Provisioning devices for secure wireless local area networks

摘要

Before establishing a connection between a first and a second devices, the first device determines whether a third device is a trusted or untrusted device. If it is a trusted device, the first device receives from the third device a public key and information indicating the public key of the second device; and, uses the public key by combining its own private key and the public key of the second device to generate a shared secret, and using the shared secret to communicate to the second device. Otherwise, the first device refrains from communications with the third device. Also, the second device combines its private key with the public key of the first device received from the trusted third device to generate the same shared secret, and uses the shared secret to provision the first device to access a secured wireless network provided by the second device.

主权项

1. A non-transitory computer-readable storage medium storing embedded instructions that when executed by a processor of a first device cause the processor to:
prior to establishing a connection between the first device and a second device, determine whether a third device different than the second device is a trusted device or an untrusted device; responsive to determining that the third device is the trusted device:
receive, by the first device from the third device:
a public key of the second device; andinformation indicating that the public key corresponds to the second device;authenticate the public key of the second device based on the public key being received through an authenticated channel between the first device and the third device;establish, by the first device, communications with the second device using the authenticated public key of the second device without verifying a signature certifying the public key; and responsive to determining that the third device is the untrusted device, refraining from communications with the third device.