Abstract: This disclosure provides methods, devices and systems related multi-link wireless communication. A method may include establishing, between the first WLAN device and a second WLAN device, a multi-link association that enables a first wireless communication link and a second wireless communication link. The method may include determining a temporal key for the multi-link association. The method may include encrypting a first and second media access control (MAC) protocol data unit (MPDU) based on the temporal key. The method may include preparing a first frame including the encrypted first MPDU and a second frame including the encrypted second MPDU. The method may include assigning packet numbers from a set of sequential packet numbers to the first and second frames. The method may include transmitting the first frame over the first wireless communication link and the second frame over the second wireless communication link.

Abstract: This disclosure provides methods, devices and systems that facilitate mobility of wireless communication devices configured for multi-link operation (MLO). Particular aspects more specifically relate to facilitating fast basic service set (BSS) transitions by wireless communication devices that support MLO. For example, some aspects provide support for station (STA) multi-link device (MLD) roaming between access point (AP) MLDs, from an AP MLD to a non-MLO AP, or from a non-MLO AP to an AP MLD. In some aspects, a STA MLD may be configured to use a medium access control (MAC) service access point address (MAC-SAP address) of the AP MLD when re-associating or communicating with a legacy AP or with an AP MLD. In such aspects, the MAC-SAP address may be used by all STAs of the non-AP MLD for fast BSS transitions.

Abstract: Aspects of the present disclosure relate to wireless communications, and more particularly, to techniques for increasing local area network (LAN) device privacy. One aspect provides a method for wireless communications at an access point (AP). The method generally includes: determining a mapping between a first distribution system (DS) medium access control (MAC) address and a second DS MAC address; obtaining, from a source access terminal, a frame having the second DS MAC address; and sending at least a portion of the frame to a target access terminal based on the mapping between the first MAC address and the second MAC address.

Abstract: This disclosure provides systems, methods, and apparatuses for wireless communication performed by a wireless communication device. An example wireless communication device includes an access point (AP) multi-link device (MLD). The AP MLD transmits a beacon frame to a wireless station (STA) MLD, the beacon frame including a plurality of AP medium access control (MAC) addresses of respective APs belonging to the AP MLD. The AP MLD receives an association request from the STA MLD, the association request including a plurality of STA MAC addresses of respective STAs belonging to the STA MLD. The AP MLD generates, during a handshake operation with the STA MLD, one or more encryption keys configured to encrypt communications between the AP MLD and the STA MLD. The AP MLD verifies the plurality of STA MAC addresses based at least in part on the one or more encryption keys.

Abstract: This disclosure provides methods, devices and systems that facilitate mobility of wireless communication devices configured for multi-link operation (MLO). Particular aspects more specifically relate to facilitating fast basic service set (BSS) transitions by wireless communication devices that support MLO. For example, some aspects provide support for station (STA) multi-link device (MLD) roaming between access point (AP) MLDs, from an AP MLD to a non-MLO AP, or from a non-MLO AP to an AP MLD. In some aspects, a STA MLD may be configured to use a medium access control (MAC) service access point address (MAC-SAP address) of the AP MLD when re-associating or communicating with a legacy AP or with an AP MLD. In such aspects, the MAC-SAP address may be used by all STAs of the non-AP MLD for fast BSS transitions.

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer-readable media, for analyzing management frames for multiple basic service sets (BSSs). In one aspect, a wireless node may obtain a first management frame from a wireless local area network (WLAN) apparatus, the WLAN apparatus operating multiple virtual access points (VAPs) respectively corresponding to multiple BSSs. The wireless node may determine whether the first management frame includes a BSS profile of a BSS associated with the wireless node based, at least in part, on an arrangement of a plurality of BSS profiles within one or more management frames. The wireless node may determine to further process the first management frame based, at least in part, on a determination that the first management frame includes the BSS profile of the BSS associated with the wireless node.

Abstract: This disclosure provides systems, methods, and apparatuses for wireless communication performed by a wireless communication device. An example wireless communication device includes an access point (AP) multi-link device (MLD). The AP MLD transmits a beacon frame to a wireless station (STA) MLD, the beacon frame including a plurality of AP medium access control (MAC) addresses of respective APs belonging to the AP MLD. The AP MLD receives an association request from the STA MLD, the association request including a plurality of STA MAC addresses of respective STAs belonging to the STA MLD. The AP MLD generates, during a handshake operation with the STA MLD, one or more encryption keys configured to encrypt communications between the AP MLD and the STA MLD. The AP MLD verifies the plurality of STA MAC addresses based at least in part on the one or more encryption keys.

Abstract: Aspects relate to changing at least one communication parameter. In some examples, the at least one communication parameter may include at least one of an association identifier (AID), a packet number (PN), a sequence number (SN), a traffic identifier (TID), a timing synchronization function (TSF) value, or a combination thereof. In some examples, a first apparatus provides an indication of a change associated with at least one of the AID, the PN, the SN, the TID, the TSF value, or a combination thereof to a second apparatus.

Abstract: This disclosure provides methods, devices and systems related multi-link wireless communication. A method may include establishing, between the first WLAN device and a second WLAN device, a multi-link association that enables a first wireless communication link and a second wireless communication link. The method may include determining a temporal key for the multi-link association. The method may include encrypting a first and second media access control (MAC) protocol data unit (MPDU) based on the temporal key. The method may include preparing a first frame including the encrypted first MPDU and a second frame including the encrypted second MPDU. The method may include assigning packet numbers from a set of sequential packet numbers to the first and second frames. The method may include transmitting the first frame over the first wireless communication link and the second frame over the second wireless communication link.

Abstract: This disclosure provides systems, devices, apparatus and methods, including computer programs encoded on storage media, for providing uplink broadcast service connectivity via a wireless local area network (WLAN). In some implementations, a wireless device may transmit an uplink communication to an access point (AP) that supports uplink broadcast services, and the AP may forward the uplink communication to a remote destination indicated in the uplink communication. In some implementations, the wireless device may be in an unassociated state and may transmit the uplink communication without establishing a formal wireless session with the AP. The uplink communication may include a request for the AP to embed AP-provided data to the uplink communication before forwarding it the remote destination. This disclosure includes techniques to prevent flooding and unauthorized uplink communications being used for a denial of service attack on the remote destination.

Abstract: Certain aspects of the present disclosure relate to wireless communications. According to certain aspects, a method that may be performed by an access point (AP) includes outputting, for transmission to an access point (AP), a request to associate with the AP, wherein the request is encrypted with a first set of one or more keys; obtaining, from the AP, a response to the request; decrypting the response, based on the first set of keys, to obtain a second set of one or more keys; and using the second set of keys for secure data exchange with the AP.

Abstract: Aspects of the present disclosure relate to wireless communications, and more particularly, to techniques for increasing local area network (LAN) device privacy. One aspect provides a method for wireless communications at an access point (AP). The method generally includes: determining a mapping between a first distribution system (DS) medium access control (MAC) address and a second DS MAC address; obtaining, from a source access terminal, a frame having the second DS MAC address; and sending at least a portion of the frame to a target access terminal based on the mapping between the first MAC address and the second MAC address.

Abstract: This disclosure provides methods, devices and systems for using a pseudonym service set identifier (pSSID) for access point (AP) and station (STA) privacy. For example, a pSSID is included by a STA or AP in place of a persistent SSID for over the air communications used for various functions (such as for the STA to determine the SSID of the AP before connecting to the AP). The pSSID is generated using a hash function that is defined at both the AP and the STA. An input to the hash function includes the SSID. Other inputs may include a temporary media access control (MAC) address of the device generating the pSSID, a time value associated with a time when the pSSID is generated, or a location value associated with a position measurement of the device generating the pSSID.

Abstract: This disclosure provides methods, devices and systems for using a variable authentication identifier (AID) for access point (AP) privacy. For example, instead of a persistent SSID, an AID is used by a station (STA) to authenticate the AP before connecting to the AP. The AP is associated with a service set, and the STA has stored a secret token associated with the service set. Before connecting to the AP, a broadcasted probe request from the STA includes no identifying information other than the token. The AP generates the AID from the token and provides the AID in a probe response. The STA is able to identify the AP as being associated with a service set and connect to the AP using the token and AID without the token and the AID being used by another device not associated with the service set to identify the AP.

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer-readable media, for analyzing management frames for multiple basic service sets (BSSs). In one aspect, a wireless node may obtain a first management frame from a wireless local area network (WLAN) apparatus, the WLAN apparatus operating multiple virtual access points (VAPs) respectively corresponding to multiple BSSs. The wireless node may determine whether the first management frame includes a BSS profile of a BSS associated with the wireless node based, at least in part, on an arrangement of a plurality of BSS profiles within one or more management frames. The wireless node may determine to further process the first management frame based, at least in part, on a determination that the first management frame includes the BSS profile of the BSS associated with the wireless node.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a device may transmit, via a broadcast, a first frame that indicates one or more of a device credential or a payload. The device may receive, from the access point, a second frame that indicates one or more of the payload or an access point credential. The device may associate with the access point based at least in part on the access point credential. The device may perform a communication, to a cloud computing system via the access point, after the device has been associated with the access point. Numerous other aspects are described.

Abstract: This disclosure provides systems, devices, apparatus and methods, including computer programs encoded on storage media, for providing uplink broadcast service connectivity via a wireless local area network (WLAN). In some implementations, a wireless device may transmit an uplink communication to an access point (AP) that supports uplink broadcast services, and the AP may forward the uplink communication to a remote destination indicated in the uplink communication. In some implementations, the wireless device may be in an unassociated state and may transmit the uplink communication without establishing a formal wireless session with the AP. The uplink communication may include a request for the AP to embed AP-provided data to the uplink communication before forwarding it the remote destination. This disclosure includes techniques to prevent flooding and unauthorized uplink communications being used for a denial of service attack on the remote destination.

Abstract: One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer-readable media, for analyzing management frames for multiple basic service sets (BSSs). In one aspect, a wireless node may obtain a first management frame from a wireless local area network (WLAN) apparatus, the WLAN apparatus operating multiple virtual access points (VAPs) respectively corresponding to multiple BSSs. The wireless node may determine whether the first management frame includes a BSS profile of a BSS associated with the wireless node based, at least in part, on an arrangement of a plurality of BSS profiles within one or more management frames. The wireless node may determine to further process the first management frame based, at least in part, on a determination that the first management frame includes the BSS profile of the BSS associated with the wireless node.

Abstract: One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.