WO2014153908A1 - Communication device and wireless communication method - Google Patents

Communication device and wireless communication method Download PDF

Info

Publication number
WO2014153908A1
WO2014153908A1 PCT/CN2013/080455 CN2013080455W WO2014153908A1 WO 2014153908 A1 WO2014153908 A1 WO 2014153908A1 CN 2013080455 W CN2013080455 W CN 2013080455W WO 2014153908 A1 WO2014153908 A1 WO 2014153908A1
Authority
WO
WIPO (PCT)
Prior art keywords
message frame
frame
address
access control
mac
Prior art date
Application number
PCT/CN2013/080455
Other languages
French (fr)
Chinese (zh)
Inventor
董贤东
Original Assignee
东莞宇龙通信科技有限公司
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 东莞宇龙通信科技有限公司, 宇龙计算机通信科技(深圳)有限公司 filed Critical 东莞宇龙通信科技有限公司
Publication of WO2014153908A1 publication Critical patent/WO2014153908A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity

Definitions

  • the present invention relates to the field of communication technologies, and in particular to a communication device and a wireless communication method. Background technique
  • the communication device always uses the same MAC (Medium Access Control) address, which makes it easy to be tracked and attacked.
  • the STA uses the MAC address from the initial connection to the network to the key negotiation, and the MAC address is transparent to the third party before the key negotiation is completed, that is, the 4 is easily used by the third party. Used to track STAs to attack STAs.
  • the present invention is based on the above problems, and proposes a new technical solution, which enables the communication parties to use different media access control addresses at different times, thereby improving communication security.
  • the present invention provides a communication apparatus, including: a message generation module, generating a first message frame, the first message frame including at least a first source medium access control (MAC) address and a first destination medium access control a (MAC) address, generating a second message frame, the second message frame including at least a second source medium access control (MAC) address, and a second destination medium access control (MAC) address generation according to the data interaction module a third message frame, the third message frame includes at least a second source medium access control (MAC) address and the second destination medium access control (MAC) address; the data interaction module sends the first time point a first message frame, transmitting the second message frame after the first time point, and receiving the Responding to the message frame of the second message frame, and sending the third message frame at a second time point, where the response message frame of the second message frame includes at least the second destination medium access control (MAC) address;
  • the communication device may be a mobile phone or a tablet, or may be a device such as a router.
  • the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
  • N ⁇ 4 port is NAN (neighbor awareness networking)
  • MAC 1A is adopted.
  • Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks.
  • the two communication devices can update the MAC address by negotiation.
  • the first communication device replaces the MAC 1A address with the MAC 2A address
  • the second communication device replaces the MAC IB address.
  • the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization.
  • the MAC address is tracked and attacked, thereby effectively improving the security of the communication.
  • the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
  • the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band.
  • the switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame.
  • the first message frame since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message. Frame or Is the action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be managed.
  • the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
  • the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
  • the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
  • the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
  • the method further includes: a processing module, and the receiver of the first message frame negotiates the session key by using at least the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second source medium access control address in the second message frame or the third message frame.
  • the communication parties establish a network connection and the two parties have negotiated a session key
  • the second source medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message.
  • MAC medium access control
  • the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the communication device supports a multi-media access control address operation function; and the data interaction The module further receives a response message frame of the first message frame, where the response message frame includes a second function identifier bit, and the second function identifier bit indicates that the sender of the response message frame supports a multi-media access control address operation.
  • the two sides of the message frame of the response frame of the first message frame and the first message frame may carry the capability identification information element or the bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example,
  • a message frame is a service discovery message frame, and then multiple MAC address capability identification information elements or locations in other order domains may be encapsulated in the frame order domain 1 of the service discovery message frame.
  • the reservation in the MAC frame header may also be used.
  • the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
  • the present invention also provides a wireless communication method, including: generating a first message frame, and transmitting the first message frame at a first time point, where the first message frame includes at least a first source medium access control (MAC) An address and a first destination medium access control (MAC) address; after the first time point, the method further includes: generating a second message frame, and sending the second message frame to a receiver of the first message frame, where The second message frame includes at least a second source medium access control address, and receives a response message frame of the second message frame from a receiver of the first message frame, where the response message frame of the second message frame includes at least a second destination medium access control address; generating a third message frame, and sending a third message frame to the receiver of the first message frame at a second time point, where the third message frame includes at least the second source medium access a control (MAC) address and the second destination medium access control (MAC) address; wherein the first source medium access control address, the first destination medium access control location The address, the second source medium access control address
  • the communication device may be a mobile phone or a tablet, or may be a device such as a router.
  • the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
  • N ⁇ 4 port is NAN (neighbor awareness networking)
  • MAC 1A is adopted.
  • Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device performs an attack.
  • the two communication devices can update the MAC address by negotiation, for example, the first communication device switches the MAC 1A address to the MAC 2A address, and the second communication device will The MAC IB address is replaced with a MAC 2B address.
  • the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing The third party uses the MAC address for tracking and attack, thereby effectively improving the security of the communication.
  • the first message frame, the second message frame, and the third message frame are a management message frame, an action message frame, a control message frame, or a data frame, where The types of a message frame, the second message frame, and the third message frame are the same or different.
  • the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band.
  • the switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame.
  • the first message frame since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message.
  • the frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
  • the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
  • the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
  • the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
  • the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
  • the method further includes: receiving the first message frame to Reusing the first source medium access control address and the first destination medium access control address to negotiate a session key; and encrypting the second message frame or the third message frame with the session key The second source medium access control address.
  • the communication parties establish a network connection and the two parties have negotiated a session key
  • the second source medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message.
  • MAC medium access control
  • the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function;
  • the wireless communication method further includes: receiving a response message frame of the first message frame, the response message frame includes a second function identifier bit, and the second function identifier bit indicates a sender of the response message frame Support multi-media access control address operation function.
  • the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can The response of the first message frame and the first message frame is cancelled, and the frame body part of the frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, such as the first message frame.
  • the MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame, and may also be represented by a reserved bit in the MAC frame header. It supports multiple MAC address manipulation functions.
  • the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, which are not described here.
  • the present invention further provides a communication device, including: a message generating module, configured to generate a response message frame of the second message frame according to the second message frame received by the data interaction module, where the second message frame includes at least The second source medium access control address, the response message frame of the second message frame includes at least a second destination medium access control address, and the data interaction module receives the first message frame at the first time point, the first message
  • the frame includes at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address, after receiving the second message frame and transmitting a response of the second message frame after the first time point a frame, and receiving a third message frame at a second time point, the third message frame including at least the second source medium access control a (MAC) address and the second destination medium access control (MAC) address; wherein the first source medium access control address, the first destination medium access control address, the second source medium access control address, and The second destination medium access control addresses are different from each other.
  • MAC source medium access control
  • the communication device may be a mobile phone or a tablet, or may be a device such as a router.
  • the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
  • N ⁇ 4 port is NAN (neighbor awareness networking)
  • MAC 1A is adopted.
  • Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks.
  • the two communication devices can update the MAC address by negotiation.
  • the first communication device replaces the MAC 1A address with the MAC 2A address
  • the second communication device replaces the MAC IB address.
  • the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization.
  • the MAC address is tracked and attacked, thereby effectively improving the security of the communication.
  • the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
  • the joint type of the frame control domain type Type and the subtype Subtype is used to identify the type of the frame, for example,
  • "001000” is used to identify the band switching message frame as a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame control field type Type and the subtype Subtype is used to identify The type of the frame, for example, "010110" can be used to identify the band switching message frame as an action message frame or a control message frame.
  • a message frame is a management message frame or an action message frame
  • the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication
  • the second message frame And third A message frame can be a management message frame, an action message frame, or a data frame.
  • the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
  • the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
  • the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
  • the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
  • the method further includes: a processing module, and the sender of the first message frame negotiates the session key by using at least the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second destination medium access control address in the response message frame of the second message frame.
  • the communication parties establish a network connection and the two parties have negotiated a session key
  • the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the response message frame of the second message frame.
  • the frame body part, wherein the source address and the destination address of the second message frame response message frame are a first source medium access control address and a first destination medium access control address, respectively.
  • the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier bit is further included in the response message frame of the first message frame, where the second function flag indicates that the communication device supports the multi-media access control address operation function.
  • the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can
  • the frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is Service Now the message frame, then the MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame.
  • the reserved bits in the MAC frame header may also be used to indicate its support. Multiple MAC address manipulation features.
  • the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
  • the present invention also provides a wireless communication method, comprising: receiving a first message frame at a first time point, the first message frame including at least a first source medium access control (MAC) address and a first destination medium access control (MAC address; after the first time point, further comprising: receiving a second message frame from a sender of the first message frame, and sending the second message frame to a sender of the first message frame a response message frame, wherein the second message frame includes at least the second source medium access control (MAC) address, and the response message frame of the second message frame includes at least a second destination medium access control address; Receiving, by the second time point, a third message frame, where the third message frame includes at least the second source medium access control (MAC) address and the second destination medium access control (MAC) address; wherein, the first The source medium access control address, the first destination medium access control address, the second source medium access control address, and the second destination medium access control address are not mutually The same.
  • MAC source medium access control
  • MAC destination medium access control
  • the communication device may be a mobile phone or a tablet, or may be a device such as a router.
  • the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
  • N ⁇ 4 port is NAN (neighbor awareness networking)
  • MAC 1A is adopted.
  • Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks.
  • the two communication devices can update the MAC address by negotiation.
  • the first communication device replaces the MAC 1A address with the MAC 2A address
  • the second communication device replaces the MAC IB address.
  • the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization.
  • MAC address tracking and Attack which effectively improves the security of communication.
  • the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
  • the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band.
  • the switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame.
  • the first message frame since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message.
  • the frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
  • the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
  • the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
  • the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
  • the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
  • the method further includes: negotiating a session key with the first source medium access control address and the first destination medium access control address with the sender of the first message frame; The session key encrypts the second destination medium access control address in the response message frame of the second message frame.
  • the two parties in the communication are establishing a network.
  • the network connection and the parties have negotiated a session key
  • the second destination medium access control (MAC) address is encrypted with the session key and encapsulated in the frame body portion of the response message frame of the second message frame, wherein the second message frame
  • the source address and the destination address of the response message frame are the first source medium access control address and the first destination medium access control address, respectively.
  • the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier bit is included in the response message frame of the first message frame, where the second function identifier bit indicates that the sender of the response message frame supports the multi-media access control address operation function.
  • the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can
  • the frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is The service discovery message frame, then the MAC address capability identification information element or the location of other order domains may be encapsulated in the frame body domain 1 of the service discovery message frame.
  • the reserved bits in the MAC frame header may also be used to represent the message frame. Support for multiple MAC address operation functions.
  • the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, which are not described here.
  • Figure 1 shows a block diagram of a communication device in accordance with one embodiment of the present invention
  • FIG. 2 shows a flow chart of a wireless communication method in accordance with one embodiment of the present invention
  • FIG. 3 shows a block diagram of a communication device in accordance with another embodiment of the present invention
  • FIG. 4 is a flow chart showing a wireless communication method according to another embodiment of the present invention.
  • FIG. 5 is a flowchart showing an embodiment of the switching medium access control address according to an embodiment of the present invention. Schematic diagram of the M1 signaling in the medium;
  • FIG. 7 is a schematic structural diagram of M2 signaling in the embodiment shown in FIG. 5. detailed description
  • Figure 1 shows a block diagram of a communication device in accordance with one embodiment of the present invention.
  • a communication device 100 includes: a message generating module 102, generating a first message frame, where the first message frame includes at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address, generating a second message frame, the second message frame including at least a second source medium access control (MAC) address, and a second destination medium access according to the data interaction module 104
  • the control (MAC) address generates a third message frame, the third message frame including at least a second source medium access control (MAC) address and the second destination medium access control (MAC) address;
  • the data interaction module 104 Transmitting the first message frame at a first time point, transmitting the second message frame and receiving a response message frame of the second message frame after the first time point, and sending the message frame at a second time point a third message frame, the response message frame of the second message frame includes at least the second destination medium access control (MAC) address; wherein, the first Media Access Control address, a media access
  • the communication device 100 may be a mobile phone or a tablet, or may be a device such as a router, the message generation module 102 may be a chip module for data processing in the communication device, and the data interaction module 104 is equivalent to a signal transceiver device and Antennas, etc.
  • the network is a neighboring awareness network (NAN), when the two communication devices initially establish a network, the MAC 1A address and the MAC IB are respectively adopted.
  • NAN neighboring awareness network
  • the two communication devices can update the MAC address by negotiation, for example, the first communication device replaces the MAC 1A address with the MAC 2A address, and the second communication device replaces the MAC IB address with the MAC 2B address.
  • the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing the third party from using the MAC address for tracking. And attacks, thereby effectively improving the security of communication.
  • the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
  • the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band.
  • the switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame.
  • the first message frame since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message.
  • the frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
  • the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
  • the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
  • the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
  • the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be Encapsulating the updated content of a certain order domain of the frame body portion of the frame
  • the MAC address is used to notify the other party.
  • the method further includes: the processing module 106, and the receiver of the first message frame negotiates the session secret with the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second source medium access control address in the second message frame or the third message frame.
  • the communication parties establish a network connection and the two parties have negotiated a session key
  • the second source medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message.
  • MAC medium access control
  • the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the communication device 100 supports a multi-media access control address operation function; and the data The interaction module further receives a response message frame of the first message frame, where the response message frame includes a second function identifier bit, where the second function identifier bit indicates that the sender of the response message frame supports the multi-media access control address Operational function.
  • the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can
  • the first message frame and the first frame the response of the frame is cancelled, and the frame body part of the frame carries the capability identification information element or the bit in the MAC frame header to indicate the operation function of both sides supporting multiple MAC addresses, such as the first message.
  • the frame is a service discovery message frame
  • the multiple MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame.
  • the reserved bits in the MAC frame header may also be used. Indicates that it supports multiple MAC address manipulation functions.
  • the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
  • FIG. 2 shows a flow chart of a method of wireless communication in accordance with one embodiment of the present invention.
  • the wireless communication method includes: Step 202: Generate a first message frame, and send the first message frame at a first time point, where the first message frame is at least The first source medium access control (MAC) address and the first destination medium access control (MAC) address are included; after the first time point, the method further includes: Step 204: Generate a second message frame, to the first message Receiving, by the receiver of the frame, the second message frame, the second The information frame includes at least a second source medium access control address, and receives a response message frame of the second message frame from a receiver of the first message frame, where the response message frame of the second message frame includes at least a second destination a medium access control address; Step 206: Generate a third message frame, and send a third message frame to the receiver of the first message frame at a second time point, where the third message frame includes at least the second source medium access Control (MAC) address and the second destination medium access control
  • MAC source medium access Control
  • MAC MAC address
  • the communication device may be a mobile phone or a tablet, or may be a device such as a router.
  • the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
  • N ⁇ 4 port is NAN (neighbor awareness networking)
  • MAC 1A is adopted.
  • Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks.
  • the two communication devices can update the MAC address by negotiation.
  • the first communication device replaces the MAC 1A address with the MAC 2A address
  • the second communication device replaces the MAC IB address.
  • the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization.
  • the MAC address is tracked and attacked, thereby effectively improving the security of the communication.
  • the first message frame, the second message frame, and the third message frame are a management message frame, an action message frame, a control message frame, or a data frame, where The types of a message frame, the second message frame, and the third message frame are the same or different.
  • the joint type of the frame control domain type Type and the subtype Subtype is used to identify the type of the frame, for example,
  • the band switching message frame as a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the type and subtype of the frame control field
  • the joint value of Subtype is used to identify the type of the frame. For example, "010110" can be used to identify the band switch message frame as an action message frame or a control message frame.
  • the first message frame since the first message frame occurs in the initial establishment of the network.
  • the first message frame is a management message frame or an action message frame
  • the second message frame and the third message frame occur after the initial network is established, and the subsequent session secrets are already known to both parties of the communication. Key, then the second message frame and the third message frame may be management message frames, action message frames or data frames.
  • the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
  • the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
  • the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
  • the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
  • the method further includes: negotiating a session key with the first source medium access control address and the first destination medium access control address with the receiver of the first message frame;
  • the session key encrypts the second source medium access control address in the second message frame or the third message frame.
  • the communication parties establish a network connection and the two parties have negotiated a session key
  • the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message.
  • MAC medium access control
  • the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function;
  • the wireless communication method further includes: receiving a response message frame of the first message frame, where the response message frame includes a second function identifier bit, and the second function identifier The bit indicates that the sender of the response message frame supports the multi-media access control address operation function.
  • the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can The response of the first message frame and the first message frame is cancelled, and the frame body part of the frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, such as the first message frame.
  • the MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame, and may also be represented by a reserved bit in the MAC frame header. It supports multiple MAC address manipulation functions.
  • the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
  • FIG. 3 shows a block diagram of a communication device in accordance with another embodiment of the present invention.
  • the communication device 300 includes: a message generating module 302, configured to generate a response message frame of the second message frame according to a second message frame received by the data interaction module,
  • the second message frame includes at least a second source medium access control address
  • the response message frame of the second message frame includes at least a second destination medium access control address.
  • the data interaction module 304 is at the first time point.
  • the first message frame including at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address
  • receiving the second message after the first time point
  • transmitting a response frame of the second message frame and receiving a third message frame at a second time point
  • the third message frame including at least the second source medium access control (MAC) address and the second a destination medium access control (MAC) address, wherein the first source medium access control address, the first destination medium access control address, and the second Media access control address and the second destination media access control address different from each other.
  • MAC source medium access control
  • MAC destination medium access control
  • the communication device 300 may be a mobile phone or a tablet, or may be a device such as a router, the message generation module 302 may be a chip module for data processing in the communication device 300, and the data interaction module 304 is equivalent to a signal transceiver device. And antennas, etc.
  • the network is a neighboring awareness network (NAN), when the two communication devices initially establish a network, the MAC 1A address and the MAC IB are respectively adopted.
  • NAN neighboring awareness network
  • the MAC 1A address and the MAC IB address are transparent to the third party, and the MAC address is easily obtained by the third party to attack the entire network or attack a single communication device. Therefore, after the network is successfully established
  • the two communication devices can update the MAC address by negotiation, for example, the first communication device replaces the MAC 1A address with the MAC 2A address, and the second communication device replaces the MAC IB address with the MAC 2B address, for both parties to the communication.
  • the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, thereby preventing third parties from using the MAC address for tracking and attack, thereby effectively improving The security of communication.
  • the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
  • the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band.
  • the switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame.
  • the first message frame since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message.
  • the frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
  • the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
  • the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
  • the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is Message frames of a response frame, reassociation response frame, etc., interact with other communication devices, and in these messages
  • the frame encapsulates its updated MAC address and notifies the other party.
  • the MAC address updated by itself may be encapsulated in an order domain of the frame body portion of the service discovery message frame to notify the other party.
  • the method further includes: a processing module 306, and the sender of the first message frame negotiates the session secret with the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second destination medium access control address in the response message frame of the second message frame.
  • the communication parties establish a network connection and the two parties have negotiated a session key
  • the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the response message frame of the second message frame.
  • the frame body portion, wherein the second message frame is responsive, and the source address and the destination address of the frame are the first source medium access control address and the first destination medium access control address, respectively.
  • the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier bit is further included in the response message frame of the first message frame, where the second function identifier bit indicates that the communication device 300 supports the multi-media access control address operation function.
  • the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can
  • the frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is The service discovery message frame, then the MAC address capability identification information element or the location of other order domains may be encapsulated in the frame body domain 1 of the service discovery message frame.
  • the reserved bits in the MAC frame header may also be used to represent the message frame. Support for multiple MAC address operation functions.
  • the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, which are not described here.
  • a wireless communication method includes: Step 402: Receive a first message frame at a first time point, where the first message frame includes at least a first source medium access control (MAC) address and first destination medium access control (MAC) address; After the first time point, the method further includes: Step 404: Receive a second message frame from a sender of the first message frame, and send a response of the second message frame to a sender of the first message frame a message frame, where the second message frame includes at least the second source medium access control
  • MAC source medium access control
  • MAC destination medium access control
  • Step 406 Receive a third message frame at a second time point, where the third message frame includes at least the a second source medium access control (MAC) address and the second destination medium access control (MAC) address; wherein the first source medium access control address, the first destination medium access control address, the second The source medium access control address and the second destination medium access control address are different from each other.
  • MAC source medium access control
  • MAC destination medium access control
  • the communication device may be a mobile phone or a tablet, or may be a device such as a router.
  • the message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna.
  • N ⁇ 4 port is NAN (neighbor awareness networking)
  • MAC 1A is adopted.
  • Address and MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks.
  • the two communication devices can update the MAC address by negotiation.
  • the first communication device replaces the MAC 1A address with the MAC 2A address
  • the second communication device replaces the MAC IB address.
  • the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization.
  • the MAC address is tracked and attacked, thereby effectively improving the security of the communication.
  • the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different.
  • the joint type of the frame control domain type Type and the subtype Subtype is used to identify the type of the frame, for example,
  • the band switching message frame is a management message frame; when the first message frame or the second message
  • the frame is an action message frame or a control message frame
  • the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame.
  • "010110" can be used to identify the band switch message frame as an action message frame or a control message.
  • a frame specifically in the present solution, because the first message frame occurs in the process of initially establishing the network, generally the first message frame is a management message frame or an action message frame, a second message frame, and a third message frame. After the initial network establishment, the subsequent session key is already known to both parties of the communication, and the second message frame and the third message frame may be management message frames, action message frames or data frames.
  • the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame
  • the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame.
  • the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is
  • the message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
  • the method further includes: negotiating a session key with the first source medium access control address and the first destination medium access control address with the sender of the first message frame; The session key encrypts the second destination medium access control address in the response message frame of the second message frame.
  • the communication parties establish a network connection and the two parties have negotiated a session key, and the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the response message frame of the second message frame.
  • the frame body part, wherein the source address and the destination address of the second message frame response message frame are a first source medium access control address and a first destination medium access control address, respectively.
  • the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier is included in the response message frame of the first message frame. Bit, the second function identifier bit indicates that the sender of the response message frame supports the multi-media access control address operation function.
  • the communication device when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can
  • the frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is The service discovery message frame, then the MAC address capability identification information element or the location of other order domains may be encapsulated in the frame body domain 1 of the service discovery message frame.
  • the reserved bits in the MAC frame header may also be used to represent the message frame. Support for multiple MAC address operation functions.
  • the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
  • the main idea of the present invention is: Multiple communication devices communicate using different MAC addresses at different times. Specifically, for example, two communication devices perform interaction through an initial MAC address before network establishment is completed; after the network establishment is completed, respectively switch to another new MAC address different from the initial MAC address, thereby using the new MAC address to perform mutual Communication between services to prevent third parties from tracking and attacking through the initial MAC address.
  • FIG. 5 shows a specific flow diagram of switching media access control addresses in accordance with an embodiment of the present invention.
  • a specific process of switching media access control addresses includes:
  • Step 502 STA A and STA B establish a network connection by using the first MAC address. Specifically, for example, if STA A adopts a MAC 1A address and STA B adopts a MAC IB address, STA A and STA B use MAC 1A and MAC IB to perform configuration signaling interaction of network establishment.
  • STA A and STA B should also inform each other: The function of supporting multiple MAC addresses by itself.
  • the information indicating the function of supporting multiple MAC addresses may be encapsulated in the configuration signaling of the network establishment in the form of IE, and the signaling includes DLS (Direct Link Setup) request signaling and DLS response. Signaling or service discovery signaling.
  • the key agreement negotiation signaling is also performed through the MAC 1A and the MAC IB address, thereby negotiating the session signaling between the STA A and the STA B.
  • Step 504 After STA A and STA B know that both parties support multiple MAC address functions and have established a NAN network, STA A and STA B respectively generate a second MAC address, for example, the second MAC address corresponding to STA A is a MAC 2A address.
  • the second MAC address corresponding to STA B is a MAC 2B address, and MAC 1A, MAC 1B, MAC 2A, and MAC 2B should be different from each other to ensure that STA A and STA B cannot always pass the MAC 1A by the third party.
  • MAC IB tracking and attack After STA A and STA B know that both parties support multiple MAC address functions and have established a NAN network, STA A and STA B respectively generate a second MAC address, for example, the second MAC address corresponding to STA A is a MAC 2A address.
  • the second MAC address corresponding to STA B is a MAC 2B address, and MAC 1A, MAC 1B, MAC 2A,
  • Step 506 assuming that the STA A first informs the STA B of the information of the second MAC address (ie, the MAC 2A address), the M1 signaling is generated and sent to the STA B.
  • STA B can first inform STA A of its second MAC address (ie, MAC 2B address).
  • FIG. 6 shows a specific form of M1 signaling, including: FC domain, MAC 1B information, MAC 1 A information, CCMP Header domain, MAC 2A information, and FCS domain.
  • the MAC IB is the first MAC address used by STA B and belongs to the destination address
  • MAC 1A is the first MAC address used by STA A, which belongs to the source address.
  • the MAC IB address is in front of the MAC 1A address, that is, the destination address must be required. In front of the source address.
  • the session key is negotiated. This session key is confidential to the third party, and thus the part of the M1 signaling including the MAC 2A address can be included. Encryption is performed to further enhance the security of subsequent business communications.
  • Step 508 After receiving the M1 signaling, the STA B generates the M2 signaling and sends it to the STA A to notify the second MAC address (ie, the MAC 2B address) corresponding to itself.
  • the second MAC address ie, the MAC 2B address
  • FIG. 7 shows a specific form of M2 signaling, including: FC domain, MAC 1A information, MAC IB information, CCMP Header domain, and MAC 2B letter. Interest and FCS domain.
  • the MAC 1A address is in front of the MAC IB address.
  • the part containing the MAC 2B address in the M2 signaling can also be encrypted, thereby further improving the security of subsequent service communication.
  • Step 510 After STA A and STA B complete the exchange of the corresponding second MAC addresses (ie, MAC 2A and MAC 2B ), the respective second MAC addresses can be used for service communication.
  • the corresponding second MAC addresses ie, MAC 2A and MAC 2B
  • the present invention proposes a communication device and a wireless communication method, which enable the communication parties to use different media access control addresses at different times, thereby improving communication security.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided is a communication device, comprising: a message generation module for generating a first message frame and a second message frame, and generating a third message frame according to a received second destination medium access control (MAC) address, the second message frame comprising at least a second source MAC address, and the third message frame comprising at least the second source MAC address and the second destination MAC address; a data interaction module for transmitting the first message frame at a first point of time, receiving, after the first point of time, the second destination MAC address and transmitting the second message frame, and transmitting the third message frame at a second point of time; a first source MAC address, a first destination MAC address, the second source MAC address, and the second destination MAC address are different from each other. Also provided is a wireless communication method. The present invention enables both communication parties to employ different MAC addresses at different points of time, thus improving communication security.

Description

通信装置和无线通信方法 技术领域  Communication device and wireless communication method
本发明涉及通信技术领域, 具体而言, 涉及通信装置和无线通信方 法。 背景技术  The present invention relates to the field of communication technologies, and in particular to a communication device and a wireless communication method. Background technique
现有技术中, 通信设备总是采用相同的 MAC ( Medium Access Control, 媒介访问控制) 地址, 导致其容易被追踪和攻击。 具体地, 比如 STA从初始连接入网到密钥协商, 都要用到 MAC地址, 而在密钥协商完 成之前, MAC 地址相对于第三方来说是透明的, 也就是说 4艮容易被第三 方利用来对 STA进行追踪, 从而对 STA进行攻击。  In the prior art, the communication device always uses the same MAC (Medium Access Control) address, which makes it easy to be tracked and attacked. Specifically, for example, the STA uses the MAC address from the initial connection to the network to the key negotiation, and the MAC address is transparent to the third party before the key negotiation is completed, that is, the 4 is easily used by the third party. Used to track STAs to attack STAs.
因此, 需要一种新的技术方案, 可以使得通信双方能够在不同时刻采 用不同的媒介访问控制地址, 从而提高通信安全性。 发明内容  Therefore, there is a need for a new technical solution that enables both parties to communicate with different media access control addresses at different times, thereby improving communication security. Summary of the invention
本发明正是基于上述问题, 提出了一种新的技术方案, 可以使得通信 双方能够在不同时刻采用不同的媒介访问控制地址, 从而提高通信安全 性。  The present invention is based on the above problems, and proposes a new technical solution, which enables the communication parties to use different media access control addresses at different times, thereby improving communication security.
有鉴于此, 本发明提出了一种通信装置, 包括: 消息生成模块, 生成 第一消息帧, 所述第一消息帧至少包含第一源媒介访问控制 (MAC ) 地 址和第一目的媒介访问控制 (MAC ) 地址, 生成第二消息帧, 所述第二 消息帧至少包含第二源媒介访问控制 (MAC ) 地址, 以及根据数据交互 模块接收到的第二目的媒介访问控制 (MAC ) 地址生成第三消息帧, 所 述第三消息帧至少包含第二源媒介访问控制 (MAC ) 地址和所述第二目 的媒介访问控制 (MAC ) 地址; 所述数据交互模块, 在第一时间点发送 所述第一消息帧, 在所述第一时间点之后发送所述第二消息帧及接收所述 第二消息帧的响应消息帧, 并在第二时间点发送所述第三消息帧, 所述第 二消息帧的响应消息帧至少包含所述第二目的媒介访问控制 (MAC ) 地 址; 其中, 所述第一源媒介访问控制地址、 所述第一目的媒介访问控制地 址、 所述第二源媒介访问控制地址和所述第二目的媒介访问控制地址互不 相同。 In view of this, the present invention provides a communication apparatus, including: a message generation module, generating a first message frame, the first message frame including at least a first source medium access control (MAC) address and a first destination medium access control a (MAC) address, generating a second message frame, the second message frame including at least a second source medium access control (MAC) address, and a second destination medium access control (MAC) address generation according to the data interaction module a third message frame, the third message frame includes at least a second source medium access control (MAC) address and the second destination medium access control (MAC) address; the data interaction module sends the first time point a first message frame, transmitting the second message frame after the first time point, and receiving the Responding to the message frame of the second message frame, and sending the third message frame at a second time point, where the response message frame of the second message frame includes at least the second destination medium access control (MAC) address; The first source medium access control address, the first destination medium access control address, the second source medium access control address, and the second destination medium access control address are different from each other.
在该技术方案中, 通信装置可以是手机或是平板, 也可以是路由器等 设备, 消息生成模块可以是通信装置中数据处理的芯片模块, 而数据交互 模块则相当于信号收发装置以及天线等。 比如对于两个需要建立网络连接 的通信装置, 具体比: ¾口该网终为 NAN ( neighbor awareness networking, 邻 居感知网络) , 则当两个通信装置初始建立网络的时候, 分别采用的是 MAC 1A地址和 MAC IB地址; 但由于在入网过程中, MAC 1A地址和 MAC IB 地址对于第三方来说是透明的, MAC 地址 4艮容易被第三方所获 得从而对整个网络进行攻击或是对单个通信装置进行攻击, 因此, 在网络 建立成功后, 两个通信装置可以通过协商, 各自更新 MAC 地址, 比如第 一通信装置将 MAC 1A 地址切更换为 MAC 2A 地址, 第二通信装置将 MAC IB 地址更换为 MAC 2B 地址, 对于通信的双方来说, 更新后的 MAC 地址可以封装在第二消息帧及其响应消息帧中通知给对方, 更新后 的 MAC地址用于后续的通信, 防止了第三方利用 MAC地址进行追踪和 攻击, 从而有效地提升通信的安全性。  In this technical solution, the communication device may be a mobile phone or a tablet, or may be a device such as a router. The message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna. For example, for two communication devices that need to establish a network connection, the specific ratio is: N⁄4 port is NAN (neighbor awareness networking), when two communication devices initially establish a network, respectively, MAC 1A is adopted. Address and MAC IB address; but since the MAC 1A address and the MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks. Therefore, after the network is successfully established, the two communication devices can update the MAC address by negotiation. For example, the first communication device replaces the MAC 1A address with the MAC 2A address, and the second communication device replaces the MAC IB address. For the MAC 2B address, for both parties to the communication, the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization. The MAC address is tracked and attacked, thereby effectively improving the security of the communication.
在上述技术方案中, 优选地, 所述第一消息帧、 所述第二消息帧或所 述第三消息帧为管理消息帧、 动作消息帧、 控制消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧或所述第三消息帧的类型相同或不同。 在该技术方案中, 当第一消息帧或第二消息帧为管理消息帧时, 其帧控制 域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "001000" 来标识频段切换消息帧为管理消息帧; 当第一消息帧或第二消 息帧为动作消息帧或控制消息帧时, 其帧控制域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "010110" 来标识频段切 换消息帧为动作消息帧或控制消息帧, 具体地在本方案中, 由于第一消息 帧是发生在初始建立网络的过程中, 一般来说第一消息帧为管理消息帧或 是动作消息帧, 第二消息帧以及第三消息帧发生在初始网络建立之后, 对 于通信的双方来说都已经知道了后续的会话密钥, 那么第二消息帧和第三 消息帧可以是管理消息帧、 动作消息帧或数据帧。 In the foregoing technical solution, the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different. In this technical solution, when the first message frame or the second message frame is a management message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band. The switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame. Specifically, in this solution, since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message. Frame or Is the action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be managed. Message frame, action message frame, or data frame.
在上述技术方案中, 优选地, 当所述第一消息帧、 所述第二消息帧或 所述第三消息帧为管理消息帧或动作消息帧时, 所述第一消息帧、 所述第 二消息帧或所述第三消息帧具体为: 探测响应帧、 关联请求帧、 关联响应 帧、 重关联请求帧、 重关联响应帧、 认证帧、 重认证帧、 设备发现消息帧 或服务发现消息帧。 在该技术方案中, 手机或平板等可以通过发送关联请 求帧、 重关联请求帧等类型的消息帧与其他通信装置进行消息交互, 以切 换 MAC 地址; 对于路由器等可以通过发送探测响应帧、 关联响应帧、 重 关联响应帧等类型的消息帧与其他通信装置进行消息交互, 且在这些消息 帧中封装自己所更新的 MAC 地址, 通知对方, 譬如在服务发现消息帧 中, 可以在服务发现消息帧的帧体部分的某个秩序域上封装自己所更新的 MAC地址来通知对方。  In the above technical solution, preferably, when the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame, the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame. In this technical solution, the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is The message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
在上述技术方案中, 优选地, 还包括: 处理模块, 与所述第一消息帧 的接收方至少利用所述第一源媒介访问控制地址和所述第一目的媒介访问 控制地址协商会话密钥, 并利用所述会话密钥加密所述第二消息帧或所述 第三消息帧中的所述第二源媒介访问控制地址。 在该技术方案中, 通信双 方在建立网络连接且双方已经协商了会话密钥, 利用该会话密钥加密第二 源媒介访问控制 (MAC ) 地址且将其封装在第二消息帧或第三消息帧的 帧体部分, 其中第二消息帧的源地址以及目的地址分别为第一源媒介访问 控制地址和第一目的媒介访问控制地址。  In the above technical solution, preferably, the method further includes: a processing module, and the receiver of the first message frame negotiates the session key by using at least the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second source medium access control address in the second message frame or the third message frame. In the technical solution, the communication parties establish a network connection and the two parties have negotiated a session key, and the second source medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message. a frame body portion of the frame, wherein the source address and the destination address of the second message frame are a first source medium access control address and a first destination medium access control address, respectively.
在上述技术方案中, 优选地, 所述第一消息帧中还包括第一功能标识 位, 所述第一功能标识位表示所述通信装置支持多媒介访问控制地址操作 功能; 以及所述数据交互模块还接收所述第一消息帧的响应消息帧, 所述 响应消息帧中包括第二功能标识位, 所述第二功能标识位表示所述响应消 息帧的发送方支持多媒介访问控制地址操作功能。 在该技术方案中, 通过 设置功能标识位, 使得通信装置在监听到相同网络下的其他通信装置发送 的消息帧时, 可以了解到其支持多媒介访问控制地址操作功能, 具体的通 信双方可以在第一消息帧和第一消息帧的响应消息帧的帧体部分携带能力 标识信息元素或是在 MAC 帧头中的位来表示双方支持多 MAC地址的操 作功能, 具体的譬如第一消息帧为服务发现消息帧, 那么可在服务发现消 息帧的帧体秩序域一中封装多 MAC 地址能力标识信息元素或是在其它秩 序域的位置, 当然也可以用 MAC 帧头中的保留位来表示其支持多 MAC 地址操作功能。 当然第一消息帧不限于服务发现消息帧, 也可以是其它的 管理消息帧或是动作消息帧, 这里不再赘述。 In the above technical solution, preferably, the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the communication device supports a multi-media access control address operation function; and the data interaction The module further receives a response message frame of the first message frame, where the response message frame includes a second function identifier bit, and the second function identifier bit indicates that the sender of the response message frame supports a multi-media access control address operation. Features. In the technical solution, by setting the function identification bit, when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication The two sides of the message frame of the response frame of the first message frame and the first message frame may carry the capability identification information element or the bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, A message frame is a service discovery message frame, and then multiple MAC address capability identification information elements or locations in other order domains may be encapsulated in the frame order domain 1 of the service discovery message frame. Of course, the reservation in the MAC frame header may also be used. Bit to indicate that it supports multiple MAC address manipulation functions. Of course, the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
本发明还提出了一种无线通信方法, 包括: 生成第一消息帧, 并在第 一时间点发送所述第一消息帧, 所述第一消息帧至少包含第一源媒介访问 控制 (MAC ) 地址和第一目的媒介访问控制 (MAC ) 地址; 在所述第一 时间点之后, 还包括: 生成第二消息帧, 向所述第一消息帧的接收方发送 所述第二消息帧, 所述第二消息帧至少包含第二源媒介访问控制地址, 及 从所述第一消息帧的接收方接收所述第二消息帧的响应消息帧, 所述第二 消息帧的响应消息帧至少包含第二目的媒介访问控制地址; 生成第三消息 帧, 在第二时间点向所述第一消息帧的接收方发送第三消息帧, 所述第三 消息帧至少包含所述第二源媒介访问控制 (MAC ) 地址和所述第二目的 媒介访问控制 (MAC ) 地址; 其中, 所述第一源媒介访问控制地址、 所 述第一目的媒介访问控制地址、 所述第二源媒介访问控制地址和所述第二 目的媒介访问控制地址互不相同。  The present invention also provides a wireless communication method, including: generating a first message frame, and transmitting the first message frame at a first time point, where the first message frame includes at least a first source medium access control (MAC) An address and a first destination medium access control (MAC) address; after the first time point, the method further includes: generating a second message frame, and sending the second message frame to a receiver of the first message frame, where The second message frame includes at least a second source medium access control address, and receives a response message frame of the second message frame from a receiver of the first message frame, where the response message frame of the second message frame includes at least a second destination medium access control address; generating a third message frame, and sending a third message frame to the receiver of the first message frame at a second time point, where the third message frame includes at least the second source medium access a control (MAC) address and the second destination medium access control (MAC) address; wherein the first source medium access control address, the first destination medium access control location The address, the second source medium access control address, and the second destination medium access control address are different from each other.
在该技术方案中, 通信装置可以是手机或是平板, 也可以是路由器等 设备, 消息生成模块可以是通信装置中数据处理的芯片模块, 而数据交互 模块则相当于信号收发装置以及天线等。 比如对于两个需要建立网络连接 的通信装置, 具体比: ¾口该网终为 NAN ( neighbor awareness networking, 邻 居感知网络) , 则当两个通信装置初始建立网络的时候, 分别采用的是 MAC 1A地址和 MAC IB地址; 但由于在入网过程中, MAC 1A地址和 MAC IB 地址对于第三方来说是透明的, MAC 地址 4艮容易被第三方所获 得从而对整个网络进行攻击或是对单个通信装置进行攻击, 因此, 在网络 建立成功后, 两个通信装置可以通过协商, 各自更新 MAC 地址, 比如第 一通信装置将 MAC 1A 地址切更换为 MAC 2A 地址, 第二通信装置将 MAC IB 地址更换为 MAC 2B 地址, 对于通信的双方来说, 更新后的 MAC 地址可以封装在第二消息帧及其响应消息帧中通知给对方, 更新后 的 MAC地址用于后续的通信, 防止了第三方利用 MAC地址进行追踪和 攻击, 从而有效地提升通信的安全性。 In this technical solution, the communication device may be a mobile phone or a tablet, or may be a device such as a router. The message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna. For example, for two communication devices that need to establish a network connection, the specific ratio is: N⁄4 port is NAN (neighbor awareness networking), when two communication devices initially establish a network, respectively, MAC 1A is adopted. Address and MAC IB address; but since the MAC 1A address and the MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device performs an attack. Therefore, after the network is successfully established, the two communication devices can update the MAC address by negotiation, for example, the first communication device switches the MAC 1A address to the MAC 2A address, and the second communication device will The MAC IB address is replaced with a MAC 2B address. For both parties to the communication, the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing The third party uses the MAC address for tracking and attack, thereby effectively improving the security of the communication.
在上述技术方案中, 优选地, 所述第一消息帧、 所述第二消息帧及所 述第三消息帧为管理消息帧、 动作消息帧、 控制消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧及所述第三消息帧的类型相同或不同。 在该技术方案中, 当第一消息帧或第二消息帧为管理消息帧时, 其帧控制 域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "001000" 来标识频段切换消息帧为管理消息帧; 当第一消息帧或第二消 息帧为动作消息帧或控制消息帧时, 其帧控制域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "010110" 来标识频段切 换消息帧为动作消息帧或控制消息帧, 具体地在本方案中, 由于第一消息 帧是发生在初始建立网络的过程中, 一般来说第一消息帧为管理消息帧或 是动作消息帧, 第二消息帧以及第三消息帧发生在初始网络建立之后, 对 于通信的双方来说都已经知道了后续的会话密钥, 那么第二消息帧和第三 消息帧可以是管理消息帧、 动作消息帧或数据帧。  In the foregoing technical solution, the first message frame, the second message frame, and the third message frame are a management message frame, an action message frame, a control message frame, or a data frame, where The types of a message frame, the second message frame, and the third message frame are the same or different. In this technical solution, when the first message frame or the second message frame is a management message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band. The switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame. Specifically, in this solution, since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message. The frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
在上述技术方案中, 优选地, 当所述第一消息帧、 所述第二消息帧或 所述第三消息帧为管理消息帧或动作消息帧时, 所述第一消息帧、 所述第 二消息帧或所述第三消息帧具体为: 探测响应帧、 关联请求帧、 关联响应 帧、 重关联请求帧、 重关联响应帧、 认证帧、 重认证帧、 设备发现消息帧 或服务发现消息帧。 在该技术方案中, 手机或平板等可以通过发送关联请 求帧、 重关联请求帧等类型的消息帧与其他通信装置进行消息交互, 以切 换 MAC 地址; 对于路由器等可以通过发送探测响应帧、 关联响应帧、 重 关联响应帧等类型的消息帧与其他通信装置进行消息交互, 且在这些消息 帧中封装自己所更新的 MAC 地址, 通知对方, 譬如在服务发现消息帧 中, 可以在服务发现消息帧的帧体部分的某个秩序域上封装自己所更新的 MAC地址来通知对方。  In the above technical solution, preferably, when the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame, the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame. In this technical solution, the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is The message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
在上述技术方案中, 优选地, 还包括: 与所述第一消息帧的接收方至 少利用所述第一源媒介访问控制地址和所述第一目的媒介访问控制地址协 商会话密钥; 以及利用所述会话密钥加密所述第二消息帧或所述第三消息 帧中的所述第二源媒介访问控制地址。 在该技术方案中, 通信双方在建立 网络连接且双方已经协商了会话密钥, 利用该会话密钥加密第二源媒介访 问控制 (MAC ) 地址且将其封装在第二消息帧或第三消息帧的帧体部 分, 其中第二消息帧的源地址以及目的地址分别为第一源媒介访问控制地 址和第一目的媒介访问控制地址。 In the above technical solution, preferably, the method further includes: receiving the first message frame to Reusing the first source medium access control address and the first destination medium access control address to negotiate a session key; and encrypting the second message frame or the third message frame with the session key The second source medium access control address. In the technical solution, the communication parties establish a network connection and the two parties have negotiated a session key, and the second source medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message. a frame body portion of the frame, wherein the source address and the destination address of the second message frame are a first source medium access control address and a first destination medium access control address, respectively.
在上述技术方案中, 优选地, 所述第一消息帧中还包括第一功能标识 位, 所述第一功能标识位表示所述第一消息帧的发送方支持多媒介访问控 制地址操作功能; 以及所述无线通信方法还包括: 接收所述第一消息帧的 响应消息帧, 所述响应消息帧中包括第二功能标识位, 所述第二功能标识 位表示所述响应消息帧的发送方支持多媒介访问控制地址操作功能。 在该 技术方案中, 通过设置功能标识位, 使得通信装置在监听到相同网络下的 其他通信装置发送的消息帧时, 可以了解到其支持多媒介访问控制地址操 作功能, 具体的通信双方可以在第一消息帧和第一消息帧的响应消, 帧的 帧体部分携带能力标识信息元素或是在 MAC 帧头中的位来表示双方支持 多 MAC 地址的操作功能, 具体的譬如第一消息帧为服务发现消息帧, 那 么可在服务发现消息帧的帧体秩序域一中封装多 MAC 地址能力标识信息 元素或是在其它秩序域的位置, 当然也可以用 MAC 帧头中的保留位来表 示其支持多 MAC 地址操作功能。 当然第一消息帧不限于服务发现消息 帧, 也可以是其它的管理消息帧或是动作消息帧, 这里不再赘述。  In the foregoing technical solution, the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the wireless communication method further includes: receiving a response message frame of the first message frame, the response message frame includes a second function identifier bit, and the second function identifier bit indicates a sender of the response message frame Support multi-media access control address operation function. In the technical solution, by setting the function identification bit, when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can The response of the first message frame and the first message frame is cancelled, and the frame body part of the frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, such as the first message frame. To discover the message frame for the service, the MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame, and may also be represented by a reserved bit in the MAC frame header. It supports multiple MAC address manipulation functions. Of course, the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, which are not described here.
本发明还提出了一种通信装置, 包括: 消息生成模块, 根据数据交互 模块接收到的第二消息帧, 生成所述第二消息帧的响应消息帧, 其中, 所 述第二消息帧至少包含第二源媒介访问控制地址, 所述第二消息帧的响应 消息帧至少包含第二目的媒介访问控制地址; 所述数据交互模块, 在第一 时间点接收第一消息帧, 所述第一消息帧至少包含第一源媒介访问控制 ( MAC ) 地址和第一目的媒介访问控制 ( MAC ) 地址, 在所述第一时间 点之后接收所述第二消息帧并发送所述第二消息帧的响应帧, 及在第二时 间点接收第三消息帧, 所述第三消息帧至少包含所述第二源媒介访问控制 ( MAC ) 地址和所述第二目的媒介访问控制 (MAC ) 地址; 其中, 所述 第一源媒介访问控制地址、 所述第一目的媒介访问控制地址、 所述第二源 媒介访问控制地址和所述第二目的媒介访问控制地址互不相同。 The present invention further provides a communication device, including: a message generating module, configured to generate a response message frame of the second message frame according to the second message frame received by the data interaction module, where the second message frame includes at least The second source medium access control address, the response message frame of the second message frame includes at least a second destination medium access control address, and the data interaction module receives the first message frame at the first time point, the first message The frame includes at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address, after receiving the second message frame and transmitting a response of the second message frame after the first time point a frame, and receiving a third message frame at a second time point, the third message frame including at least the second source medium access control a (MAC) address and the second destination medium access control (MAC) address; wherein the first source medium access control address, the first destination medium access control address, the second source medium access control address, and The second destination medium access control addresses are different from each other.
在该技术方案中, 通信装置可以是手机或是平板, 也可以是路由器等 设备, 消息生成模块可以是通信装置中数据处理的芯片模块, 而数据交互 模块则相当于信号收发装置以及天线等。 比如对于两个需要建立网络连接 的通信装置, 具体比: ¾口该网终为 NAN ( neighbor awareness networking, 邻 居感知网络) , 则当两个通信装置初始建立网络的时候, 分别采用的是 MAC 1A地址和 MAC IB地址; 但由于在入网过程中, MAC 1A地址和 MAC IB 地址对于第三方来说是透明的, MAC 地址 4艮容易被第三方所获 得从而对整个网络进行攻击或是对单个通信装置进行攻击, 因此, 在网络 建立成功后, 两个通信装置可以通过协商, 各自更新 MAC 地址, 比如第 一通信装置将 MAC 1A 地址切更换为 MAC 2A 地址, 第二通信装置将 MAC IB 地址更换为 MAC 2B 地址, 对于通信的双方来说, 更新后的 MAC 地址可以封装在第二消息帧及其响应消息帧中通知给对方, 更新后 的 MAC地址用于后续的通信, 防止了第三方利用 MAC地址进行追踪和 攻击, 从而有效地提升通信的安全性。  In this technical solution, the communication device may be a mobile phone or a tablet, or may be a device such as a router. The message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna. For example, for two communication devices that need to establish a network connection, the specific ratio is: N⁄4 port is NAN (neighbor awareness networking), when two communication devices initially establish a network, respectively, MAC 1A is adopted. Address and MAC IB address; but since the MAC 1A address and the MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks. Therefore, after the network is successfully established, the two communication devices can update the MAC address by negotiation. For example, the first communication device replaces the MAC 1A address with the MAC 2A address, and the second communication device replaces the MAC IB address. For the MAC 2B address, for both parties to the communication, the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization. The MAC address is tracked and attacked, thereby effectively improving the security of the communication.
在上述技术方案中, 优选地, 所述第一消息帧、 所述第二消息帧或所 述第三消息帧为管理消息帧、 动作消息帧、 控制消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧或所述第三消息帧的类型相同或不同。 在该技术方案中, 当第一消息帧或第二消息帧为管理消息帧时, 其帧控制 域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 In the foregoing technical solution, the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different. In this technical solution, when the first message frame or the second message frame is a management message frame, the joint type of the frame control domain type Type and the subtype Subtype is used to identify the type of the frame, for example,
"001000" 来标识频段切换消息帧为管理消息帧; 当第一消息帧或第二消 息帧为动作消息帧或控制消息帧时, 其帧控制域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "010110" 来标识频段切 换消息帧为动作消息帧或控制消息帧, 具体地在本方案中, 由于第一消息 帧是发生在初始建立网络的过程中, 一般来说第一消息帧为管理消息帧或 是动作消息帧, 第二消息帧以及第三消息帧发生在初始网络建立之后, 对 于通信的双方来说都已经知道了后续的会话密钥, 那么第二消息帧和第三 消息帧可以是管理消息帧、 动作消息帧或数据帧。 "001000" is used to identify the band switching message frame as a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame control field type Type and the subtype Subtype is used to identify The type of the frame, for example, "010110" can be used to identify the band switching message frame as an action message frame or a control message frame. Specifically, in this solution, since the first message frame occurs in the process of initially establishing the network, generally A message frame is a management message frame or an action message frame, and the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame And third A message frame can be a management message frame, an action message frame, or a data frame.
在上述技术方案中, 优选地, 当所述第一消息帧、 所述第二消息帧或 所述第三消息帧为管理消息帧或动作消息帧时, 所述第一消息帧、 所述第 二消息帧或所述第三消息帧具体为: 探测响应帧、 关联请求帧、 关联响应 帧、 重关联请求帧、 重关联响应帧、 认证帧、 重认证帧、 设备发现消息帧 或服务发现消息帧。 在该技术方案中, 手机或平板等可以通过发送关联请 求帧、 重关联请求帧等类型的消息帧与其他通信装置进行消息交互, 以切 换 MAC 地址; 对于路由器等可以通过发送探测响应帧、 关联响应帧、 重 关联响应帧等类型的消息帧与其他通信装置进行消息交互, 且在这些消息 帧中封装自己所更新的 MAC 地址, 通知对方, 譬如在服务发现消息帧 中, 可以在服务发现消息帧的帧体部分的某个秩序域上封装自己所更新的 MAC地址来通知对方。  In the above technical solution, preferably, when the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame, the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame. In this technical solution, the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is The message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
在上述技术方案中, 优选地, 还包括: 处理模块, 与所述第一消息帧 的发送方至少利用所述第一源媒介访问控制地址和所述第一目的媒介访问 控制地址协商会话密钥, 并利用所述会话密钥加密所述第二消息帧的响应 消息帧中的所述第二目的媒介访问控制地址。 在该技术方案中, 通信双方 在建立网络连接且双方已经协商了会话密钥, 利用该会话密钥加密第二目 的媒介访问控制 (MAC ) 地址且将其封装在第二消息帧的响应消息帧的 帧体部分, 其中第二消息帧响应消息帧的源地址以及目的地址分别为第一 源媒介访问控制地址和第一目的媒介访问控制地址。  In the above technical solution, preferably, the method further includes: a processing module, and the sender of the first message frame negotiates the session key by using at least the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second destination medium access control address in the response message frame of the second message frame. In the technical solution, the communication parties establish a network connection and the two parties have negotiated a session key, and the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the response message frame of the second message frame. The frame body part, wherein the source address and the destination address of the second message frame response message frame are a first source medium access control address and a first destination medium access control address, respectively.
在上述技术方案中, 优选地, 所述第一消息帧中还包括第一功能标识 位, 所述第一功能标识位表示所述第一消息帧的发送方支持多媒介访问控 制地址操作功能; 以及所述第一消息帧的响应消息帧中还包括第二功能标 识位, 所述第二功能标识位表示所述通信装置支持多媒介访问控制地址操 作功能。 在该技术方案中, 通过设置功能标识位, 使得通信装置在监听到 相同网络下的其他通信装置发送的消息帧时, 可以了解到其支持多媒介访 问控制地址操作功能, 具体的通信双方可以在第一消息帧和第一消息帧的 响应消息帧的帧体部分携带能力标识信息元素或是在 MAC 帧头中的位来 表示双方支持多 MAC 地址的操作功能, 具体的譬如第一消息帧为服务发 现消息帧, 那么可在服务发现消息帧的帧体秩序域一中封装多 MAC 地址 能力标识信息元素或是在其它秩序域的位置, 当然也可以用 MAC 帧头中 的保留位来表示其支持多 MAC 地址操作功能。 当然第一消息帧不限于服 务发现消息帧, 也可以是其它的管理消息帧或是动作消息帧, 这里不再赘 述。 In the foregoing technical solution, the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier bit is further included in the response message frame of the first message frame, where the second function flag indicates that the communication device supports the multi-media access control address operation function. In the technical solution, by setting the function identification bit, when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can The frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is Service Now the message frame, then the MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame. Of course, the reserved bits in the MAC frame header may also be used to indicate its support. Multiple MAC address manipulation features. Of course, the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
本发明还提出了一种无线通信方法, 包括: 在第一时间点接收第一消 息帧, 所述第一消息帧至少包含第一源媒介访问控制 (MAC ) 地址和第 一目的媒介访问控制 (MAC ) 地址; 在所述第一时间点之后, 还包括: 从所述第一消息帧的发送方接收第二消息帧, 并向所述第一消息帧的发送 方发送所述第二消息帧的响应消息帧, 其中, 所述第二消息帧至少包含所 述第二源媒介访问控制 (MAC ) 地址, 及所述第二消息帧的响应消息帧 至少包含第二目的媒介访问控制地址; 在第二时间点接收第三消息帧, 所 述第三消息帧至少包含所述第二源媒介访问控制 (MAC ) 地址和所述第 二目的媒介访问控制 (MAC ) 地址; 其中, 所述第一源媒介访问控制地 址、 所述第一目的媒介访问控制地址、 所述第二源媒介访问控制地址和所 述第二目的媒介访问控制地址互不相同。  The present invention also provides a wireless communication method, comprising: receiving a first message frame at a first time point, the first message frame including at least a first source medium access control (MAC) address and a first destination medium access control ( MAC address; after the first time point, further comprising: receiving a second message frame from a sender of the first message frame, and sending the second message frame to a sender of the first message frame a response message frame, wherein the second message frame includes at least the second source medium access control (MAC) address, and the response message frame of the second message frame includes at least a second destination medium access control address; Receiving, by the second time point, a third message frame, where the third message frame includes at least the second source medium access control (MAC) address and the second destination medium access control (MAC) address; wherein, the first The source medium access control address, the first destination medium access control address, the second source medium access control address, and the second destination medium access control address are not mutually The same.
在该技术方案中, 通信装置可以是手机或是平板, 也可以是路由器等 设备, 消息生成模块可以是通信装置中数据处理的芯片模块, 而数据交互 模块则相当于信号收发装置以及天线等。 比如对于两个需要建立网络连接 的通信装置, 具体比: ¾口该网终为 NAN ( neighbor awareness networking, 邻 居感知网络) , 则当两个通信装置初始建立网络的时候, 分别采用的是 MAC 1A地址和 MAC IB地址; 但由于在入网过程中, MAC 1A地址和 MAC IB 地址对于第三方来说是透明的, MAC 地址 4艮容易被第三方所获 得从而对整个网络进行攻击或是对单个通信装置进行攻击, 因此, 在网络 建立成功后, 两个通信装置可以通过协商, 各自更新 MAC 地址, 比如第 一通信装置将 MAC 1A 地址切更换为 MAC 2A 地址, 第二通信装置将 MAC IB 地址更换为 MAC 2B 地址, 对于通信的双方来说, 更新后的 MAC 地址可以封装在第二消息帧及其响应消息帧中通知给对方, 更新后 的 MAC地址用于后续的通信, 防止了第三方利用 MAC地址进行追踪和 攻击, 从而有效地提升通信的安全性。 In this technical solution, the communication device may be a mobile phone or a tablet, or may be a device such as a router. The message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna. For example, for two communication devices that need to establish a network connection, the specific ratio is: N⁄4 port is NAN (neighbor awareness networking), when two communication devices initially establish a network, respectively, MAC 1A is adopted. Address and MAC IB address; but since the MAC 1A address and the MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks. Therefore, after the network is successfully established, the two communication devices can update the MAC address by negotiation. For example, the first communication device replaces the MAC 1A address with the MAC 2A address, and the second communication device replaces the MAC IB address. For the MAC 2B address, for both parties to the communication, the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization. MAC address tracking and Attack, which effectively improves the security of communication.
在上述技术方案中, 优选地, 所述第一消息帧、 所述第二消息帧或所 述第三消息帧为管理消息帧、 动作消息帧、 控制消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧或所述第三消息帧的类型相同或不同。 在该技术方案中, 当第一消息帧或第二消息帧为管理消息帧时, 其帧控制 域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "001000" 来标识频段切换消息帧为管理消息帧; 当第一消息帧或第二消 息帧为动作消息帧或控制消息帧时, 其帧控制域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "010110" 来标识频段切 换消息帧为动作消息帧或控制消息帧, 具体地在本方案中, 由于第一消息 帧是发生在初始建立网络的过程中, 一般来说第一消息帧为管理消息帧或 是动作消息帧, 第二消息帧以及第三消息帧发生在初始网络建立之后, 对 于通信的双方来说都已经知道了后续的会话密钥, 那么第二消息帧和第三 消息帧可以是管理消息帧、 动作消息帧或数据帧。  In the foregoing technical solution, the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different. In this technical solution, when the first message frame or the second message frame is a management message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band. The switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame. Specifically, in this solution, since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message. The frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
在上述技术方案中, 优选地, 当所述第一消息帧、 所述第二消息帧或 所述第三消息帧为管理消息帧或动作消息帧时, 所述第一消息帧、 所述第 二消息帧或所述第三消息帧具体为: 探测响应帧、 关联请求帧、 关联响应 帧、 重关联请求帧、 重关联响应帧、 认证帧、 重认证帧、 设备发现消息帧 或服务发现消息帧。 在该技术方案中, 手机或平板等可以通过发送关联请 求帧、 重关联请求帧等类型的消息帧与其他通信装置进行消息交互, 以切 换 MAC 地址; 对于路由器等可以通过发送探测响应帧、 关联响应帧、 重 关联响应帧等类型的消息帧与其他通信装置进行消息交互, 且在这些消息 帧中封装自己所更新的 MAC 地址, 通知对方, 譬如在服务发现消息帧 中, 可以在服务发现消息帧的帧体部分的某个秩序域上封装自己所更新的 MAC地址来通知对方。  In the above technical solution, preferably, when the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame, the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame. In this technical solution, the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is The message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
在上述技术方案中, 优选地, 还包括: 与所述第一消息帧的发送方至 少利用所述第一源媒介访问控制地址和所述第一目的媒介访问控制地址协 商会话密钥; 以及利用所述会话密钥加密所述第二消息帧的响应消息帧中 的所述第二目的媒介访问控制地址。 在该技术方案中, 通信双方在建立网 络连接且双方已经协商了会话密钥, 利用该会话密钥加密第二目的媒介访 问控制 (MAC ) 地址且将其封装在第二消息帧的响应消息帧的帧体部 分, 其中第二消息帧响应消息帧的源地址以及目的地址分别为第一源媒介 访问控制地址和第一目的媒介访问控制地址。 In the above technical solution, preferably, the method further includes: negotiating a session key with the first source medium access control address and the first destination medium access control address with the sender of the first message frame; The session key encrypts the second destination medium access control address in the response message frame of the second message frame. In this technical solution, the two parties in the communication are establishing a network. The network connection and the parties have negotiated a session key, the second destination medium access control (MAC) address is encrypted with the session key and encapsulated in the frame body portion of the response message frame of the second message frame, wherein the second message frame The source address and the destination address of the response message frame are the first source medium access control address and the first destination medium access control address, respectively.
在上述技术方案中, 优选地, 所述第一消息帧中还包括第一功能标识 位, 所述第一功能标识位表示所述第一消息帧的发送方支持多媒介访问控 制地址操作功能; 以及所述第一消息帧的响应消息帧中包括第二功能标识 位, 所述第二功能标识位表示所述响应消息帧的发送方支持多媒介访问控 制地址操作功能。 在该技术方案中, 通过设置功能标识位, 使得通信装置 在监听到相同网络下的其他通信装置发送的消息帧时, 可以了解到其支持 多媒介访问控制地址操作功能, 具体的通信双方可以在第一消息帧和第一 消息帧的响应消息帧的帧体部分携带能力标识信息元素或是在 MAC 帧头 中的位来表示双方支持多 MAC 地址的操作功能, 具体的譬如第一消息帧 为服务发现消息帧, 那么可在服务发现消息帧的帧体秩序域一中封装多 MAC 地址能力标识信息元素或是在其它秩序域的位置, 当然也可以用 MAC 帧头中的保留位来表示其支持多 MAC 地址操作功能。 当然第一消 息帧不限于服务发现消息帧, 也可以是其它的管理消息帧或是动作消息 帧, 这里不再赘述。  In the foregoing technical solution, the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier bit is included in the response message frame of the first message frame, where the second function identifier bit indicates that the sender of the response message frame supports the multi-media access control address operation function. In the technical solution, by setting the function identification bit, when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can The frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is The service discovery message frame, then the MAC address capability identification information element or the location of other order domains may be encapsulated in the frame body domain 1 of the service discovery message frame. Of course, the reserved bits in the MAC frame header may also be used to represent the message frame. Support for multiple MAC address operation functions. Of course, the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, which are not described here.
通过以上技术方案, 可以使得通信双方能够在不同时刻采用不同的媒 介访问控制地址, 从而提高通信安全性。 附图说明  Through the above technical solution, the communication parties can use different media access control addresses at different times, thereby improving communication security. DRAWINGS
图 1示出了根据本发明的一个实施例的通信装置的框图;  Figure 1 shows a block diagram of a communication device in accordance with one embodiment of the present invention;
图 2示出了根据本发明的一个实施例的无线通信方法的流程图; 图 3示出了根据本发明的另一个实施例的通信装置的框图;  2 shows a flow chart of a wireless communication method in accordance with one embodiment of the present invention; FIG. 3 shows a block diagram of a communication device in accordance with another embodiment of the present invention;
图 4示出了根据本发明的另一个实施例的无线通信方法的流程图; 图 5示出了根据本发明的实施例的切换媒介访问控制地址的具体流程 图 6是图 5所示实施例中的 Ml信令的结构示意图;  4 is a flow chart showing a wireless communication method according to another embodiment of the present invention. FIG. 5 is a flowchart showing an embodiment of the switching medium access control address according to an embodiment of the present invention. Schematic diagram of the M1 signaling in the medium;
图 7是图 5所示实施例中的 M2信令的结构示意图。 具体实施方式 FIG. 7 is a schematic structural diagram of M2 signaling in the embodiment shown in FIG. 5. detailed description
为了能够更清楚地理解本发明的上述目的、 特征和优点, 下面结合附 图和具体实施方式对本发明进行进一步的详细描述。 需要说明的是, 在不 沖突的情况下, 本申请的实施例及实施例中的特征可以相互组合。  The above described objects, features and advantages of the present invention will be more fully understood from the following detailed description. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments of the present application may be combined with each other.
在下面的描述中阐述了很多具体细节以便于充分理解本发明, 但是, 本发明还可以采用其他不同于在此描述的其他方式来实施, 因此, 本发明 的保护范围并不受下面公开的具体实施例的限制。  In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the invention may be practiced otherwise than as described herein. Limitations of the embodiments.
图 1示出了根据本发明的一个实施例的通信装置的框图。  Figure 1 shows a block diagram of a communication device in accordance with one embodiment of the present invention.
如图 1 所示, 根据本发明的一个实施例的通信装置 100, 包括: 消息 生成模块 102 , 生成第一消息帧, 所述第一消息帧至少包含第一源媒介访 问控制 ( MAC ) 地址和第一目的媒介访问控制 ( MAC ) 地址, 生成第二 消息帧, 所述第二消息帧至少包含第二源媒介访问控制 (MAC ) 地址, 以及根据数据交互模块 104 接收到的第二目的媒介访问控制 (MAC ) 地 址生成第三消息帧, 所述第三消息帧至少包含第二源媒介访问控制 ( MAC ) 地址和所述第二目的媒介访问控制 (MAC ) 地址; 所述数据交 互模块 104, 在第一时间点发送所述第一消息帧, 在所述第一时间点之后 发送所述第二消息帧及接收所述第二消息帧的响应消息帧, 并在第二时间 点发送所述第三消息帧, 所述第二消息帧的响应消息帧至少包含所述第二 目的媒介访问控制 (MAC ) 地址; 其中, 所述第一源媒介访问控制地 址、 所述第一目的媒介访问控制地址、 所述第二源媒介访问控制地址和所 述第二目的媒介访问控制地址互不相同。  As shown in FIG. 1, a communication device 100 according to an embodiment of the present invention includes: a message generating module 102, generating a first message frame, where the first message frame includes at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address, generating a second message frame, the second message frame including at least a second source medium access control (MAC) address, and a second destination medium access according to the data interaction module 104 The control (MAC) address generates a third message frame, the third message frame including at least a second source medium access control (MAC) address and the second destination medium access control (MAC) address; the data interaction module 104, Transmitting the first message frame at a first time point, transmitting the second message frame and receiving a response message frame of the second message frame after the first time point, and sending the message frame at a second time point a third message frame, the response message frame of the second message frame includes at least the second destination medium access control (MAC) address; wherein, the first Media Access Control address, a media access control address of the first object, the second source media access control address and said second media access control address of the object are different.
在该技术方案中, 通信装置 100可以是手机或是平板, 也可以是路由 器等设备, 消息生成模块 102可以是通信装置中数据处理的芯片模块, 而 数据交互模块 104则相当于信号收发装置以及天线等。 比如对于两个需要 建立网络连接的通信装置, 具体比如该网络为 NAN ( neighbor awareness networking, 邻居感知网络) , 则当两个通信装置初始建立网络的时候, 分别采用的是 MAC 1A 地址和 MAC IB 地址; 但由于在入网过程中, MAC 1A地址和 MAC IB地址对于第三方来说是透明的 MAC地址 4艮容易 被第三方所获得从而对整个网络进行攻击或是对单个通信装置进行攻击, 因此, 在网络建立成功后, 两个通信装置可以通过协商, 各自更新 MAC 地址, 比如第一通信装置将 MAC 1A地址切更换为 MAC 2A地址, 第二 通信装置将 MAC IB地址更换为 MAC 2B地址, 对于通信的双方来说, 更新后的 MAC 地址可以封装在第二消息帧及其响应消息帧中通知给对 方, 更新后的 MAC地址用于后续的通信, 防止了第三方利用 MAC地址 进行追踪和攻击, 从而有效地提升通信的安全性。 In this technical solution, the communication device 100 may be a mobile phone or a tablet, or may be a device such as a router, the message generation module 102 may be a chip module for data processing in the communication device, and the data interaction module 104 is equivalent to a signal transceiver device and Antennas, etc. For example, for two communication devices that need to establish a network connection, for example, the network is a neighboring awareness network (NAN), when the two communication devices initially establish a network, the MAC 1A address and the MAC IB are respectively adopted. Address; however, because during the network access process, the MAC 1A address and the MAC IB address are transparent to the third party, and the MAC address is easily obtained by a third party to attack the entire network or attack a single communication device. Therefore, after the network is successfully established, the two communication devices can update the MAC address by negotiation, for example, the first communication device replaces the MAC 1A address with the MAC 2A address, and the second communication device replaces the MAC IB address with the MAC 2B address. For both sides of the communication, the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing the third party from using the MAC address for tracking. And attacks, thereby effectively improving the security of communication.
在上述技术方案中, 优选地, 所述第一消息帧、 所述第二消息帧或所 述第三消息帧为管理消息帧、 动作消息帧、 控制消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧或所述第三消息帧的类型相同或不同。 在该技术方案中, 当第一消息帧或第二消息帧为管理消息帧时, 其帧控制 域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "001000" 来标识频段切换消息帧为管理消息帧; 当第一消息帧或第二消 息帧为动作消息帧或控制消息帧时, 其帧控制域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "010110" 来标识频段切 换消息帧为动作消息帧或控制消息帧, 具体地在本方案中, 由于第一消息 帧是发生在初始建立网络的过程中, 一般来说第一消息帧为管理消息帧或 是动作消息帧, 第二消息帧以及第三消息帧发生在初始网络建立之后, 对 于通信的双方来说都已经知道了后续的会话密钥, 那么第二消息帧和第三 消息帧可以是管理消息帧、 动作消息帧或数据帧。  In the foregoing technical solution, the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different. In this technical solution, when the first message frame or the second message frame is a management message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band. The switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame. Specifically, in this solution, since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message. The frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
在上述技术方案中, 优选地, 当所述第一消息帧、 所述第二消息帧或 所述第三消息帧为管理消息帧或动作消息帧时, 所述第一消息帧、 所述第 二消息帧或所述第三消息帧具体为: 探测响应帧、 关联请求帧、 关联响应 帧、 重关联请求帧、 重关联响应帧、 认证帧、 重认证帧、 设备发现消息帧 或服务发现消息帧。 在该技术方案中, 手机或平板等可以通过发送关联请 求帧、 重关联请求帧等类型的消息帧与其他通信装置进行消息交互, 以切 换 MAC 地址; 对于路由器等可以通过发送探测响应帧、 关联响应帧、 重 关联响应帧等类型的消息帧与其他通信装置进行消息交互, 且在这些消息 帧中封装自己所更新的 MAC 地址, 通知对方, 譬如在服务发现消息帧 中, 可以在服务发现消息帧的帧体部分的某个秩序域上封装自己所更新的 MAC地址来通知对方。 In the above technical solution, preferably, when the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame, the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame. In this technical solution, the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is The message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be Encapsulating the updated content of a certain order domain of the frame body portion of the frame The MAC address is used to notify the other party.
在上述技术方案中, 优选地, 还包括: 处理模块 106, 与所述第一消 息帧的接收方至少利用所述第一源媒介访问控制地址和所述第一目的媒介 访问控制地址协商会话密钥, 并利用所述会话密钥加密所述第二消息帧或 所述第三消息帧中的所述第二源媒介访问控制地址。 在该技术方案中, 通 信双方在建立网络连接且双方已经协商了会话密钥, 利用该会话密钥加密 第二源媒介访问控制 (MAC ) 地址且将其封装在第二消息帧或第三消息 帧的帧体部分, 其中第二消息帧源地址以及目的地址分别为第一源媒介访 问控制地址和第一目的媒介访问控制地址。  In the above technical solution, preferably, the method further includes: the processing module 106, and the receiver of the first message frame negotiates the session secret with the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second source medium access control address in the second message frame or the third message frame. In the technical solution, the communication parties establish a network connection and the two parties have negotiated a session key, and the second source medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message. a frame body portion of the frame, wherein the second message frame source address and the destination address are a first source medium access control address and a first destination medium access control address, respectively.
在上述技术方案中, 优选地, 所述第一消息帧中还包括第一功能标识 位, 所述第一功能标识位表示所述通信装置 100支持多媒介访问控制地址 操作功能; 以及所述数据交互模块还接收所述第一消息帧的响应消息帧, 所述响应消息帧中包括第二功能标识位, 所述第二功能标识位表示所述响 应消息帧的发送方支持多媒介访问控制地址操作功能。 在该技术方案中, 通过设置功能标识位, 使得通信装置在监听到相同网络下的其他通信装置 发送的消息帧时, 可以了解到其支持多媒介访问控制地址操作功能, 具体 的通信双方可以在第一消息帧和第一消 , 帧的响应消, 帧的帧体部分携带 能力标识信息元素或是在 MAC 帧头中的位来表示双方支持多 MAC地址 的操作功能, 具体的譬如第一消息帧为服务发现消息帧, 那么可在服务发 现消息帧的帧体秩序域一中封装多 MAC 地址能力标识信息元素或是在其 它秩序域的位置, 当然也可以用 MAC 帧头中的保留位来表示其支持多 MAC 地址操作功能。 当然第一消息帧不限于服务发现消息帧, 也可以是 其它的管理消息帧或是动作消息帧, 这里不再赘述。  In the above technical solution, preferably, the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the communication device 100 supports a multi-media access control address operation function; and the data The interaction module further receives a response message frame of the first message frame, where the response message frame includes a second function identifier bit, where the second function identifier bit indicates that the sender of the response message frame supports the multi-media access control address Operational function. In the technical solution, by setting the function identification bit, when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can The first message frame and the first frame, the response of the frame is cancelled, and the frame body part of the frame carries the capability identification information element or the bit in the MAC frame header to indicate the operation function of both sides supporting multiple MAC addresses, such as the first message. If the frame is a service discovery message frame, then the multiple MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame. Of course, the reserved bits in the MAC frame header may also be used. Indicates that it supports multiple MAC address manipulation functions. Of course, the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
图 2示出了根据本发明的一个实施例的无线通信方法的流程图。  2 shows a flow chart of a method of wireless communication in accordance with one embodiment of the present invention.
如图 2所示, 根据本发明的一个实施例的无线通信方法, 包括: 步骤 202 , 生成第一消息帧, 并在第一时间点发送所述第一消息帧, 所述第一 消息帧至少包含第一源媒介访问控制 (MAC ) 地址和第一目的媒介访问 控制 (MAC ) 地址; 在所述第一时间点之后, 还包括: 步骤 204, 生成第 二消息帧, 向所述第一消息帧的接收方发送所述第二消息帧, 所述第二消 息帧至少包含第二源媒介访问控制地址, 及从所述第一消息帧的接收方接 收所述第二消息帧的响应消息帧, 所述第二消息帧的响应消息帧至少包含 第二目的媒介访问控制地址; 步骤 206, 生成第三消息帧, 在第二时间点 向所述第一消息帧的接收方发送第三消息帧, 所述第三消息帧至少包含所 述第二源媒介访问控制 ( MAC ) 地址和所述第二目的媒介访问控制As shown in FIG. 2, the wireless communication method according to an embodiment of the present invention includes: Step 202: Generate a first message frame, and send the first message frame at a first time point, where the first message frame is at least The first source medium access control (MAC) address and the first destination medium access control (MAC) address are included; after the first time point, the method further includes: Step 204: Generate a second message frame, to the first message Receiving, by the receiver of the frame, the second message frame, the second The information frame includes at least a second source medium access control address, and receives a response message frame of the second message frame from a receiver of the first message frame, where the response message frame of the second message frame includes at least a second destination a medium access control address; Step 206: Generate a third message frame, and send a third message frame to the receiver of the first message frame at a second time point, where the third message frame includes at least the second source medium access Control (MAC) address and the second destination medium access control
( MAC ) 地址; 其中, 所述第一源媒介访问控制地址、 所述第一目的媒 介访问控制地址、 所述第二源媒介访问控制地址和所述第二目的媒介访问 控制地址互不相同。 (MAC) address; wherein the first source medium access control address, the first destination medium access control address, the second source medium access control address, and the second destination medium access control address are different from each other.
在该技术方案中, 通信装置可以是手机或是平板, 也可以是路由器等 设备, 消息生成模块可以是通信装置中数据处理的芯片模块, 而数据交互 模块则相当于信号收发装置以及天线等。 比如对于两个需要建立网络连接 的通信装置, 具体比: ¾口该网终为 NAN ( neighbor awareness networking, 邻 居感知网络) , 则当两个通信装置初始建立网络的时候, 分别采用的是 MAC 1A地址和 MAC IB地址; 但由于在入网过程中, MAC 1A地址和 MAC IB 地址对于第三方来说是透明的, MAC 地址 4艮容易被第三方所获 得从而对整个网络进行攻击或是对单个通信装置进行攻击, 因此, 在网络 建立成功后, 两个通信装置可以通过协商, 各自更新 MAC 地址, 比如第 一通信装置将 MAC 1A 地址切更换为 MAC 2A 地址, 第二通信装置将 MAC IB 地址更换为 MAC 2B 地址, 对于通信的双方来说, 更新后的 MAC 地址可以封装在第二消息帧及其响应消息帧中通知给对方, 更新后 的 MAC地址用于后续的通信, 防止了第三方利用 MAC地址进行追踪和 攻击, 从而有效地提升通信的安全性。  In this technical solution, the communication device may be a mobile phone or a tablet, or may be a device such as a router. The message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna. For example, for two communication devices that need to establish a network connection, the specific ratio is: N⁄4 port is NAN (neighbor awareness networking), when two communication devices initially establish a network, respectively, MAC 1A is adopted. Address and MAC IB address; but since the MAC 1A address and the MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks. Therefore, after the network is successfully established, the two communication devices can update the MAC address by negotiation. For example, the first communication device replaces the MAC 1A address with the MAC 2A address, and the second communication device replaces the MAC IB address. For the MAC 2B address, for both parties to the communication, the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization. The MAC address is tracked and attacked, thereby effectively improving the security of the communication.
在上述技术方案中, 优选地, 所述第一消息帧、 所述第二消息帧及所 述第三消息帧为管理消息帧、 动作消息帧、 控制消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧及所述第三消息帧的类型相同或不同。 在该技术方案中, 当第一消息帧或第二消息帧为管理消息帧时, 其帧控制 域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 In the foregoing technical solution, the first message frame, the second message frame, and the third message frame are a management message frame, an action message frame, a control message frame, or a data frame, where The types of a message frame, the second message frame, and the third message frame are the same or different. In this technical solution, when the first message frame or the second message frame is a management message frame, the joint type of the frame control domain type Type and the subtype Subtype is used to identify the type of the frame, for example,
"001000" 来标识频段切换消息帧为管理消息帧; 当第一消息帧或第二消 息帧为动作消息帧或控制消息帧时, 其帧控制域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "010110" 来标识频段切 换消息帧为动作消息帧或控制消息帧, 具体地在本方案中, 由于第一消息 帧是发生在初始建立网络的过程中, 一般来说第一消息帧为管理消息帧或 是动作消息帧, 第二消息帧以及第三消息帧发生在初始网络建立之后, 对 于通信的双方来说都已经知道了后续的会话密钥, 那么第二消息帧和第三 消息帧可以是管理消息帧、 动作消息帧或数据帧。 "001000" to identify the band switching message frame as a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the type and subtype of the frame control field The joint value of Subtype is used to identify the type of the frame. For example, "010110" can be used to identify the band switch message frame as an action message frame or a control message frame. Specifically, in this solution, since the first message frame occurs in the initial establishment of the network. In the process, generally, the first message frame is a management message frame or an action message frame, and the second message frame and the third message frame occur after the initial network is established, and the subsequent session secrets are already known to both parties of the communication. Key, then the second message frame and the third message frame may be management message frames, action message frames or data frames.
在上述技术方案中, 优选地, 当所述第一消息帧、 所述第二消息帧或 所述第三消息帧为管理消息帧或动作消息帧时, 所述第一消息帧、 所述第 二消息帧或所述第三消息帧具体为: 探测响应帧、 关联请求帧、 关联响应 帧、 重关联请求帧、 重关联响应帧、 认证帧、 重认证帧、 设备发现消息帧 或服务发现消息帧。 在该技术方案中, 手机或平板等可以通过发送关联请 求帧、 重关联请求帧等类型的消息帧与其他通信装置进行消息交互, 以切 换 MAC 地址; 对于路由器等可以通过发送探测响应帧、 关联响应帧、 重 关联响应帧等类型的消息帧与其他通信装置进行消息交互, 且在这些消息 帧中封装自己所更新的 MAC 地址, 通知对方, 譬如在服务发现消息帧 中, 可以在服务发现消息帧的帧体部分的某个秩序域上封装自己所更新的 MAC地址来通知对方。  In the above technical solution, preferably, when the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame, the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame. In this technical solution, the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is The message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
在上述技术方案中, 优选地, 还包括: 与所述第一消息帧的接收方至 少利用所述第一源媒介访问控制地址和所述第一目的媒介访问控制地址协 商会话密钥; 以及利用所述会话密钥加密所述第二消息帧或所述第三消息 帧中的所述第二源媒介访问控制地址。 在该技术方案中, 通信双方在建立 网络连接且双方已经协商了会话密钥, 利用该会话密钥加密第二目的媒介 访问控制 (MAC ) 地址且将其封装在第二消息帧或第三消息帧的帧体部 分, 其中第二消息帧源地址以及目的地址分别为第一源媒介访问控制地址 和第一目的媒介访问控制地址。  In the above technical solution, preferably, the method further includes: negotiating a session key with the first source medium access control address and the first destination medium access control address with the receiver of the first message frame; The session key encrypts the second source medium access control address in the second message frame or the third message frame. In the technical solution, the communication parties establish a network connection and the two parties have negotiated a session key, and the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the second message frame or the third message. a frame body portion of the frame, wherein the second message frame source address and the destination address are a first source medium access control address and a first destination medium access control address, respectively.
在上述技术方案中, 优选地, 所述第一消息帧中还包括第一功能标识 位, 所述第一功能标识位表示所述第一消息帧的发送方支持多媒介访问控 制地址操作功能; 以及所述无线通信方法还包括: 接收所述第一消息帧的 响应消息帧, 所述响应消息帧中包括第二功能标识位, 所述第二功能标识 位表示所述响应消息帧的发送方支持多媒介访问控制地址操作功能。 在该 技术方案中, 通过设置功能标识位, 使得通信装置在监听到相同网络下的 其他通信装置发送的消息帧时, 可以了解到其支持多媒介访问控制地址操 作功能, 具体的通信双方可以在第一消息帧和第一消息帧的响应消, 帧的 帧体部分携带能力标识信息元素或是在 MAC 帧头中的位来表示双方支持 多 MAC 地址的操作功能, 具体的譬如第一消息帧为服务发现消息帧, 那 么可在服务发现消息帧的帧体秩序域一中封装多 MAC 地址能力标识信息 元素或是在其它秩序域的位置, 当然也可以用 MAC 帧头中的保留位来表 示其支持多 MAC 地址操作功能。 当然第一消息帧不限于服务发现消息 帧, 也可以是其它的管理消息帧或是动作消息帧, 这里不再赘述。 In the foregoing technical solution, the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the wireless communication method further includes: receiving a response message frame of the first message frame, where the response message frame includes a second function identifier bit, and the second function identifier The bit indicates that the sender of the response message frame supports the multi-media access control address operation function. In the technical solution, by setting the function identification bit, when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can The response of the first message frame and the first message frame is cancelled, and the frame body part of the frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, such as the first message frame. To discover the message frame for the service, the MAC address capability identification information element or the location of the other order domain may be encapsulated in the frame body domain 1 of the service discovery message frame, and may also be represented by a reserved bit in the MAC frame header. It supports multiple MAC address manipulation functions. Of course, the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
图 3示出了根据本发明的另一个实施例的通信装置的框图。  FIG. 3 shows a block diagram of a communication device in accordance with another embodiment of the present invention.
如图 3 所示, 根据本发明的另一个实施例的通信装置 300, 包括: 消 息生成模块 302 , 根据数据交互模块接收到的第二消息帧, 生成所述第二 消息帧的响应消息帧, 其中, 所述第二消息帧至少包含第二源媒介访问控 制地址, 所述第二消息帧的响应消息帧至少包含第二目的媒介访问控制地 址; 所述数据交互模块 304, 在第一时间点接收第一消息帧, 所述第一消 息帧至少包含第一源媒介访问控制 (MAC ) 地址和第一目的媒介访问控 制 (MAC ) 地址, 在所述第一时间点之后接收所述第二消息帧并发送所 述第二消息帧的响应帧, 及在第二时间点接收第三消息帧, 所述第三消息 帧至少包含所述第二源媒介访问控制 (MAC ) 地址和所述第二目的媒介 访问控制 (MAC ) 地址; 其中, 所述第一源媒介访问控制地址、 所述第 一目的媒介访问控制地址、 所述第二源媒介访问控制地址和所述第二目的 媒介访问控制地址互不相同。  As shown in FIG. 3, the communication device 300 according to another embodiment of the present invention includes: a message generating module 302, configured to generate a response message frame of the second message frame according to a second message frame received by the data interaction module, The second message frame includes at least a second source medium access control address, and the response message frame of the second message frame includes at least a second destination medium access control address. The data interaction module 304 is at the first time point. Receiving a first message frame, the first message frame including at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address, and receiving the second message after the first time point And transmitting a response frame of the second message frame, and receiving a third message frame at a second time point, the third message frame including at least the second source medium access control (MAC) address and the second a destination medium access control (MAC) address, wherein the first source medium access control address, the first destination medium access control address, and the second Media access control address and the second destination media access control address different from each other.
在该技术方案中, 通信装置 300可以是手机或是平板, 也可以是路由 器等设备, 消息生成模块 302 可以是通信装置 300 中数据处理的芯片模 块, 而数据交互模块 304则相当于信号收发装置以及天线等。 比如对于两 个需要建立网络连接的通信装置, 具体比如该网络为 NAN ( neighbor awareness networking, 邻居感知网络) , 则当两个通信装置初始建立网络 的时候, 分别采用的是 MAC 1A地址和 MAC IB地址; 但由于在入网过 程中, MAC 1A地址和 MAC IB地址对于第三方来说是透明的, MAC地 址很容易被第三方所获得从而对整个网络进行攻击或是对单个通信装置进 行攻击, 因此, 在网络建立成功后, 两个通信装置可以通过协商, 各自更 新 MAC地址, 比如第一通信装置将 MAC 1A地址切更换为 MAC 2A地 址, 第二通信装置将 MAC IB地址更换为 MAC 2B地址, 对于通信的双 方来说, 更新后的 MAC 地址可以封装在第二消息帧及其响应消息帧中通 知给对方, 更新后的 MAC 地址用于后续的通信, 防止了第三方利用 MAC地址进行追踪和攻击, 从而有效地提升通信的安全性。 In this technical solution, the communication device 300 may be a mobile phone or a tablet, or may be a device such as a router, the message generation module 302 may be a chip module for data processing in the communication device 300, and the data interaction module 304 is equivalent to a signal transceiver device. And antennas, etc. For example, for two communication devices that need to establish a network connection, for example, the network is a neighboring awareness network (NAN), when the two communication devices initially establish a network, the MAC 1A address and the MAC IB are respectively adopted. Address; but because of the network In the process, the MAC 1A address and the MAC IB address are transparent to the third party, and the MAC address is easily obtained by the third party to attack the entire network or attack a single communication device. Therefore, after the network is successfully established The two communication devices can update the MAC address by negotiation, for example, the first communication device replaces the MAC 1A address with the MAC 2A address, and the second communication device replaces the MAC IB address with the MAC 2B address, for both parties to the communication. The updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, thereby preventing third parties from using the MAC address for tracking and attack, thereby effectively improving The security of communication.
在上述技术方案中, 优选地, 所述第一消息帧、 所述第二消息帧或所 述第三消息帧为管理消息帧、 动作消息帧、 控制消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧或所述第三消息帧的类型相同或不同。 在该技术方案中, 当第一消息帧或第二消息帧为管理消息帧时, 其帧控制 域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "001000" 来标识频段切换消息帧为管理消息帧; 当第一消息帧或第二消 息帧为动作消息帧或控制消息帧时, 其帧控制域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "010110" 来标识频段切 换消息帧为动作消息帧或控制消息帧, 具体地在本方案中, 由于第一消息 帧是发生在初始建立网络的过程中, 一般来说第一消息帧为管理消息帧或 是动作消息帧, 第二消息帧以及第三消息帧发生在初始网络建立之后, 对 于通信的双方来说都已经知道了后续的会话密钥, 那么第二消息帧和第三 消息帧可以是管理消息帧、 动作消息帧或数据帧。  In the foregoing technical solution, the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different. In this technical solution, when the first message frame or the second message frame is a management message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "001000" can be used to identify the frequency band. The switching message frame is a management message frame; when the first message frame or the second message frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame, for example, "010110" to identify the band switching message frame as an action message frame or a control message frame. Specifically, in this solution, since the first message frame occurs in the process of initially establishing the network, generally, the first message frame is a management message. The frame or action message frame, the second message frame and the third message frame occur after the initial network establishment, and the subsequent session key is already known to both parties of the communication, then the second message frame and the third message frame may be Is a management message frame, an action message frame, or a data frame.
在上述技术方案中, 优选地, 当所述第一消息帧、 所述第二消息帧或 所述第三消息帧为管理消息帧或动作消息帧时, 所述第一消息帧、 所述第 二消息帧或所述第三消息帧具体为: 探测响应帧、 关联请求帧、 关联响应 帧、 重关联请求帧、 重关联响应帧、 认证帧、 重认证帧、 设备发现消息帧 或服务发现消息帧。 在该技术方案中, 手机或平板等可以通过发送关联请 求帧、 重关联请求帧等类型的消息帧与其他通信装置进行消息交互, 以切 换 MAC 地址; 对于路由器等可以通过发送探测响应帧、 关联响应帧、 重 关联响应帧等类型的消息帧与其他通信装置进行消息交互, 且在这些消息 帧中封装自己所更新的 MAC 地址, 通知对方, 譬如在服务发现消息帧 中, 可以在服务发现消息帧的帧体部分的某个秩序域上封装自己所更新的 MAC地址来通知对方。 In the above technical solution, preferably, when the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame, the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame. In this technical solution, the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is Message frames of a response frame, reassociation response frame, etc., interact with other communication devices, and in these messages The frame encapsulates its updated MAC address and notifies the other party. For example, in the service discovery message frame, the MAC address updated by itself may be encapsulated in an order domain of the frame body portion of the service discovery message frame to notify the other party.
在上述技术方案中, 优选地, 还包括: 处理模块 306, 与所述第一消 息帧的发送方至少利用所述第一源媒介访问控制地址和所述第一目的媒介 访问控制地址协商会话密钥, 并利用所述会话密钥加密所述第二消息帧的 响应消息帧中的所述第二目的媒介访问控制地址。 在该技术方案中, 通信 双方在建立网络连接且双方已经协商了会话密钥, 利用该会话密钥加密第 二目的媒介访问控制 (MAC ) 地址且将其封装在第二消息帧的响应消息 帧的帧体部分, 其中第二消息帧响应消 , 帧的源地址以及目的地址分别为 第一源媒介访问控制地址和第一目的媒介访问控制地址。  In the above technical solution, preferably, the method further includes: a processing module 306, and the sender of the first message frame negotiates the session secret with the first source medium access control address and the first destination medium access control address And encrypting, by the session key, the second destination medium access control address in the response message frame of the second message frame. In the technical solution, the communication parties establish a network connection and the two parties have negotiated a session key, and the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the response message frame of the second message frame. The frame body portion, wherein the second message frame is responsive, and the source address and the destination address of the frame are the first source medium access control address and the first destination medium access control address, respectively.
在上述技术方案中, 优选地, 所述第一消息帧中还包括第一功能标识 位, 所述第一功能标识位表示所述第一消息帧的发送方支持多媒介访问控 制地址操作功能; 以及所述第一消息帧的响应消息帧中还包括第二功能标 识位, 所述第二功能标识位表示所述通信装置 300支持多媒介访问控制地 址操作功能。 在该技术方案中, 通过设置功能标识位, 使得通信装置在监 听到相同网络下的其他通信装置发送的消息帧时, 可以了解到其支持多媒 介访问控制地址操作功能, 具体的通信双方可以在第一消息帧和第一消息 帧的响应消息帧的帧体部分携带能力标识信息元素或是在 MAC 帧头中的 位来表示双方支持多 MAC 地址的操作功能, 具体的譬如第一消息帧为服 务发现消息帧, 那么可在服务发现消息帧的帧体秩序域一中封装多 MAC 地址能力标识信息元素或是在其它秩序域的位置, 当然也可以用 MAC 帧 头中的保留位来表示其支持多 MAC 地址操作功能。 当然第一消息帧不限 于服务发现消息帧, 也可以是其它的管理消息帧或是动作消息帧, 这里不 再赘述。  In the foregoing technical solution, the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier bit is further included in the response message frame of the first message frame, where the second function identifier bit indicates that the communication device 300 supports the multi-media access control address operation function. In the technical solution, by setting the function identification bit, when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can The frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is The service discovery message frame, then the MAC address capability identification information element or the location of other order domains may be encapsulated in the frame body domain 1 of the service discovery message frame. Of course, the reserved bits in the MAC frame header may also be used to represent the message frame. Support for multiple MAC address operation functions. Of course, the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, which are not described here.
图 4示出了根据本发明的另一个实施例的无线通信方法的流程图。 如图 4所示, 根据本发明的另一个实施例的无线通信方法, 包括: 步 骤 402, 在第一时间点接收第一消息帧, 所述第一消息帧至少包含第一源 媒介访问控制 ( MAC ) 地址和第一目的媒介访问控制 ( MAC ) 地址; 在 所述第一时间点之后, 还包括: 步骤 404, 从所述第一消息帧的发送方接 收第二消息帧, 并向所述第一消息帧的发送方发送所述第二消息帧的响应 消息帧, 其中, 所述第二消息帧至少包含所述第二源媒介访问控制4 shows a flow chart of a method of wireless communication in accordance with another embodiment of the present invention. As shown in FIG. 4, a wireless communication method according to another embodiment of the present invention includes: Step 402: Receive a first message frame at a first time point, where the first message frame includes at least a first source medium access control ( MAC) address and first destination medium access control (MAC) address; After the first time point, the method further includes: Step 404: Receive a second message frame from a sender of the first message frame, and send a response of the second message frame to a sender of the first message frame a message frame, where the second message frame includes at least the second source medium access control
( MAC ) 地址, 及所述第二消息帧的响应消息帧至少包含第二目的媒介 访问控制地址; 步骤 406, 在第二时间点接收第三消息帧, 所述第三消息 帧至少包含所述第二源媒介访问控制 (MAC ) 地址和所述第二目的媒介 访问控制 (MAC ) 地址; 其中, 所述第一源媒介访问控制地址、 所述第 一目的媒介访问控制地址、 所述第二源媒介访问控制地址和所述第二目的 媒介访问控制地址互不相同。 The (MAC) address, and the response message frame of the second message frame includes at least a second destination medium access control address; Step 406: Receive a third message frame at a second time point, where the third message frame includes at least the a second source medium access control (MAC) address and the second destination medium access control (MAC) address; wherein the first source medium access control address, the first destination medium access control address, the second The source medium access control address and the second destination medium access control address are different from each other.
在该技术方案中, 通信装置可以是手机或是平板, 也可以是路由器等 设备, 消息生成模块可以是通信装置中数据处理的芯片模块, 而数据交互 模块则相当于信号收发装置以及天线等。 比如对于两个需要建立网络连接 的通信装置, 具体比: ¾口该网终为 NAN ( neighbor awareness networking, 邻 居感知网络) , 则当两个通信装置初始建立网络的时候, 分别采用的是 MAC 1A地址和 MAC IB地址; 但由于在入网过程中, MAC 1A地址和 MAC IB 地址对于第三方来说是透明的, MAC 地址 4艮容易被第三方所获 得从而对整个网络进行攻击或是对单个通信装置进行攻击, 因此, 在网络 建立成功后, 两个通信装置可以通过协商, 各自更新 MAC 地址, 比如第 一通信装置将 MAC 1A 地址切更换为 MAC 2A 地址, 第二通信装置将 MAC IB 地址更换为 MAC 2B 地址, 对于通信的双方来说, 更新后的 MAC 地址可以封装在第二消息帧及其响应消息帧中通知给对方, 更新后 的 MAC地址用于后续的通信, 防止了第三方利用 MAC地址进行追踪和 攻击, 从而有效地提升通信的安全性。  In this technical solution, the communication device may be a mobile phone or a tablet, or may be a device such as a router. The message generation module may be a chip module for data processing in the communication device, and the data interaction module is equivalent to a signal transceiver device and an antenna. For example, for two communication devices that need to establish a network connection, the specific ratio is: N⁄4 port is NAN (neighbor awareness networking), when two communication devices initially establish a network, respectively, MAC 1A is adopted. Address and MAC IB address; but since the MAC 1A address and the MAC IB address are transparent to the third party during the network access process, the MAC address 4 is easily obtained by the third party to attack the entire network or for a single communication. The device attacks. Therefore, after the network is successfully established, the two communication devices can update the MAC address by negotiation. For example, the first communication device replaces the MAC 1A address with the MAC 2A address, and the second communication device replaces the MAC IB address. For the MAC 2B address, for both parties to the communication, the updated MAC address can be encapsulated in the second message frame and its response message frame to notify the other party, and the updated MAC address is used for subsequent communication, preventing third party utilization. The MAC address is tracked and attacked, thereby effectively improving the security of the communication.
在上述技术方案中, 优选地, 所述第一消息帧、 所述第二消息帧或所 述第三消息帧为管理消息帧、 动作消息帧、 控制消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧或所述第三消息帧的类型相同或不同。 在该技术方案中, 当第一消息帧或第二消息帧为管理消息帧时, 其帧控制 域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 In the foregoing technical solution, the first message frame, the second message frame, or the third message frame is a management message frame, an action message frame, a control message frame, or a data frame, where The type of a message frame, the second message frame, or the third message frame is the same or different. In this technical solution, when the first message frame or the second message frame is a management message frame, the joint type of the frame control domain type Type and the subtype Subtype is used to identify the type of the frame, for example,
"001000" 来标识频段切换消息帧为管理消息帧; 当第一消息帧或第二消 息帧为动作消息帧或控制消息帧时, 其帧控制域的类型 Type 和子类型 Subtype 的联合值用来标识帧的类型, 譬如可用 "010110" 来标识频段切 换消息帧为动作消息帧或控制消息帧, 具体地在本方案中, 由于第一消息 帧是发生在初始建立网络的过程中, 一般来说第一消息帧为管理消息帧或 是动作消息帧, 第二消息帧以及第三消息帧发生在初始网络建立之后, 对 于通信的双方来说都已经知道了后续的会话密钥, 那么第二消息帧和第三 消息帧可以是管理消息帧、 动作消息帧或数据帧。 "001000" to identify the band switching message frame as a management message frame; when the first message frame or the second message When the frame is an action message frame or a control message frame, the joint value of the frame type of the frame control field and the subtype of the subtype is used to identify the type of the frame. For example, "010110" can be used to identify the band switch message frame as an action message frame or a control message. a frame, specifically in the present solution, because the first message frame occurs in the process of initially establishing the network, generally the first message frame is a management message frame or an action message frame, a second message frame, and a third message frame. After the initial network establishment, the subsequent session key is already known to both parties of the communication, and the second message frame and the third message frame may be management message frames, action message frames or data frames.
在上述技术方案中, 优选地, 当所述第一消息帧、 所述第二消息帧或 所述第三消息帧为管理消息帧或动作消息帧时, 所述第一消息帧、 所述第 二消息帧或所述第三消息帧具体为: 探测响应帧、 关联请求帧、 关联响应 帧、 重关联请求帧、 重关联响应帧、 认证帧、 重认证帧、 设备发现消息帧 或服务发现消息帧。 在该技术方案中, 手机或平板等可以通过发送关联请 求帧、 重关联请求帧等类型的消息帧与其他通信装置进行消息交互, 以切 换 MAC 地址; 对于路由器等可以通过发送探测响应帧、 关联响应帧、 重 关联响应帧等类型的消息帧与其他通信装置进行消息交互, 且在这些消息 帧中封装自己所更新的 MAC 地址, 通知对方, 譬如在服务发现消息帧 中, 可以在服务发现消息帧的帧体部分的某个秩序域上封装自己所更新的 MAC地址来通知对方。  In the above technical solution, preferably, when the first message frame, the second message frame, or the third message frame is a management message frame or an action message frame, the first message frame, the first The second message frame or the third message frame is specifically: a probe response frame, an association request frame, an association response frame, a reassociation request frame, a reassociation response frame, an authentication frame, a re-authentication frame, a device discovery message frame, or a service discovery message. frame. In this technical solution, the mobile phone or the tablet or the like can perform message exchange with other communication devices by transmitting a message frame of a type such as an association request frame or a re-association request frame to switch the MAC address; for the router or the like, the probe response frame can be transmitted, and the association is The message frame of the response frame, the reassociation response frame, and the like exchanges messages with other communication devices, and encapsulates the updated MAC address in the message frame to notify the other party, for example, in the service discovery message frame, the service discovery message may be The domain of the frame body of the frame encapsulates its updated MAC address to notify the other party.
在上述技术方案中, 优选地, 还包括: 与所述第一消息帧的发送方至 少利用所述第一源媒介访问控制地址和所述第一目的媒介访问控制地址协 商会话密钥; 以及利用所述会话密钥加密所述第二消息帧的响应消息帧中 的所述第二目的媒介访问控制地址。 在该技术方案中, 通信双方在建立网 络连接且双方已经协商了会话密钥, 利用该会话密钥加密第二目的媒介访 问控制 (MAC ) 地址且将其封装在第二消息帧的响应消息帧的帧体部 分, 其中第二消息帧响应消息帧的源地址以及目的地址分别为第一源媒介 访问控制地址和第一目的媒介访问控制地址。  In the above technical solution, preferably, the method further includes: negotiating a session key with the first source medium access control address and the first destination medium access control address with the sender of the first message frame; The session key encrypts the second destination medium access control address in the response message frame of the second message frame. In the technical solution, the communication parties establish a network connection and the two parties have negotiated a session key, and the second destination medium access control (MAC) address is encrypted by the session key and encapsulated in the response message frame of the second message frame. The frame body part, wherein the source address and the destination address of the second message frame response message frame are a first source medium access control address and a first destination medium access control address, respectively.
在上述技术方案中, 优选地, 所述第一消息帧中还包括第一功能标识 位, 所述第一功能标识位表示所述第一消息帧的发送方支持多媒介访问控 制地址操作功能; 以及所述第一消息帧的响应消息帧中包括第二功能标识 位, 所述第二功能标识位表示所述响应消息帧的发送方支持多媒介访问控 制地址操作功能。 在该技术方案中, 通过设置功能标识位, 使得通信装置 在监听到相同网络下的其他通信装置发送的消息帧时, 可以了解到其支持 多媒介访问控制地址操作功能, 具体的通信双方可以在第一消息帧和第一 消息帧的响应消息帧的帧体部分携带能力标识信息元素或是在 MAC 帧头 中的位来表示双方支持多 MAC 地址的操作功能, 具体的譬如第一消息帧 为服务发现消息帧, 那么可在服务发现消息帧的帧体秩序域一中封装多 MAC 地址能力标识信息元素或是在其它秩序域的位置, 当然也可以用 MAC 帧头中的保留位来表示其支持多 MAC 地址操作功能。 当然第一消 息帧不限于服务发现消息帧, 也可以是其它的管理消息帧或是动作消息 帧, 这里不再赘述。 In the foregoing technical solution, the first message frame further includes a first function identifier bit, where the first function identifier bit indicates that the sender of the first message frame supports a multi-media access control address operation function; And the second message identifier is included in the response message frame of the first message frame. Bit, the second function identifier bit indicates that the sender of the response message frame supports the multi-media access control address operation function. In the technical solution, by setting the function identification bit, when the communication device listens to the message frame sent by other communication devices under the same network, it can learn that it supports the multi-media access control address operation function, and the specific communication parties can The frame body portion of the response frame of the first message frame and the first message frame carries the capability identification information element or a bit in the MAC frame header to indicate that the two sides support the operation function of the multiple MAC address, for example, the first message frame is The service discovery message frame, then the MAC address capability identification information element or the location of other order domains may be encapsulated in the frame body domain 1 of the service discovery message frame. Of course, the reserved bits in the MAC frame header may also be used to represent the message frame. Support for multiple MAC address operation functions. Of course, the first message frame is not limited to the service discovery message frame, and may be other management message frames or action message frames, and details are not described herein again.
从以上实施例可知, 本发明的主要思想是: 多个通信装置在不同时刻 采用不同的 MAC 地址进行通信。 具体地, 比如两个通信装置在网络建立 完成之前, 通过初始 MAC 地址进行交互; 在网络建立完成之后, 分别切 换至另一不同于初始 MAC地址的新 MAC地址, 从而使用该新 MAC地 址进行相互业务之间的通信, 从而避免第三方通过初始 MAC 地址进行追 踪和攻击。  As can be seen from the above embodiments, the main idea of the present invention is: Multiple communication devices communicate using different MAC addresses at different times. Specifically, for example, two communication devices perform interaction through an initial MAC address before network establishment is completed; after the network establishment is completed, respectively switch to another new MAC address different from the initial MAC address, thereby using the new MAC address to perform mutual Communication between services to prevent third parties from tracking and attacking through the initial MAC address.
下面结合图 5至图 7, 以 STA A和 STA B在建立 NAN网络的过程为 例, 对本发明的上述技术方案进行进一步的具体说明。  The above technical solution of the present invention is further specifically described in detail with reference to FIG. 5 to FIG. 7 in the process of establishing a NAN network by STA A and STA B as an example.
图 5示出了根据本发明的实施例的切换媒介访问控制地址的具体流程 图。  FIG. 5 shows a specific flow diagram of switching media access control addresses in accordance with an embodiment of the present invention.
如图 5所示, 根据本发明的实施例的切换媒介访问控制地址的具体流 程包括:  As shown in FIG. 5, a specific process of switching media access control addresses according to an embodiment of the present invention includes:
步骤 502 , STA A和 STA B使用第一 MAC地址建立网络连接。 具体 地, 比如假定 STA A采用的为 MAC 1A地址, 而 STA B采用的为 MAC IB地址, 则 STA A与 STA B之间采用 MAC 1A和 MAC IB进行网络建 立的配置信令的交互。  Step 502: STA A and STA B establish a network connection by using the first MAC address. Specifically, for example, if STA A adopts a MAC 1A address and STA B adopts a MAC IB address, STA A and STA B use MAC 1A and MAC IB to perform configuration signaling interaction of network establishment.
当然, 虽然图 5 中没有示出, 但本领域的技术人员应该了解的是, STA A与 STA B之间还应该告知对方: 自身支持多 MAC地址的功能。 具 体地, 比如可以将表示 "支持多 MAC地址的功能" 的信息以 IE形式封装 在网络建立的配置信令中, 这些信令包括 DLS ( Direct Link Setup, 直接 连接建立)请求信令、 DLS响应信令或是服务发现信令等。 Of course, although not shown in FIG. 5, those skilled in the art should understand that STA A and STA B should also inform each other: The function of supporting multiple MAC addresses by itself. With For example, the information indicating the function of supporting multiple MAC addresses may be encapsulated in the configuration signaling of the network establishment in the form of IE, and the signaling includes DLS (Direct Link Setup) request signaling and DLS response. Signaling or service discovery signaling.
进一步地, 当 STA A与 STA B完成 NAN网络的连接建立之后, 还 通过 MAC 1A和 MAC IB地址进行密钥协商信令的传输, 从而协商 STA A与 STA B之间的会话信令。  Further, after the STA A and the STA B complete the connection establishment of the NAN network, the key agreement negotiation signaling is also performed through the MAC 1A and the MAC IB address, thereby negotiating the session signaling between the STA A and the STA B.
步骤 504, 在 STA A与 STA B了解双方同时支持多 MAC地址功能且 已经建立了 NAN网络之后, STA A和 STA B分别生成第二 MAC地址, 比如 STA A对应的第二 MAC地址为 MAC 2A地址, 而 STA B对应的第 二 MAC地址为 MAC 2B地址, 且 MAC 1A、 MAC 1B、 MAC 2A和 MAC 2B之间应该互不相同, 以确保 STA A和 STA B始终无法被第三方通过 MAC 1A或 MAC IB追踪和攻击。  Step 504: After STA A and STA B know that both parties support multiple MAC address functions and have established a NAN network, STA A and STA B respectively generate a second MAC address, for example, the second MAC address corresponding to STA A is a MAC 2A address. The second MAC address corresponding to STA B is a MAC 2B address, and MAC 1A, MAC 1B, MAC 2A, and MAC 2B should be different from each other to ensure that STA A and STA B cannot always pass the MAC 1A by the third party. MAC IB tracking and attack.
步骤 506, 假定 STA A先向 STA B告知其第二 MAC地址 (即 MAC 2A地址) 的信息, 则生成 Ml 信令并发送给 STA B。 当然, 显然也可以 由 STA B先向 STA A告知其第二 MAC地址 (即 MAC 2B地址 )  Step 506, assuming that the STA A first informs the STA B of the information of the second MAC address (ie, the MAC 2A address), the M1 signaling is generated and sent to the STA B. Of course, it is obvious that STA B can first inform STA A of its second MAC address (ie, MAC 2B address).
具体地, 图 6 示出的 Ml 信令的一种具体形式, 其中包括了: FC 域、 MAC 1B的信息、 MAC 1 A的信息、 CCMP Header域、 MAC 2A的信 息和 FCS域。  Specifically, FIG. 6 shows a specific form of M1 signaling, including: FC domain, MAC 1B information, MAC 1 A information, CCMP Header domain, MAC 2A information, and FCS domain.
其中, MAC IB为 STA B使用的第一 MAC地址, 属于目的地址, 而 MAC 1A为 STA A使用的第一 MAC地址, 属于源地址; MAC IB地址处 于 MAC 1A地址的前面, 即要求目的地址必须处于源地址的前面。  The MAC IB is the first MAC address used by STA B and belongs to the destination address, and MAC 1A is the first MAC address used by STA A, which belongs to the source address. The MAC IB address is in front of the MAC 1A address, that is, the destination address must be required. In front of the source address.
同时, 由于 STA A与 STA B在建立了 NAN网络连接之后, 进行了 会话密钥的协商, 这个会话密钥对于第三方而言是保密的, 因而可以对 Ml信令中包含 MAC 2A地址的部分进行加密, 从而进一步提升后续的业 务通信的安全性。  At the same time, since STA A and STA B establish a NAN network connection, the session key is negotiated. This session key is confidential to the third party, and thus the part of the M1 signaling including the MAC 2A address can be included. Encryption is performed to further enhance the security of subsequent business communications.
步骤 508 , STA B在接收到 Ml信令后, 生成 M2信令并发送至 STA A, 以告知其自身对应的第二 MAC地址 (即 MAC 2B地址 ) 。  Step 508: After receiving the M1 signaling, the STA B generates the M2 signaling and sends it to the STA A to notify the second MAC address (ie, the MAC 2B address) corresponding to itself.
具体地, 图 7 示出的 M2 信令的一种具体形式, 其中包括了: FC 域、 MAC 1A的信息、 MAC IB的信息、 CCMP Header域、 MAC 2B的信 息和 FCS域。 Specifically, FIG. 7 shows a specific form of M2 signaling, including: FC domain, MAC 1A information, MAC IB information, CCMP Header domain, and MAC 2B letter. Interest and FCS domain.
由于要求目的地址必须处于源地址的前面, 因而 MAC 1A 地址处于 MAC IB地址的前面。 同时, 也可以对 M2信令中包含 MAC 2B地址的部 分进行加密, 从而进一步提升后续的业务通信的安全性。  Since the destination address must be in front of the source address, the MAC 1A address is in front of the MAC IB address. At the same time, the part containing the MAC 2B address in the M2 signaling can also be encrypted, thereby further improving the security of subsequent service communication.
步骤 510, 在 STA A与 STA B完成了各自对应的第二 MAC地址 (即 MAC 2A和 MAC 2B ) 的交换之后, 就可以使用各自对应的第二 MAC地 址进行业务通信了。  Step 510: After STA A and STA B complete the exchange of the corresponding second MAC addresses (ie, MAC 2A and MAC 2B ), the respective second MAC addresses can be used for service communication.
以上结合附图详细说明了本发明的技术方案, 考虑到相关技术中, 通 信装置使用的 MAC 地址都是一成不变的, 尤其是在建立网络连接的过程 中, 容易被第三方获取, 而受到追踪和攻击, 因此, 本发明提出了通信装 置和无线通信方法, 可以使得通信双方能够在不同时刻采用不同的媒介访 问控制地址, 从而提高通信安全性。  The technical solutions of the present invention are described in detail above with reference to the accompanying drawings. In consideration of the related art, the MAC addresses used by the communication devices are all constant, especially in the process of establishing a network connection, which is easily acquired by a third party and is subject to tracking and Attack, therefore, the present invention proposes a communication device and a wireless communication method, which enable the communication parties to use different media access control addresses at different times, thereby improving communication security.
以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于 本领域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精 神和原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明 的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims

权 利 要 求 书 Claim
1. 一种通信装置, 其特征在于, 包括: A communication device, comprising:
消息生成模块, 生成第一消息帧, 所述第一消息帧至少包含第一源媒 介访问控制 ( MAC ) 地址和第一目的媒介访问控制 ( MAC ) 地址, 生成 第二消息帧, 所述第二消息帧至少包含第二源媒介访问控制 (MAC ) 地 址, 以及根据数据交互模块接收到的第二目的媒介访问控制 (MAC ) 地 址生成第三消息帧, 所述第三消息帧至少包含第二源媒介访问控制 ( MAC ) 地址和所述第二目的媒介访问控制 (MAC ) 地址;  The message generating module generates a first message frame, where the first message frame includes at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address, and generates a second message frame, where the second message frame The message frame includes at least a second source medium access control (MAC) address, and generates a third message frame according to the second destination medium access control (MAC) address received by the data interaction module, the third message frame including at least the second source a medium access control (MAC) address and the second destination medium access control (MAC) address;
所述数据交互模块, 在第一时间点发送所述第一消息帧, 在所述第一 时间点之后发送所述第二消息帧及接收所述第二消息帧的响应消息帧, 并 在第二时间点发送所述第三消息帧, 所述第二消息帧的响应消息帧至少包 含所述第二目的媒介访问控制 (MAC ) 地址;  Transmitting, by the data interaction module, the first message frame at a first time point, sending the second message frame and receiving a response message frame of the second message frame after the first time point, and Sending, by the second time point, the third message frame, where the response message frame of the second message frame includes at least the second destination medium access control (MAC) address;
其中, 所述第一源媒介访问控制 (MAC ) 地址、 所述第一目的媒介 访问控制 ( MAC ) 地址、 所述第二源媒介访问控制 ( MAC ) 地址和所述 第二目的媒介访问控制地址 ( MAC ) 互不相同。  The first source medium access control (MAC) address, the first destination medium access control (MAC) address, the second source medium access control (MAC) address, and the second destination medium access control address (MAC) are different from each other.
2. 根据权利要求 1 所述的通信装置, 其特征在于, 所述第一消息 帧、 所述第二消息帧或所述第三消息帧为管理消息帧、 动作消息帧、 控制 消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧或所述第三消 息帧的类型相同或不同。  The communication device according to claim 1, wherein the first message frame, the second message frame or the third message frame is a management message frame, an action message frame, a control message frame or data a frame, where the types of the first message frame, the second message frame, or the third message frame are the same or different.
3. 根据权利要求 2 所述的通信装置, 其特征在于, 当所述第一消息 帧、 所述第二消息帧或所述第三消息帧为管理消息帧或动作消息帧时, 所 述第一消息帧、 所述第二消息帧或所述第三消息帧具体为:  The communication device according to claim 2, wherein when the first message frame, the second message frame or the third message frame is a management message frame or an action message frame, the A message frame, the second message frame or the third message frame is specifically:
探测响应帧、 关联请求帧、 关联响应帧、 重关联请求帧、 重关联响应 帧、 认证帧、 重认证帧、 设备发现消息帧或服务发现消息帧。  Probe response frame, association request frame, association response frame, reassociation request frame, reassociation response frame, authentication frame, re-authentication frame, device discovery message frame, or service discovery message frame.
4. 根据权利要求 1所述的通信装置, 其特征在于, 还包括: 处理模块, 与所述第一消息帧的接收方至少利用所述第一源媒介访问 控制地址和所述第一目的媒介访问控制地址协商会话密钥, 并利用所述会 话密钥加密所述第二消息帧或所述第三消息帧中的所述第二源媒介访问控 制 (MAC ) 地址。 4. The communication device according to claim 1, further comprising: a processing module, and the receiver of the first message frame uses at least the first source medium access control address and the first destination medium The access control address negotiates a session key and uses the session key to encrypt the second source medium access control (MAC) address in the second message frame or the third message frame.
5. 根据权利要求 1 至 4 中任一项所述的通信装置, 其特征在于, 所 述第一消息帧中还包括第一功能标识位, 所述第一功能标识位表示所述通 信装置支持多媒介访问控制地址操作功能; 以及 The communication device according to any one of claims 1 to 4, wherein the first message frame further includes a first function identifier bit, and the first function identifier bit indicates that the communication device supports Multi-media access control address operation function;
所述数据交互模块还接收所述第一消息帧的响应消息帧, 所述响应消 息帧中包括第二功能标识位, 所述第二功能标识位表示所述响应消息帧的 发送方支持多媒介访问控制地址操作功能。  The data interaction module further receives a response message frame of the first message frame, where the response message frame includes a second function identifier bit, and the second function identifier bit indicates that the sender of the response message frame supports multiple media Access control address operation function.
6. 一种无线通信方法, 其特征在于, 包括:  A wireless communication method, comprising:
生成第一消息帧, 并在第一时间点发送所述第一消息帧, 所述第一消 息帧至少包含第一源媒介访问控制 (MAC ) 地址和第一目的媒介访问控 制 (MAC ) 地址;  Generating a first message frame, and transmitting the first message frame at a first time point, where the first message frame includes at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address;
在所述第一时间点之后, 还包括: 生成第二消息帧, 向所述第一消息 帧的接收方发送所述第二消息帧, 所述第二消息帧至少包含第二源媒介访 问控制 (MAC ) 地址, 及从所述第一消息帧的接收方接收所述第二消息 帧的响应消息帧, 所述第二消息帧的响应消息帧至少包含第二目的媒介访 问控制 (MAC ) 地址;  After the first time point, the method further includes: generating a second message frame, sending the second message frame to a receiver of the first message frame, where the second message frame includes at least a second source medium access control a (MAC) address, and a response message frame of the second message frame received from a receiver of the first message frame, the response message frame of the second message frame including at least a second destination medium access control (MAC) address ;
生成第三消息帧, 在第二时间点向所述第一消息帧的接收方发送第三 消息帧, 所述第三消息帧至少包含所述第二源媒介访问控制 (MAC ) 地 址和所述第二目的媒介访问控制 (MAC )地址;  Generating a third message frame, and transmitting, at a second time point, a third message frame to a receiver of the first message frame, the third message frame including at least the second source medium access control (MAC) address and the a second destination medium access control (MAC) address;
其中, 所述第一源媒介访问控制 (MAC ) 地址、 所述第一目的媒介 访问控制 (MAC ) 地址、 所述第二源媒介访问控制 (MAC ) 地址和所述 第二目的媒介访问控制 ( MAC ) 地址互不相同。  The first source medium access control (MAC) address, the first destination medium access control (MAC) address, the second source medium access control (MAC) address, and the second destination medium access control ( MAC) Addresses are different from each other.
7. 根据权利要求 6 所述的无线通信方法, 其特征在于, 所述第一消 息帧、 所述第二消息帧及所述第三消息帧为管理消息帧、 动作消息帧、 控 制消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧及所述第三 消息帧的类型相同或不同。  The wireless communication method according to claim 6, wherein the first message frame, the second message frame, and the third message frame are management message frames, action message frames, control message frames, or a data frame, where the types of the first message frame, the second message frame, and the third message frame are the same or different.
8. 根据权利要求 7 所述的无线通信方法, 其特征在于, 当所述第一 消息帧、 所述第二消息帧或所述第三消息帧为管理消息帧或动作消息帧 时, 所述第一消息帧、 所述第二消息帧或所述第三消息帧具体为:  The wireless communication method according to claim 7, wherein when the first message frame, the second message frame or the third message frame is a management message frame or an action message frame, The first message frame, the second message frame, or the third message frame is specifically:
探测响应帧、 关联请求帧、 关联响应帧、 重关联请求帧、 重关联响应 帧、 认证帧、 重认证帧、 设备发现消息帧或服务发现消息帧。 Probe response frame, association request frame, association response frame, reassociation request frame, reassociation response frame, authentication frame, re-authentication frame, device discovery message frame, or service discovery message frame.
9. 根据权利要求 6所述的无线通信方法, 其特征在于, 还包括: 与所述第一消息帧的接收方至少利用所述第一源媒介访问控制地址和 所述第一目的媒介访问控制地址协商会话密钥; 以及 9. The wireless communication method according to claim 6, further comprising: utilizing at least the first source medium access control address and the first destination medium access control with a receiver of the first message frame Address negotiation session key;
利用所述会话密钥加密所述第二消息帧或所述第三消息帧中的所述第 二源媒介访问控制 ( MAC ) 地址。  Encrypting the second source medium access control (MAC) address in the second message frame or the third message frame with the session key.
10. 根据权利要求 6 至 9 中任一项所述的无线通信方法, 其特征在 于, 所述第一消息帧中还包括第一功能标识位, 所述第一功能标识位表示 所述第一消息帧的发送方支持多媒介访问控制地址操作功能; 以及  The wireless communication method according to any one of claims 6 to 9, wherein the first message frame further includes a first function identifier bit, and the first function identifier bit indicates the first The sender of the message frame supports the multi-media access control address operation function;
所述无线通信方法还包括:  The wireless communication method further includes:
接收所述第一消息帧的响应消息帧, 所述响应消息帧中包括第二功能 标识位, 所述第二功能标识位表示所述响应消息帧的发送方支持多媒介访 问控制地址操作功能。  Receiving a response message frame of the first message frame, the response message frame includes a second function identifier bit, and the second function identifier bit indicates that the sender of the response message frame supports a multi-media access control address operation function.
11. 一种通信装置, 其特征在于, 包括:  A communication device, comprising:
消息生成模块, 根据数据交互模块接收到的第二消息帧, 生成所述第 二消息帧的响应消息帧, 其中, 所述第二消息帧至少包含第二源媒介访问 控制 (MAC ) 地址, 所述第二消息帧的响应消息帧至少包含第二目的媒 介访问控制 ( MAC )地址;  a message generating module, configured to generate a response message frame of the second message frame according to the second message frame received by the data interaction module, where the second message frame includes at least a second source medium access control (MAC) address, where The response message frame of the second message frame includes at least a second destination medium access control (MAC) address;
数据交互模块, 在第一时间点接收第一消息帧, 所述第一消息帧至少 包含第一源媒介访问控制 ( MAC ) 地址和第一目 的媒介访问控制 ( MAC ) 地址, 在所述第一时间点之后接收所述第二消息帧并发送所述 第二消息帧的响应帧, 及在第二时间点接收第三消息帧, 所述第三消息帧 至少包含所述第二源媒介访问控制 (MAC ) 地址和所述第二目的媒介访 问控制 (MAC ) 地址;  The data interaction module receives the first message frame at a first time point, where the first message frame includes at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address, where the first Receiving the second message frame after the time point and transmitting the response frame of the second message frame, and receiving the third message frame at the second time point, the third message frame including at least the second source medium access control a (MAC) address and the second destination medium access control (MAC) address;
其中, 所述第一源媒介访问控制 (MAC ) 地址、 所述第一目的媒介 访问控制 ( MAC ) 地址、 所述第二源媒介访问控制 ( MAC ) 地址和所述 第二目的媒介访问控制 ( MAC ) 地址互不相同。  The first source medium access control (MAC) address, the first destination medium access control (MAC) address, the second source medium access control (MAC) address, and the second destination medium access control ( MAC) Addresses are different from each other.
12. 根据权利要求 11 所述的通信装置, 其特征在于, 所述第一消息 帧、 所述第二消息帧或所述第三消息帧为管理消息帧、 动作消息帧、 控制 消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧或所述第三消 息帧的类型相同或不同。 The communication device according to claim 11, wherein the first message frame, the second message frame or the third message frame is a management message frame, an action message frame, a control message frame or data a frame, where the types of the first message frame, the second message frame, or the third message frame are the same or different.
13. 根据权利要求 12 所述的通信装置, 其特征在于, 当所述第一消 息帧、 所述第二消息帧或所述第三消息帧为管理消息帧或动作消息帧时, 所述第一消息帧、 所述第二消息帧或所述第三消息帧具体为: The communication device according to claim 12, wherein when the first message frame, the second message frame or the third message frame is a management message frame or an action message frame, the A message frame, the second message frame or the third message frame is specifically:
探测响应帧、 关联请求帧、 关联响应帧、 重关联请求帧、 重关联响应 帧、 认证帧、 重认证帧、 设备发现消息帧或服务发现消息帧。  Probe response frame, association request frame, association response frame, reassociation request frame, reassociation response frame, authentication frame, re-authentication frame, device discovery message frame, or service discovery message frame.
14. 根据权利要求 11所述的通信装置, 其特征在于, 还包括: 处理模块, 与所述第一消息帧的发送方至少利用所述第一源媒介访问 控制地址和所述第一目的媒介访问控制地址协商会话密钥, 并利用所述会 话密钥加密所述第二消息帧的响应消息帧中的所述第二目的媒介访问控制 ( MAC )地址。  14. The communication device of claim 11, further comprising: a processing module, wherein the sender of the first message frame utilizes at least the first source medium access control address and the first destination medium The access control address negotiates a session key and uses the session key to encrypt the second destination medium access control (MAC) address in the response message frame of the second message frame.
15. 根据权利要求 11至 14中任一项所述的通信装置, 其特征在于, 所述第一消息帧中还包括第一功能标识位, 所述第一功能标识位表示所述 第一消息帧的发送方支持多媒介访问控制地址操作功能; 以及  The communication device according to any one of claims 11 to 14, wherein the first message frame further includes a first function identifier bit, and the first function identifier bit indicates the first message The sender of the frame supports the multi-media access control address operation function;
所述第一消息帧的响应消息帧中还包括第二功能标识位, 所述第二功 能标识位表示所述通信装置支持多媒介访问控制地址操作功能。  The response message frame of the first message frame further includes a second function identifier bit, and the second function identifier bit indicates that the communication device supports the multi-media access control address operation function.
16. 一种无线通信方法, 其特征在于, 包括:  16. A method of wireless communication, comprising:
在第一时间点接收第一消息帧, 所述第一消息帧至少包含第一源媒介 访问控制 (MAC ) 地址和第一目的媒介访问控制 (MAC ) 地址;  Receiving, at a first time point, a first message frame, the first message frame including at least a first source medium access control (MAC) address and a first destination medium access control (MAC) address;
在所述第一时间点之后, 还包括: 从所述第一消息帧的发送方接收第 二消息帧, 并向所述第一消息帧的发送方发送所述第二消息帧的响应消息 帧, 其中, 所述第二消息帧至少包含所述第二源媒介访问控制 (MAC ) 地址, 及所述第二消息帧的响应消息帧至少包含第二目的媒介访问控制 ( MAC )地址;  After the first time point, the method further includes: receiving a second message frame from a sender of the first message frame, and transmitting a response message frame of the second message frame to a sender of the first message frame The second message frame includes at least the second source medium access control (MAC) address, and the response message frame of the second message frame includes at least a second destination medium access control (MAC) address;
在第二时间点接收第三消息帧, 所述第三消息帧至少包含所述第二源 媒介访问控制 ( MAC ) 地址和所述第二目的媒介访问控制 ( MAC ) 地 址;  Receiving, at a second time point, a third message frame, the third message frame including at least the second source medium access control (MAC) address and the second destination medium access control (MAC) address;
其中, 所述第一源媒介访问控制 (MAC ) 地址、 所述第一目的媒介 访问控制 (MAC ) 地址、 所述第二源媒介访问控制 (MAC ) 地址和所述 第二目的媒介访问控制 ( MAC ) 地址互不相同。 The first source medium access control (MAC) address, the first destination medium access control (MAC) address, the second source medium access control (MAC) address, and the second destination medium access control ( MAC) Addresses are different from each other.
17. 根据权利要求 16 所述的无线通信方法, 其特征在于, 所述第一 消息帧、 所述第二消息帧或所述第三消息帧为管理消息帧、 动作消息帧、 控制消息帧或数据帧, 其中, 所述第一消息帧、 所述第二消息帧或所述第 三消息帧的类型相同或不同。 The wireless communication method according to claim 16, wherein the first message frame, the second message frame or the third message frame is a management message frame, an action message frame, a control message frame or a data frame, where the types of the first message frame, the second message frame, or the third message frame are the same or different.
18. 根据权利要求 17 所述的无线通信方法, 其特征在于, 当所述第 一消息帧、 所述第二消息帧或所述第三消息帧为管理消息帧或动作消息帧 时, 所述第一消息帧、 所述第二消息帧或所述第三消息帧具体为:  The wireless communication method according to claim 17, wherein when the first message frame, the second message frame or the third message frame is a management message frame or an action message frame, The first message frame, the second message frame, or the third message frame is specifically:
探测响应帧、 关联请求帧、 关联响应帧、 重关联请求帧、 重关联响应 帧、 认证帧、 重认证帧、 设备发现消息帧或服务发现消息帧。  Probe response frame, association request frame, association response frame, reassociation request frame, reassociation response frame, authentication frame, re-authentication frame, device discovery message frame, or service discovery message frame.
19. 根据权利要求 16所述的无线通信方法, 其特征在于, 还包括: 与所述第一消息帧的发送方至少利用所述第一源媒介访问控制地址和 所述第一目的媒介访问控制地址协商会话密钥; 以及  The wireless communication method according to claim 16, further comprising: using at least the first source medium access control address and the first destination medium access control with a sender of the first message frame Address negotiation session key;
利用所述会话密钥加密所述第二消息帧的响应消息帧中的所述第二目 的媒介访问控制 (MAC ) 地址。  The second destination Medium Access Control (MAC) address in the response message frame of the second message frame is encrypted using the session key.
20. 根据权利要求 16至 19中任一项所述的无线通信方法, 其特征在 于, 所述第一消息帧中还包括第一功能标识位, 所述第一功能标识位表示 所述第一消息帧的发送方支持多媒介访问控制地址操作功能; 以及  The wireless communication method according to any one of claims 16 to 19, wherein the first message frame further includes a first function identifier bit, and the first function identifier bit indicates the first The sender of the message frame supports the multi-media access control address operation function;
所述第一消息帧的响应消息帧中包括第二功能标识位, 所述第二功能 标识位表示所述响应消息帧的发送方支持多媒介访问控制地址操作功能。  The response message frame of the first message frame includes a second function identifier bit, and the second function identifier bit indicates that the sender of the response message frame supports the multi-media access control address operation function.
PCT/CN2013/080455 2013-03-26 2013-07-31 Communication device and wireless communication method WO2014153908A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310100289.X 2013-03-26
CN201310100289.XA CN103200191B (en) 2013-03-26 2013-03-26 Communicator and wireless communications method

Publications (1)

Publication Number Publication Date
WO2014153908A1 true WO2014153908A1 (en) 2014-10-02

Family

ID=48722548

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/080455 WO2014153908A1 (en) 2013-03-26 2013-07-31 Communication device and wireless communication method

Country Status (2)

Country Link
CN (1) CN103200191B (en)
WO (1) WO2014153908A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103200191B (en) * 2013-03-26 2017-03-15 东莞宇龙通信科技有限公司 Communicator and wireless communications method
CN105530681B (en) 2014-09-28 2019-02-19 华为技术有限公司 Method for processing business and device
US10045196B2 (en) 2015-02-24 2018-08-07 Lg Electronics Inc. Association method for data transmission in wireless communication system and device using same

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8107396B1 (en) * 2006-07-24 2012-01-31 Cisco Technology, Inc. Host tracking in a layer 2 IP ethernet network
US20120076072A1 (en) * 2010-09-24 2012-03-29 Marc Jalfon System and method for maintaining privacy in a wireless network
CN103200191A (en) * 2013-03-26 2013-07-10 东莞宇龙通信科技有限公司 Communication device and wireless communication method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE60229981D1 (en) * 2002-01-18 2009-01-02 Nokia Corp ADDRESSING IN WIRELESS LOCAL NETWORKS
EP1732265B1 (en) * 2004-03-03 2010-10-06 National Institute of Information and Communications Technology, Incorporated Administrative Agency Layer 2 switch network system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8107396B1 (en) * 2006-07-24 2012-01-31 Cisco Technology, Inc. Host tracking in a layer 2 IP ethernet network
US20120076072A1 (en) * 2010-09-24 2012-03-29 Marc Jalfon System and method for maintaining privacy in a wireless network
CN103200191A (en) * 2013-03-26 2013-07-10 东莞宇龙通信科技有限公司 Communication device and wireless communication method

Also Published As

Publication number Publication date
CN103200191B (en) 2017-03-15
CN103200191A (en) 2013-07-10

Similar Documents

Publication Publication Date Title
JP6023152B2 (en) Enhanced security for direct link communication
RU2407181C1 (en) Authentication of safety and control of keys in infrastructural wireless multilink network
US8605904B2 (en) Security method in wireless communication system having relay node
JP2009533932A (en) Channel coupling mechanism based on parameter coupling in key derivation
KR101018562B1 (en) Method and apparatus for providing a supplicant access to a requested service
TW201108766A (en) Fast authentication between heterogeneous wireless networks
KR20130059425A (en) Dynamic host configuration and network access authentication
JPWO2008146395A1 (en) Network relay device, communication terminal, and encrypted communication method
WO2011091771A1 (en) Relay node authentication method, device and system
WO2011075976A1 (en) Method and system for establishing secure connection between user terminals
WO2009097789A1 (en) Method and communication system for establishing security association
CN110808834B (en) Quantum key distribution method and quantum key distribution system
WO2022147803A1 (en) Secure communication method and device
WO2018161862A1 (en) Private key generation method, device and system
JP2023529181A (en) DATA TRANSMISSION METHOD AND SYSTEM, ELECTRONIC DEVICE, AND COMPUTER-READABLE STORAGE MEDIUM
WO2011143943A1 (en) Method, system and apparatus for establishing end-to-end security connection
WO2012024905A1 (en) Method, terminal and ggsn for encrypting and decrypting data in mobile communication network
WO2014153908A1 (en) Communication device and wireless communication method
WO2022027476A1 (en) Key management method and communication apparatus
WO2011064858A1 (en) Wireless authentication terminal
WO2011143945A1 (en) Method, system, and apparatus for establishing end-to-end shared key
CN112235318B (en) Metropolitan area network system for realizing quantum security encryption
WO2013181830A1 (en) Association identifier communication device and association identifier communication method
WO2010097004A1 (en) Method for realizing integration of wapi and capwap by separated mac mode
CN1996838A (en) AAA certification and optimization method for multi-host WiMAX system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13880640

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13880640

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC ( EPO FORM 1205A DATED 04/04/2016 )

122 Ep: pct application non-entry in european phase

Ref document number: 13880640

Country of ref document: EP

Kind code of ref document: A1