主权项 |
1. A method for computing a pairwise temporal key (PTK) and a key conformation key (KCK) based on a cipher-based authentication code (CMAC) between a first device and a second device, comprising at each of the first and second devices:
computing a first and a second message authentication code (MAC) from a shared master key (MK) and a first and a second message exchanged between the first and the second devices; the first MAC representing the PRK and comprising bits of a result of a first CMAC computation applied under the MK, and the second MAC representing the KCK and comprising bits of a result of a second CMAC computation applied under the MK; and computing a third and a fourth MAC from the KCK and the first and the second message exchanged between the first and the second devices, the third MAC representing a first KMAC and comprising a first range of bits of a result of a third CMAC computation applied under the KCK, and the fourth MAC representing a second KMAC and comprising a second range of bits of the result of the third CMAC computation applied under the KCK, including the first KMAC in the second message; and verifying at the first device that the received first KMAC contained in the second message matches the computed first KMAC, sending the first message from the first device to the second device, the first message comprising a first data; and sending the second message from the second device to the first device, the second message comprising a second data, sending the third message from the first device to the second device, the third message comprising a third data, wherein the first data, the second data, and the third data further comprise a PTK index. |