Search

US-12621662-B2 - Methods, devices and systems for repeating secure wireless connections

US12621662B2US 12621662 B2US12621662 B2US 12621662B2US-12621662-B2

Abstract

A method can include, by operation of a first wireless device, executing a hash operation on a first portion of a received authentication value to generate a hash result. In response to determining that a connection is to be refreshed, an authentication validate can be validated by decrypting a second portion of the authentication value to generate a decryption result and comparing the hash result to the decryption result. The decryption result can be stored. In response to determining that a connection is not to be refreshed, an authentication value can be validated by comparing the hash result to a previously stored decryption result. Corresponding devices and systems are also disclosed.

Inventors

  • Vikas Dineshkumar Shah
  • Rakesh Eluvan PERIYAELUVAN
  • Deepak Poongundrun

Assignees

  • CYPRESS SEMICONDUCTOR CORPORATION

Dates

Publication Date
20260505
Application Date
20240214

Claims (18)

  1. 1 . A method, comprising: by operation of a wireless device, executing a hash operation on a first portion of a received authentication value to generate a hash result, in response to determining that a connection is to be refreshed, the determining that the connection is to be refreshed comprising determining if the authentication value corresponds to a previous wireless connection made within a predetermined time period, validate the authentication value by decrypting a second portion of the authentication value to generate a decryption result, comparing the hash result to the decryption result, and storing the decryption result, and in response to determining that the connection is not to be refreshed, validate the authentication value by comparing the hash result to a previously stored decryption result.
  2. 2 . The method of claim 1 , wherein the received authentication value comprises a server digital certificate.
  3. 3 . The method of claim 1 , wherein decrypting the second portion of the authentication value includes accessing a decryption key included in a local digital certificate stored by the wireless device.
  4. 4 . The method of claim 1 , wherein the authentication value is included in a message of a transport layer security (TLS) handshake.
  5. 5 . The method of claim 4 , further including completing the TLS handshake in response to at least validating the authentication value.
  6. 6 . The method of claim 1 , wherein the authentication value is received in at least one data frame compatible with at least one IEEE 802.11 wireless standard.
  7. 7 . The method of claim 1 , further including: storing a decryption key in memory circuits of the wireless device; and decrypting the second portion with the decryption key.
  8. 8 . A device, comprising: wireless circuits configured to transmit and receive wireless messages, including receiving an authentication value; controller circuits configured to execute a hash operation on a first portion of the authentication value to generate a hash result, in response to determining that a connection is to be refreshed, the determining that the connection is to be refreshed comprising determining if the authentication value corresponds to a previous wireless connection made within a predetermined time period, validate the authentication value by decrypting a second portion of the authentication value to generate a decryption result and comparing the hash result to the decryption result, store the decryption result, and in response to determining that the connection is not to be refreshed, validate the authentication value by comparing the hash result to a previously stored decryption result; and memory circuits configured to store at least the previously stored decryption result.
  9. 9 . The device of claim 8 , wherein the wireless circuits are compatible with at least one IEEE 802.11 wireless standard.
  10. 10 . The device of claim 8 , wherein: the authentication value comprises a host device certificate; the memory circuits are configured to store a client device certificate that includes a decryption key; and the controller circuits are configured to decrypt the second portion of the authentication value with the decryption key.
  11. 11 . The device of claim 10 , wherein: the device certificate comprises a root certificate from a certificate authority; and the decryption key comprises a public key of a public key infrastructure.
  12. 12 . The device of claim 8 , wherein the authentication value is included in a message of a transport layer security handshake.
  13. 13 . The device of claim 8 , wherein the controller circuits are further configured to determine if the authentication value corresponds to a previous wireless connection.
  14. 14 . A system, comprising: a wireless device configured to execute a hash operation on a first portion of a received authentication value to generate a hash result, in response to determining that a connection is to be refreshed, the determining that the connection is to be refreshed comprising determining if the authentication value corresponds to a previous wireless connection made within a predetermined time period, validate the authentication value by decrypting a second portion of the authentication value to generate a decryption result and comparing the hash result to the decryption result, store the decryption result, and in response to determining that the connection is not to be refreshed, validate the authentication value by comparing the hash result to a stored previous decryption result; and an antenna system coupled to the wireless device.
  15. 15 . The system of claim 14 , wherein the wireless device is configured to determine if the authentication value corresponds to a previous wireless connection.
  16. 16 . The system of claim 14 , further including: the wireless device is further configured to wirelessly transmit a first message; and a remote device configured to transmit at least a second message in response to the first message that includes the authentication value.
  17. 17 . The system of claim 16 , wherein the first and second messages are part of a transport layer security (TLS) handshake.
  18. 18 . The system of claim 17 , further including the wireless device is configured to complete the TLS handshake in response to at least validating the authentication value.

Description

TECHNICAL FIELD The present disclosure relates generally to wireless systems, and more particular to wireless systems that can establish a secure connection by validating received authentication data, such as digital certificates. BACKGROUND The addition of network connectivity to consumer and industrial devices has resulted in the growing Internet of Things (IoT). To ensure the security of network connections, devices typically execute a protocol for establishing an encryption scheme between to endpoints. Such security protocols can include Secure Sockets Layer (SSL), Transport Layer Security (TLS) and various related protocols (e.g., QUIC). Many conventional security protocols rely on a certificate authority (CA) for authenticating endpoints, such as servers corresponding to queries to an Internet domain name. A CA can issue and/or sign digital certificates which can be transmitted to authenticate a sending endpoint. Such authentication operations typically involve the use of an agreed upon cryptographic hash function and a decryption operation using a Public Key Infrastructure (PKI) key. SUMMARY Embodiments can include methods, devices and systems that can execute a hash operation on a first portion of a received authentication value to generate a hash result. In response to determining that a connection is to be refreshed, the authentication value can be validated by decrypting a second portion of the authentication value to generate a decryption result and comparing the hash result to the decryption result. In response to determining that the connection is not to be refreshed (e.g., a connection is to a previously accessed server), the authentication value can be validated by comparing the hash result to a decryption result that was previously generated and stored. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a flow diagram of a method for validating authentication values of wireless connections according to an embodiment. FIG. 2 is a flow diagram of a method for validating authentication values with hash and decryption operations according to an embodiment. FIG. 3 is a flow diagram of a method for executing Transport Layer Security (TLS) handshakes according to an embodiment. FIGS. 4A and 4B show a flow diagram of a method for executing TLS handshakes according to another embodiment. FIG. 5 is a signaling diagram of a client-server system and corresponding operations according to embodiments. FIG. 6 is a diagram showing an example of the generation of digitally signed data. FIGS. 7A and 7B are diagrams showing authentication methods for digitally signed data according to an embodiment. FIG. 8 is a diagram showing operations on digital certificates according to an embodiment. FIG. 9 is a block diagram of a wireless device according to an embodiment. FIG. 10 is a block schematic diagram of a wireless device according to another embodiment. FIG. 11 is a diagram of an integrated circuit device according to an embodiment. FIG. 12 is a diagram showing a system with Internet-of-Things (IoT) devices according to an embodiment. FIGS. 13A and 13B are diagrams showing authentication operations of a voice activated/processing system according to an embodiment. FIG. 14 is a diagram showing authentication operations of a metering system according to an embodiment. DETAILED DESCRIPTION According to embodiments, a wireless device can provide rapid, and low power authentication for a previously accessed endpoint. When establishing a connection, a wireless device can receive an authentication value (e.g., digital certificate) from a destination endpoint, and execute various operations, including a decryption operation, to validate the authentication value. If the authentication value is valid, results of a decryption operation can be stored. In a later authentication operation (e.g., a subsequent connection to the same endpoint), rather than execute a decryption operation on a received authentication value, the stored decryption result can be used to validate the authentication value. By providing an authentication operation that does not include decryption, the authentication operation can faster and/or consume less power. In some embodiments, an authentication value can be a digital certificate that is parsed into first and second portions. In a one authentication operation, a hash operation can be executed on the first portion, while the second portion is subject to a decryption operation. The hashed result can be compared to the decrypted result. In another authentication operation, a hash operation can be executed on the first portion, which can be compared to a previously stored hash result without having to decrypt a second portion. In some embodiments, a received authentication value can be a server digital certificate issued by a Certificate Authority (CA). A wireless device can store a device digital certificate that can include a decryption key. In some embodiments, authentication operations can be part of a