Abstract: A method includes, prior to authenticating a mobile device, receiving by an access point a first message from the mobile device, determining that the mobile device is to be authenticated prior to responding to the first message, and sending to an authentication server a second message that includes an authentication request and the first message. The method also includes receiving from the authentication server a third message that includes a response to the authentication request and that further includes the first message.

Abstract: One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

Abstract: Methods, systems, and devices for wireless communications are described. A station (STA) may receive a wakeup radio (WUR) frame for the STA at a WUR. The STA may identify, from a number of packet number generation schemes, a scheme that the STA is to use to construct a packet number for the WUR frame. Following the scheme identification, the STA may generate a packet number for the received WUR frame using the identified scheme and determine whether to discard the WUR frame based on the generated packet number. In some implementations, the STA may determine whether the STA is to use, for communications received from an access point (AP) to the WUR, a same key or a second key, the second key being different from a first key used by the STA to receive protected communications from the AP to a primary radio of the STA.

Abstract: Methods, systems, and devices for wireless communications are described. A wireless device may receive, via a management frame, a set of wakeup tokens for activating a main radio of the wireless device. The wakeup tokens may be unique to the wireless device and may be transmitted over a secure connection. An access point (AP) wishing to activate a main radio (e.g., for high throughput communications) may transmit a wakeup radio (WUR) frame, including a wakeup token from the set of wakeup tokens, to a secondary radio of the wireless device. The wireless device may, upon reception of the WUR frame, activate the main radio and transmit a wakeup acknowledgement (ACK) to the AP. The AP may then communicate with the wireless device via the main radio.

Abstract: Certain aspects relate to an apparatus includes an interface configured to obtain a first frame including a first information element (IE) indicating a list of encoding algorithms and a processing system configured to generate a second frame including a second IE indicating at least one of an encoding algorithm from the list or the list. The interface is further configured to output the second frame for transmission to a device and obtain a first random number from the device and the processing system is further configured to generate a code based on the first random number, a second random number and a master key and generate a third frame comprising the second IE, the second random number and an integrity protected IE generated based on the second IE and the code. Furthermore, the interface is configured to output the third frame for transmission to the device.

Abstract: This disclosure provides systems, methods and apparatuses for enabling Multiple BSSID functionality. In some implementations, each BSS of the multi-BSS AP may transmit management frames with a Multiple BSSID element (MBE). Multiple BSSID-capable STAs may interpret the MBE information and implement corresponding Multiple BSSID functionality, whereas legacy STAs may ignore the MBE and interpret such frames as legacy management frames. In some other implementations, a multi-BSS AP may configure one or more of its BSSs to transmit management frames without the MBE. These legacy management frames may include a multi-BSS indicator (MBID) to advertise that the corresponding AP is a multi-BSS AP. The MBID also may provide information regarding a transmitted BSS of the multi-BSS AP. Multiple BSSID-capable STAs may search for a transmitted BSS based on the presence of the MBID, whereas legacy STAs may ignore the MBID and interpret such frames as legacy management frames.

Abstract: Aspects of the present disclosure implement techniques that allow an enrollee (e.g., DPP-AP or other DPP devices) to be informed of the bootstrapping method selected by a device (e.g., STA) when initiating onboarding. As such, in one example, authentication requests from the device may additionally carry information that inform the network of the bootstrapping method (e.g., QR-code, NFC, Wi-Fi Aware, Wi-Fi Direct) selected by the device. Each bootstrapping method may correspond to an authentication key. Accordingly, based on the exchange of bootstrapping information, the enrollee (e.g., network device) may verify the authenticity of the device by calculating an authentication key that unlocks additional sensitive information that may be included in the authentication request.

Abstract: Systems, methods, and computer readable mediums for authenticating a device perform a method of receiving, at a second device, a first authentication protocol reauthentication response for the device, the authentication response including a reauthentication master session key (rMSK), transmitting, at the second device, a second first authentication protocol reauthentication response to a first access point based on the reauthentication master session key, generating, at the second device, a first pairwise master key (PMK) based on the reauthentication master session key, generating, at the second device, a key message to include the first pairwise master key, and transmitting, at the second device, the key message to the second access point.

Abstract: Apparatuses and methods are disclosed that may allow a wireless device to process an Ethertype data packet encapsulated in a frame based on whether the frame contains an Ethertype Packet Discrimination (EPD) indicator. The wireless device may receive the frame from another wireless device over a wireless network, and may detect a presence of the EPD indicator in the received frame. Then, the wireless device may identify a protocol type of the Ethertype data packet according to an EPD operation based on the presence of the EPD indicator, or may identify the protocol type of the Ethertype data packet according to an LPD operation based on an absence of the EPD indicator.

Abstract: This disclosure provides systems, methods and apparatuses for enabling Multiple BSSID functionality. In some implementations, each BSS of the multi-BSS AP may transmit management frames with a Multiple BSSID element (MBE). Multiple BSSID-capable STAs may interpret the MBE information and implement corresponding Multiple BSSID functionality, whereas legacy STAs may ignore the MBE and interpret such frames as legacy management frames. In some other implementations, a multi-BSS AP may configure one or more of its BSSs to transmit management frames without the MBE. These legacy management frames may include a multi-BSS indicator (MBID) to advertise that the corresponding AP is a multi-BSS AP. The MBID also may provide information regarding a transmitted BSS of the multi-BSS AP. Multiple BSSID-capable STAs may search for a transmitted BSS based on the presence of the MBID, whereas legacy STAs may ignore the MBID and interpret such frames as legacy management frames.

Abstract: Systems, methods, and computer readable mediums for authenticating a device perform a method of receiving, at a second device, a first authentication protocol reauthentication response for the device, the authentication response including a reauthentication master session key (rMSK), transmitting, at the second device, a second first authentication protocol reauthentication response to a first access point based on the reauthentication master session key, generating, at the second device, a first pairwise master key (PMK) based on the reauthentication master session key, generating, at the second device, a key message to include the first pairwise master key, and transmitting, at the second device, the key message to the second access point.

Abstract: A method for wireless communication may include receiving a communication and determining an acknowledgement signature for an acknowledgment in response to the communication. The acknowledgment signature may allow for authentication with the transmitting wireless device. The acknowledgment signature may be based on a key shared with the wireless device. An acknowledgement frame (e.g., acknowledging reception of the communication) may then be sent to the transmitting wireless device. The content of the acknowledgement may be based on the acknowledgement signature. For example, the signature may be included in a frame control, duration, or address field. Determining the acknowledgement signature may include determining a unique signature based on information from the received communication (e.g., a cyclic redundancy check (CRC)), the shared key, and/or a hash function.

Abstract: In a particular embodiment, a method includes scanning, by a mobile device, for a first wireless communication channel that is reserved for device authentication and association. The mobile device sends an authentication request to an access point via the first wireless communication channel. The method further includes receiving a reply to the authentication request from the access point.

Abstract: A method includes, prior to authenticating a mobile device, receiving by an access point a first message from the mobile device, determining that the mobile device is to be authenticated prior to responding to the first message, and sending to an authentication server a second message that includes an authentication request and the first message. The method also includes receiving from the authentication server a third message that includes a response to the authentication request and that further includes the first message.

Abstract: One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

Abstract: A wireless communication device includes a memory and a processor coupled to the memory. The processor is configured to set a packet number to a particular value in accordance with a packet number initialization scheme associated with a data link group of a neighbor aware network (NAN). The processor is further configured to generate a packet based on the packet number.

Abstract: Certain aspects of the present disclosure generally relate to wireless communications and, more particularly, to protecting control frames with power-related subfields. One example apparatus for wireless communications generally includes a processing system configured to generate a control frame comprising one or more power-related subfields and an integrity check value calculated based, at least in part, on the one or more power-related subfields and a transmitter configured to transmit the control frame. In aspects, a power management (PM) subfield, an end-of-service-period (EOSP) subfield, a more data (MD) subfield, or a traffic identifier (TID) subfield can be added to a group of additional authentication data (AAD) and the integrity check value is calculated based on the group of AAD.

Abstract: A method includes, prior to authenticating a mobile device, receiving by an access point a first message from the mobile device, determining that the mobile device is to be authenticated prior to responding to the first message, and sending to an authentication server a second message that includes an authentication request and the first message. The method also includes receiving from the authentication server a third message that includes a response to the authentication request and that further includes the first message.

Abstract: Systems, methods, and devices for multicast wireless local area network messages with message authentication are contained herein. The method includes determining a message integrity check value for each of a plurality of wireless devices. The method further includes transmitting a multicast packet to each of the plurality of devices on a wireless local area network, the multicast packet including an indication of each of the plurality of devices and the message integrity check value for each of the plurality of devices.

Abstract: Apparatuses and methods are disclosed that may allow a wireless device to process an Ethertype data packet encapsulated in a frame based on whether the frame contains an Ethertype Packet Discrimination (EPD) indicator. The wireless device may receive the frame from another wireless device over a wireless network, and may detect a presence of the EPD indicator in the received frame. Then, the wireless device may identify a protocol type of the Ethertype data packet according to an EPD operation based on the presence of the EPD indicator, or may identify the protocol type of the Ethertype data packet according to an LPD operation based on an absence of the EPD indicator.