Optimizing Security Bits in a Media Access Control (mac) Header

1. A method of providing security information in a media access control (MAC) header by a wireless station, comprising: generating a data unit including the MAC header, the MAC header including: two bits that denote both whether the data unit is encrypted and an encryption key sequence (EKS) state for the data unit, the EKS state to comprise a permitted state according to a forward-only transition enforced for an EKS, the permitted state to comprise either an EKS state for a preceding encrypted data unit or a next EKS state after the EKS state for the preceding encrypted data unit according to the EKS, wherein the MAC header does not include a separate encryption control (EC) bit whose state denotes whether the data unit is encrypted, wherein three of four possible states of the two bits each denote one of three positions in the EKS state; encrypting at least a portion of the data unit with a current encryption key or with a new encryption key in accordance with the EKS state of the two bits before transmitting; and transmitting the data unit to a remote wireless station.

2. The method of claim 1 , wherein the two bits are EKS bits located in a predefined location within the MAC header.

3. The method of claim 1 , wherein one of four possible states of the two bits indicates that the data unit is unencrypted.

4. A method of retrieving security information in a media access control (MAC) header by a wireless station, comprising: receiving a data unit including the MAC header from a remote wireless station; and reading two encryption key sequence (EKS) bits in the MAC header that denote both whether the data unit is encrypted and an EKS state for the data unit, the EKS state to comprise a permitted state according to a forward-only transition enforced for an EKS, the permitted state to comprise either an EKS state for a preceding encrypted data unit or a next EKS state after the EKS state for the preceding encrypted data unit according to the EKS, wherein the MAC header does not include a separate encryption control (EC) bit whose state denotes whether the data unit is encrypted, wherein three of four possible states of the two EKS bits each denote one of three positions in the EKS state; and decrypting the data unit with a current encryption key or with a new encryption key in accordance with the EKS state of the two EKS bits.

5. The method of claim 4 , wherein the data unit is a MAC protocol data unit (MPDU).

6. The method of claim 4 , wherein one of four possible states of the two EKS bits indicates that the data unit is unencrypted; and reading a payload of the data unit as plaintext when the two EKS bits have the one of the four possible states.

7. A wireless station, comprising: a media access control (MAC) circuitry arranged to generate or parse a protocol data unit (PDU) including a MAC header that includes two encryption key sequence (EKS) bits that denote both whether the PDU is encrypted and an EKS state the PDU, the EKS state to comprise a permitted state according to a forward-only transition enforced for an EKS, the permitted state to comprise either an EKS state for a preceding encrypted PDU or a next EKS state after the EKS state for the preceding encrypted PDU according to the EKS, wherein the MAC header does not include a separate encryption control (EC) bit whose state denotes whether the PDU is encrypted, wherein three of four possible states of the two EKS bits each denote one of three positions in the EKS state; encrypting at least a portion of the data unit with a current encryption key or with a new encryption key in accordance with a the EKS state of the two bits before transmitting; and a physical layer (PHY) circuitry arranged to send the PDU to the MAC circuitry or to receive the PDU from the MAC circuitry.

8. The wireless station of claim 7 , wherein the MAC module is further arranged to encrypt or decrypt the PDU in accordance with a state of the two EKS bits.

9. The wireless station of claim 7 , wherein the MAC module is further arranged to read unencrypted data directly from a payload of the PDU in accordance with a state of the two EKS bits.

10. The wireless station of claim 7 , further comprising: an antenna coupled to the PHY module to wirelessly transmit or receive a signal including information in the PDU.

11. The wireless station of claim 7 , wherein one of the four possible states of the two EKS bits indicates that the PDU is unencrypted.