention is not limited to
RFID/NFC. Also other types of SKT, i.e. a contact SKT, e.g. USB, or a contactless SKT, e.g.
IR, may be employed.
Abbreviations: EAP Extensible Authentication Protocol
EAPOL EAP over LAN protocol
KCK EAPOL Key Confirmation Key
KEK EAPOL Key Encryption Key
PMK Pairwise Master Key PMKID PMK Identifier
PMKSA Pairwise Master Key Security Association PTK Pairwise Transient Key
PTKSA Pairwise Transient Key Security Association

Claims

CLAIMS:
1. A method for individual removal of a wireless station, hereinafter STA, from a wireless network comprising an access point, hereinafter AP, and a plurality of wireless stations, hereinafter STAs, with each of the plurality of STAs having a unique identification, wherein a short-range key item, hereinafter SKT, is applied for terminating an association between the STA and the AP, the method comprising the steps of: connecting the SKT to the STA, with the STA thereupon: storing its unique identification on the SKT; subsequently connecting the SKT to the AP, with the AP thereupon: reading the unique identification of the STA from the SKT, - searching association data relating to respective associations between the plurality of STAs and the AP for the unique identification of the STA, if the unique identification of the STA is found in the association data, terminating the association with the STA; if the unique identification of the STA is not found in the association data, triggering an error procedure.
2. A method for individual removal of a STA from a wireless network in accordance with claim 1, wherein the STA automatically removes network access credentials pertaining to the wireless network from its internal data substantially immediately upon removing the SKT from the STA.
3. A method for individual removal of a STA from a wireless network in accordance with claim 1, with the plurality of STAs comprising home devices and guest devices and the STA to be removed is a guest device, and wherein the error procedure comprises the step of the AP unconditionally terminating the association with each of the guest devices.
4. A method for individual removal of a STA from a wireless network in accordance with claim 1, with the plurality of STAs comprising home devices and guest devices and the STA to be removed is a guest device, and wherein the STA automatically restores network configuration data pertaining to a home wireless network of the STA substantially immediately upon removing the SKT from the STA.
5. A method for individual removal of a STA from a wireless network in accordance with claim 1, wherein the unique identification for each of the plurality of STAs comprises the MAC address of the respective wireless stations.
6. A method for individual removal of a STA from a wireless network in accordance with claim 1, wherein the unique identification for each of the plurality of STAs comprises a derivative of individual credentials of the respective STAs, such as a hash of one or more of a PSK, a PMK and a PTK.
7. A method for individual removal of a wireless station, hereinafter STA, from a wireless network comprising an access point, hereinafter AP, and a plurality of wireless stations, hereinafter STAs, with each of the plurality of STAs having a unique MAC address, wherein a short-range key item, hereinafter SKT, is applied for terminating an association between the STA and the AP, the method comprising the steps of: providing the SKT preconfigured with the MAC address of the STA; - connecting the SKT to the AP, with the AP thereupon: reading the MAC address of the STA from the SKT, searching association data relating to respective associations between the plurality of STAs and the AP for the MAC address of the STA, if the MAC address of the STA is found in the association data, terminating the association with the STA; if the MAC address of the STA is not found in the association data, triggering an error procedure.
8. A method for individual removal of a wireless station, hereinafter STA, from a wireless network comprising an access point, hereinafter AP, and a plurality of wireless stations, hereinafter STAs, with each of the plurality of STAs having a unique identification, wherein a short-range key item, hereinafter SKT, is applied for terminating an association between the STA and the AP, the method comprising the steps of: providing the SKT preconfigured with the unique identification of the STA; connecting the SKT to the AP; granting network access to the STA for as long as the SKT remains connected to the AP; terminating the association between the STA and the AP and removing access credentials of the STA from the AP as soon as the SKT is no longer connected to the AP.
9. An access point arranged for wireless network access management according to any one of the claims 1, 3 and 5 to 8.
10. A wireless station arranged for wireless network access management according to any one of the claims 1, 2 and 4 to 6.
PCT/IB2006/051754 2005-06-03 2006-06-01 Method and devices for individual removal of a device from a wireless network WO2006129288A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
EP05104833.8 2005-06-03
EP05104833 2005-06-03
EP05111579.8 2005-12-01
EP05111579 2005-12-01

Publications (1)

Publication Number Publication Date
WO2006129288A1 true WO2006129288A1 (en) 2006-12-07

Family

ID=36997846

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/051754 WO2006129288A1 (en) 2005-06-03 2006-06-01 Method and devices for individual removal of a device from a wireless network

Country Status (1)

Country Link
WO (1) WO2006129288A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013081739A1 (en) * 2011-11-30 2013-06-06 Motorola Solutions, Inc. Method and apparatus for key distribution using near-field communication
CN105809917A (en) * 2014-12-29 2016-07-27 中国移动通信集团公司 Method and device for transmitting messages of internet of things

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030078072A1 (en) * 2001-10-24 2003-04-24 Serceki Zeljko John Method for physically updating configuration information for devices in a wireless network
WO2004014039A1 (en) * 2002-07-29 2004-02-12 Philips Intellectual Property & Standards Gmbh Security system for apparatuses in a wireless network
EP1517480A1 (en) * 2003-05-16 2005-03-23 Sony Corporation Information processing device, access control processing method, and computer program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030078072A1 (en) * 2001-10-24 2003-04-24 Serceki Zeljko John Method for physically updating configuration information for devices in a wireless network
WO2004014039A1 (en) * 2002-07-29 2004-02-12 Philips Intellectual Property & Standards Gmbh Security system for apparatuses in a wireless network
EP1517480A1 (en) * 2003-05-16 2005-03-23 Sony Corporation Information processing device, access control processing method, and computer program

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013081739A1 (en) * 2011-11-30 2013-06-06 Motorola Solutions, Inc. Method and apparatus for key distribution using near-field communication
US9088552B2 (en) 2011-11-30 2015-07-21 Motorola Solutions, Inc. Method and apparatus for key distribution using near-field communication
CN105809917A (en) * 2014-12-29 2016-07-27 中国移动通信集团公司 Method and device for transmitting messages of internet of things

Similar Documents

Publication Publication Date Title
US7948925B2 (en) Communication device and communication method
US8631471B2 (en) Automated seamless reconnection of client devices to a wireless network
US7607015B2 (en) Shared network access using different access keys
US8917651B2 (en) Associating wi-fi stations with an access point in a multi-access point infrastructure network
US8959601B2 (en) Client configuration during timing window
US20180249313A1 (en) Smart device, electronic apparatus, and nfc-based network connection method
US8589687B2 (en) Architecture for supporting secure communication network setup in a wireless local area network (WLAN)
WO2006129287A1 (en) Method and devices for wireless network access management
EP2740315B1 (en) Method, apparatus, and computer program product for connection setup in device-to-device communication
EP2053887B1 (en) Legacy support for wi-fi protected setup
US7342906B1 (en) Distributed wireless network security system
US8208455B2 (en) Method and system for transporting configuration protocol messages across a distribution system (DS) in a wireless local area network (WLAN)
EP2817992B1 (en) Method and network node device for controlling the run of technology specific push-button configuration sessions within a heterogeneous or homogeneous wireless network and heterogeneous or homogeneous wireless network
US20070190973A1 (en) Base station, wireless communication systems, base station control programs and base station control methods
EP2291017B1 (en) Method for network connection
US8051463B2 (en) Method and system for distribution of configuration information among access points in a wireless local area network (WLAN) across a distribution system (DS)
CN101379795A (en) address assignment by a DHCP server while client credentials are checked by an authentication server
EP1875659A2 (en) Administration of wireless local area networks
US20110314136A1 (en) Method and System for Improved Communication Network Setup
WO2006129288A1 (en) Method and devices for individual removal of a device from a wireless network
Cisco Chapter 5 - Configuring the Client Adapter
Sethi et al. Secure network access authentication for IoT devices: EAP framework vs. individual protocols
US20250133395A1 (en) Supporting multiple pre-shared keys in wi-fi networks
KR20070040042A (en) Wireless LAN Auto Setup
JP2011120123A (en) Authentication system and authentication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06756036

Country of ref document: EP

Kind code of ref document: A1