Abstract: An ultra-high reliability station (UHR STA) requests that medium access control (MAC) header protection padding be included in an MAC Protocol Data Unit (MPDU). A protected control frame may be received from the UHR AP comprising an MPDU that includes a MAC header protection padding field. The MAC header protection padding field may comprise padding to allow for additional time for the processing circuitry to compute the MIC before sending the ACK. For multi-link operations (MLOs) when MAC header protection padding is used, each link may be configured with an independent replay counter and a different key is used for the protected control frame and a protected MAC header in each link. The independent replay counter in each link is reset to zero when the key is derived or rekeyed and set to a packet or sequence number (PN or SN) of the protected control frame or protected MAC header when the MIC is verified.

Abstract: This disclosure describes systems, methods, and devices related to KEK frame encryption. A device may identify, within a received authentication frame, a capability bit in a Robust Security Network Extension Element (RSNXE) indicating peer device support for Key Encryption Key (KEK) derivation during an authentication frame exchange. The device may derive the KEK during the authentication frame exchange based on mutual support for KEK derivation and derivation of a Pairwise Transient Key Security Association (PTKSA) during the exchange. The device may use a cryptographic key protection process for deriving the KEK. The device may encrypt a portion of the authentication frame using the derived KEK.

Abstract: This disclosure describes systems, methods, and devices related to using encrypted 802.11 association. A device may identify a beacon received from an access point (AP), the beacon including an indication of an authentication and key manager (AKM); transmit, to the AP, an 802.11 authentication request including an indication of parameters associated with the AKM; identify an 802.11 authentication response received from the AP based on the 802.11 authentication request, the 802.11 authentication response including a message integrity check (MIC) using a key confirmation key (KCK) and an indication that the parameters have been selected by the AP; transmit, to the AP, an 802.11 association request encrypted by a security key based on an authenticator address of the AP; and identify an 802.11 association response received from the AP based on the 802.11 association request, the 802.11 association response encrypted by the security key.

Abstract: This disclosure outlines enhanced privacy in wireless networks. A device recognizes frames indicating a first PMKID or PMKR0Name, and then mirrors these identifiers in response frames. Post-authentication, it recalculates a second PMKID or PMKR0Name using a hash function upon PTKSA establishment. This new information is then shared across the network's APs or MLDs. The device can also decide to stop using the first PMKID or PMKR0Name to maintain network security.

Abstract: This disclosure describes systems, methods, and devices related to secure MAC header. A device may generate a frame comprising a secure medium access control (MAC) header. The device may cause to send the frame to one or more STAs. In particular, the device may include processing circuitry coupled to storage, where the processing circuitry is configured to generate a frame comprising a MAC header that includes one or more unencrypted fields and one or more encrypted fields. The frame may be one of a management frame or a data frame and the one or more unencrypted fields may include an address 3 (A3) field. The processing circuitry may also be configured to instruct to send the frame to one or more stations (STAs).

Abstract: Methods, apparatuses, and computer readable media for updating capabilities, where a station (STA) comprises processing circuitry configured to: transmit to an access point (AP) on a first channel of a first band, an association request including a first capabilities element for a first communications standard, decode, from the AP on the first channel of the first band, an association response, the association response including a second capabilities element for the first communications standard on the first band, transmit to the AP, a channel usage request frame with a third capabilities element for a second communications standard on a second channel of a second band, and encode for transmission to the AP on the second channel of the second band, a data frame using the third capabilities element and a fourth capabilities element received from the AP on the first channel on the first band.

Abstract: This disclosure describes systems, methods, and devices related to reordering and replay detection. A device may differentiate between MAC Protocol Data Units (MPDUs) associated with old and new Pairwise Transient Key Security Associations (PTKSAs) using either an Extended Key ID mechanism or decoding with an old or a new key. The device may maintain separate replay counters for each PTKSA to enable accurate replay detection by selecting an appropriate replay counter based on the differentiation of the MPDUs. The device may compare Packet Numbers (PNs) of received frames with values of their corresponding replay counters. The device may discard any MPDUs with PNs less than or equal to a value of the corresponding replay counter associated with a respective old or new PTKSA.

Abstract: For example, a first wireless communication device may be configured to determine a negotiated bootstrapping mechanism based on a first message-exchange including Peer-to-Peer (P2P) messages exchanged with a second wireless communication device; to pair the first wireless communication device with the second wireless communication device according to the negotiated bootstrapping mechanism; to derive a Pairwise Master Key Security Association (PMKSA) based on a second message-exchange with the second wireless communication device, e.g., after pairing with the second wireless communication device; and to determine an encryption key according to a third message exchange with the second wireless communication device based on the PMKSA. For example, the encryption key may be configured to encrypt a P2P communication with the second wireless communication device.

Abstract: Logic for encryption and decryption of group addressed management. Logic to generate a management frame comprising a robust security network (RSN) element (RSNE), the management frame comprising a cipher suite field with a cipher suite used together with a set of one or more keys to encrypt the group addressed management frames. Logic to cause transmission of the management frame to one or more stations (STAs). Logic to receive a management frame comprising a robust security network (RSN) element (RSNE), the management frame comprising a cipher suite field with a cipher suite used together with a set of one or more keys to encrypt the group addressed management frames. And logic to decode the management frame to determine the cipher suite used together with the set of one or more keys for encryption of group addressed management frames.

Abstract: This disclosure describes systems, methods, and devices related to using encrypted 802.11 association. A device may identify a beacon received from an access point (AP), the beacon including an indication of an authentication and key manager (AKM); transmit, to the AP, an 802.11 authentication request including an indication of parameters associated with the AKM; identify an 802.11 authentication response received from the AP based on the 802.11 authentication request, the 802.11 authentication response including a message integrity check (MIC) using a key confirmation key (KCK) and an indication that the parameters have been selected by the AP; transmit, to the AP, an 802.11 association request encrypted by a security key based on an authenticator address of the AP; and identify an 802.11 association response received from the AP based on the 802.11 association request, the 802.11 association response encrypted by the security key.

Abstract: The application relates to a 4-way handshake optimization. An initiating entity includes processor circuitry configured to: transmit a first open authentication frame to a responding entity via a wireless interface, wherein the first open authentication frame comprises information that helps the responding entity to identify a Pairwise Master Key (PMK) and a first random number; receive a second open authentication frame from the responding entity, wherein the second open authentication frame comprises a second random number; transmit an association request frame to the responding entity via the wireless interface, wherein the association request frame is encrypted with at least part of a Pairwise Transient Key (PTK) derived by the initiating entity from the PMK; and receive an association response frame from the responding entity, wherein the association response frame is encrypted with at least part of the PTK derived by the responding entity from the PMK.

Abstract: The disclosure provides a method for resisting downgrade attack for private limited connection, comprising: performing a 4-way handshake between an initiating entity and a responding entity to establish a PMKSA; receiving, by the initiating entity, a frame from the responding entity during the 4-way handshake, wherein the frame comprises an indication of usage of private limited connection for all responding entities in a network identified by a SSID of the responding entity; and establishing, by the initiating entity, a private limited connection in the network identified by the SSID of the responding entity.

Abstract: A method and apparatus for selecting a communication system in a multi-mode subscriber station. In the exemplary embodiment, the subscriber station capable of operating in both CDMA and analog modes comprises a analog modulation and demodulation and processing element and a CDMA modulation and demodulation and processing element and a system determination element. System determination element examines exit parameters provided by the communication element exited and determines the next system upon which to attempt acquisition in accordance with a system preferences table, a CDMA channel table and a non-volatile memory element.