WO2014153908A1 - Communication device and wireless communication method - Google Patents
Communication device and wireless communication method Download PDFInfo
- Publication number
- WO2014153908A1 WO2014153908A1 PCT/CN2013/080455 CN2013080455W WO2014153908A1 WO 2014153908 A1 WO2014153908 A1 WO 2014153908A1 CN 2013080455 W CN2013080455 W CN 2013080455W WO 2014153908 A1 WO2014153908 A1 WO 2014153908A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- message frame
- frame
- address
- access control
- mac
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/71—Hardware identity
Definitions
- the present invention relates to the field of communication technologies, and in particular to a communication device and a wireless communication method. Background technique
- the communication device always uses the same MAC (Medium Access Control) address, which makes it easy to be tracked and attacked.
- the STA uses the MAC address from the initial connection to the network to the key negotiation, and the MAC address is transparent to the third party before the key negotiation is completed, that is, the 4 is easily used by the third party. Used to track STAs to attack STAs.
- the present invention is based on the above problems, and proposes a new technical solution, which enables the communication parties to use different media access control addresses at different times, thereby improving communication security.
- the present invention provides a communication apparatus, including: a message generation module, generating a first message frame, the first message frame including at least a first source medium access control (MAC) address and a first destination medium access control a (MAC) address, generating a second message frame, the second message frame including at least a second source medium access control (MAC) address, and a second destination medium access control (MAC) address generation according to the data interaction module a third message frame, the third message frame includes at least a second source medium access control (MAC) address and the second destination medium access control (MAC) address; the data interaction module sends the first time point a first message frame, transmitting the second message frame after the first time point, and receiving the Responding to the message frame of the second message frame, and sending the third message frame at a second time point, where the response message frame of the second message frame includes at least the second destination medium access control (MAC) address;
- the communication device may be a mobile phone or a tablet, or may be a device such as a router.
- the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
- N ⁇ 4 port is NAN (neighbor awareness networking)
- MAC 1A is adopted.
- Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks.
- the two communication devices can update the MAC address by negotiation.
- the first communication device replaces the MAC 1A address with the MAC 2A address
- the second communication device replaces the MAC IB address.
- the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization.
- the MAC address is tracked and attacked, thereby effectively improving the security of the communication.
- the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
- the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band.
- the switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame.
- the first message frame since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message. Frame or Is the action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be managed.
- the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
- the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
- the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
- the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
- the method further includes: a processing module, and the receiver of the first message frame negotiates the session key by using at least the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second source medium access control address in the second message frame or the third message frame.
- the communication parties establish a network connection and the two parties have negotiated a session key
- the second source medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message.
- MAC medium access control
- the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the communication device supports a multi-media access control address operation function; and the data interaction The module further receives a response message frame of the first message frame, where the response message frame includes a second function identifier bit, and the second function identifier bit indicates that the sender of the response message frame supports a multi-media access control address operation.
- the two sides of the message frame of the response frame of the first message frame and the first message frame may carry the capability identification information element or the bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example,
- a message frame is a service discovery message frame, and then multiple MAC address capability identification information elements or locations in other order domains may be encapsulated in the frame order domain 1 of the service discovery message frame.
- the reservation in the MAC frame header may also be used.
- the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
- the present invention also provides a wireless communication method, including: generating a first message frame, and transmitting the first message frame at a first time point, where the first message frame includes at least a first source medium access control (MAC) An address and a first destination medium access control (MAC) address; after the first time point, the method further includes: generating a second message frame, and sending the second message frame to a receiver of the first message frame, where The second message frame includes at least a second source medium access control address, and receives a response message frame of the second message frame from a receiver of the first message frame, where the response message frame of the second message frame includes at least a second destination medium access control address; generating a third message frame, and sending a third message frame to the receiver of the first message frame at a second time point, where the third message frame includes at least the second source medium access a control (MAC) address and the second destination medium access control (MAC) address; wherein the first source medium access control address, the first destination medium access control location The address, the second source medium access control address
- the communication device may be a mobile phone or a tablet, or may be a device such as a router.
- the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
- N ⁇ 4 port is NAN (neighbor awareness networking)
- MAC 1A is adopted.
- Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device performs an attack.
- the two communication devices can update the MAC address by negotiation, for example, the first communication device switches the MAC 1A address to the MAC 2A address, and the second communication device will The MAC IB address is replaced with a MAC 2B address.
- the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing The third party uses the MAC address for tracking and attack, thereby effectively improving the security of the communication.
- the first message frame, the second message frame, and the third message frame are a management message frame, an action message frame, a control message frame, or a data frame, where The types of a message frame, the second message frame, and the third message frame are the same or different.
- the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band.
- the switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame.
- the first message frame since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message.
- the frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
- the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
- the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
- the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
- the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
- the method further includes: receiving the first message frame to Reusing the first source medium access control address and the first destination medium access control address to negotiate a session key; and encrypting the second message frame or the third message frame with the session key The second source medium access control address.
- the communication parties establish a network connection and the two parties have negotiated a session key
- the second source medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message.
- MAC medium access control
- the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function;
- the wireless communication method further includes: receiving a response message frame of the first message frame, the response message frame includes a second function identifier bit, and the second function identifier bit indicates a sender of the response message frame Support multi-media access control address operation function.
- the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can The response of the first message frame and the first message frame is cancelled, and the frame body part of the frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, such as the first message frame.
- the MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame, and may also be represented by a reserved bit in the MAC frame header. It supports multiple MAC address manipulation functions.
- the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, which are not described here.
- the present invention further provides a communication device, including: a message generating module, configured to generate a response message frame of the second message frame according to the second message frame received by the data interaction module, where the second message frame includes at least The second source medium access control address, the response message frame of the second message frame includes at least a second destination medium access control address, and the data interaction module receives the first message frame at the first time point, the first message
- the frame includes at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address, after receiving the second message frame and transmitting a response of the second message frame after the first time point a frame, and receiving a third message frame at a second time point, the third message frame including at least the second source medium access control a (MAC) address and the second destination medium access control (MAC) address; wherein the first source medium access control address, the first destination medium access control address, the second source medium access control address, and The second destination medium access control addresses are different from each other.
- MAC source medium access control
- the communication device may be a mobile phone or a tablet, or may be a device such as a router.
- the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
- N ⁇ 4 port is NAN (neighbor awareness networking)
- MAC 1A is adopted.
- Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks.
- the two communication devices can update the MAC address by negotiation.
- the first communication device replaces the MAC 1A address with the MAC 2A address
- the second communication device replaces the MAC IB address.
- the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization.
- the MAC address is tracked and attacked, thereby effectively improving the security of the communication.
- the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
- the joint type of the frame control domain type Type and the subtype Subtype is used to identify the type of the frame, for example,
- "001000” is used to identify the band switching message frame as a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame control field type Type and the subtype Subtype is used to identify The type of the frame, for example, "010110" can be used to identify the band switching message frame as an action message frame or a control message frame.
- a message frame is a management message frame or an action message frame
- the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication
- the second message frame And third A message frame can be a management message frame, an action message frame, or a data frame.
- the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
- the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
- the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
- the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
- the method further includes: a processing module, and the sender of the first message frame negotiates the session key by using at least the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second destination medium access control address in the response message frame of the second message frame.
- the communication parties establish a network connection and the two parties have negotiated a session key
- the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the response message frame of the second message frame.
- the frame body part, wherein the source address and the destination address of the second message frame response message frame are a first source medium access control address and a first destination medium access control address, respectively.
- the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier bit is further included in the response message frame of the first message frame, where the second function flag indicates that the communication device supports the multi-media access control address operation function.
- the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can
- the frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is Service Now the message frame, then the MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame.
- the reserved bits in the MAC frame header may also be used to indicate its support. Multiple MAC address manipulation features.
- the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
- the present invention also provides a wireless communication method, comprising: receiving a first message frame at a first time point, the first message frame including at least a first source medium access control (MAC) address and a first destination medium access control (MAC address; after the first time point, further comprising: receiving a second message frame from a sender of the first message frame, and sending the second message frame to a sender of the first message frame a response message frame, wherein the second message frame includes at least the second source medium access control (MAC) address, and the response message frame of the second message frame includes at least a second destination medium access control address; Receiving, by the second time point, a third message frame, where the third message frame includes at least the second source medium access control (MAC) address and the second destination medium access control (MAC) address; wherein, the first The source medium access control address, the first destination medium access control address, the second source medium access control address, and the second destination medium access control address are not mutually The same.
- MAC source medium access control
- MAC destination medium access control
- the communication device may be a mobile phone or a tablet, or may be a device such as a router.
- the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
- N ⁇ 4 port is NAN (neighbor awareness networking)
- MAC 1A is adopted.
- Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks.
- the two communication devices can update the MAC address by negotiation.
- the first communication device replaces the MAC 1A address with the MAC 2A address
- the second communication device replaces the MAC IB address.
- the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization.
- MAC address tracking and Attack which effectively improves the security of communication.
- the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
- the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band.
- the switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame.
- the first message frame since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message.
- the frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
- the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
- the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
- the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
- the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
- the method further includes: negotiating a session key with the first source medium access control address and the first destination medium access control address with the sender of the first message frame; The session key encrypts the second destination medium access control address in the response message frame of the second message frame.
- the two parties in the communication are establishing a network.
- the network connection and the parties have negotiated a session key
- the second destination medium access control (MAC) address is encrypted with the session key and encapsulated in the frame body portion of the response message frame of the second message frame, wherein the second message frame
- the source address and the destination address of the response message frame are the first source medium access control address and the first destination medium access control address, respectively.
- the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier bit is included in the response message frame of the first message frame, where the second function identifier bit indicates that the sender of the response message frame supports the multi-media access control address operation function.
- the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can
- the frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is The service discovery message frame, then the MAC address capability identification information element or the location of other order domains may be encapsulated in the frame body domain 1 of the service discovery message frame.
- the reserved bits in the MAC frame header may also be used to represent the message frame. Support for multiple MAC address operation functions.
- the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, which are not described here.
- Figure 1 shows a block diagram of a communication device in accordance with one embodiment of the present invention
- FIG. 2 shows a flow chart of a wireless communication method in accordance with one embodiment of the present invention
- FIG. 3 shows a block diagram of a communication device in accordance with another embodiment of the present invention
- FIG. 4 is a flow chart showing a wireless communication method according to another embodiment of the present invention.
- FIG. 5 is a flowchart showing an embodiment of the switching medium access control address according to an embodiment of the present invention. Schematic diagram of the M1 signaling in the medium;
- FIG. 7 is a schematic structural diagram of M2 signaling in the embodiment shown in FIG. 5. detailed description
- Figure 1 shows a block diagram of a communication device in accordance with one embodiment of the present invention.
- a communication device 100 includes: a message generating module 102, generating a first message frame, where the first message frame includes at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address, generating a second message frame, the second message frame including at least a second source medium access control (MAC) address, and a second destination medium access according to the data interaction module 104
- the control (MAC) address generates a third message frame, the third message frame including at least a second source medium access control (MAC) address and the second destination medium access control (MAC) address;
- the data interaction module 104 Transmitting the first message frame at a first time point, transmitting the second message frame and receiving a response message frame of the second message frame after the first time point, and sending the message frame at a second time point a third message frame, the response message frame of the second message frame includes at least the second destination medium access control (MAC) address; wherein, the first Media Access Control address, a media access
- the communication device 100 may be a mobile phone or a tablet, or may be a device such as a router, the message generation module 102 may be a chip module for data processing in the communication device, and the data interaction module 104 is equivalent to a signal transceiver device and Antennas, etc.
- the network is a neighboring awareness network (NAN), when the two communication devices initially establish a network, the MAC 1A address and the MAC IB are respectively adopted.
- NAN neighboring awareness network
- the two communication devices can update the MAC address by negotiation, for example, the first communication device replaces the MAC 1A address with the MAC 2A address, and the second communication device replaces the MAC IB address with the MAC 2B address.
- the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing the third party from using the MAC address for tracking. And attacks, thereby effectively improving the security of communication.
- the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
- the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band.
- the switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame.
- the first message frame since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message.
- the frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
- the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
- the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
- the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
- the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be Encapsulating the updated content of a certain order domain of the frame body portion of the frame
- the MAC address is used to notify the other party.
- the method further includes: the processing module 106, and the receiver of the first message frame negotiates the session secret with the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second source medium access control address in the second message frame or the third message frame.
- the communication parties establish a network connection and the two parties have negotiated a session key
- the second source medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message.
- MAC medium access control
- the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the communication device 100 supports a multi-media access control address operation function; and the data The interaction module further receives a response message frame of the first message frame, where the response message frame includes a second function identifier bit, where the second function identifier bit indicates that the sender of the response message frame supports the multi-media access control address Operational function.
- the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can
- the first message frame and the first frame the response of the frame is cancelled, and the frame body part of the frame carries the capability identification information element or the bit in the MAC frame header to indicate the operation function of both sides supporting multiple MAC addresses, such as the first message.
- the frame is a service discovery message frame
- the multiple MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame.
- the reserved bits in the MAC frame header may also be used. Indicates that it supports multiple MAC address manipulation functions.
- the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
- FIG. 2 shows a flow chart of a method of wireless communication in accordance with one embodiment of the present invention.
- the wireless communication method includes: Step 202: Generate a first message frame, and send the first message frame at a first time point, where the first message frame is at least The first source medium access control (MAC) address and the first destination medium access control (MAC) address are included; after the first time point, the method further includes: Step 204: Generate a second message frame, to the first message Receiving, by the receiver of the frame, the second message frame, the second The information frame includes at least a second source medium access control address, and receives a response message frame of the second message frame from a receiver of the first message frame, where the response message frame of the second message frame includes at least a second destination a medium access control address; Step 206: Generate a third message frame, and send a third message frame to the receiver of the first message frame at a second time point, where the third message frame includes at least the second source medium access Control (MAC) address and the second destination medium access control
- MAC source medium access Control
- MAC MAC address
- the communication device may be a mobile phone or a tablet, or may be a device such as a router.
- the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
- N ⁇ 4 port is NAN (neighbor awareness networking)
- MAC 1A is adopted.
- Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks.
- the two communication devices can update the MAC address by negotiation.
- the first communication device replaces the MAC 1A address with the MAC 2A address
- the second communication device replaces the MAC IB address.
- the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization.
- the MAC address is tracked and attacked, thereby effectively improving the security of the communication.
- the first message frame, the second message frame, and the third message frame are a management message frame, an action message frame, a control message frame, or a data frame, where The types of a message frame, the second message frame, and the third message frame are the same or different.
- the joint type of the frame control domain type Type and the subtype Subtype is used to identify the type of the frame, for example,
- the band switching message frame as a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the type and subtype of the frame control field
- the joint value of Subtype is used to identify the type of the frame. For example, "010110" can be used to identify the band switch message frame as an action message frame or a control message frame.
- the first message frame since the first message frame occurs in the initial establishment of the network.
- the first message frame is a management message frame or an action message frame
- the second message frame and the third message frame occur after the initial network is established, and the subsequent session secrets are already known to both parties of the communication. Key, then the second message frame and the third message frame may be management message frames, action message frames or data frames.
- the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
- the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
- the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
- the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
- the method further includes: negotiating a session key with the first source medium access control address and the first destination medium access control address with the receiver of the first message frame;
- the session key encrypts the second source medium access control address in the second message frame or the third message frame.
- the communication parties establish a network connection and the two parties have negotiated a session key
- the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message.
- MAC medium access control
- the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function;
- the wireless communication method further includes: receiving a response message frame of the first message frame, where the response message frame includes a second function identifier bit, and the second function identifier The bit indicates that the sender of the response message frame supports the multi-media access control address operation function.
- the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can The response of the first message frame and the first message frame is cancelled, and the frame body part of the frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, such as the first message frame.
- the MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame, and may also be represented by a reserved bit in the MAC frame header. It supports multiple MAC address manipulation functions.
- the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
- FIG. 3 shows a block diagram of a communication device in accordance with another embodiment of the present invention.
- the communication device 300 includes: a message generating module 302, configured to generate a response message frame of the second message frame according to a second message frame received by the data interaction module,
- the second message frame includes at least a second source medium access control address
- the response message frame of the second message frame includes at least a second destination medium access control address.
- the data interaction module 304 is at the first time point.
- the first message frame including at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address
- receiving the second message after the first time point
- transmitting a response frame of the second message frame and receiving a third message frame at a second time point
- the third message frame including at least the second source medium access control (MAC) address and the second a destination medium access control (MAC) address, wherein the first source medium access control address, the first destination medium access control address, and the second Media access control address and the second destination media access control address different from each other.
- MAC source medium access control
- MAC destination medium access control
- the communication device 300 may be a mobile phone or a tablet, or may be a device such as a router, the message generation module 302 may be a chip module for data processing in the communication device 300, and the data interaction module 304 is equivalent to a signal transceiver device. And antennas, etc.
- the network is a neighboring awareness network (NAN), when the two communication devices initially establish a network, the MAC 1A address and the MAC IB are respectively adopted.
- NAN neighboring awareness network
- the MAC 1A address and the MAC IB address are transparent to the third party, and the MAC address is easily obtained by the third party to attack the entire network or attack a single communication device. Therefore, after the network is successfully established
- the two communication devices can update the MAC address by negotiation, for example, the first communication device replaces the MAC 1A address with the MAC 2A address, and the second communication device replaces the MAC IB address with the MAC 2B address, for both parties to the communication.
- the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, thereby preventing third parties from using the MAC address for tracking and attack, thereby effectively improving The security of communication.
- the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
- the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band.
- the switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame.
- the first message frame since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message.
- the frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
- the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
- the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
- the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is Message frames of a response frame, reassociation response frame, etc., interact with other communication devices, and in these messages
- the frame encapsulates its updated MAC address and notifies the other party.
- the MAC address updated by itself may be encapsulated in an order domain of the frame body portion of the service discovery message frame to notify the other party.
- the method further includes: a processing module 306, and the sender of the first message frame negotiates the session secret with the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second destination medium access control address in the response message frame of the second message frame.
- the communication parties establish a network connection and the two parties have negotiated a session key
- the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the response message frame of the second message frame.
- the frame body portion, wherein the second message frame is responsive, and the source address and the destination address of the frame are the first source medium access control address and the first destination medium access control address, respectively.
- the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier bit is further included in the response message frame of the first message frame, where the second function identifier bit indicates that the communication device 300 supports the multi-media access control address operation function.
- the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can
- the frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is The service discovery message frame, then the MAC address capability identification information element or the location of other order domains may be encapsulated in the frame body domain 1 of the service discovery message frame.
- the reserved bits in the MAC frame header may also be used to represent the message frame. Support for multiple MAC address operation functions.
- the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, which are not described here.
- a wireless communication method includes: Step 402: Receive a first message frame at a first time point, where the first message frame includes at least a first source medium access control (MAC) address and first destination medium access control (MAC) address; After the first time point, the method further includes: Step 404: Receive a second message frame from a sender of the first message frame, and send a response of the second message frame to a sender of the first message frame a message frame, where the second message frame includes at least the second source medium access control
- MAC source medium access control
- MAC destination medium access control
- Step 406 Receive a third message frame at a second time point, where the third message frame includes at least the a second source medium access control (MAC) address and the second destination medium access control (MAC) address; wherein the first source medium access control address, the first destination medium access control address, the second The source medium access control address and the second destination medium access control address are different from each other.
- MAC source medium access control
- MAC destination medium access control
- the communication device may be a mobile phone or a tablet, or may be a device such as a router.
- the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
- N ⁇ 4 port is NAN (neighbor awareness networking)
- MAC 1A is adopted.
- Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks.
- the two communication devices can update the MAC address by negotiation.
- the first communication device replaces the MAC 1A address with the MAC 2A address
- the second communication device replaces the MAC IB address.
- the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization.
- the MAC address is tracked and attacked, thereby effectively improving the security of the communication.
- the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
- the joint type of the frame control domain type Type and the subtype Subtype is used to identify the type of the frame, for example,
- the band switching message frame is a management message frame; when the first message frame or the second message
- the frame is an action message frame or a control message frame
- the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame.
- "010110" can be used to identify the band switch message frame as an action message frame or a control message.
- a frame specifically in the present solution, because the first message frame occurs in the process of initially establishing the network, generally the first message frame is a management message frame or an action message frame, a second message frame, and a third message frame. After the initial network establishment, the subsequent session key is already known to both parties of the communication, and the second message frame and the third message frame may be management message frames, action message frames or data frames.
- the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
- the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
- the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
- the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
- the method further includes: negotiating a session key with the first source medium access control address and the first destination medium access control address with the sender of the first message frame; The session key encrypts the second destination medium access control address in the response message frame of the second message frame.
- the communication parties establish a network connection and the two parties have negotiated a session key, and the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the response message frame of the second message frame.
- the frame body part, wherein the source address and the destination address of the second message frame response message frame are a first source medium access control address and a first destination medium access control address, respectively.
- the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier is included in the response message frame of the first message frame. Bit, the second function identifier bit indicates that the sender of the response message frame supports the multi-media access control address operation function.
- the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can
- the frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is The service discovery message frame, then the MAC address capability identification information element or the location of other order domains may be encapsulated in the frame body domain 1 of the service discovery message frame.
- the reserved bits in the MAC frame header may also be used to represent the message frame. Support for multiple MAC address operation functions.
- the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
- the main idea of the present invention is: Multiple communication devices communicate using different MAC addresses at different times. Specifically, for example, two communication devices perform interaction through an initial MAC address before network establishment is completed; after the network establishment is completed, respectively switch to another new MAC address different from the initial MAC address, thereby using the new MAC address to perform mutual Communication between services to prevent third parties from tracking and attacking through the initial MAC address.
- FIG. 5 shows a specific flow diagram of switching media access control addresses in accordance with an embodiment of the present invention.
- a specific process of switching media access control addresses includes:
- Step 502 STA A and STA B establish a network connection by using the first MAC address. Specifically, for example, if STA A adopts a MAC 1A address and STA B adopts a MAC IB address, STA A and STA B use MAC 1A and MAC IB to perform configuration signaling interaction of network establishment.
- STA A and STA B should also inform each other: The function of supporting multiple MAC addresses by itself.
- the information indicating the function of supporting multiple MAC addresses may be encapsulated in the configuration signaling of the network establishment in the form of IE, and the signaling includes DLS (Direct Link Setup) request signaling and DLS response. Signaling or service discovery signaling.
- the key agreement negotiation signaling is also performed through the MAC 1A and the MAC IB address, thereby negotiating the session signaling between the STA A and the STA B.
- Step 504 After STA A and STA B know that both parties support multiple MAC address functions and have established a NAN network, STA A and STA B respectively generate a second MAC address, for example, the second MAC address corresponding to STA A is a MAC 2A address.
- the second MAC address corresponding to STA B is a MAC 2B address, and MAC 1A, MAC 1B, MAC 2A, and MAC 2B should be different from each other to ensure that STA A and STA B cannot always pass the MAC 1A by the third party.
- MAC IB tracking and attack After STA A and STA B know that both parties support multiple MAC address functions and have established a NAN network, STA A and STA B respectively generate a second MAC address, for example, the second MAC address corresponding to STA A is a MAC 2A address.
- the second MAC address corresponding to STA B is a MAC 2B address, and MAC 1A, MAC 1B, MAC 2A,
- Step 506 assuming that the STA A first informs the STA B of the information of the second MAC address (ie, the MAC 2A address), the M1 signaling is generated and sent to the STA B.
- STA B can first inform STA A of its second MAC address (ie, MAC 2B address).
- FIG. 6 shows a specific form of M1 signaling, including: FC domain, MAC 1B information, MAC 1 A information, CCMP Header domain, MAC 2A information, and FCS domain.
- the MAC IB is the first MAC address used by STA B and belongs to the destination address
- MAC 1A is the first MAC address used by STA A, which belongs to the source address.
- the MAC IB address is in front of the MAC 1A address, that is, the destination address must be required. In front of the source address.
- the session key is negotiated. This session key is confidential to the third party, and thus the part of the M1 signaling including the MAC 2A address can be included. Encryption is performed to further enhance the security of subsequent business communications.
- Step 508 After receiving the M1 signaling, the STA B generates the M2 signaling and sends it to the STA A to notify the second MAC address (ie, the MAC 2B address) corresponding to itself.
- the second MAC address ie, the MAC 2B address
- FIG. 7 shows a specific form of M2 signaling, including: FC domain, MAC 1A information, MAC IB information, CCMP Header domain, and MAC 2B letter. Interest and FCS domain.
- the MAC 1A address is in front of the MAC IB address.
- the part containing the MAC 2B address in the M2 signaling can also be encrypted, thereby further improving the security of subsequent service communication.
- Step 510 After STA A and STA B complete the exchange of the corresponding second MAC addresses (ie, MAC 2A and MAC 2B ), the respective second MAC addresses can be used for service communication.
- the corresponding second MAC addresses ie, MAC 2A and MAC 2B
- the present invention proposes a communication device and a wireless communication method, which enable the communication parties to use different media access control addresses at different times, thereby improving communication security.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310100289.X | 2013-03-26 | ||
CN201310100289.XA CN103200191B (en) | 2013-03-26 | 2013-03-26 | Communicator and wireless communications method |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014153908A1 true WO2014153908A1 (en) | 2014-10-02 |
Family
ID=48722548
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2013/080455 WO2014153908A1 (en) | 2013-03-26 | 2013-07-31 | Communication device and wireless communication method |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN103200191B (en) |
WO (1) | WO2014153908A1 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103200191B (en) * | 2013-03-26 | 2017-03-15 | 东莞宇龙通信科技有限公司 | Communicator and wireless communications method |
CN105530681B (en) | 2014-09-28 | 2019-02-19 | 华为技术有限公司 | Method for processing business and device |
US10045196B2 (en) | 2015-02-24 | 2018-08-07 | Lg Electronics Inc. | Association method for data transmission in wireless communication system and device using same |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8107396B1 (en) * | 2006-07-24 | 2012-01-31 | Cisco Technology, Inc. | Host tracking in a layer 2 IP ethernet network |
US20120076072A1 (en) * | 2010-09-24 | 2012-03-29 | Marc Jalfon | System and method for maintaining privacy in a wireless network |
CN103200191A (en) * | 2013-03-26 | 2013-07-10 | 东莞宇龙通信科技有限公司 | Communication device and wireless communication method |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE60229981D1 (en) * | 2002-01-18 | 2009-01-02 | Nokia Corp | ADDRESSING IN WIRELESS LOCAL NETWORKS |
EP1732265B1 (en) * | 2004-03-03 | 2010-10-06 | National Institute of Information and Communications Technology, Incorporated Administrative Agency | Layer 2 switch network system |
-
2013
- 2013-03-26 CN CN201310100289.XA patent/CN103200191B/en active Active
- 2013-07-31 WO PCT/CN2013/080455 patent/WO2014153908A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8107396B1 (en) * | 2006-07-24 | 2012-01-31 | Cisco Technology, Inc. | Host tracking in a layer 2 IP ethernet network |
US20120076072A1 (en) * | 2010-09-24 | 2012-03-29 | Marc Jalfon | System and method for maintaining privacy in a wireless network |
CN103200191A (en) * | 2013-03-26 | 2013-07-10 | 东莞宇龙通信科技有限公司 | Communication device and wireless communication method |
Also Published As
Publication number | Publication date |
---|---|
CN103200191B (en) | 2017-03-15 |
CN103200191A (en) | 2013-07-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6023152B2 (en) | Enhanced security for direct link communication | |
RU2407181C1 (en) | Authentication of safety and control of keys in infrastructural wireless multilink network | |
US8605904B2 (en) | Security method in wireless communication system having relay node | |
JP2009533932A (en) | Channel coupling mechanism based on parameter coupling in key derivation | |
KR101018562B1 (en) | Method and apparatus for providing a supplicant access to a requested service | |
TW201108766A (en) | Fast authentication between heterogeneous wireless networks | |
KR20130059425A (en) | Dynamic host configuration and network access authentication | |
JPWO2008146395A1 (en) | Network relay device, communication terminal, and encrypted communication method | |
WO2011091771A1 (en) | Relay node authentication method, device and system | |
WO2011075976A1 (en) | Method and system for establishing secure connection between user terminals | |
WO2009097789A1 (en) | Method and communication system for establishing security association | |
CN110808834B (en) | Quantum key distribution method and quantum key distribution system | |
WO2022147803A1 (en) | Secure communication method and device | |
WO2018161862A1 (en) | Private key generation method, device and system | |
JP2023529181A (en) | DATA TRANSMISSION METHOD AND SYSTEM, ELECTRONIC DEVICE, AND COMPUTER-READABLE STORAGE MEDIUM | |
WO2011143943A1 (en) | Method, system and apparatus for establishing end-to-end security connection | |
WO2012024905A1 (en) | Method, terminal and ggsn for encrypting and decrypting data in mobile communication network | |
WO2014153908A1 (en) | Communication device and wireless communication method | |
WO2022027476A1 (en) | Key management method and communication apparatus | |
WO2011064858A1 (en) | Wireless authentication terminal | |
WO2011143945A1 (en) | Method, system, and apparatus for establishing end-to-end shared key | |
CN112235318B (en) | Metropolitan area network system for realizing quantum security encryption | |
WO2013181830A1 (en) | Association identifier communication device and association identifier communication method | |
WO2010097004A1 (en) | Method for realizing integration of wapi and capwap by separated mac mode | |
CN1996838A (en) | AAA certification and optimization method for multi-host WiMAX system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13880640 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13880640 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC ( EPO FORM 1205A DATED 04/04/2016 ) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13880640 Country of ref document: EP Kind code of ref document: A1 |