Patent Application
20230043779
The present application generally relates to protecting a feedback frame on a beamforming Wi-Fi signal, and more particularly to methods for reporting encryption capability.
Wi-Fi sensing is a concept in which existing Wi-Fi signals are used in a radar-like manner to determine, detect, and/or sense changes in the environment. These changes can include, for example, movements, motions, and/or gestures by person or an object, and through Wi-Fi sensing, one may determine precisely what a person is doing, how that person is moving, what kind of gestures that person is making, etc. Consequently, Wi-Fi sensing technology may be exploited, for example, by the “bad guys” to steal passwords and personal identification numbers (PINs) from unsuspecting victims by determining the victim's hand gesture as they enter their PIN on a keyboard. Therefore, techniques for encrypting such signals is desirable.
According to some embodiments, a method is described, including reporting, by a beamformee, an encryption capability indicator to a beamformer, wherein the encryption capability indicator is indicative of a capability of the beamformee to encrypt a feedback frame, receiving, by the beamformee from the beamformer, an announcement frame in response to the beamformer receiving an indication that the beamformee is capable of encrypting the feedback frame, and sending, by the beamformee, an encrypted feedback frame.
The announcement frame may include instructions for the beamformee to encrypt the feedback frame.
The encryption capability indicator may include a first state indicative of the beamformee being incapable of encrypting the feedback frame, a second state indicative of the beamformee being incapable of encrypting a non-TB sounding feedback frame and being capable of encrypting a TB sounding feedback frame, and a third state indicative of the beamformee being capable of encrypting the non-TB sounding feedback and the TB sounding feedback.
The encryption capability indicator may include a 2-bit indicator, and the first state is indicated by a 00 of the 2-bit indicator, the second state is indicated by a 01 of the 2-bit indicator, and the third state is indicated by a 10 of the 2-bit indicator.
The encryption capability indicator may include a first state indicative of the beamformee being incapable of encrypting the feedback frame, and a second state indicative of the beamformee being capable of encrypting the feedback frame.
The encryption capability indicator may include a 1-bit indicator, and the first state is indicated by a 0 of the 1-bit indicator and the second state is indicated by a 1 of the 1-bit indicator.
The encryption capability indicator may include a first state indicative of the beamformee being incapable of encrypting the feedback frame, a second state indicative of the beamformee being capable of encrypting up to a 996-tone resource unit (RU), a third state indicative of the beamformee being capable of encrypting up to a 2×996-tone RU, and a fourth state indicative of the beamformee being capable of encrypting up to a 4×996-tone RU.
The 996-tone RU corresponds to a bandwidth of 80 MHz, the 2×996-tone RU corresponds to a bandwidth of 160 MHz, and the 4×996-tone RU corresponds to a bandwidth of 320 MHz.
The method may further include receiving, by the beamformee from the beamformer a sounding frame, in response to receiving the announcement frame, wherein the feedback frame includes a compressed beamforming channel quality indicator (CQI).
The beamformee and the beamformer may be communicatively coupled over an extremely high throughput (EHT) Wi-Fi signal, and the encryption capability indicator is an EHT physical layer (PHY) capabilities indicator.
According to some embodiments, a method is described, including reporting, by a plurality of beamformees, an encryption capability indicator for each of the plurality of beamformees to a beamformer, wherein the encryption capability indicator corresponding to each of the beamformees is indicative of a capability of a respective beamformee of the plurality of beamformees to encrypt a feedback frame, receiving, by each beamformee from the beamformer, an announcement frame in response to the beamformer receiving an indication that at least one of the plurality of beamformees are capable of encrypting the feedback frame, and sending, by the beamformee capable of encrypting the feedback frame, the encrypted feedback frame.
The announcement frame may include instructions for the beamformee capable of encrypting the feedback frame to encrypt the feedback frame.
Each of the respective encryption capability indicators may include a first state indicative of the respective beamformee being incapable of encrypting the respective feedback frame, a second state indicative of the respective beamformee being incapable of encrypting a respective non-TB sounding feedback frame and being capable of encrypting a respective TB sounding feedback frame, and a third state indicative of the respective beamformee being capable of encrypting the respective non-TB sounding feedback and the respective TB sounding feedback.
Each of the respective encryption capability indicators may include a 2-bit indicator, and the first state is indicated by a 00 of the 2-bit indicator, the second state is indicated by a 01 of the 2-bit indicator, and the third state is indicated by a 10 of the 2-bit indicator.
Each of the respective encryption capability indicators may include a first state indicative of the respective beamformee being incapable of encrypting the feedback frame, and a second state indicative of the respective beamformee being capable of encrypting the feedback frame.
Each of the respective encryption capability indicators may include a 1-bit indicator, and the first state is indicated by a 0 of the 1-bit indicator and the second state is indicated by a 1 of the 1-bit indicator.
Each of the respective encryption capability indicators may include a first state indicative of the respective beamformee being incapable of encrypting the feedback frame, a second state indicative of the respective beamformee being capable of encrypting up to a 996-tone resource unit (RU), a third state indicative of the respective beamformee being capable of encrypting up to a 2×996-tone RU, and a fourth state indicative of the respective beamformee being capable of encrypting up to a 4×996-tone RU.
The 996-tone RU corresponds to a bandwidth of 80 MHz, the 2×996-tone RU corresponds to a bandwidth of 160 MHz, and the 4×996-tone RU corresponds to a bandwidth of 320 MHz.
Each of the respective feedback frames may include a respective compressed beamforming channel quality indicator (CQI).
The method may further include receiving, by each beamformee from the beamformer a sounding frame, in response to receiving the announcement frame, wherein the respective beamformee and the beamformer are communicatively coupled over an extremely high throughput (EHT) Wi-Fi signal, and the encryption capability indicator is an EHT physical layer (PHY) capabilities indicator.
The scope of the invention is defined by the claims, which are incorporated into this section by reference. A more complete understanding of embodiments of the invention will be afforded to those skilled in the art, as well as a realization of additional advantages thereof, by a consideration of the following detailed description of one or more embodiments. Reference will be made to the appended sheets of drawings that will first be described briefly.
Embodiments of the present disclosure and their advantages are best understood by referring to the detailed description that follows. Unless otherwise noted, like reference numerals denote like elements throughout the attached drawings and the written description, and thus, descriptions thereof will not be repeated. In the drawings, the relative sizes of elements, layers, and regions may be exaggerated for clarity.
Aspects of some embodiments of the present disclosure and methods of accomplishing the same may be understood more readily by reference to the detailed description of embodiments and the accompanying drawings. Hereinafter, embodiments will be described in more detail with reference to the accompanying drawings. The described embodiments, however, may be embodied in various different forms, and should not be construed as being limited to only the illustrated embodiments herein. Rather, these embodiments are provided as examples so that this disclosure will be thorough and complete, and will fully convey the aspects of the present disclosure to those skilled in the art. Accordingly, processes, elements, and techniques that are not necessary to those having ordinary skill in the art for a complete understanding of the aspects of the present disclosure may not be described.
Wi-Fi technology is used by many personnel in their day-to-day lives. Examples of some common devices that utilize Wi-Fi technology include laptop computers, smartphones, and tablet devices, among others. A user of these devices may operate them in a private environment like in their home, school, or work, or in public places like restaurants, libraries, airports, coffee shops, etc. When such devices are utilized in public places, the users are more vulnerable to intruders that may try to exploit the Wi-Fi signals to steal their private data. As a result, robust technologies have been implemented to prevent such exploitation by encrypting the Wi-Fi signals that carry information.
While conventional Wi-Fi technologies were based on the Wi-Fi signals that are emitted omnidirectionally, more recent Wi-Fi technologies perform beamforming to focus the Wi-Fi signals into a narrower beam toward specific receiving devices (e.g., client devices). Accordingly, a stronger signal may be provided in desired areas (e.g., in the focused area) and a less strong signal may be provided where the signal is not desired or not needed. For example,
According to another example as illustrated in
In some embodiments, when a beamformee desires to join a beamformer's network, the beamformee scans for a signal (e.g., Wi-Fi) signal of the beamformer. For example, the beamformer may be an access point and the beamformee may be a client device. Thus, when the beamformee wants to join the network, e.g., the beamformer's network, the beamformee searches for the beamformer's network by scanning, and then sends an association request to associate the beamformee with the beamformer. If certain criteria are met, then the beamformee may join the beamformer's network. This process may be referred to as an association process and may be performed according to various techniques specified in, for example, IEEE 802.11xx standards.
According to some embodiments, after the association process is performed, the beamformee and the beamformer may perform a sounding process to set up beamforming (as opposed to conventional omni-directional signals) between the beamformer and the beamformee.
Therefore, as illustrated in the examples of
According to some embodiments of the present disclosure, encryption capabilities of the beamformee may be reported to the beamformer during the association process, for example, after the beamformee finds (and joins) the beamformer's network but before performing the above described sounding processes (e.g., EHT non-TB sounding process and/or EHT TB sounding process).
According to some embodiments of the present disclosure, during the association process, for example following the process for searching, requesting, and joining the beamformer's network, the beamformee and the beamformer may exchange capability information. That is, the beamformee may report to the beamformer the capabilities of the beamformee, and the beamformer may report to the beamformee the capabilities of the beamformer. In some embodiments, one or more of the capabilities that are reported during this exchange may include the encryption capabilities of the beamformee.
In other words, because not all beamformees (e.g., client devices) are capable of encrypting feedback frames, the beamformee may report whether or not the beamformee is able to encrypt feedback frames to the beamformer. Accordingly, if the beamformee is able to encrypt the feedback frames, then the beamformer will recognize that this particular beamformee is capable of encrypting the feedback frames and will prepare to receive encrypted feedback frames. Accordingly, the beamformer may prepare to decrypt the feedback frames that it will receive encrypted.
In some embodiments, if the beamformee reports that the beamformee is unable or incapable of encrypting feedback frames, then the beamformer may accept unencrypted feedback frames or may not accept unencrypted feedback frames. In other words, whether or not the beamformer accepts unencrypted feedback frames from the beamformee may depend on the policy that is set for the beamformer, e.g., by an access policy. Such policy may be an information technology (IT) policy that is determined by the user based on the degree of security desired in this network. Thus, if the policy allows for accepting unencrypted feedback frames, then the beamformer will accept the unencrypted feedback frames. On the other hand, if the policy does not allow for accepting unencrypted feedback frames, then the beamformer will not accept unencrypted feedback frames. For example, the beamformer may reject the beamformee from joining the network so that no further exchange of information may occur between the beamformee and the beamformer.
Turning back to the embodiments of the present disclosure, the encryption capability reporting technique will now be described in more detail. According to some embodiments, an EHT physical layer (PHY) capabilities information field during the capabilities information exchange may include a field that represents an encryption capability of the beamformee. According to a first example, a 1-bit indicator may be implemented where a 0 bit indicates that the beamformee cannot encrypt and a 1 bit indicates that the beamformee can encrypt.
In some embodiments, the EHT PHY capabilities information field may include a 2-bit indicator. Accordingly, a 2-bit indicator provides more options (e.g., up to four choices). Thus, a 00 bit indicates that the beamformee cannot encrypt, a 01 bit indicates that the beamformee for a non-TB sounding cannot encrypt but a beamformee for a TB founding can encrypt, and a 10 bit indicates that the beamformee for both non-TB sounding and TB sounding may be encrypted. In some embodiments, a 11 bit may not be used or may be reserved for later use. It should be noted that this combination of bits is merely one example and that other combinations of bits may be utilized to achieve similar encryption capabilities information exchange. In other words, some form of another 1- or 2-bit indicator may be included during the association process, for example, during a capabilities exchange to indicate the encryption capability of the beamformee.
In some embodiments, the EHT PHY capabilities information field may include encryption capabilities based for different bandwidth or different resource unit (RU) sizes of the beamformee. For example, the beamformee may be able to encrypt feedback frames up to certain bandwidth sizes or RU sizes. According to one example, the beamformee may be capable of encrypting in cases where the feedback frame is up to 80 MHz or 996-tone RU but not capable of encrypting in cases where the feedback frame is larger than 80 MHz or 996-tone RU. In other examples, the beamformee may be capable of encrypting in cases where the feedback frame is up to 160 MHz or 2×996-tone RU. Yet in other examples, the beamformee may be capable of encrypting in cases where the feedback frame is up to 320 MHz or 4×996-tone RU. Accordingly, the EHT PHY encryption capabilities information field may be configured to report encryption capabilities of the beamformee based on different bandwidth and/or different RU sizes.
According to some embodiments, a 2-bit indicator may be utilized to report, for example, four choices, wherein a 00 indicates that the beamformee cannot encrypt, a 01 indicates that the beamformee can encrypt up to 996-tone RU or 80 MHz, a 10 indicates that the beamformee can encrypt up to 2×996-tone RU or 160 MHz, and a 11 indicates that the beamformee can encrypt up to 4×996-tone RU or 320 MHz. Again, as previously noted, this combination of bits is merely another example and that other combinations of bits may be utilized to achieve similar encryption capabilities information exchange. In other words, some form of another 1- or 2-bit indicator may be included during the association process, for example, during a capabilities exchange to indicate the encryption capability of the beamformee.
In some embodiments, the EHT PHY capabilities information field may be applicable for just the EHT non-TB sounding processes because depending on the circumstances, there may or may not be enough time to encrypt the feedback frames, whereas all EHT TB sounding cases may assumed to be all capable of encryption.
Accordingly, various techniques for reporting the encryption capabilities of a beamformee may be provided to the beamformer so that the beamformer can determine whether or not to allow this beamformee to join and remain on the network. In some embodiments, if the beamformer allows the beamformee to join the network, then the beamformer may proceed to sending the EHT NDP announcement frame 202, 302 as illustrated in
In some embodiments, the feedback frames may be encrypted using known encryption techniques such as, for example protected action frame, etc. The details of the encryption is beyond the scope of the present disclosure and will not be described in detail here. Furthermore, it should be noted that the sounding schemes described herein with reference to EHT non-TB sounding and EHT TB sounding are merely examples, and other sounding schemes may instead be used.
Accordingly, various techniques for reporting the encryption capabilities of a beamformee may be provided to the beamformer so that the beamformer can expect whether the feedback frame is going to arrive encrypted. If the feedback frames are encrypted, then it may be more difficult for a third party to hack the feedback frames to exploit information through Wi-Fi sensing.
Unless otherwise noted, like reference numerals, characters, or combinations thereof denote like elements throughout the attached drawings and the written description, and thus, descriptions thereof will not be repeated. Further, parts that are not related to, or that are irrelevant to, the description of the embodiments might not be shown to make the description clear.
In the drawings, the relative sizes of elements, layers, and regions may be exaggerated for clarity. Additionally, the use of cross-hatching and/or shading in the accompanying drawings is generally provided to clarify boundaries between adjacent elements. As such, neither the presence nor the absence of cross-hatching or shading conveys or indicates any preference or requirement for particular materials, material properties, dimensions, proportions, commonalities between illustrated elements, and/or any other characteristic, attribute, property, etc., of the elements, unless specified.
In the detailed description, for the purposes of explanation, numerous specific details are set forth to provide a thorough understanding of various embodiments. It is apparent, however, that various embodiments may be practiced without these specific details or with one or more equivalent arrangements. In other instances, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring various embodiments.
It will be understood that when an element, layer, region, or component is referred to as being “formed on,” “on,” “connected to,” or “coupled to” another element, layer, region, or component, it can be directly formed on, on, connected to, or coupled to the other element, layer, region, or component, or indirectly formed on, on, connected to, or coupled to the other element, layer, region, or component such that one or more intervening elements, layers, regions, or components may be present. In addition, this may collectively mean a direct or indirect coupling or connection and an integral or non-integral coupling or connection. For example, when a layer, region, or component is referred to as being “electrically connected” or “electrically coupled” to another layer, region, or component, it can be directly electrically connected or coupled to the other layer, region, and/or component or intervening layers, regions, or components may be present. However, “directly connected/directly coupled” refers to one component directly connecting or coupling another component without an intermediate component. Meanwhile, other expressions describing relationships between components such as “between,” “immediately between” or “adjacent to” and “directly adjacent to” may be construed similarly. In addition, it will also be understood that when an element or layer is referred to as being “between” two elements or layers, it can be the only element or layer between the two elements or layers, or one or more intervening elements or layers may also be present.
For the purposes of this disclosure, expressions such as “at least one of,” when preceding a list of elements, modify the entire list of elements and do not modify the individual elements of the list. For example, “at least one of X, Y, and Z,” “at least one of X, Y, or Z,” and “at least one selected from the group consisting of X, Y, and Z” may be construed as X only, Y only, Z only, any combination of two or more of X, Y, and Z, such as, for instance, XYZ, XYY, YZ, and ZZ, or any variation thereof. Similarly, the expression such as “at least one of A and B” may include A, B, or A and B. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items. For example, the expression such as “A and/or B” may include A, B, or A and B.
It will be understood that, although the terms “first,” “second,” “third,” etc., may be used herein to describe various elements, components, regions, layers and/or sections, these elements, components, regions, layers and/or sections should not be limited by these terms. These terms are used to distinguish one element, component, region, layer or section from another element, component, region, layer or section. Thus, a first element, component, region, layer or section described below could be termed a second element, component, region, layer or section, without departing from the spirit and scope of the present disclosure. The description of an element as a “first” element may not require or imply the presence of a second element or other elements. The terms “first”, “second”, etc. may also be used herein to differentiate different categories or sets of elements. For conciseness, the terms “first”, “second”, etc. may represent “first-category (or first-set)”, “second-category (or second-set)”, etc., respectively.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the present disclosure. As used herein, the singular forms “a” and “an” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises,” “comprising,” “have,” “having,” “includes,” and “including,” when used in this specification, specify the presence of the stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
As used herein, the term “substantially,” “about,” “approximately,” and similar terms are used as terms of approximation and not as terms of degree, and are intended to account for the inherent deviations in measured or calculated values that would be recognized by those of ordinary skill in the art. “About” or “approximately,” as used herein, is inclusive of the stated value and means within an acceptable range of deviation for the particular value as determined by one of ordinary skill in the art, considering the measurement in question and the error associated with measurement of the particular quantity (i.e., the limitations of the measurement system). For example, “about” may mean within one or more standard deviations, or within ±30%, 20%, 10%, 5% of the stated value. Further, the use of “may” when describing embodiments of the present disclosure refers to “one or more embodiments of the present disclosure.”
When one or more embodiments may be implemented differently, a specific process order may be performed differently from the described order. For example, two consecutively described processes may be performed substantially at the same time or performed in an order opposite to the described order.
Also, any numerical range disclosed and/or recited herein is intended to include all sub-ranges of the same numerical precision subsumed within the recited range. For example, a range of “1.0 to 10.0” is intended to include all subranges between (and including) the recited minimum value of 1.0 and the recited maximum value of 10.0, that is, having a minimum value equal to or greater than 1.0 and a maximum value equal to or less than 10.0, such as, for example, 2.4 to 7.6. Any maximum numerical limitation recited herein is intended to include all lower numerical limitations subsumed therein, and any minimum numerical limitation recited in this specification is intended to include all higher numerical limitations subsumed therein. Accordingly, Applicant reserves the right to amend this specification, including the claims, to expressly recite any sub-range subsumed within the ranges expressly recited herein. All such ranges are intended to be inherently described in this specification such that amending to expressly recite any such subranges would comply with the requirements of 35 U.S.C. § 112(a) and 35 U.S.C. § 132(a).
The electronic or electric devices and/or any other relevant devices or components according to embodiments of the present disclosure described herein may be implemented utilizing any suitable hardware, firmware (e.g., an application-specific integrated circuit), software, or a combination of software, firmware, and hardware, to process data or digital signals. For example, the various components of these devices may be formed on one integrated circuit (IC) chip or on separate IC chips. Further, the various components of these devices may be implemented on a flexible printed circuit film, a tape carrier package (TCP), a printed circuit board (PCB), or formed on one substrate. Circuit hardware may include, for example, application specific integrated circuits (ASICs), general purpose or special purpose central processing units (CPUs) that is configured to execute instructions stored in a non-transitory storage medium, digital signal processors (DSPs), graphics processing units (GPUs), and programmable logic devices such as field programmable gate arrays (FPGAs).
Further, the various components of these devices may be a process or thread, running on one or more processors, in one or more computing devices, executing computer program instructions and interacting with other system components for performing the various functionalities described herein. The computer program instructions are stored in a memory that may be implemented in a computing device using a standard memory device, such as, for example, a random access memory (RAM). The computer program instructions may also be stored in other non-transitory computer readable media such as, for example, a CD-ROM, flash drive, or the like. Also, a person of skill in the art should recognize that the functionality of various computing devices may be combined or integrated into a single computing device, or the functionality of a particular computing device may be distributed across one or more other computing devices without departing from the spirit and scope of the embodiments of the present disclosure.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the present disclosure belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and/or the present specification, and should not be interpreted in an idealized or overly formal sense, unless expressly so defined herein.
Embodiments described herein are examples only. One skilled in the art may recognize various alternative embodiments from those specifically disclosed. Those alternative embodiments are also intended to be within the scope of this disclosure. As such, the embodiments are limited only by the following claims and their equivalents.
This application claims priority to and the benefit of U.S. Provisional Application No. 63/229,786, filed Aug. 5, 2021, which is incorporated herein by reference in its entirety.
| Number | Date | Country | |
|---|---|---|---|
| 63229786 | Aug 2021 | US |
