Abstract: This disclosure provides methods, devices and systems that facilitate mobility of wireless communication devices configured for multi-link operation (MLO). Particular aspects more specifically relate to facilitating fast basic service set (BSS) transitions by wireless communication devices that support MLO. For example, some aspects provide support for station (STA) multi-link device (MLD) roaming between access point (AP) MLDs, from an AP MLD to a non-MLO AP, or from a non-MLO AP to an AP MLD. In some aspects, a STA MLD may be configured to use a medium access control (MAC) service access point address (MAC-SAP address) of the AP MLD when re-associating or communicating with a legacy AP or with an AP MLD. In such aspects, the MAC-SAP address may be used by all STAs of the non-AP MLD for fast BSS transitions.

Abstract: This disclosure provides systems, methods, and apparatuses for wireless communication performed by a wireless communication device. An example wireless communication device includes an access point (AP) multi-link device (MLD). The AP MLD transmits a beacon frame to a wireless station (STA) MLD, the beacon frame including a plurality of AP medium access control (MAC) addresses of respective APs belonging to the AP MLD. The AP MLD receives an association request from the STA MLD, the association request including a plurality of STA MAC addresses of respective STAs belonging to the STA MLD. The AP MLD generates, during a handshake operation with the STA MLD, one or more encryption keys configured to encrypt communications between the AP MLD and the STA MLD. The AP MLD verifies the plurality of STA MAC addresses based at least in part on the one or more encryption keys.

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer-readable media, for signaling basic service set (BSS) identifiers (BSSIDs). A group of BSSs may form a Multiple BSSID set in which one BSS sent management frames on behalf of other BSSs (referred to as non-transmitting BSSIDs). For example, a management frame (such as a Beacon Frame or Probe Response Frame) may include a list of BSSIDs for some or all of the non-transmitting BSSIDs in the Multiple BSSID set. An indicator in the management frame may indicate whether the management frame includes a partial list or complete list of non-transmitting BSSIDs in the Multiple BSSID set. The management frame may include a count or bitmap to indicate the quantity of BSSIDs in the Multiple BSSID set. A station (STA) may indicate which BSSIDs it has discovered and request the remaining BSSIDs in the Multiple BSSID set.

Abstract: This disclosure provides methods, devices and systems related multi-link wireless communication. A method may include establishing, between the first WLAN device and a second WLAN device, a multi-link association that enables a first wireless communication link and a second wireless communication link. The method may include determining a temporal key for the multi-link association. The method may include encrypting a first and second media access control (MAC) protocol data unit (MPDU) based on the temporal key. The method may include preparing a first frame including the encrypted first MPDU and a second frame including the encrypted second MPDU. The method may include assigning packet numbers from a set of sequential packet numbers to the first and second frames. The method may include transmitting the first frame over the first wireless communication link and the second frame over the second wireless communication link.

Abstract: This disclosure provides systems, devices, apparatus and methods, including computer programs encoded on storage media, for providing uplink broadcast service connectivity via a wireless local area network (WLAN). In some implementations, a wireless device may transmit an uplink communication to an access point (AP) that supports uplink broadcast services, and the AP may forward the uplink communication to a remote destination indicated in the uplink communication. In some implementations, the wireless device may be in an unassociated state and may transmit the uplink communication without establishing a formal wireless session with the AP. The uplink communication may include a request for the AP to embed AP-provided data to the uplink communication before forwarding it the remote destination. This disclosure includes techniques to prevent flooding and unauthorized uplink communications being used for a denial of service attack on the remote destination.

Abstract: One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer-readable media, for using a locally administered address (LAA) on a network. In some aspects, a candidate address from an LAA range may be selected by either a first apparatus (such as a wireless station, STA) or a network apparatus (such as an access point, AP). A candidate address test may be performed by the STA or AP to determine if another apparatus is using the candidate network address on a communication medium. An extended address test may be used to determine if the candidate network address is being used by another apparatus in a layer two (data link layer) domain of a network. Several techniques for changing an LAA are provided, including techniques that use a fast session transfer (FST) procedure. In a peer-to-peer network, address changes may be handled using tunneled address change messages.

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer-readable media, to communicate discovery information regarding multiple basic service sets (BSSs) hosted at an apparatus. A group of BSSs having related basic service set identifiers (BSSIDs) may form a Multiple BSSID set. A first BSS may be referred to as having a transmitted BSSID (TxBSSID), while one or more other BSSs of the Multiple BSSID set may be referred to as having non-transmitted BSSIDs (NonTxBSSIDs). The apparatus can send discovery information for a station to determine the NonTxBSSIDs in addition to the TxBSSID. For example, the discovery information may be included in a fast-initial link setup (FILS) discovery (FD) frame that is sent between normal beacon times. This disclosure describes several ways to modify the FD frame to accommodate sending the discovery information for the Multiple BSSID set.

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer storage media, for enhancing a device provisioning protocol (DPP) to support multiple configurators. In one aspect, a first configurator device can export a configurator key package. In one aspect, the configurator key package may be used for backup and restore of the configurator keys. The configurator key package may include a configurator private signing key and, optionally, a configurator public verification key. A second configurator device may obtain the configurator key package and also may obtain decryption information which can be used to decrypt the configurator key package. Thus, in another aspect, both the first configurator device and the second configurator device can use the same configurator keys with the device provisioning protocol to configure enrollees to a network.

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer-readable media, for analyzing management frames for multiple basic service sets (BSSs). In one aspect, a wireless node may obtain a first management frame from a wireless local area network (WLAN) apparatus, the WLAN apparatus operating multiple virtual access points (VAPs) respectively corresponding to multiple BSSs. The wireless node may determine whether the first management frame includes a BSS profile of a BSS associated with the wireless node based, at least in part, on an arrangement of a plurality of BSS profiles within one or more management frames. The wireless node may determine to further process the first management frame based, at least in part, on a determination that the first management frame includes the BSS profile of the BSS associated with the wireless node.

Abstract: This disclosure provide systems, devices, apparatus and methods, including computer programs encoded on storage media, for providing service connectivity to a service of a service provider via a wireless local area network (WLAN). Several service connectivity techniques are described. In some implementations, a first wireless device may establish a communication link with the AP to access the service. In some implementations, the first wireless device may be an internet of things (IoT) device, and may be a headless IoT device. The communication link may be established without the wireless device joining a Basic Service Set (BSS) of an access point (AP). The service connectivity may be implemented using broadcast services between an AP and the wireless device. The broadcast services may be used for uplink broadcast traffic from the wireless device to a service provider via the AP. The service connectivity techniques may support onboarding and security features.

Abstract: This disclosure provide systems, devices, apparatus and methods, including computer programs encoded on storage media, for broadcast services feedback techniques. Several broadcast connectivity and feedback techniques are described. A broadcast connectivity protocol may be used by different types of wireless communication devices (such as an access point (AP) and station (STA)) to provide or access broadcast services. A security protocol or enhancement to the broadcast connectivity protocol may provide source authentication or verification for broadcast transmissions. The broadcast services feedback techniques can enable an AP to obtain feedback from one or more STAs. In some implementations, a negative acknowledgement (NACK) scheme may be used to efficiently obtain feedback from multiple STAs. The broadcast connectivity and feedback techniques may be used by a STA that does not have a wireless association with the AP. The techniques may be useful in servicing a multiple STAs in an environment.

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer-readable media, for signaling basic service set (BSS) identifiers (BSSIDs). A group of BSSs may form a Multiple BSSID set in which one BSS sent management frames on behalf of other BSSs (referred to as non-transmitting BSSIDs). For example, a management frame (such as a Beacon Frame or Probe Response Frame) may include a list of BSSIDs for some or all of the non-transmitting BSSIDs in the Multiple BSSID set. An indicator in the management frame may indicate whether the management frame includes a partial list or complete list of non-transmitting BSSIDs in the Multiple BSSID set. The management frame may include a count or bitmap to indicate the quantity of BSSIDs in the Multiple BSSID set. A station (STA) may indicate which BSSIDs it has discovered and request the remaining BSSIDs in the Multiple BSSID set.

Abstract: Methods, systems, apparatuses, and devices are described for access point privacy using media access control (MAC) address randomization. The access point may identify a MAC address for use with over-the-air (OTA) transmissions and a persistent MAC address for backend communications. The access point may communicate the OTA MAC address and the persistent MAC address to a wireless station. The access point and the wireless station may exchange data frames and perform MAC replacement techniques to map the OTA MAC address to the persistent MAC address. The persistent MAC address may provide for data routing, mobility management, etc., whereas the OTA MAC address may provide for privacy for the wireless transmissions.

Abstract: A method, an apparatus, and a computer-readable medium for wireless communication are provided. The apparatus may be configured to transmit a request message to a plurality of access points. The request message may include an address reserved for at least one of an access point feature, an access point service, or an access point vendor. The apparatus may be configured to receive a response message from at least one access point of the plurality of access points. The response message may indicate that the at least one access point has the access point feature, is associated with the access point service, or is associated with the access point vendor.

Abstract: Certain aspects of the present disclosure generally relate to wireless communications and, more particularly, to protecting control frames with power-related subfields. One example apparatus for wireless communications generally includes a processing system configured to generate a control frame comprising one or more power-related subfields and an integrity check value calculated based, at least in part, on the one or more power-related subfields and a transmitter configured to transmit the control frame. In aspects, a power management (PM) subfield, an end-of-service-period (EOSP) subfield, a more data (MD) subfield, or a traffic identifier (TID) subfield can be added to a group of additional authentication data (AAD) and the integrity check value is calculated based on the group of AAD.

Abstract: A device for wireless communication includes key logic configured to obtain a candidate group key corresponding to a data link group. The device also includes a wireless interface configured to transmit an announcement message to one or more devices of the data link group during a paging window designated for the data link group. The announcement message includes a multicast message and indicates availability of the candidate group key, and the announcement message.

Abstract: Device provisioning (e.g., enrollment, configuration, and/or authentication) of a client device with a network device may be improved. A client device may receive a first nonce and a network public key associated with the network device. The client device may generate a second nonce and provide the second nonce with an authentication request having at least a portion that is derived from a shared key. The shared key may be based on the first nonce, the second nonce, the network public key, and a client private key. A configurator device may assist in the transfer of nonces or keys. Following the authentication process, the client device may be configured for use with the network device to gain access to other network resources. In this manner, permission to gain access to the network device can be transparent to the user, often without the user having to enter codes or passwords.

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer storage media, for enhancing a device provisioning protocol (DPP) to support multiple configurators. In one aspect, a first configurator device can export a configurator key package. In one aspect, the configurator key package may be used for backup and restore of the configurator keys. The configurator key package may include a configurator private signing key and, optionally, a configurator public verification key. A second configurator device may obtain the configurator key package and also may obtain decryption information which can be used to decrypt the configurator key package. Thus, in another aspect, both the first configurator device and the second configurator device can use the same configurator keys with the device provisioning protocol to configure enrollees to a network.

Abstract: This disclosure provides systems, methods and apparatus, including computer programs encoded on computer storage media, for enhancing a device provisioning protocol (DPP) with assisted bootstrapping. In one aspect, a configurator device can provision an enrollee device for a network with the assistance of an intermediary device. The intermediary device may obtain enrollee bootstrapping data associated with the enrollee device and send the enrollee bootstrapping data to the configurator device. The configurator device may use the enrollee bootstrapping data in an authentication process between the configurator device and the enrollee device. Following the authentication, the enrollee device may be configured by the configurator device such that the enrollee device may access a network.