Cellular telephones are well known. The pervasive use of cellular telephones has stimulated development into innovative new ways to increase the convenience and decrease the cost of their use. One example of such an innovation is the development of dual mode handsets. Dual mode handsets are cellular telephones that can be used both with a cellular telephone system and with a wireless local area network (LAN).
As voice over IP (VoIP) matures, there is a financial motivation to tie cellular telephones into wireless LANs. VoIP is substantially cheaper than traditional cellular communications. It is expected that dual mode handsets will have a substantial share of the cellular telephone market within a few years. Indeed, ABI Research has predicted that by 2009, there will be over 50 million dual mode handsets in operation, accounting for 7 percent of the handsets shipped that year.
Dual mode handsets allow a user to take advantage of residential gateways and access points to check email, surf the Internet, access enterprise networks, and place telephone calls. Thus, wireless LANs, such as WiFi compliant 802.11 networks, permit dual mode handset users to bypass the traditional cellular network by using the Internet to route telephone calls instead. This has the potential to result in substantial cost savings for both individuals and companies.
Access points are already common in homes, business offices, cafes, bookstores, and airports. As access points become more widespread, the advantages of such dual mode operation become even more apparent.
Cellular networks implement security procedures that provide adequately secure communications for normal personal and business use. These security procedures include airlink authentication and encryption, as well as subscriber authentication and service authorization.
When a handset is augmented to support IEEE 802.11, such security procedures must be implemented. However, since the airlink is then an IEEE 802.11 wireless LAN (that is, the airlink is then between the handset and an access point instead of between the handset and a cellular base station), a method for providing current wireless network security parameters (such as a pass phrase or key) to the handset is necessary.
IEEE 802.11 includes security features that are tested, validated, and certified under the WiFi Protected Access (WPA) program of the WiFi Alliance. There are two WPA security modes, WPA-Personal and WPA-Enterprise. The primary difference between these two modes is the use of an authentication server in the WPA-Enterprise mode, but not in the WPA-Personal mode. The authentication server participates in the exchange and distribution of keys. Thus, in the WPA-Enterprise mode, the distribution of keys is automatically facilitated.
However, in the WPA-Personal mode, all participating devices, e.g., cellular handsets, are expected to have a pre-shared key (PSK). PSKs are typically entered manually. Such manual entry may be acceptable for some devices, such as computers and devices that are readily connectable to computers, wherein the PSKs can be entered via a full size keyboard using a web browser. However, manual entry of PSKs is not a desired solution for devices that do not have and are not readily connectable to a full size keyboard. Manual entry via a keypad, such as the keypad of a cellular telephone, can be a difficult and frustrating task. Such entry is inconvenient and prone to error.
Further, some mobile/nomadic devices may not even have a keyboard or other means for entering a key. Of course, with such devices the manual entry of a key is not an option.
Many different types of devices other than cellular handsets may be used in a WiFi compliant IEEE 802.11 network. Such devices can include printers, cameras, and digital audio/video devices. Some of these devices have keyboards or keypads and some of these devices do not.
In-band (using the normal IEEE 802.11 communications) key distribution presents a substantial security risk, and therefore is not a viable option. Prior to the cellular device obtaining a PSK, such in-band communications are unencrypted. In-band key distribution presents a security risk because such unencrypted communications may easily be intercepted and misused. This possibility of intercept is the very reason that encryption and key distribution is desirable in the first place.
As such, although the prior art has recognized, to a limited extent, the problem of distributing PSKs to wireless devices, the proposed solutions have, to date, been ineffective in providing a satisfactory remedy. Therefore, it is desirable to provide a method for communicating a key to a wireless device so that manual entry of the key is not necessary.
Embodiments of the present invention and their advantages are best understood by referring to the detailed description that follows. It should be appreciated that like reference numerals are used to identify like elements illustrated in one or more of the figures.