| 摘要 |
An apparatus and method establish a secure, direct, station-to-station communication between a first station and a second station in a topology (e.g., PBSS) having a central secret holder/provider that allows secure, direct, station-to-station communications and that allows secure station-to-station broadcast communications. The first station and the second station will have previously established a security association (SA) with a topology control point (PCP). The method includes creating pair-wise unique material for the first station. The pair-wise unique material is computed as a function of (i) a known shared secret associated with the PCP, (ii) a first piece of unique data associated with the first station, and (iii) a second piece of unique data associated with the second station. The method includes securely communicating the pair-wise unique material from the first station to the second station. |
| 主权项 |
1. A method for establishing a secure, direct, station-to-station communication between a first station and a second station, the method comprising:
creating pair-wise unique material for the first station, wherein the pair-wise unique material is computed as a function of (i) a known shared secret associated with a piconet basic service set control point (PCP), (ii) a first piece of unique data associated with the first station, and (iii) a second piece of unique data associated with the second station; securely communicating the pair-wise unique material from the first station to the second station, wherein the first station and the second station independently authenticate with the PCP prior to communicating to establish a security association (SA) with the PCP, and wherein the known shared secret is a group transient key (GTK) of the PCP, wherein the first station and the second station are members of a group of stations associated with the PCP, wherein the PCP is an access point and the group of stations are peer devices that are not access points; communicating, by the first station, directly via peer-to-peer communications with the second station using the pair-wise unique material to secure the peer-to-peer communications; broadcasting, by the first station, a communication to the group of stations using at least the GTK from the PCP to secure the communication, wherein communicating directly and broadcasting includes communicating without messages transiting the PCP; and in response to a race condition associated with colliding messages of a four-way handshake between the first station and the second station, selectively resolving the race condition based on a media access control (MAC) address of the first station and a MAC address of the second station or another unique identifier of the first station and the second station. |
