CN117979285A - Data transmission method and device - Google Patents
Data transmission method and device Download PDFInfo
- Publication number
- CN117979285A CN117979285A CN202211302587.2A CN202211302587A CN117979285A CN 117979285 A CN117979285 A CN 117979285A CN 202211302587 A CN202211302587 A CN 202211302587A CN 117979285 A CN117979285 A CN 117979285A
- Authority
- CN
- China
- Prior art keywords
- multicast key
- local area
- area network
- wireless local
- connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 84
- 230000005540 biological transmission Effects 0.000 title claims abstract description 42
- 230000008569 process Effects 0.000 claims abstract description 24
- 238000004891 communication Methods 0.000 claims description 44
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 description 36
- 101150081243 STA1 gene Proteins 0.000 description 27
- 101100161473 Arabidopsis thaliana ABCB25 gene Proteins 0.000 description 26
- 101100096893 Mus musculus Sult2a1 gene Proteins 0.000 description 26
- 101100395869 Escherichia coli sta3 gene Proteins 0.000 description 20
- 239000003999 initiator Substances 0.000 description 17
- OVGWMUWIRHGGJP-WVDJAODQSA-N (z)-7-[(1s,3r,4r,5s)-3-[(e,3r)-3-hydroxyoct-1-enyl]-6-thiabicyclo[3.1.1]heptan-4-yl]hept-5-enoic acid Chemical compound OC(=O)CCC\C=C/C[C@@H]1[C@@H](/C=C/[C@H](O)CCCCC)C[C@@H]2S[C@H]1C2 OVGWMUWIRHGGJP-WVDJAODQSA-N 0.000 description 16
- 101000988961 Escherichia coli Heat-stable enterotoxin A2 Proteins 0.000 description 16
- 230000006855 networking Effects 0.000 description 16
- 230000015654 memory Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 12
- 230000003993 interaction Effects 0.000 description 6
- 239000000284 extract Substances 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000011664 signaling Effects 0.000 description 4
- 101000752249 Homo sapiens Rho guanine nucleotide exchange factor 3 Proteins 0.000 description 3
- 102100021689 Rho guanine nucleotide exchange factor 3 Human genes 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 3
- 230000003190 augmentative effect Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 102100031974 CMP-N-acetylneuraminate-beta-galactosamide-alpha-2,3-sialyltransferase 4 Human genes 0.000 description 1
- 101000703754 Homo sapiens CMP-N-acetylneuraminate-beta-galactosamide-alpha-2,3-sialyltransferase 4 Proteins 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 1
- 238000001356 surgical procedure Methods 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
- H04W48/10—Access restriction or access information delivery, e.g. discovery data delivery using broadcasted information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A data transmission method and device are used for realizing multicast data transmission in a wireless local area network without a center device. In the present application, the data transmission method includes: the first device generates a first multicast key in the process of establishing wireless local area network connection with a second device in the second wireless local area network, and the first multicast key is used for transmitting data between the first device and the second device. And the second equipment stores a second multicast key, the second multicast key is used for transmitting data between the second equipment and other equipment in the second wireless local area network, the second equipment sends the second multicast key to the first equipment, and correspondingly, the first equipment receives the second multicast key from the second equipment. The first device transmits data with the second device via the second multicast key.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a data transmission method and apparatus.
Background
In a wireless local area network (wireless local area network, WLAN), access Point (AP) devices such as routers and hotspots are used as a central device, and terminal devices such as mobile phones, network cards, televisions and smart home are used As Stations (STAs). Specifically, a plurality of STAs may access to the AP, and then the STAs access to the network through the AP to form a wireless lan.
When each STA in a plurality of STAs accesses to an AP, the STA is used as a connection initiator to send a connection request to the AP, the AP is used as a connection receiver to generate a group temporary multicast key (group temporal key, GTK), and the AP sends the GTK to the STA. Since the AP generates the GTK and then transmits the GTK to each STA separately, each STA may acquire the same GTK. Thus, when the AP encrypts data through the GTK, all STAs can decrypt the encrypted data according to the GTK acquired in advance.
However, with the development of wireless network technology, there is no central device in the networking process of the wireless local area network, for example, two STAs may be used for networking, or two APs may be used for networking, that is, each device may initiate a connection request to another device, and each device may also receive a connection request from another device. Under the condition of no central equipment, how to realize the transmission of multicast data is a technical problem to be solved at present.
Disclosure of Invention
The application provides a data transmission method and a data transmission device, which are used for realizing the transmission of multicast data in a wireless local area network without central equipment.
In a first aspect, the present application provides a data transmission method, where the data transmission method is performed by a first device, where the first device may be an AP in a wireless local area network without a center device, or may be an STA in the wireless local area network without a center device.
The data transmission method comprises the following steps: the first device generates a first multicast key in the process of establishing wireless local area network connection with a second device in the second wireless local area network, and the first multicast key is used for transmitting data between the first device and the second device. And the second equipment stores a second multicast key, the second multicast key is used for transmitting data between the second equipment and other equipment in the second wireless local area network, the second equipment sends the second multicast key to the first equipment, and correspondingly, the first equipment receives the second multicast key from the second equipment. The first device transmits data with the second device via the second multicast key. Illustratively, the first device is a co-located device with the second device, the second device is an AP when the first device is an AP, and the second device is an STA when the first device is an STA. Illustratively, the first multicast key or the second multicast key is a GTK.
In the above technical solution, the first device establishes a wireless local area network connection with the second device to access the second wireless local area network, and further, in the process of establishing a wireless local area network connection with the second device, the first device generates a multicast key for transmitting data between the first device and the second device, but since each device in the second wireless local area network already stores the multicast key (i.e., the second multicast key), the first device also acquires the second multicast key from the second device, so that the first device can transmit data with the second device through the second multicast key. Further, the first device stores the same multicast key as each device in the second wireless local area network, so that when any device in the second wireless local area network encrypts data through the second multicast key, the encrypted data can be decrypted by all other devices in the second wireless local area network.
In one possible implementation manner, the first device generates the first multicast key, specifically, the first device serves as a receiver of the connection request, the second device serves as an initiator of the connection request, when the second device needs to establish a wireless local area network connection with the first device, the second device sends the connection request to the first device, and correspondingly, the first device receives the connection request from the second device and generates the first multicast key in response to the connection request.
In the above technical solution, the first device and the second device are equally located devices, and although the first device is used as a receiving party of the connection request and generates the first multicast key, since each device in the second wireless local area network already stores the second multicast key, the first device can transmit data with each device in the second wireless local area network through the second multicast key when accessing into the second wireless local area network.
In one possible implementation, the first device also overwrites the second multicast key with the first multicast key to use the second multicast key as a key for the first device to transmit data with the second device.
In the above technical solution, after the first device acquires the second multicast key, the first device may cover the second multicast key with the first multicast key, so as to realize that the first device transmits data with the second device through the second multicast key.
In one possible implementation, when the first device is in the first wireless local area network, the first device further sends an update message to one or more devices in the first wireless local area network other than the first device, wherein the update message indicates: the multicast key used to transmit data in the first wireless local area network is updated to the second multicast key. Accordingly, any device other than the first device in the first wireless lan may obtain the second multicast key from the update message after receiving the update message, and further transmit data according to the second multicast key.
In the above technical solution, the first device may also be a device already in the first wireless local area network, where the first device establishes a wireless local area network connection with the second device to implement combination of the first wireless local area network and the second wireless local area network. Further, after the first device acquires the second multicast key from the second device, the second multicast key is sent to other devices in the first wireless local area network except the first device. Thus, all devices in the wireless local area network obtained by combining the first wireless local area network and the second wireless local area network can store the second multicast key. In the combined wireless local area network, when each device encrypts data through the second multicast key, the encrypted data can be decrypted by all other devices.
In one possible implementation, the first wireless local area network further includes one or more third devices, where the one or more third devices are sub-devices of the first device. It can be understood that the first wireless local area network comprises a sub-local area network without a center device and a sub-local area network with a center device, and the flexibility of the wireless local area network is improved. Moreover, when the first wireless lan is merged with the second wireless lan, the first device can send not only the second multicast key to other devices in the child lan without the center device, but also the second multicast key to a child device (i.e., a third device) in the child lan with the center device (i.e., the first device).
In one possible implementation manner, when the first device receives the second multicast key from the second device, the first device may specifically receive the second multicast key from the second device through a short-range connection; wherein the short-range connection comprises at least one or more of the following: bluetooth connection, near Field Communication (NFC) connection, star flash connection, wireless local area network connection. The specific implementation manner of receiving the second multicast key from the second device by the first device is provided, wherein the transmission manner of the second multicast key is a unicast manner, so that the security of multicast key transmission is improved.
In one possible implementation manner, when the first device receives the second multicast key from the second device through the wireless local area network connection, the first device may specifically receive the second multicast key through a unicast frame in the wireless local area network connection, where the unicast frame includes one or more of a data frame and a management frame.
In the above technical solution, the first device receives the second multicast key from the second device through the unicast frame, where the unicast frame may be obtained by encrypting the second multicast key by the unicast key between the first device and the second device (for example, paired transmission key (PAIRWISE TRANSIENT KEY, PTK)), so as to improve the security of multicast key transmission.
In a second aspect, the present application provides a data transmission method, including: the method comprises the steps that in the process that the first equipment establishes wireless local area network connection with the second equipment, the first equipment receives a second multicast key from the second equipment, wherein the second multicast key is stored in the second equipment, and the second multicast key is used for transmitting data between the second equipment and other equipment in a second wireless local area network to which the second equipment belongs; the first device transmits data with the second device via the second multicast key.
In one possible implementation manner, the first device is used as a receiving party of the connection request, the second device is used as an initiating party of the connection request, when the second device needs to establish the wireless local area network connection with the first device, the second device sends the connection request to the first device, and correspondingly, the first device receives the connection request from the second device. The second device then determines that the second device has the second multicast key stored therein, and the second device sends the second multicast key to the first device via message 3, i.e. the second multicast key is included in message 3.
The message 3 is specifically the message 3 in the process that the second device establishes the wireless local area network connection with the first device based on Wi-Fi network secure access (Wi-Fi protected access, WPA) protocol.
Illustratively, in the process that the second device establishes the wireless local area network connection with the first device based on the WPA protocol, the first device firstly sends a message 1 to the second device, where the message 1 includes the random number of the first device. Correspondingly, the second device obtains the random number of the first device from the message 1. The second device calculates the PTK, extracts a message integrity check (MESSAGES INTEGRITY CHECK, MIC) value from the PTK, and sends a message 2 to the first device, the message 2 including the second device's random number and MIC, which is illustratively the first 16 bytes in the PTK. Accordingly, the first device obtains the random number and MIC of the second device from message 2. The first device calculates a PTK and a MIC, and performs integrity check on the PTK according to the MIC. The second device encrypts the second multicast key using the PTK and sends the encrypted second multicast key and the MIC to the first device via message 3. Correspondingly, the first device acquires the encrypted second multicast key and MIC from the message 3, decrypts the encrypted second multicast key by using the PTK, and stores the PTK and the second multicast key. The second device stores the PTK.
In the above technical solution, the first device establishes a wireless lan connection with the second device to access to the second wireless lan. Further, the second multicast key is stored in the second device, the first device can directly acquire the second multicast key from the second device, the first device is not required to generate the first multicast key, and unnecessary computation is reduced; the first device does not need to send the multicast key generated by the first device to the second device, so that unnecessary signaling interaction is reduced.
In another possible implementation manner, the first device is used as an initiator of the connection request, the second device is used as a receiver of the connection request, and when the first device needs to establish the wireless local area network connection with the second device, the first device sends the connection request to the second device, and correspondingly, the second device receives the connection request from the first device. The second device then determines that the second device has the second multicast key stored therein, and the second device sends the second multicast key to the first device via message 3, i.e. the second multicast key is included in message 3.
The message 3 is specifically the message 3 in the process that the second device establishes the wireless local area network connection with the first device based on the WPA protocol.
Illustratively, in the process that the second device establishes the wireless local area network connection with the first device based on the WPA protocol, the second device first sends a message 1 to the first device, where the message 1 includes a random number of the second device. Accordingly, the first device obtains the random number of the second device from the message 1. The first device calculates the PTK, extracts the MIC from the PTK, and sends a message 2 to the second device, where the message 2 includes the random number of the first device and the MIC, which is illustratively the first 16 bytes in the PTK. Accordingly, the second device obtains the random number and MIC of the first device from message 2. The second device calculates a PTK and a MIC, and performs integrity check on the PTK according to the MIC. The second device encrypts the second multicast key using the PTK and sends the encrypted second multicast key and the MIC to the first device via message 3. Correspondingly, the first device acquires the encrypted second multicast key and MIC from the message 3, decrypts the encrypted second multicast key by using the PTK, and stores the PTK and the second multicast key. The second device stores the PTK.
In the above technical solution, the first device establishes a wireless lan connection with the second device to access to the second wireless lan. Further, the second multicast key is stored in the second device, the first device can directly acquire the second multicast key from the second device, the second device is not required to generate the multicast key, and unnecessary computation is reduced; the second device does not need to send the multicast key generated by the second device to the first device, so that unnecessary signaling interaction is reduced.
In a third aspect, embodiments of the present application provide a communication device,
The apparatus has a function of implementing the first device in the first aspect or any possible implementation manner of the first aspect, where the apparatus may be the first device, or may be a chip included in the first device;
the apparatus has a function of implementing the second device in the first aspect or any possible implementation manner of the first aspect, where the apparatus may be the second device, or may be a chip included in the second device;
The apparatus has a function of implementing the first device in the second aspect or any possible implementation manner of the second aspect, where the apparatus may be the first device, or may be a chip included in the first device;
The apparatus has a function of implementing the second device in the second aspect or any possible implementation manner of the second aspect, where the apparatus may be the second device or may be a chip included in the second device.
The functions of the communication device may be implemented by hardware, or may be implemented by executing corresponding software by hardware, where the hardware or software includes one or more modules or units or means (means) corresponding to the functions.
In one possible implementation, the apparatus includes a processing module and a transceiver module in a structure of the apparatus.
Wherein the processing module is configured to support the apparatus to perform the function corresponding to the first device in the above first aspect or any implementation manner of the first aspect, or perform the function corresponding to the second device in the above first aspect or any implementation manner of the first aspect, or perform the function corresponding to the first device in the above second aspect or any implementation manner of the second aspect, or perform the function corresponding to the second device in the above second aspect or any implementation manner of the second aspect.
The transceiver module is configured to support communication between the apparatus and other communication devices, e.g., when the apparatus is a first device, the apparatus may receive a second multicast key from a second device.
The communication device may also include a memory module coupled to the processing module that holds the program instructions and data necessary for the device. As an example, the processing module may be a processor, the communication module may be a transceiver, and the storage module may be a memory, where the memory may be integrated with the processor or may be separately provided from the processor.
In another possible implementation, the apparatus includes a processor in its structure and may also include a memory. The processor is coupled to the memory and operable to execute the computer program instructions stored in the memory to cause the apparatus to perform the functions corresponding to the first device in the above-described first aspect or any implementation of the first aspect, or to perform the functions corresponding to the second device in the above-described first aspect or any implementation of the first aspect, or to perform the functions corresponding to the first device in the above-described second aspect or any implementation of the second aspect, or to perform the functions corresponding to the second device in the above-described second aspect or any implementation of the second aspect.
Optionally, the apparatus further comprises a communication interface, the processor being coupled to the communication interface. When the apparatus is a first device or a second device, the communication interface may be a transceiver or an input/output interface; when the apparatus is a chip contained in the first device or a chip contained in the second device, the communication interface may be an input/output interface of the chip. Alternatively, the transceiver may be a transceiver circuit and the input/output interface may be an input/output circuit.
In a fourth aspect, an embodiment of the present application provides a computer readable storage medium, in which a computer program or an instruction is stored, which when executed by a communication apparatus, performs a function corresponding to a first device in any one of the above first aspect or the first aspect, or performs a function corresponding to a second device in any one of the above first aspect or the first aspect, or performs a function corresponding to a first device in any one of the above second aspect or the second aspect, or performs a function corresponding to a second device in any one of the above second aspect or the second aspect.
In a fifth aspect, an embodiment of the present application provides a computer program product, the computer program product comprising a computer program or instructions which, when executed by a communication apparatus, performs the function corresponding to the first device in the above first aspect or any implementation manner of the first aspect, or performs the function corresponding to the second device in the above first aspect or any implementation manner of the first aspect, or performs the function corresponding to the first device in the above second aspect or any implementation manner of the second aspect, or performs the function corresponding to the second device in the above second aspect or any implementation manner of the second aspect.
In a sixth aspect, an embodiment of the present application provides a system for a data transmission method, where the system includes a first device in the first aspect or any implementation manner of the first aspect, and a second device in the first aspect or any implementation manner of the first aspect; or a first device in the second aspect or any implementation of the second aspect, and a second device in the second aspect or any implementation of the second aspect.
The technical effects that can be achieved by any one of the third aspect to the sixth aspect may be referred to the description of the beneficial effects in the first aspect or the second aspect, and the detailed description is not repeated here.
Drawings
Fig. 1 is a schematic flow chart of a STA accessing to an AP based on WPA protocol;
fig. 2 (a) is a schematic diagram of a networking in a wireless lan;
Fig. 2 (b) is a schematic networking diagram in a wlan according to the present application;
fig. 3 (a) is a schematic view of a scenario in which a device provided by the present application is connected to a wlan;
fig. 3 (b) is a schematic diagram of a scenario in which two wireless lans are combined according to the present application;
fig. 4 is a flow chart of a first data transmission method provided by the present application;
fig. 5 is a schematic flow chart of a second data transmission method according to the present application;
fig. 6 is a flow chart of a third data transmission method according to the present application;
fig. 7 is a flow chart of a fourth data transmission method provided by the present application;
fig. 8 is a schematic diagram of a networking in still another wlan according to the present application;
fig. 9 is a flowchart for establishing a wlan connection based on WPA protocol according to the present application;
Fig. 10 is a flowchart of still another method for establishing a wlan connection based on WPA protocol according to the present application;
Fig. 11 is a schematic diagram of an application scenario of a networking manner of a wireless lan according to the present application;
Fig. 12 is a schematic structural diagram of a data transmission device according to the present application;
fig. 13 is a schematic structural diagram of a data transmission device according to the present application.
Detailed Description
For ease of understanding, descriptions of terms and techniques related to the present application are given by way of example for reference.
1. Station (STA): also referred to as wireless workstations, refer to devices connected to a wireless local area network that may communicate with other devices within the wireless local area network or with other devices outside the wireless local area network through an Access Point (AP).
The STA may be an electronic device supporting a wireless local area network connection. The electronic device may also be referred to as a terminal device or terminal, including, but not limited to, a mobile phone, tablet, laptop, palmtop, mobile internet device (mobile INTERNET DEVICE, MID), wearable device (e.g., smart watch, smart bracelet, pedometer, etc.), vehicle-mounted device, virtual Reality (VR) device, augmented reality (augmented reality, AR) device, wireless terminal in industrial control (industrial control), smart home device (e.g., refrigerator, television, air conditioner, electric meter, etc.), smart robot, workshop device, unmanned (SELF DRIVING), teleoperation (remote medical surgery), smart grid (SMART GRID), transportation security (transportation safety), wireless terminal in smart city (SMART CITY), or smart home (smart home) etc., smart robot, hot air balloon, drone, airplane, etc. Exemplary electronic devices of embodiments of the present application include, but are not limited to, piggybacking Or other operating system.
2. Access Point (AP): also referred to as an access node, wireless access point, or hotspot, etc., is a device for accessing STAs into a wireless local area network. For example, the AP may be a centralized unit (centralunit, CU) or a Distributed Unit (DU); but also routers, bridges, wireless gateways, etc. The present application is not limited to the specific technology and the specific device configuration adopted by the AP.
3. Wi-Fi network secure access (Wi-Fi protected access, WPA): the WPA is a security enhancement solution of a wireless local area network based on standards, and can greatly enhance the data protection and access control level in the existing and future wireless local area network systems. WPA helps to ensure that STAs' data is protected and that only authorized STAs can access the wireless local area network.
The procedure of accessing the AP by the STA based on the WPA protocol can be specifically referred to the schematic flow diagram shown in fig. 1.
It is explained in advance that the AP broadcasts its own data (such as the medium access control (medium access control, MAC) address and service set identifier (SERVICE SET IDENTIFIER, SSID) of the AP) in advance, and then the STA may initiate a connection request to the STA according to the data broadcast by the AP, so as to realize the STA access to the AP based on the procedure in fig. 1.
In step 101, the AP sends a message (message) 1 to the STA, where the message 1 includes the random number of the AP. Accordingly, the STA receives the message 1 from the AP, and acquires the random number of the AP from the message 1.
In step 102, the sta calculates the PTK. Wherein the PTK is used for unicast data.
In step 103, the STA extracts the MIC from the PTK, and sends a message 2 to the AP, where the message 2 includes the random number of the STA and the MIC, where the MIC is specifically the first 16 bytes in the PTK. Correspondingly, the AP receives the message 2 from the STA, and obtains the random number and MIC of the STA from the message 2.
In step 104, the ap calculates the PTK and the MIC, and performs integrity check on the PTK according to the MIC. Specifically, if the AP determines that the calculated MIC is the same as the MIC in the message 2, it determines that the PTK verification is successful, and then step 105 is executed; if the AP determines that the calculated MIC is different from the MIC in message 2, it determines that the PTK verification fails.
In step 105, the ap generates a GTK and encrypts the GTK using the PTK. Wherein the GTK is used to encrypt multicast data and/or broadcast data.
In step 106, the ap sends a message 3 to the STA, where the message 3 includes the encrypted GTK and the MIC. Accordingly, the STA receives the message 3 from the AP, and acquires the encrypted GTK and MIC from the message 3.
In step 107, the sta decrypts the encrypted GTK in the message 3 using the PTK generated by itself to obtain the GTK. And the STA performs integrity check on the GTK according to the MIC. Specifically, if the AP determines that the calculated MIC is the same as the MIC in the message 3, it determines that the GTK check is successful, and then step 108 is executed; if the AP determines that the calculated MIC is different from the MIC in message 3, it determines that the check on the GTK fails.
In step 108, the sta sends an Acknowledgement (ACK) to the AP.
In step 109, the sta stores the PTK and GTK. The "store" may also be referred to as "install" in the present application.
In step 110, the ap stores the PTK.
The application is described below in conjunction with the above-described explanations of terms and techniques.
Fig. 2 (a) is a schematic networking diagram in a wireless lan, which includes an AP and a plurality of STAs (fig. 2 (a) exemplarily shows STA1 to STA4, the number of STAs is not limited in the present application), and the plurality of STAs are all connected to the AP. Further, each STA of the plurality of STAs accesses the AP based on the procedure in fig. 1, that is, each STA may obtain the same GTK from the AP through the procedure (i.e., receive message 3, obtain the GTK from message 3). In this way, multiple STAs can acquire the same GTK. When an AP transmits data in a wireless local area network, the AP may encrypt the original data using a GTK to obtain encrypted data. Accordingly, after each STA of the plurality of STAs receives the encrypted data from the AP, the encrypted data may be decrypted according to the GTK to obtain the original data.
However, with the development of wireless network technology, a new networking manner of a network appears, where the network may specifically be composed of multiple devices with equivalent status, such as multiple STAs (including no AP), or multiple APs, that is, there is no central device in the network.
Each device may be connected to other devices through the procedure described above in fig. 1 to implement a wireless lan. Specifically, an initiator of the connection request (hereinafter abbreviated as an initiator) and a receiver of the connection request (hereinafter abbreviated as a receiver) are similar to the STA and the AP in fig. 1, respectively, that is, the receiver can generate the GTK, send the generated GTK to the initiator, then the receiver and the initiator establish a wireless local area network connection, and the receiver and the initiator can realize data transmission through the GTK. Further, there is a wireless local area network connection between any one device in the network and one or more other devices.
Fig. 2 (b) is a networking schematic diagram of a novel network provided by an exemplary embodiment of the present application, where the network includes a plurality of STAs (fig. 2 (b) illustrates STA1 to STA4 by way of example, the present application does not limit the number of STAs), where STA1 has wireless lan connections with STA2 and STA4, respectively; wireless local area network connections and the like exist between the STA2 and the STA1, the SAT3 and the STA4, respectively.
During the networking process:
When STA1 and STA2 establish a wlan connection, assuming STA1 is an initiator and STA2 is a receiver, the roles of STA1 and STA2 are similar to those of STA and AP in fig. 1, and the interaction between STA1 and STA2 can be seen from the above-mentioned flow chart in fig. 1, further, in step 105 and step 106, specifically, STA2 generates a GTK (denoted as GTK 12), and the GTK12 is sent to STA1, so that both STA1 and STA2 store the GTK12.
When STA1 and STA4 establish a wlan connection, assuming STA1 is an initiator and STA4 is a receiver, the roles of STA1 and STA4 are similar to those of STA and AP in fig. 1, and the interaction between STA1 and STA4 can be seen from the above-mentioned flow chart in fig. 1, further, in step 105 and step 106, specifically, STA4 generates a GTK (denoted as GTK 14), and the GTK14 is sent to STA1, so that both STA1 and STA4 store the GTK14.
Here, the STA2 establishes a wireless local area network connection with the STA4, the STA2 establishes a wireless local area network connection with the STA3, and the implementation manner of establishing a wireless local area network connection with the STA3 and the STA4 can refer to the implementation manner of establishing a wireless local area network connection with the STA1 and the STA2, or refer to the implementation manner of establishing a wireless local area network connection with the STA1 and the STA4, which will not be described again.
During the data transmission process:
Taking STA1 as an example, if STA1 encrypts the original data through the GTK12 to obtain encrypted data, the encrypted data is broadcasted, and accordingly, all STAs 2 to 4 receive the encrypted data, and only STA2 can decrypt the encrypted data because only STA2 stores the GTK 12. Similarly, if STA1 encrypts the original data through GTK14 to obtain encrypted data, and broadcasts the encrypted data, and accordingly, STA2 to STA4 each receive the encrypted data, only STA4 can decrypt the encrypted data because only STA4 stores the GTK14 therein.
It can be understood that each STA in the network does not store a unified GTK, and any STA can not decrypt the encrypted data obtained by encrypting the original data by the GTK stored by itself. Similarly, this problem exists in networks of other equally located devices (e.g., multiple APs).
Therefore, the present application provides a data transmission method, which is used to implement that all devices in a network store the same multicast key (such as GTK), so that when any device encrypts original data according to its own multicast key to obtain encrypted data, and then sends (i.e. multicasts or broadcasts) the encrypted data, other devices in the network can decrypt the encrypted data according to its own same multicast key to obtain the original data.
It is explained in advance that in the initial stage, two devices first establish a wireless lan connection, and the manner of establishing the connection can be seen from the flowchart exemplarily shown in fig. 1. The two devices can be marked as a device A and a device B, when the device A is an initiator, the device B is used as a receiver to generate a multicast key, the multicast key is sent to the device A, and the device A and the device B can perform data transmission through the multicast key; when device B is the initiator, then device a acts as the receiver to generate a multicast key that is sent to device B through which devices a and B can transmit data.
When a new device (such as device C) is connected to the wireless lan based on that the device a and the device B have already established the wireless lan connection (i.e., the device a and the device B have established the wireless lan), the device C may establish the wireless lan connection with the existing device (such as device a) in the wireless lan, and obtain the multicast key from the device a during the connection establishment process, and the device C uses the multicast key as the multicast key for transmitting data in the wireless lan by the device C. Similarly, when other new devices are connected to the wireless local area network, the new devices can establish wireless local area network connection with the existing devices in the wireless local area network, and acquire the multicast key from the existing devices in the connection establishment process, and the new devices can use the multicast key as the multicast key for transmitting data in the wireless local area network.
Fig. 3 (a) is a schematic view of a scenario of accessing a device to a wlan according to an embodiment of the present application, where the wlan includes a device a, a device B, and a device C, and when a device D needs to be accessed to the wlan, the device D may establish a wlan connection with an existing device in the wlan (such as the device a).
It should be further noted that the present application is applicable not only to the scenario where a single device (i.e., device D) shown in fig. 3 (a) accesses an existing wlan, but also to the scenario where two existing wlans are combined. I.e. the device newly accessing the wireless local area network is originally an existing device in another wireless local area network.
As shown in fig. 3 (B), a schematic diagram of a scenario in which two wireless local area networks are combined is provided for an exemplary embodiment of the present application, where a wireless local area network 1 includes a device a, a device B, and a device C, and a wireless local area network 2 includes a device D and a device E, and when the wireless local area network 1 needs to be combined with the wireless local area network 2, the device D in the wireless local area network 2 may establish a wireless local area network connection with an existing device (such as the device a) in the wireless local area network 1.
The following is explained based on two scenarios:
in the first scenario, a single device accesses to a wireless lan.
For convenience of description, the single device will be referred to as a first device; a device already in the wireless local area network that establishes a wireless local area network connection with the first device is referred to as a second device. Illustratively, the first device is device D of fig. 3 (a) and the second device is device a of fig. 3 (a).
The manner in which the first device obtains the multicast key from the second device of the wireless local area network is different based on whether the first device is the recipient or the initiator, as explained below in the two cases.
In connection with the flowchart of the first data transmission method shown in fig. 4, a possible implementation manner of the first device to obtain the multicast key when the first device is used as a receiving party and is accessed to the wireless local area network (i.e. the first device is in a process of establishing a wireless local area network connection with a second device in the wireless local area network), and correspondingly, the second device is used as an initiating party is explained.
In step 401, a first device generates a first multicast key, where the first multicast key is used for transmitting data between the first device and a second device. This step 401 is similar to the step of the AP generating a GTK in step 105 described above.
Optionally, step 400 is further included before step 401, where the second device sends a connection request to the first device, and accordingly, the first device receives the connection request from the second device. Subsequently, in step 401, the first device generates a multicast key (i.e., a first multicast key) for transmitting data between the first device and the second device in response to the connection request.
In step 402, the second device sends a second multicast key to the first device, and correspondingly, the first device receives a second multicast key in the second device, where the second multicast key is used for transmitting data between the second device and other devices in the wireless lan.
The second device has stored therein a multicast key (i.e., a second multicast key), where the second multicast key is a unified multicast key stored by all devices in the wireless lan, and the second multicast key is used for transmitting data between the second device and other devices in the wireless lan. For example, the wireless local area network includes a device a, a device B and a device C, and the second device is the device a, and then the second multicast key in the device a is used for transmitting data between the device a and the devices B and C in the wireless local area network. Specifically, the device a encrypts the original data a by using the second multicast key to obtain encrypted data a, the device a broadcasts the encrypted data a in the wireless local area network, and accordingly, both the device B and the device C can receive the encrypted data a, and the device B decrypts the encrypted data a by using the second multicast key to obtain the original data a, and similarly, the device C decrypts the encrypted data a by using the second multicast key to obtain the original data a. Or the device B encrypts the original data B by the second multicast key to obtain encrypted data B, the device B broadcasts the encrypted data B in the wireless local area network, and correspondingly, the device a may receive the encrypted data B, and the device a decrypts the encrypted data B by using the second multicast key to obtain the original data B.
In one example, the second device determines that it has stored the second multicast key after sending the connection request to the first device, and then sends the second multicast key to the first device.
In yet another example, after the first device generates the first multicast key, the first device sends the first multicast key to the second device, and accordingly, the second device receives the first multicast key, determines that the second multicast key is already stored locally, and then sends the second multicast key to the first device. Optionally, the second device discards the first multicast key from the first device.
In one embodiment, the second device may send the second multicast key to the first device over a short-range connection, and the first device may receive the second multicast key from the second device over the short-range connection. Wherein the short-distance connection mode at least comprises one or more of the following: bluetooth connection, NFC connection, star flash connection, wireless local area network connection. The star flash connection is a mode of vehicle-mounted wireless short-distance communication, and has the characteristics of ultra-low time delay, ultra-high reliability and accurate synchronization.
When the first device is connected to the second device by a wireless local area network: the first device may specifically receive the second multicast key from the second device over a unicast frame in the wireless local area network connection. Wherein the unicast frame may be a data frame or a management frame.
In step 403, the first device transmits data with the second device via the second multicast key.
Alternatively, the first device may overwrite the first multicast key with the second multicast key after receiving the second multicast key from the second device, and use the second multicast key as a multicast key for transmitting data between the first device and the second device.
The first device transmitting data with the second device via the second multicast key may include two examples:
Example 1, a first device, when transmitting data (denoted as first raw data) to a second device: the first device encrypts the first original data through the second multicast key to obtain first encrypted data, the first device broadcasts the first encrypted data, and correspondingly, the second device receives the first encrypted data and decrypts the first encrypted data according to the second multicast key to obtain the first original data.
Example 2, the second device, when transmitting data (noted as second original data) to the first device: the second device encrypts the second original data through the second multicast key to obtain second encrypted data, the second device broadcasts the second encrypted data, and correspondingly, the first device receives the second encrypted data and decrypts the second encrypted data according to the second multicast key to obtain second original data.
It is noted that although the first device generates the first multicast key for the first device and the second device to transmit data in step 401, the first multicast key is covered by the second multicast key in step 403, i.e., the first device and the second device transmit data through the second multicast key after step 403. In particular, before step 403, if the second device receives the first multicast key from the first device and stores the first multicast key, the first device and the second device may further transmit data through the first multicast key, and for specific implementation, see example 1 and example 2 above, it may be understood that the "second multicast key" may be replaced by the "first multicast key".
Further, the first device may also transmit data with other devices (including the second device) in the wireless local area network other than the first device via the second multicast key. Illustratively, the wireless local area network includes a device a, a device B, and a device C, where the device D is accessed as a new device to the wireless local area network, and the device D establishes a wireless local area network connection with the device a, that is, the device D is a first device, and the device a is a second device, where the device D obtains a second multicast key from the device a, and the device D may transmit data with the device a, the device B, and the device C in the wireless local area network through the second multicast key. For example, the device D encrypts the first original data according to the second multicast key to obtain first encrypted data, broadcasts the first encrypted data in the wireless local area network, and accordingly, the device a, the device B, and the device C respectively receive the first encrypted data, the device a decrypts the first encrypted data according to the second multicast key in the device a to obtain first original data, the device B decrypts the first encrypted data according to the second multicast key in the device B to obtain first original data, and the device C decrypts the first encrypted data according to the second multicast key in the device C to obtain first original data.
A possible implementation manner of the first device to obtain the multicast key when the first device accesses the wireless local area network (i.e. the first device establishes a wireless local area network connection with the second device in the wireless local area network) is explained with reference to the flowchart of the second data transmission method exemplarily shown in fig. 5. Accordingly, the second device acts as a recipient.
In step 501, the second device sends a second multicast key to the first device, and correspondingly, the first device receives a second multicast key in the second device, where the second multicast key is used for transmitting data between the second device and other devices in the wireless lan.
A description of the second multicast key may be referred to in step 402 above.
Optionally, step 500 is further included before step 501, where the first device sends a connection request to the second device, and the second device receives the connection request from the first device.
In one example, the second device determines that it has stored the second multicast key in response to the connection request, and then sends the second multicast key to the first device.
In yet another example, the second device generates a multicast key (denoted as a third multicast key) for the first device to transmit data with the second device in response to the connection request, and sends the third multicast key to the first device. The second device then determines itself to also store a second multicast key for transmitting data in the wireless local area network, then sends the second multicast key to the first device, and instructs the first device to overwrite the second multicast key with a third multicast key. Optionally, the second device also deletes the third multicast key.
The first device transmits data with the second device via the second multicast key, step 502.
Specific implementations can be found in step 403 described above.
And in a second scenario, the two wireless local area networks are combined.
For convenience of description, two wireless local area networks to be combined are respectively referred to as a first wireless local area network and a second wireless local area network, and the local area network after the combination is referred to as a third wireless local area network. Further, the first device belongs to a first wireless local area network, and the second device belongs to a second wireless local area network.
Illustratively, the first wireless local area network 2 in fig. 3 (b), and the first device is device D in fig. 3 (b); the second wireless local area is the wireless local area network 1 in fig. 3 (b) and the second device is device a in fig. 3 (b).
The networking manner of the first wireless local area network may refer to the networking manner of the wireless local area network (i.e., the second wireless local area network) in the first scenario one, and it can be understood that a first device in the first wireless local area network stores a unified multicast key (denoted as a fourth multicast key) for transmitting data in the first wireless local area network before the first device establishes a wireless local area network connection with a second device in the second wireless local area network.
When a first device in the first wireless local area network is accessed to a second wireless local area network, the first device can receive a second multicast key of the second wireless local area network from the second device, and then send the second multicast key to other devices except the first device in the first wireless local area network, so that the combination of the first wireless local area network and the second wireless local area network is completed, and correspondingly, the first device can transmit data in a third wireless local area network through the second multicast key. The scenario may also be referred to as the first wlan accessing the second wlan to obtain a third wlan.
The manner in which the first device obtains the multicast key from the second device of the second wireless local area network is different based on whether the first device is acting as a receiver or an initiator, as will be explained below.
In connection with the flowchart of the third data transmission method shown in fig. 6, a possible implementation manner of obtaining the multicast key by each device in the first wireless local area network when the first device in the first wireless local area network is used as a receiving party and is accessed to the second wireless local area network (i.e. the first device is in a process of establishing a wireless local area network connection with the second device), and correspondingly, the second device in the second wireless local area network is used as an initiating party is explained.
In step 601, a first device generates a first multicast key, the first multicast key being used for data transmission by the first device and a second device. Optionally, step 600 is further included before step 601, where the second device sends a connection request to the first device, and accordingly, the first device receives the connection request from the second device. Then, in step 601, the first device generates a multicast key (i.e., a first multicast key) for transmitting data between the first device and the second device in response to the connection request.
In step 602, the second device sends a second multicast key to the first device, and correspondingly, the first device receives a second multicast key from the second device, where the second multicast key is used for transmitting data between the second device and other devices in the second wireless local area network. A specific implementation may be described with reference to step 402.
Step 603, the first device sends an update message to one or more devices other than the first device in the first wireless local area network, wherein the update message indicates: the multicast key (i.e., the fourth multicast key) used to transmit data in the first wireless local area network is updated to the second multicast key.
In one possible example, after the first device obtains the second multicast key from the second device, the second multicast key is encrypted according to the fourth multicast key, that is, the second multicast key is used as the original data (denoted as the original data 1) that the first device needs to transmit in the first wireless lan, and the first device encrypts the original data 1 according to the fourth multicast key to obtain the encrypted data 1. Subsequently, the first device generates an update message carrying the encrypted data 1, which is broadcast in the first wireless local area network. Accordingly, the update message may be received by devices other than the first device in the first wireless lan. Taking any device in the first wireless local area network, except the first device, for example, the device obtains the encrypted data 1 from the updated information, decrypts the encrypted data 1 according to the fourth multicast key to obtain the original data 1 (i.e. the second multicast key), and the device overwrites the second multicast key with the fourth multicast key currently stored.
In this way, the multicast key of each device in the first wireless local area network is updated to the second multicast key from the original fourth multicast key, each device in a third local area network formed by the second wireless local area network and the first wireless local area network stores the second multicast key, and each device can transmit data in the third local area network through the second multicast key.
The first device transmits data with the second device via the second multicast key, step 604.
Specific implementations may be described with reference to step 403.
In connection with the flowchart of the fourth data transmission method shown in fig. 7, a possible implementation manner of obtaining the multicast key by each device in the second wireless local area network when the first device in the first wireless local area network is used as an initiator and is accessed to the second wireless local area network (i.e. the first device is in a process of establishing a wireless local area network connection with the second device), and correspondingly, the second device in the second wireless local area network is used as a receiver is explained.
In step 701, the second device sends a second multicast key to the first device, and correspondingly, the first device receives a second multicast key from the second device, where the second multicast key is used for transmitting data between the second device and other devices in the second wireless local area network.
Optionally, step 701 is preceded by step 700, where the first device sends a connection request to the second device, and the second device receives the connection request from the first device.
A specific implementation may be described with reference to step 501.
Step 702, a first device sends an update message to one or more devices in a first wireless local area network other than the first device, wherein the update message indicates: the multicast key used to transmit data in the first wireless local area network is updated to the second multicast key.
A specific implementation can be described with reference to step 603.
The first device transmits data with the second device via the second multicast key, step 703.
A specific implementation may be described with reference to step 502.
Of course, the present application does not exclude that the second wireless lan is accessed to the first wireless lan, so as to obtain a scenario of the third wireless lan, that is, in a process that the first device and the second device perform wireless lan connection, since a unified multicast key (i.e., a fourth multicast key) of the first wireless lan where the first device is located is also stored in the first device, the first device may also send the fourth multicast key to the second device, and correspondingly, the second device sends the fourth multicast key to other devices in the second wireless lan except for the second device, thereby completing merging of the second wireless lan and the first wireless lan.
The implementation manner in which the second device sends the fourth multicast key to the other devices except the second device in the second wireless lan may be referred to the implementation manner in which the first device sends the second multicast key to the other devices except the second device in the first wireless lan.
It may be appreciated that in the process of merging the first wireless lan and the second wireless lan into the third lan, the initiator may specifically synchronize the multicast key in the receiver. The method comprises the following steps:
If the first device in the first wireless local area network initiates a connection request to the second device in the second wireless local area network, the first device acquires a second multicast key from the second device, and the first device sends the second multicast key to other devices except the first device in the first wireless local area network so as to complete the first wireless local area access to the second wireless local area network.
If the second device in the second wireless local area network initiates a connection request to the first device in the first wireless local area network, the second device acquires a fourth multicast key from the first device, and the second device sends the fourth multicast key to other devices except the second device in the second wireless local area network so as to complete the second wireless local area access to the first wireless local area network.
In addition, it may be that the receiver desynchronizes the multicast key in the initiator. The method comprises the following steps:
if the first device in the first wireless local area network initiates a connection request to the second device in the second wireless local area network, the second device acquires a fourth multicast key from the first device, and the second device sends the fourth multicast key to other devices except the second device in the second wireless local area network so as to complete the second wireless local area access to the first wireless local area network.
If the second device in the second wireless local area network initiates a connection request to the first device in the first wireless local area network, the first device acquires a second multicast key from the second device, and the first device sends the second multicast key to other devices except the first device in the first wireless local area network so as to complete the first wireless local area access to the second wireless local area network.
Of course, it is also possible to determine whether the first wireless lan is connected to the second wireless lan or the second wireless lan is connected to the first wireless lan based on the number of devices in the first wireless lan and the number of devices in the second wireless lan. In an exemplary embodiment, when the number of devices in the first wireless lan is greater than the number of devices in the second wireless lan, determining that the second wireless lan is connected to the first wireless lan; and when the number of the devices in the second wireless local area network is larger than that of the devices in the first wireless local area network, determining that the first wireless local area network is accessed to the second wireless local area network.
It should be added that the wireless lan in the present application may include two types of sub-lans, which are sub-lans without a center device and sub-lans with a center device, and specifically, the plurality of devices have equal positions in the sub-lans without a center device; in the sub-local area network with the central device, there is a central device, and other devices except the central device are used as sub-devices of the central device, and further, the central device is used as a device in the sub-local area network without the central device.
Fig. 8 is a schematic diagram of still another networking provided by an exemplary embodiment of the present application, where the networking includes a plurality of STAs (fig. 8 illustrates STA1 to STA4, and STA1-1 to STA1-3, the present application is not limited to the number of STAs), and STA1 to STA4 form a sub-lan without a central device, where STA1 has a wireless lan connection with STA2 and STA4, respectively; wireless local area network connections and the like exist between STA2 and STA1, STA3 and STA4, respectively. Further, STA1-1, STA1-2 and STA1-3 form a sub-local area network with a central device, and STA1-1, STA1-2 and STA1-3 are all accessed into STA1 as sub-devices of STA 1.
It can be appreciated that each device in the centerless device's sub-lan has a uniform multicast key. For a sub-lan with a central device, each sub-device under the central device may initiate a connection request to access the central device, and further, the central device sends a unified multicast key to the sub-devices under the central device.
In one possible implementation, in the sub-lan with the central device, when each sub-device initiates a connection request to the central device, the central device generates a multicast key (denoted as a fifth multicast key), and sends the generated fifth multicast key to the sub-device, that is, in the sub-lan with the central device, where the central device and each sub-device store the fifth multicast key. Then, after acquiring a unified multicast key (such as a sixth multicast key) in the sub-local area network without the central device, the central device may encrypt the sixth multicast key with the fifth multicast key, and then broadcast the encrypted sixth multicast key in the sub-local area network without the central device, so that each sub-device decrypts the encrypted sixth multicast key according to the fifth multicast key, and after acquiring the sixth multicast key, the sixth multicast key covers the currently stored fifth multicast key. Thus, each device in the entire wlan stores the unified multicast key (i.e., the sixth multicast key).
In connection with the flow illustrated by way of example in fig. 6 or 7, the first wireless lan includes a sub-lan without a center device and a sub-lan with a center device.
In one possible scenario, the first device is a central device in a sub-lan with a central device, and one or more third devices are connected to the first device, and after the first device acquires the second multicast key from the second device, the first device may send the second multicast key not only to devices other than the first device in the sub-lan without the central device, but also to the sub-lan with the central device (i.e., the one or more third devices below the first device).
It will be appreciated that, since each device in the entire first wireless lan has a uniform multicast key (i.e., a fourth multicast key), when the first device encrypts the original data 1 (i.e., the second key) with the fourth multicast key to obtain the encrypted data 1, all other devices in the first wireless lan (including other devices in the sub-lan without a center device, and one or more third devices in the sub-lan with a center device) can decrypt the encrypted data 1 to obtain the original data 1 (i.e., the second key), and then all other devices in the first wireless lan cover the fourth multicast key with the second key to complete the first wireless lan access to the second wireless lan.
In addition, the above transmission method is also applicable when the center device of the sub lan having the center device in the first wireless lan is other than the first device. Of course, the second wireless local area network may be accessed to the first wireless local area network, and the second wireless local area network may also include a sub-local area network without a center device and a sub-local area network with a center device, where after the second device obtains the fourth multicast key from the first device, the second device sends the fourth multicast key to other devices in the second wireless local area network except the second device in a similar manner as above, which is not described again.
Based on the flowcharts in fig. 4 or fig. 6, the present application provides a specific implementation manner of a data transmission method, in this specific implementation manner, a first device may directly obtain a second multicast key from a second device, without generating a first multicast key, and then, the second multicast key is obtained from the second device to cover the first multicast key, which helps to reduce unnecessary computation and signaling transmission.
A flowchart illustration of a first device and a second device establishing a wireless local area network connection based on a WPA protocol is shown in connection with an example of fig. 9, wherein the first device and the second device are similar to the AP and STA, respectively, of fig. 1.
In step 900, the second device sends a connection request to the first device.
In step 901, the first device sends a message 1 to the second device, where the message 1 includes a random number of the first device. Correspondingly, the second device receives the message 1 from the first device, and acquires the random number of the first device from the message 1.
In step 902, the second device calculates a PTK.
In step 903, the second device extracts the MIC from the PTK and sends a message 2 to the first device, where the message 2 includes the random number of the second device and the MIC. Accordingly, the first device receives the message 2 from the second device, and obtains the random number and MIC of the second device from the message 2.
In step 904, the first device calculates a PTK and a MIC, and performs an integrity check on the PTK according to the MIC.
In step 905, the second device encrypts the second multicast key using its own generated PTK.
At step 906, the second device sends a message 3 to the first device, where the message 3 includes the encrypted second multicast key and the MIC. Accordingly, the second device receives the message 3 from the first device, and obtains the encrypted second multicast key and MIC from the message 3.
The first device decrypts the encrypted second multicast key in message 3 using its own generated PTK to obtain the second multicast key, step 907. And the second device performs integrity check on the second multicast key according to the MIC.
In step 908, the first device sends an ACK to the second device.
In step 909, the second device stores the PTK.
The first device stores the PTK and the second multicast key, step 910.
In step 911, the first device transmits data with the second device via the second multicast key.
The steps 901 to 910 are the process of establishing the wlan connection between the first device and the second device, and details of the steps 901 to 910 are not described in detail, and may be described in the related embodiment of fig. 1. Step 911 is not described in detail, and may be described with reference to step 403.
Based on the flowcharts in fig. 5 or fig. 7, the present application provides a specific implementation manner of a data transmission method, in which the first device may directly obtain the second multicast key from the second device, without first receiving the third multicast key from the second device, and then will obtain the second multicast key from the second device to cover the third multicast key, which helps to reduce unnecessary computation and signaling transmission.
A further flowchart illustration of a first device and a second device establishing a wireless local area network connection based on the WPA protocol, as exemplarily shown in fig. 10, is as follows, wherein the first device and the second device are similar to the STA and the AP, respectively, in fig. 1.
In step 1000, the first device sends a connection request to a second device.
In step 1001, the second device sends a message 1 to the first device, where the message 1 includes a random number of the second device. Correspondingly, the first device receives the message 1 from the second device, and acquires the random number of the second device from the message 1.
At step 1002, a first device calculates a PTK.
In step 1003, the first device extracts the MIC from the PTK and sends a message 2 to the second device, where the message 2 includes the random number of the first device and the MIC. Accordingly, the second device receives the message 2 from the first device, and obtains the random number and MIC of the first device from the message 2.
In step 1004, the second device calculates a PTK and a MIC, and performs integrity check on the PTK according to the MIC.
In step 1005, the second device encrypts the second multicast key using the PTK.
At step 1006, the second device sends a message 3 to the first device, where the message 3 includes the encrypted second multicast key and the MIC. Accordingly, the first device receives the message 3 from the second device, and obtains the encrypted second multicast key and MIC from the message 3.
The first device decrypts the encrypted second multicast key in the message 3 using its own generated PTK to obtain the second multicast key, step 1007. And the first device performs integrity check on the second multicast key according to the MIC.
In step 1008, the first device sends an ACK to the second device.
In step 1009, the first device stores the PTK and the second multicast key.
In step 1010, the second device stores the PTK.
In step 1011, the first device transmits data with the second device via the second multicast key.
The steps 1001 to 1010 are the process of establishing the wlan connection between the first device and the second device, and details of the steps 1001 to 1010 are not described in detail in the related embodiment of fig. 1. Step 1011 is not described in detail and may be described with reference to step 403.
Fig. 11 is an application scenario of a wireless lan networking manner provided by an exemplary embodiment of the present application, zhang san is playing a game with VR in bedroom a, and Liu four wants to watch live broadcast of Zhang san playing the game in bedroom B through a mobile phone, so Liu four can connect the mobile phone in bedroom B with VR in bedroom a through the wireless lan, and watch live broadcast of Zhang san playing the game on the mobile phone. Then, the king wants to watch live broadcast of the Zhang Sanzhu game in the living room through the television, and the king can connect the television in the living room with the mobile phone in the bedroom B through the wireless local area network, so that the user can watch live broadcast of the Zhang Sanzhi game on the television. In the scene, a television in a living room, a VR in a bedroom A and a mobile phone in the bedroom B all have uniform multicast keys, when the VR in the bedroom A encrypts original live video through the multicast data and sends the encrypted live video in a wireless local area network, the television in the living room and the mobile phone in the bedroom B can respectively receive the encrypted live video and decrypt the encrypted live video through the uniform multicast keys so as to obtain the original live video.
The various embodiments described herein may be separate solutions or may be combined according to inherent logic, which fall within the scope of the present application.
It will be appreciated that in the foregoing embodiments of the methods and operations implemented by the first device may also be implemented by a component (e.g., a chip or a circuit) that may be used with the first device, and that the methods and operations implemented by the second device may also be implemented by a component (e.g., a chip or a circuit) that may be used with the second device.
In the embodiment provided by the application, the method provided by the embodiment of the application is introduced from the interaction angle among the devices. In order to implement the functions in the method provided in the embodiment of the present application, the first device and the second device may include hardware structures and/or software modules, and implement the functions in the form of hardware structures, software modules, or a combination of hardware structures and software modules. Some of the functions described above are performed in a hardware configuration, a software module, or a combination of hardware and software modules, depending on the specific application of the solution and design constraints.
The division of the modules in the embodiment of the application is schematic, only one logic function is divided, and other division modes can be adopted in actual implementation. In addition, each functional module in the embodiments of the present application may be integrated in one processor, or may exist alone physically, or two or more modules may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules.
Based on the above and the same conception, fig. 12 and 13 are schematic structural views of a possible device provided by the present application.
These communication means may be used to implement the functions of the first device in the above-described method embodiments related to fig. 4 to 10, and thus may also implement the advantages provided by the above-described method embodiments related to fig. 4 to 10. In the present application, the communication device may be the device D shown in fig. 3 (a), the device D shown in fig. 3 (b), or a module (e.g., a chip) applied to the device D. Or alternatively
These communication means may be used to perform the functions of the second device in the method embodiments described above in connection with fig. 4-10, and thus may also perform the advantageous effects provided by the method embodiments described above in connection with fig. 4-10. In the present application, the communication device may be the apparatus a shown in fig. 3 (a), the apparatus a shown in fig. 3 (b), or a module (e.g., a chip) applied to the apparatus a.
As shown in fig. 12, the communication apparatus 1200 includes a processing module 1201 and a transceiver module 1202.
In one possible implementation manner, the processing module 1201 is configured to generate, by the apparatus, a first multicast key during a process of establishing a wireless local area network connection with a second device in the second wireless local area network, where the first multicast key is used for transmitting data between the apparatus and the second device; a transceiver module 1202, configured to receive a second multicast key from a second device, where the second multicast key is used for transmitting data between the second device and other devices in a second wireless local area network; the transceiver module 1202 communicates data with the second device via the second multicast key.
In one possible implementation, the processing module 1201 is further configured to: the second multicast key is overlaid on the first multicast key to use the second multicast key as a key for the apparatus to communicate data with the second device.
In one possible implementation, when the first device is in the first wireless local area network, the transceiver module 1202 is further configured to: transmitting an update message to one or more devices other than the apparatus in the first wireless local area network, the update message indicating: the multicast key used to transmit data in the first wireless local area network is updated to the second multicast key.
In one possible implementation, the first wireless local area network further includes one or more third devices, where the one or more third devices are sub-devices of the apparatus.
In one possible implementation, the transceiver module 1202, when receiving the second multicast key from the second device, is specifically configured to: receiving a second multicast key from a second device over the short-range connection; the short-range connection includes at least one or more of the following: bluetooth connection, NFC connection, star flash connection, wireless local area network connection.
In one possible implementation, when the transceiver module 1202 receives the second multicast key from the second device through the wireless lan connection, the transceiver module is specifically configured to: the second multicast key is received through a unicast frame in the wireless local area network connection, wherein the unicast frame comprises one or more of a data frame and a management frame.
Fig. 13 illustrates an apparatus 1300 according to an embodiment of the application, where the apparatus illustrated in fig. 13 may be an implementation of a hardware circuit of the apparatus illustrated in fig. 12. The apparatus may be adapted to perform the functions of the first device or the functions of the second device in the above-described embodiments of the method related to fig. 4 to 10 in the flowcharts shown above.
For ease of illustration, fig. 13 shows only the main components of the device.
The apparatus 1300 shown in fig. 13 comprises a communication interface 1310, a processor 1320 and a memory 1330, wherein the memory 1330 is for storing program instructions and/or data. Processor 1320 may operate in conjunction with memory 1330. Processor 1320 may execute program instructions stored in memory 1330. Illustratively, when the instructions or programs stored in the memory 1330 are executed, the processor 1320 is configured to perform the operations performed by the processing module 1201 in the above embodiment, and the communication interface 1310 is configured to perform the operations performed by the transceiver module 1202 in the above embodiment.
A memory 1330 is coupled to processor 1320. The coupling in the embodiments of the present application is an indirect coupling or communication connection between devices, units, or modules, which may be in electrical, mechanical, or other forms for information interaction between the devices, units, or modules. At least one of the memories 1330 may be included in the processor 1320.
In embodiments of the present application, the communication interface may be a transceiver, a circuit, a bus, a module, or other type of communication interface. In the embodiment of the application, when the communication interface is a transceiver, the transceiver can comprise an independent receiver and an independent transmitter; a transceiver integrating the transceiving function, or a communication interface, is also possible.
The apparatus 1300 may also include a communication line 1340. Wherein the communication interface 1310, the processor 1320, and the memory 1330 may be interconnected by a communication line 1340; the communication line 1340 may be a peripheral component interconnect standard (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, or the like. Communication lines 1340 may be divided into address buses, data buses, control buses, and the like. For ease of illustration, only one thick line is shown in fig. 13, but not only one bus or one type of bus.
Based on the foregoing and the same, embodiments of the present application provide a computer-readable storage medium having stored therein a computer program or instructions which, when executed by a communication apparatus, performs the functions of the first device in the above-described method embodiments related to fig. 4 to 10, or performs the functions of the second device in the above-described method embodiments related to fig. 4 to 10.
Based on the foregoing and the same, embodiments of the present application provide a computer program product comprising a computer program or instructions which, when executed by a communication device, performs the functions of the first apparatus in the above-described method embodiments related to fig. 4 to 10, or performs the functions of the second apparatus in the above-described method embodiments related to fig. 4 to 10.
Based on the foregoing and the same, embodiments of the present application provide a system for a data transmission method, where the system includes a first device in the method embodiments related to fig. 4 to 10 and a second device in the method embodiments related to fig. 4 to 10.
It will be appreciated that the various numerical numbers referred to in the embodiments of the present application are merely for ease of description and are not intended to limit the scope of the embodiments of the present application. The sequence number of each process does not mean the sequence of the execution sequence, and the execution sequence of each process should be determined according to the function and the internal logic.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (15)
1. A data transmission method, comprising:
The method comprises the steps that a first device generates a first multicast key in the process of establishing wireless local area network connection with a second device in a second wireless local area network, wherein the first multicast key is used for transmitting data between the first device and the second device;
The first equipment receives a second multicast key from the second equipment, wherein the second multicast key is used for transmitting data between the second equipment and other equipment in a second wireless local area network;
the first device transmits data with the second device via the second multicast key.
2. The method as recited in claim 1, further comprising:
The first device overlays the second multicast key with the first multicast key to use the second multicast key as a key for the first device to transmit data with the second device.
3. The method of claim 1 or 2, further comprising:
When the first device is in a first wireless local area network, the first device sends an update message to one or more devices in the first wireless local area network other than the first device, the update message indicating: updating a multicast key for transmitting data in the first wireless local area network to the second multicast key.
4. A method as recited in any of claims 1-3, wherein the first wireless local area network further comprises one or more third devices, the one or more third devices being sub-devices of the first device.
5. The method of any of claims 1-4, wherein the first device receives a second multicast key from the second device, comprising:
the first device receiving the second multicast key from the second device over a short range connection;
wherein the short-range connection comprises at least one or more of the following:
Bluetooth connection, near field communication NFC connection, star flash connection, wireless local area network connection.
6. The method of claim 5, wherein the first device receiving the second multicast key from the second device over the wireless local area network connection comprises:
The first device receives the second multicast key through a unicast frame in the wireless local area network connection, wherein the unicast frame comprises one or more of a data frame and a management frame.
7. A data transmission apparatus, comprising:
The processing module is used for generating a first multicast key in the process of establishing wireless local area network connection with second equipment in a second wireless local area network by the device, wherein the first multicast key is used for transmitting data between the device and the second equipment;
the receiving and transmitting module is used for receiving a second multicast key from the second equipment, and the second multicast key is used for transmitting data between the second equipment and other equipment in a second wireless local area network;
The transceiver module transmits data with the second device via the second multicast key.
8. The apparatus of claim 7, wherein the processing module is further to:
And overlaying the second multicast key on the first multicast key to use the second multicast key as a key for transmitting data between the device and the second equipment.
9. The apparatus of claim 7 or 8, wherein the transceiver module is further to, when the first device is in a first wireless local area network:
Transmitting an update message to one or more devices other than the apparatus in the first wireless local area network, the update message indicating: updating a multicast key for transmitting data in the first wireless local area network to the second multicast key.
10. The apparatus of any of claims 7-9, wherein the first wireless local area network further comprises one or more third devices, the one or more third devices being sub-devices of the apparatus.
11. The apparatus according to any of claims 7-10, wherein the transceiver module, upon receiving a second multicast key from the second device, is specifically configured to:
Receiving the second multicast key from the second device over a short range connection;
wherein the short-range connection comprises at least one or more of the following:
Bluetooth connection, near field communication NFC connection, star flash connection, wireless local area network connection.
12. The apparatus of claim 11, wherein the transceiver module is configured to, when receiving the second multicast key from the second device over the wireless local area network connection:
and receiving the second multicast key through a unicast frame in the wireless local area network connection, wherein the unicast frame comprises one or more of a data frame and a management frame.
13. A communication device comprising a processor and a communication interface for receiving signals from other communication devices than the communication device and transmitting signals from the processor to the processor or sending signals from the processor to other communication devices than the communication device, the processor being configured to implement the method of any one of claims 1 to 6 by logic circuitry or executing code instructions.
14. A computer readable storage medium, characterized in that it has stored therein a computer program or instructions which, when executed by a communication device, implement the method of any of claims 1 to 6.
15. A computer program product, characterized in that it comprises a computer program or instructions which, when executed by a communication device, implement the method of any one of claims 1 to 6.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211302587.2A CN117979285A (en) | 2022-10-24 | 2022-10-24 | Data transmission method and device |
| PCT/CN2023/125273 WO2024088140A1 (en) | 2022-10-24 | 2023-10-18 | Data transmission method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211302587.2A CN117979285A (en) | 2022-10-24 | 2022-10-24 | Data transmission method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117979285A true CN117979285A (en) | 2024-05-03 |
Family
ID=90830033
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211302587.2A Pending CN117979285A (en) | 2022-10-24 | 2022-10-24 | Data transmission method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN117979285A (en) |
| WO (1) | WO2024088140A1 (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101958786B1 (en) * | 2011-10-10 | 2019-07-02 | 엘지전자 주식회사 | Method for wireless local area network (wlan)-based peer to peer (p2p) communication and apparatus for same |
| KR102181777B1 (en) * | 2013-05-23 | 2020-11-24 | 삼성전자주식회사 | A METHOD AND APPARATUS FOR DIRECT CONNECTION BETWEEN DOCKEE AND PERIPHERALS IN a Docking Network |
| KR20140142677A (en) * | 2013-06-04 | 2014-12-12 | 삼성전자주식회사 | A method and apparatus for using a group key for a service based on wireless docking |
| CN106576042B (en) * | 2014-07-14 | 2019-12-06 | 三菱电机株式会社 | Wireless communication system and wireless communication method |
| CN114390491A (en) * | 2020-10-20 | 2022-04-22 | 华为技术有限公司 | Networking method, device and system |
-
2022
- 2022-10-24 CN CN202211302587.2A patent/CN117979285A/en active Pending
-
2023
- 2023-10-18 WO PCT/CN2023/125273 patent/WO2024088140A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| WO2024088140A1 (en) | 2024-05-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10849171B2 (en) | Device and method for maintaining a security level | |
| EP3836577A1 (en) | Session management method and device for user groups | |
| US11589220B2 (en) | Communications method and apparatus for secure communication when a terminal is in a radio resource control inactive state | |
| WO2021047276A1 (en) | Key generation method and device | |
| WO2021136211A1 (en) | Method and device for determining authorization result | |
| US9370031B2 (en) | Wireless network setup and configuration distribution system | |
| US20220174761A1 (en) | Communications method and apparatus | |
| CN116325664A (en) | Method and device for intelligent equipment network distribution | |
| TWI818825B (en) | Social mesh networks | |
| WO2012026932A1 (en) | Method and apparatus for over-the-air configuration of a wireless device | |
| CN113518475A (en) | Communication method, device and system | |
| US20220338288A1 (en) | Communication method and apparatus | |
| CN117979285A (en) | Data transmission method and device | |
| US20190141548A1 (en) | Mechanism for determining if a server pod malfunctions and electing a new server pod | |
| WO2021088471A1 (en) | Connection resume method and apparatus | |
| US10349456B2 (en) | Video communication system, video transmission terminal, video reception terminal, communication method, and recording medium | |
| CN115484565A (en) | Service transfer method and device | |
| CN115836539A (en) | Communication method, device and system | |
| CN117749355A (en) | Communication method and related device | |
| US20240147196A1 (en) | Ble multicast service | |
| WO2023098209A1 (en) | Data transmission protection method, device and system | |
| WO2023221000A1 (en) | Authentication and authorization method and apparatus for ai function in core network | |
| WO2024092827A1 (en) | Ranging method and apparatus | |
| WO2017193313A1 (en) | Digital unit, radio unit, base station and data transmission method | |
| US12089046B2 (en) | Method for early transmission of downlink data and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |