Abstract: A method of authenticating a device's access to a communications node is disclosed. The method of operation includes the communications node generating a first value for use in the derivation of a first encryption key, the first encryption key being at least partially used to authenticate the device's access to the communications node in a first communications exchange. The method of operation includes the communications node modifying the first value, independent of the device, to create a second value. The method includes the communications node using the second value in authenticating the device's access to the communications node in a second communications exchange. Embodiments of the present invention include but are not limited to communications nodes and devices, subsystems, and systems equipped to operate in the above-described manner.

Abstract: An embodiment of the present invention provides an apparatus, comprising a wireless station (STA) operable to communicate with a first access point (AP) and roam to a next access point (AP), wherein said next AP pre-caches a number of IP addresses from a backend Dynamic Host Configuration Protocol (DHCP) server; and wherein said wireless station (STA) gathers IP layer address and sub-network information from said next Access Point (AP) during roaming.

Abstract: End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values.

Abstract: A wireless device operating as an access point (AP) uses an idle mode service and an idle mode mechanism to provide the capability of powering down during idle times. The client and the AP may share a cooperative idle mode mechanism to efficiently manage power for all devices operating in the WLAN.

Abstract: An embodiment of the present invention provides a method of pre-allocating and communicating IP address information during wireless communication by an access point, comprising pre-caching by said AP a predetermined number of IP addresses from a backend Dynamic Host Configuration Protocol (DHCP) server. An embodiment may further comprise providing by said AP an IP subnet roaming information element that provides the IP Address that a wireless station (STA) will be obtaining if a wireless station (STA) roams to a particular AP and providing by said AP an IP subnet roaming information element that provides an IP subnet mask that determines the network address and host address portion of the IP addresses and providing by said AP provides an IP subnet roaming information element that provides that provides a Default gateway router address.

Abstract: A reservation protocol is provided to enable a client mobile station to make a number of reservations with a number of access points to facilitate its access of a network at a future point in time, as it roams, and subsequently exercise one of the reservations.

Abstract: An embodiment of the present invention provides an apparatus, comprising a transmitter to transmit, in response to an incoming multicast communication frame received from a multicast communication source, a multicast acknowledgment frame indicating receipt of the incoming multicast communication frame, wherein the apparatus is randomly designated by the multicast communication source as a representative multicast communication recipient. In an embodiment of the present invention the representative multicast communication recipient may be chosen from a subset of connected stations.

Abstract: Techniques to overlay ciphersuite negotiation on top of the mesh link establishment protocol without sacrificing security. Two cryptographic primitives may be utilized: (1) a message integrity code, which is denoted as mK, where K is an authentication key (mK may be utilized to detect forged messages); and (2) a cryptographic random number generator, which will be denoted as rng. The techniques may use rng to produce values that cannot be predicted by any polynomial time algorithm.

Abstract: Key derivation procedures and key hierarchies compatible with the mesh link establishment protocol for use in a mesh network. A single cryptographic primitive may be utilized, which is a key derivation function, denoted as kdfK, where K is a cached pairwise master key. The result of the function kdfK may be used to derive the keys used to secure both link establishment and the data subsequently exchanged over the link.

Abstract: A computer system includes a service partition, not directly accessible to a user, having a security agent to inspect data entering and exiting the computer system on a virtual private network (VPN) tunnel, and a service partition VPN unit to communicate with a VPN gateway. The computer system also includes a user partition, accessible to a user, having a user partition VPN unit to initiate construction of the VPN tunnel with the VPN gateway. Other embodiments are described and claimed.

Abstract: Embodiments of the present invention provide methods and apparatus for a keying mechanism for end-to-end service control protection within wireless networks. Other embodiments may be described and claimed.

Abstract: Embodiments of the present invention provide methods and apparatus for a protected paging indication mechanism within wireless networks including multiple access points. Other embodiments may be described and claimed.

Abstract: Embodiments of an authorization server and method for securely reserving resources in a wireless network are generally described herein. Other embodiments may be described and claimed. In some embodiments, access points reserve bandwidth thereon through the verification of reservation tokens received from the mobile station.

Abstract: Cooperating entities share a signaling interface. Each entity establishes a security association between itself and an endpoint, and one of the entities transmits keepalive messages over a channel associated with the security association. Chipsets and systems to implement related methods are also described and claimed.

Abstract: Embodiments of replay counter cache reduction mechanisms are described generally herein. Other embodiments may be described and claimed.

Abstract: Embodiments of a mobile station and method for fast roaming in a wireless network using a fast-roaming protocol are generally described herein. Other embodiments may be described and claimed. In some embodiments, the fast-roaming protocol has a predetermined structure including an integrity check which remains independent of the route taken by messages.

Abstract: In one embodiment, methods and apparatus to protect management frames are generally described herein. Other embodiments may be described and claimed.

Abstract: Embodiments of apparatuses, articles, methods, and systems for binding various platform identities for a policy negotiation are generally described herein. Other embodiments may be described and claimed.

Abstract: In a processor based system comprising a plurality of logical machines, selecting a logical machine of the system to serve as a host; the host communicating with a policy decision point (PDP) of a network to provision a data channel interconnecting the processor based system and the network and to provision a logical data channel interconnecting each logical machine of the system to the network.

Abstract: Embodiments of methods and apparatus for providing a key management system for wireless communication networks are generally described herein. Other embodiments may be described and claimed.