Mutual authentication and encryption key generation in wireless ambient power (AMP) devices

What is claimed is: 1 . A method comprising: receiving, by an ambient power (AMP) device that harvests environmental energy, an identification (ID) request frame from a powered wireless device, wherein the ID request frame includes one or more frame-exchange parameters, and an authentication and key management (AKM) method; retrieving, from memory, a secret that is shared with the powered wireless device; determining, using the secret, one or more first AKM parameters associated with the AKM method; and transmitting, to the powered wireless device, by the AMP device, an ID response frame comprising an ID of the AMP device, at least one of the one or more frame-exchange parameters, and the one or more first AKM parameters with which the powered wireless device is to be mutually authenticated with the AMP device and to generate an encryption key to initiate an encrypted wireless communication session. 2 . The method of claim 1 , wherein the one or more frame-exchange parameters include at least one of a frame type, a session number, a cipher type, or physical layer (PHY) parameters. 3 . The method of claim 1 , wherein the one or more frame-exchange parameters include physical layer (PHY) parameters, the method further comprising using the PHY parameters to time transmitting the ID response frame so that the ID response frame is deconflicted with ID response frame transmissions by a plurality of other AMP devices. 4 . The method of claim 1 , wherein the ID response frame also comprises a frame type, and wherein the one or more first AKM parameters comprise one or more of Simultaneous Authentication of Equals (SAE) information, a password-based challenge, or an ID of a type of encryption. 5 . The method of claim 1 , wherein the secret describes an elliptical curve, and wherein the one or more first AKM parameters includes a scalar value comprising a random number and an element value comprising a location along the elliptical curve selected using the random number. 6 . The method of claim 1 , wherein the ID request frame further includes a checksum value, the method further comprising; verifying that the checksum value is correct; and in response to failing to verify the checksum value, terminating a procedure of establishing an authenticated and encrypted network session with the powered wireless device. 7 . The method of claim 1 , further comprising: receiving a data request frame including one or more second AKM parameters generated by the powered wireless device, an encrypted command, and a message integrity code (MIC); determining an encryption key using the one or more first AKM parameters and the one or more second AKM parameters; verifying the MIC with a first portion of the encryption key; decrypting the encrypted command with a second portion of the encryption key to generate a decrypted command; and executing the decrypted command. 8 . The method of claim 7 , wherein executing the encrypted command causes generating and transmitting a data response frame to the powered wireless device, the data response frame comprising encrypted data including at least one of status or environmental data retrieved from a coupled sensor. 9 . The method of claim 1 , further comprising: receiving a data request frame including one or more second AKM parameters generated by the powered wireless device, an encrypted command, and a message integrity code (MIC); determining an encryption key using the one or more second AKM parameters; failing to verify the MIC with a portion of the encryption key; and terminating an encrypted network session initiated with the powered wireless device. 10 . A method comprising: transmitting, by a powered wireless device, an identification (ID) request frame to an ambient power (AMP) device that harvests environmental energy, wherein the ID request frame includes one or more frame-exchange parameters and an authentication and key management (AKM) method; receiving an ID response frame from the AMP device, wherein the ID response frame comprises an ID of the AMP device, at least one of the one or more frame-exchange parameters, one or more first AKM parameters associated with the AKM method; determining one or more second AKM parameters using a secret, which is shared with the AMP device, and the one or more first AKM parameters; and determining, using the one or more second AKM parameters, an encryption key to initiate an encrypted wireless communication session with the AMP device. 11 . The method of claim 10 , wherein the one or more frame-exchange parameters include at least one of a frame type, a session number, a cipher type, or physical layer (PHY) parameters. 12 . The method of claim 10 , wherein the one or more frame-exchange parameters include a first AMP device identifier corresponding to the ID of the AMP device of a plurality of AMP devices. 13 . The method of claim 10 , wherein the one or more frame-exchange parameters include a broadcast value comprising an identifier corresponding to a plurality of AMP devices that includes the AMP device. 14 . The method of claim 10 , wherein the secret describes an elliptical curve, and wherein the one or more second AKM parameters comprises a scalar value comprising a random number and an element value comprising a location along the elliptical curve selected using the random number. 15 . The method of claim 10 , wherein the ID response frame further comprises a checksum value, the method further comprising: verifying the checksum value is correct; and in response to failing to verify the checksum value, terminating a procedure of establishing an authenticated and encrypted network session with the AMP device. 16 . The method of claim 10 , further comprising: transmitting a data request frame including the one or more second AKM parameters, an encrypted command, and a first message integrity code (MIC); receiving a data response frame comprising encrypted data including at least one of a status or environmental data associated with the AMP device and a second MIC; verifying the second MIC with a first portion of the encryption key; and decrypting the encrypted data with a second portion of the encryption key to generate decrypted data. 17 . The method of claim 16 , wherein the data request frame also includes a frame type, and wherein the one or more second AKM parameters comprise one or more of Simultaneous Authentication of Equals (SAE) information, a password-based challenge, or an ID of a type of encryption. 18 . The method of claim 16 , further comprising: transmitting a second data request frame including a second encrypted command and a third MIC; receiving a second data response frame comprising second encrypted data including at least one of a second status or environmental data associated with the AMP device and a fourth MIC; verifying the fourth MIC with the first portion of the encryption key; and decrypting the second encrypted data with the second portion of the encryption key to generate second decrypted data. 19 . The method of claim 10 , further comprising: transmitting a data request frame comprising the one or more second AKM parameters, an encrypted command, and a message integrity code (MIC); receiving a data response frame comprising encrypted data including at least one of a status or environmental data retrieved from a coupled sensor and a second MIC; failing to verify the MIC with a first portion of the encryption key; and terminating an encrypted network session