Abstract: A system and method for establishing a mutual entity authentication and a shared secret between two devices using a password without giving any useful information for finding the password is disclosed. Unique first private keys and first public keys are assigned to both devices. A shared password is provided to both devices. The public keys are scrambled using the shared password and then exchanged between the two devices. Both devices descramble their respectively received scrambled public keys using the shared password to recover the public keys. Both devices compute a shared secret from their own private keys and the recovered public keys. Both devices compute, exchange, and verify their hashes of the shared secret. If verification is successful, both devices use the shared secret to generate a shared master key, which is used either directly or via a later-generated session key for securing message communications between the two devices.

Abstract: A system and method for authenticating and encrypting messages for secure transmission is disclosed. A frame to be transmitted between devices comprises a frame header and a frame body. The frame body includes a security sequence number (SSN), frame payload, and message integrity code (MIC). The SSN is incremented by one for each frame transmitted using a same pairwise temporal key (PTK). A nonce is formed using the frame header and the SSN. Counter blocks Ctri and a first input block B0 are created using the nonce. Payload blocks Bi are created from the frame payload. The frame payload encrypted by sequentially applying the blocks of payload data Bi and corresponding counter blocks Ctri to a cipher function. The MIC is computed by cipher block chaining a cipher function applied to blocks B0 and Bi, and counter block Ctr0. The cipher functions all use the PTK.

Abstract: A method and system for random access control is disclosed. A backoff counter is used to determine the start time of a contended allocation for a device. The backoff counter is set to an integer randomly drawn from the interval [1, CW], where CW is a contention window value selected based upon the priority of the traffic to be transmitted. The backoff counter is decremented for each idle contention slot detected. When the backoff counter reaches zero, the device attempts to transmit in the next contention slot. If the device receives no acknowledgement or an incorrect acknowledgment, then the transmission has failed. After a failed transmission, CW is set by alternately doubling the CW value up to a CWmax value for the user priority. CW is unchanged, if it was doubled in the last setting; and CW is doubled, if it was unchanged in the last setting.

Abstract: A system and method for minimizing or preventing interference between wireless networks is disclosed. A network hub broadcasts a beacon signal within repeating beacon periods. The position of the beacon signal shifts within each beacon period based upon a predetermined pseudo-random sequence. The beacon signal includes data identifying the current beacon shift sequence and the current phase of the sequence. Neighboring hubs independently or jointly determine and broadcast their own beacon shift sequences and phases for their respective networks from a predetermined list. Nodes connected with the network hubs are assigned allocation intervals having a start time that is set relative to the beacon signal. The start time and duration of the allocation interval wraps around the beacon period if the allocation-interval would otherwise start or continue in a next beacon period.

Abstract: A system and method for establishing a pairwise temporal key (PTK) between two devices based on a shared master key and using a single message authentication codes (MAC) algorithm is disclosed. The devices use the shared master key to independently compute four MACs representing the desired PTK, a KCK, and a first and a second KMAC. The Responder sends its first KMAC to the Initiator, which retains the computed PTK only if it verifies that the received first KMAC equals its computed first KMAC and hence that the Responder indeed possesses the purportedly shared master key. The Initiator sends a third message including the second KMAC to the Responder. The Responder retains the computed PTK only if it has verified that the received second KMAC equals its computed second KMAC and hence that the Initiator indeed possesses the purportedly shared master key.

Abstract: A system and method for managing power in a subnet having a hub in communication with one or more nodes is disclosed. The hub and nodes communicate using one or more non-contention access methods, such as scheduled, polled or posted access. The node may enter a sleep or hibernation state while no scheduled, polled or posted allocation interval is pending. The hibernation state allows the node to hibernate through one or more entire beacon periods. In the sleep state, the node may be asleep between any scheduled, polled and posted allocation intervals for the node or during another node's scheduled allocation interval in a current beacon period. By selecting which access scheme is in use, the node and hub can increase the node's chances to be in hibernation or sleep state and minimize power consumption.

Abstract: A station in a basic service set in a wireless local area network is disclosed. The station includes a frame classification entity (FCE), a frame scheduling entity and a QoS management entity. The FCE is logically located in a logical link control layer of the station and has a classification table containing at least one classifier entry. Each classifier entry contains a virtual stream identifier (VSID) and a frame classifier associated with a user session. The FCE receives a data frame associated with the user session The data frame contains in-band quality of service signaling information for the user session. The FCE classifies the received data frame to a selected VSID contained in a classifier entry in the classification table based on a match between an in-band frame classification information contained in the received frame and the frame classifier contained in the classifier entry.

Abstract: A station, such as a point coordinator (PC) or a non-PC station, in a basic service set (BSS) in a wireless local area network (WLAN) includes a frame classification entity (FCE), a frame scheduling entity (FSE) and a QoS management entity (QME). The FCE contains at least one classifier entry with a virtual stream identifier (VSID) and a frame classifier. A received data frame containing in-band quality of service (QoS) signaling information is classified to a selected VSID contained in a classifier entry in a classification table based on a match between an in-band frame classification information contained in a received frame and a frame classifier contained in the classifier entry. The FSE has a frame scheduling table containing at least one entry containing a VSID and a QoS parameter set identified by the VSID and schedules a transmission opportunity (TO) for the classified data frame.

Abstract: A method and a system are disclosed for setting up, modifying and tearing down a side-stream communication session in a basic service set (BSS) in a wireless network so that the communication session has a defined Quality of Service (QoS). Regarding setting up a side-stream communication session, a first Path message and a first Resv message (Path/Resv message) of a RSVP protocol is detected at a designated subnet bandwidth manager (DSBM) in a station having a point coordinator (PC). The first Resv message originates from a RSVP agent of a destination non-PC station in the BSS and requests resource reservation for setting up a side-stream session between a source non-PC station and at least one destination non-PC station in the same BSS. The DSBM extracts a QoS parameter set and a classifier from the first Path/Resv message for the session.

Abstract: A virtual stream (VS) in a basic service set (BSS) in a wireless local area network (WLAN) that exists solely within the medium access control (MAC) sublayer of the WLAN. The VS includes a unidirectional path in the wireless network between a station sourcing a quality of service (QoS) session and at least one station receiving the QoS session in the same BSS. The VS is defined by a VS identifier (VSID) that is unique within and local to the BSS, an address of the sourcing station, and an address of the at least one receiving station. The VS can be a virtual down-stream (VDS), a virtual up-stream (VUS) or a virtual side-stream (VSS). The VS can be a unitcast or a multicast VS.

Abstract: Embodiments of the application describe a method and system for discovering and authenticating communication devices and establishing a secure communication link within a wireless home network without requiring a secure channel. According to an embodiment, communication devices exchange public keys using multiple messages each including at least a portion of the public key of the sending device. The devices authenticate the receipt of the public key and establish a shared master key. The shared master key is used to further derive a session key for securing the application data between the communicating devices for a current session.

Abstract: A method and a system are disclosed for providing quality of service (QoS)-driven channel access within a basic service set (BSS) in a wireless network. At least one available TO is allocated to a selected non-PC station having traffic to transmit. A multipoll frame containing information relating to at least two allocated TOs is then sent from the PC station containing information relating to each allocated TO.

Abstract: A method and system is disclosed for setting up, modifying and tearing down an up-stream communication session in a basic service set (BSS) in a wireless local area network (WLAN), so that the communication session has a defined Quality of Service (QoS). Regarding setting up an up-stream communication session, a first Path message and a first Resv message (Path/Resv message) of a RSVP protocol are detected at a designated subnet bandwidth manager (DSBM) in a station having a point coordinator (PC). The first Resv message originates from a RSVP agent of a host outside the BSS, and is a request for setting up an up-stream session between a source non-PC station in the BSS and the PC station. A QoS parameter set and a classifier from the first Path/Resv message for the session are extracted at the DSBM. The DSBM determines whether to admit the up-stream session to the network based on the QoS parameter set defining the session and a channel status report on a medium access control (MAC) sublayer of the BSS.

Abstract: A method and a system is disclosed for providing quality of service (QoS)-driven channel access within a basic service set (BSS) in a wireless local area network (WLAN). A contention control (CC) frame is sent from a point coordinator (PC) of the BSS during a contention-free period (CFP) of a superframe that includes the contention-free period (CFP) and a contention period (CP). The CC frame contains information relating to at least one of a priority limit for a next centralized contention interval (CCI), a length of the next CCI, a permission probability associated with the next CCI and information relating to a reservation request (RR) frame successfully received by the PC in a previous CCI. A non-colliding RR frame is then received at the PC in the CCI following the CC frame. The received RR frame is sent from a non-PC station in the BSS when at least one centralized contention opportunity (CCO) is available during the CCI after the CC frame.

Abstract: Each of a plurality of nodes in a wireless network is capable of generating, transmitting, and receiving beacons in a distribute fashion. Each beacon contains information regarding the order of which other nodes are to transmit beacons and wireless medium access information at to when various nodes are to access the network. Nodes that are in separate “extended neighborhoods” are permitted to transmit their beacons simultaneously without risking beacon collisions. The beacons contain information that is used to ensure this result. Using the distributed beacon mechanism, each nod can reserve access to the wireless medium. In the disclosed embodiments, a central coordinator is not needed.

Abstract: System and method for synchronizing clocks and maintaining packet timing relationships in a wireless communications system. A preferred embodiment further comprises periodically synchronizing local clocks at a transmitter and a receiver to a clock reference, adding a timestamp to each application packet at a transmitter of a wireless network, setting the timestamp to a value of a local time at the transmitter plus a link delay, buffering a received packet at a receiver, and releasing the buffered packet to an application level when a value of a local time at the receiver equals the timestamp value in the packet. This can help to ensure that the timing relationships between data packets present at a transmitter is maintained at a receiver, regardless of transport delays (waiting, transmission and processing) incurred by the data packets.

Abstract: Methods for key exchange and mutual authentication are provided that allow for inherent authentication and secret key derivation of parties communicating through an unsecured medium. These methods allow for greater security than existing key exchange and authentication methods while requiring little or no additional energy or time compared with a basic Diffie-Hellman key exchange. These methods allow for secure communication with small, low-power devices and greater security for any devices communicating through an unsecured medium.

Abstract: Authentication methods are provided that allow for superior security, power consumption, and resource utilization over existing authentication methods. By computing only two hashes of a shared secret password for each protocol run, the methods described in this disclosure dramatically reduce the computational power needed to perform authentication. Similarly, by exchanging these hashes bitwise or piecewise for verification, rather than performing new hashes including each bit of the password separately, the methods described in this disclosure reveal less information about the password being authenticated than existing methods. The methods described in this disclosure also allow for authentication using fewer messages and with lower latency, reducing the amount of operational power used in the authentication process.

Abstract: A virtual stream (VS) in a basic service set (BSS) in a wireless local area network (WLAN) that exists solely within the medium access control (MAC) sublayer of the WLAN. The VS includes a unidirectional path in the wireless network between a station sourcing a quality of service (QoS) session and at least one station receiving the QoS session in the same BSS. The VS is defined by a VS identifier (VSID) that is unique within and local to the BSS, an address of the sourcing station, and an address of the at least one receiving station. The VS can be a virtual down-stream (VDS), a virtual upstream (VUS) or a virtual side-stream (VSS). The VS can be a unitcast or a multicast VS.

Abstract: Certain exemplary embodiments provide a method for providing multiple access to a communication channel, the method comprising: sending a reservation request of a first type into a first selected minislot of a selected frame of an uplink channel when information of a first type is to be sent, the uplink channel having a plurality of frames, each frame having a first selectable number of minislots and a second selectable number of slots, the reservation request of the first type requesting an assignment of at least one slot for transmitting information of the first type in at least one frame that is subsequent to the selected frame.