1. Field of the Invention
The invention relates generally to a key search engine. More particularly, the invention relates to a reconfigurable key search engine adapted for use in a mobile unit capable of operating within a plurality of networks.
2. Description of the Related Art
New network standards and particularly wireless network standards are constantly being introduced. The term “wireless” generally refers to any system communicating data via a radio frequency (RF) or infrared (IR) link. The manner in which data is wirelessly exchanged between elements or components in a network is defined by one or more technical standards. Looking at wireless network standards, one finds a dizzying array of technical specifications including, as examples, Wi-Fi, Bluetooth, PCS, DECT, PWT, pager, cellular, and IEEE 802.11, 802.11a, 802.11b, 802.11i, 802.11g, 802.1x, WEP, WPA, and WPA2. These standards and others are introduced by various standards setting bodies, such the Institute of Electrical and Electronics Engineers (IEEE), the Wi-Fi Alliance, and the Internet Engineering Task Force (IETF).
Working with IEEE-defined technical requirements, the Wi-Fi Alliance seeks to practically implement wireless network standards through an interoperability testing and certification program. The IETF seeks to define the evolution of Internet architecture and standardize its operation. The wireless standards or protocols produced by these groups address, among other issues, the issues of data privacy (encryption/decryption) and user authentication.
The term “protocol” broadly describes any agreed upon standard enabling data communication between two or more network elements or components. In the classic sense, a protocol establishes standards that “holds together” the data communication network. At a minimum, a protocol will define acceptable data expressions and related data packet configurations. Data privacy encoding, error checking/correcting encoding, data (or data packet) identification information, and similar data management features are normally part and parcel of a protocol.
The development of wired and wireless data communication protocols is an evolutionary process driven largely by advances in technology. For example, conventional Ethernet connected networks have given way in recent years to so-called Wireless Local Area Networks (WLAN) as the technologies enabling wireless communication have matured. Unfortunately, rapidly evolving technology has produced a proliferation of data communication systems and related technical standards and protocols. These disparate systems define different security mechanisms and algorithms. Each security mechanism and algorithm generally requires its own set of security keys.
In this regard, a brief review of some recent evolution in wireless network security standards is informative. A discussion of data privacy in contemporary wireless networks begins with the WLAN security standard known as (IEEE) 802.11. To a great extent, this standard enabled practical use of WLANs in home and small office environments, but proved inadequate for use in large enterprise settings. The security provided by the 802.11 standard just isn't commercial grade in relation to both data privacy and user authentication.
The data privacy mechanism provided by 802.11 is commonly referred to as Wired Equivalency Privacy (WEP) and implements an RC4 encryption algorithm. The RC4 encryption technique in and of itself is sufficiently strong to protect data, but its weak implemented within 802.11 only protects data from the most casual of eavesdroppers. This, coupled with the proliferation of readily available hacking tools, has resulted in WEP being generally discredited for use in enterprise environments.
The 802.1x standard was introduced to specifically address the security deficiencies inherent in 802.11. An upgraded data privacy mechanism referred to as Wi-Fi Protected Access (WPA) was included as part of this standard. WPA incorporates a so-called Temporal Key Integrity Protocol (TKIP) which implements a much stronger version of the RC4 encryption algorithm. As compared with WEP, TKIP changes that way security keys are derived, and rotates the keys more frequently for additional security. WPA does an excellent job of plugging the security holes apparent in WEP-enabled devices but it requires a firmware or driver upgrade to do so.
The 802.1x standard is actually a subset of the 802.11i standard. 802.11i includes two data privacy mechanism; WPA, and Robust Security Network (RSN). RSN provides data privacy using an Advanced Encryption Standard (AES) which is significantly stronger than the data privacy mechanisms provided by WEP and WPA. However, RSN will not run on legacy devices without a hardware upgrade. Thus, only the newest devices have the hardware required to accelerate the execution of the underlying RSN algorithm(s) to the point where its use becomes practical. Hence, WPA improves legacy device performance to an acceptable level, but RSN is probably the future of wireless data privacy for devices implementing 802.11i.
The difficult job of providing data privacy in a network is further complicated by the great variety of data being communicated. For example, 802.11e is a standard defining a set of Quality of Service (QoS) enhancements for local area networks, and in particular networks using the 802.11 standard. These enhancements are deemed critical for the transmission of delay-sensitive applications such Voice-over-IP and streaming multimedia. 802.11e adds an identifying header field to the transmitted data. This header defines the data's QoS (i.e., the data's relative priority within the network). Hence, 802.11e is just one more example of a data protocol resulting in data (and data packets) having a unique configuration.
The increasing variety of networks potentially capable of communicating with a mobile unit further challenges the respective data privacy mechanisms associated with the respective networks and mobile units operating within one or more of the networks. Ethernet and similarly hardwired networks are now joined by a multiplicity of WLANs, Wireless Personal Area Networks (WPANs), and Wide Area Metropolitan Networks (WMANs) (e.g. 802.16, WiBro, and/or WiMax-enabled networks).
Consider the simple example shown in FIG. 1. A mobile unit 1 (e.g., a handheld device, a handheld personal computer (PC), a portable or laptop computer, a Personal Digital Assistant (PDA), a mobile or cellular telephone, a wireless Internet device, a protocol-enabled telephone, a portable wireless device, a handheld remote control, or an asset management tag) may be independently capable of receiving data from an Ethernet connected network 5, a WMAN 2, a WLAN 3, or an Ad Hoc network 4. Worse yet, the mobile unit may pass through one or more of the wireless networks as the unit is physically moved or altered in its operating mode. Further, the possibility exists for the mobile unit to be simultaneously connected within two or more networks. For example, a laptop computer might be able to receive data related to a business account from a WLAN (or an Ethernet connected network) while being simultaneously enabled to receive data related to a personal account from a WMAN.
In such circumstances, multiple networks are capable of transmitting data to a single mobile unit. The mobile unit must, therefore, be able to distinguish between data from the plurality networks, and properly apply the data privacy mechanism(s) and method(s) associated with the respective networks. At a minimum, the mobile device must be able to properly encrypt and decrypt data related to the different networks.
Since each network uses a different security key or set of security keys, the mobile unit must provide some ability to store a plurality of security keys and the some additional ability to search through the stored plurality of security keys. This is no mean feat since sophisticated networks typically use a data privacy mechanism relying on a large number of security keys.