WO2014127717A1 - Method, device and network system to ensure positioning validity - Google Patents

Method, device and network system to ensure positioning validity Download PDF

Info

Publication number
WO2014127717A1
WO2014127717A1 PCT/CN2014/072263 CN2014072263W WO2014127717A1 WO 2014127717 A1 WO2014127717 A1 WO 2014127717A1 CN 2014072263 W CN2014072263 W CN 2014072263W WO 2014127717 A1 WO2014127717 A1 WO 2014127717A1
Authority
WO
WIPO (PCT)
Prior art keywords
location tracking
notification frame
positioning
tracking notification
frame
Prior art date
Application number
PCT/CN2014/072263
Other languages
French (fr)
Chinese (zh)
Inventor
陈淼
丁志明
杜振国
Original Assignee
华为终端有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为终端有限公司 filed Critical 华为终端有限公司
Publication of WO2014127717A1 publication Critical patent/WO2014127717A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/0009Transmission of position information to remote stations
    • G01S5/0018Transmission from mobile station to base station
    • G01S5/0027Transmission from mobile station to base station of actual mobile position, i.e. position determined on mobile
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/0205Details
    • G01S5/021Calibration, monitoring or correction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information

Definitions

  • Embodiments of the present invention relate to communication technologies, and in particular, to a method, an apparatus, and a network system for ensuring positioning effectiveness.
  • BACKGROUND OF THE INVENTION With the development of social economy and science and technology, more and more large and complex buildings are appearing in our lives. These large buildings have extremely complex internal structures, which creates the need for positioning and navigation within these buildings.
  • GPS Global Positioning System
  • IR Infrared
  • UWB Ultra Wideband
  • RFID Radio Frequency Identification
  • Bluetooth Bluetooth
  • a mechanism for positioning is provided, and the location initiator can perform location tracking on a target workstation (Station, referred to as STA).
  • STA target workstation
  • the specific process is: the positioning initiator sends a positioning configuration request frame to the target workstation, and the sending target period, the destination address, and the channel information of the specified target station in the positioning configuration request frame are sent; the target workstation is in the designated channel according to the specified period.
  • the location tracking notification frame is sent to the specified address; the receiver of the location tracking notification frame can measure the data required for the positioning and the data contained in the location tracking notification frame after the location tracking notification frame is received for location estimation of the target workstation.
  • the receiver of the location initiator and the location tracking notification frame is usually an AP, and the receiver of the location tracking notification frame needs to have multiple, and may work on different channels separately, or multiple APs for positioning may be deployed on one channel.
  • Tracked workstations use the broadcast/multicast method to send location tracking Know the frame.
  • the destination address in the location tracking configuration frame indicates the address of the AP that receives the location tracking notification frame or the broadcast/multicast address.
  • the specific location estimation may be completed by the positioning server behind the receiver of the location tracking notification frame, that is, the AP for positioning receives the location tracking notification frame to obtain the data required for the positioning, and then sends the data to the positioning server, and the positioning server according to the multiple The location-related data obtained by the APs is used to estimate the location of the target workstation.
  • Embodiments of the present invention provide a method, a device, and a network system for ensuring location validity, which are used to improve the security of positioning and prevent a positioning error caused by a malicious attack.
  • a method for ensuring location validity including:
  • the positioning configuration request frame includes at least an integrity positioning temporary key ILTK;
  • the location tracking notification frame including message integrity information generated using the ILTK, the message integrity information being used by a positioning device receiving the location tracking notification frame to verify the location tracking notification frame Integrity
  • the ILTK is encrypted and carried in the positioning configuration request frame.
  • the positioning configuration request frame further includes periodically sending the location tracking notification frame The information and the working channel information of the positioning device, the working channel information of the positioning device indicates a channel used for sending the location tracking notification frame, and the location tracking notification frame further includes a tracking sequence number, where the tracking sequence number is The one-way recursive processing is performed when the location tracking notification frame is generated.
  • the location tracking notification frame further includes working channel information of the positioning device.
  • a method for ensuring positioning effectiveness including:
  • the location tracking notification frame containing message integrity information generated by using the integrity positioning temporary key ILTK;
  • the method before the location tracking notification frame sent by the receiving station STA, the method further includes:
  • the positioning configuration request frame includes at least the ILTK.
  • the ILTK is encrypted and carried in the positioning configuration request frame.
  • the positioning configuration request frame further includes a periodicity Transmitting the information of the location tracking notification frame and the working channel information of the positioning device, where the working channel information of the positioning device indicates the channel used for sending the location tracking notification frame, and the location tracking notification frame further includes a tracking sequence number.
  • the tracking sequence number is subjected to one-way gradation processing each time the location tracking notification frame is generated;
  • the method further includes:
  • the location tracking notification frame further includes working channel information of the positioning device;
  • the method also includes:
  • a workstation apparatus including:
  • a first receiving module configured to receive a positioning configuration request frame, where the positioning configuration request frame includes at least an integrity positioning temporary key ILTK;
  • a first processing module configured to generate a location tracking notification frame, where the location tracking notification frame includes message integrity information generated by using the ILTK, where the message integrity information is used to receive the location
  • the positioning device of the location tracking notification frame checks the integrity of the location tracking notification frame.
  • the first sending module is configured to send the location tracking notification frame.
  • the ILTK is encrypted and carried in the positioning configuration request frame.
  • the positioning configuration request frame further includes periodically sending the location tracking notification frame The information and the working channel information of the positioning device, the working channel information of the positioning device indicates a channel used for sending the location tracking notification frame, and the location tracking notification frame further includes a tracking sequence number, where the tracking sequence number is The one-way recursive processing is performed when the location tracking notification frame is generated.
  • the location tracking notification frame further includes working channel information of the positioning device.
  • a fourth aspect of the present invention provides a positioning apparatus, including:
  • a second receiving module configured to receive a location tracking notification frame sent by the workstation STA, where the location tracking notification frame includes message integrity information generated by using the integrity positioning temporary key ILTK; and a second processing module, configured to use, according to the ILTK And verifying the integrity of the location tracking notification frame with the message integrity information to obtain data required to locate the STA according to the location tracking notification frame when the message integrity information is correct.
  • the method further includes:
  • a second sending module configured to send a positioning configuration request frame to the STA before the location tracking notification frame sent by the receiving station STA, where the positioning configuration request frame includes at least the ILTK.
  • the ILTK is encrypted and carried in the positioning configuration request frame.
  • the positioning configuration request frame further includes a periodicity Transmitting the information of the location tracking notification frame and the working channel information of the positioning device, where the working channel information of the positioning device indicates the channel used for sending the location tracking notification frame, and the location tracking notification frame further includes a tracking sequence number.
  • the tracking sequence number is subjected to one-way gradation processing each time the location tracking notification frame is generated;
  • the second processing module is further configured to: It is judged whether or not the location tracking notification frame identical to the tracking sequence number included in the location tracking notification frame has been received.
  • the location tracking notification frame further includes working channel information of the positioning device;
  • the second processing module is further configured to:
  • a fifth aspect of the present invention provides a network system, comprising: the workstation device in any one of the possible implementations of the third aspect or the third aspect, and any one of the fourth aspect or the fourth aspect The positioning device in the implementation, and the positioning server.
  • An embodiment of the present invention provides a method, a device, and a network system for ensuring the validity of a positioning.
  • the STA first receives a positioning configuration request frame including at least an ILTK, and generates a location tracking notification frame including message integrity information generated by using the ILTK.
  • the message integrity information is used by the positioning device receiving the location tracking notification frame to verify the integrity of the location tracking notification frame, and send the location tracking notification frame for receiving the location tracking notification frame by the target AP according to the receiving
  • the ILTK of the self-positioning server verifies the location tracking notification frame, which can improve the security of the positioning and prevent the positioning system from being maliciously attacked.
  • FIG. 1 is a flowchart of Embodiment 1 of a method for ensuring location validity provided by the present invention
  • FIG. 2A is a schematic diagram of a format of a positioning parameter element of a positioning configuration request frame in Embodiment 1 of a method for ensuring location validity according to the present invention
  • FIG. 2B is a schematic diagram of a format of a message integrity code element in Embodiment 1 of a method for ensuring location validity according to the present invention
  • FIG. 3 is a flowchart of Embodiment 2 of a method for ensuring location validity provided by the present invention
  • FIG. 4 is a flowchart of Embodiment 3 of a method for ensuring location validity provided by the present invention
  • FIG. 6 is a schematic structural diagram of Embodiment 1 of a workstation device according to the present invention
  • FIG. 7 is a schematic structural diagram of Embodiment 2 of a workstation device according to the present invention
  • FIG. 8 is a schematic structural diagram of Embodiment 1 of a positioning device according to the present invention.
  • FIG. 9 is a schematic structural diagram of Embodiment 2 of a positioning device according to the present invention.
  • FIG. 10 is a schematic structural diagram of Embodiment 1 of a network system according to the present invention.
  • the technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention.
  • the embodiments are a part of the embodiments of the invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
  • a scenario in which the technical solution of the present invention can be applied is a positioning service based on a wireless communication system, and an access point (AP) can be used to initiate a location service, so that the STA can be used for location tracking.
  • the location tracking configuration after the STA successfully responds to the location tracking configuration, the STA sends a positioning notification to the specified target AP on the specified channel according to the configuration information, so that the target AP measures the corresponding positioning data, so that the positioning server obtains the positioning according to the positioning.
  • the data estimates the position coordinates of the STA.
  • FIG. 1 is a flowchart of Embodiment 1 of a method for ensuring location validity provided by the present invention, as shown in FIG. 1
  • the location configuration request frame is sent to the STA for location tracking configuration.
  • the location configuration request frame in this embodiment includes at least an integrity location temporary key (Integrity Location Temporal Key). , referred to as ILTK), ILTK is sent by the location server to the associated AP when the location service starts.
  • ILTK integrity location temporary key
  • the ILTK is encrypted and carried in the positioning configuration request frame.
  • FIG. 2A is a schematic diagram of a format parameter of a positioning parameter of a positioning configuration request frame in Embodiment 1 of the method for ensuring the validity of the positioning provided in the present invention.
  • the positioning parameter element in the positioning configuration request frame in the prior art is located.
  • Element includes element ID and length to And locating the three elements of the sub-element, the embodiment carries the ILTK by adding a security subelement (Security Subelement) in the positioning parameter element included in the positioning configuration request frame, wherein the security sub-element may further include the sub-element ID and the length.
  • a security subelement Security Subelement
  • the STA may perform broadcast/multicast integrity protection on the location tracking notification frame sent by the STA to each target AP according to the read ILTK (Broadcast/Multicast Integrity Protocol, referred to as ⁇ ) Package processing.
  • Broadcast/Multicast Integrity Protocol
  • the positioning configuration request frame may further include a plurality of working channel numbers for indicating that the location tracking notification frame is sent to each target channel on the working channel corresponding to each working channel number.
  • the target of the location service is configured by the location server, and the location configuration request frame may include multiple working channel numbers, and the location configuration request frame including the working channel number is sent to the STA, where A location tracking notification frame is sent to each of the working channels corresponding to each working channel number, and the plurality of working channel numbers may be included in the positioning sub-element in the positioning configuration request frame.
  • the location tracking notification frame includes message integrity information generated by using the ILTK, and the message integrity information is used by the positioning device that receives the location tracking notification frame to check the integrity of the location tracking notification frame.
  • the STA may generate message integrity information according to the ILTK, and the message integrity information may specifically be a Message Integrity Code (MIC).
  • MIC Message Integrity Code
  • the positioning configuration request frame further includes information for periodically transmitting the location tracking notification frame and working channel information of the positioning device, where the working channel information of the positioning device indicates the channel used by the sending location tracking notification frame, and the location tracking notification frame is further Including the tracking sequence number, the tracking sequence number is subjected to one-way recursive processing each time the location tracking notification frame is generated.
  • the tracking sequence number in the location tracking notification frame performs one-way recursive processing each time the location tracking notification frame is generated to ensure the tracking sequence number in the location tracking notification frame received by the target AP in the case of no malicious copying.
  • the fields are different.
  • the message integrity information, the working channel information of the locating device, and the tracking sequence number may be carried in a Location Message Integrity Code Element (LME).
  • LME Location Message Integrity Code Element
  • the LME pair location may be used. Track notification frames for BIP encapsulation.
  • the location tracking notification frame further includes working channel information of the positioning device.
  • the same tracking sequence number may be used, that is, the tracking sequence number has its own independent space on each channel number and is unidirectional on each channel.
  • the location tracking notification frame further includes the working channel information of the positioning device, and the positioning device can determine whether the received location tracking notification frame is maliciously copied according to the working channel information and the tracking sequence number of the positioning device.
  • the LME of the embodiment includes six fields: an element ID (Element ID), and a length (Length). Key ID, Channel Number, LIPN, and MIC, where Element ID, Length, KeylD, and MIC are the same as those in the Management MIC Element (MME) in the prior art. The meaning is the same, the Channel Number indicates the channel on which the target AP works, and the location IGTK Packet Number (LIPN) contains 5 bytes, which is a 40-bit unsigned integer, and the location tracking notification frame is sent.
  • element ID element ID
  • Length length
  • Key ID Key ID
  • Channel Number indicates the channel on which the target AP works
  • the location IGTK Packet Number (LIPN) contains 5 bytes, which is a 40-bit unsigned integer, and the location tracking notification frame is sent.
  • LIPN Location IGTK Packet Number
  • the LIPN may be the tracking sequence number in the embodiment, and the location tracking notification frame may be prevented from being retransmitted after being copied, and the channel number may be the working channel information in this embodiment.
  • the STA obtains A plurality ILTK, using different ILTK in each designated channel, it may not necessarily be contained in the Channel Number of the LME.
  • LME is only a way of carrying the organization data of the MIC, LIPN and Channel Number information of the embodiment, and the present invention does not limit the manner in which the MIC, LIPN and Channel Number information are carried.
  • the STA after receiving the positioning configuration request frame sent by the associated AP to instruct the STA to send the location tracking notification frame, the STA sends the positioning configuration to the associated AP according to its own support capability and whether there is a positioning requirement. Or the failed positioning configuration response frame. If the positioning configuration response frame is successful, the positioning server sends the ILTK to the positioning target AP. It can be understood that the positioning server can also send the ILTK to the target AP while sending the ILTK to the associated AP.
  • the MIC uses ILTK to digest the location tracking notification frame so that the attacker (without ILTK) cannot tamper with the location tracking notification frame because any tampering will be checked by the target AP.
  • the tracking sequence number information is added to the location tracking notification frame, and the target AP knows that the tracking sequence number is different in each location tracking notification frame, otherwise it is malicious replication.
  • the location tracking notification frame since the location tracking notification frame is transmitted in different channels, the same tracking sequence number may be used, that is, the tracking sequence has its own independent space on each channel number and performs one-way transformation on each channel. Therefore, the location tracking notification frame also includes channel number information. It can be understood that if the tracking sequence number is monotonically changed globally, the working channel information may not be carried, and the location tracking notification frame includes the working channel information to better prevent the attacker from maliciously copying the sending location tracking notification frame.
  • the received location tracking notification frame received by the target AP is not maliciously tampering and is not maliciously copied, the received location tracking notification frame is a valid frame, and the target AP sends the measured positioning data to the positioning server, and the positioning server is short.
  • the location data received from the plurality of target APs in the time estimate the location coordinates of the STA. If the received location tracking notification frame is found to be maliciously falsified or maliciously copied, the measured positioning data is not sent to the positioning server.
  • the STA first receives the positioning configuration request frame including at least the ILTK, and generates a location tracking notification frame including the message integrity information generated by using the ILTK, and the message integrity information is used to receive the location tracking.
  • the positioning device of the notification frame checks the integrity of the location tracking notification frame, and sends a location tracking notification frame, so that the target AP that receives the location tracking notification frame checks the location tracking notification frame according to the ILTK received from the positioning server.
  • the measured positioning data is sent to the positioning server, and if the received location tracking notification frame is verified to be maliciously falsified or maliciously copied, The measured positioning data is not sent to the positioning server, which can improve the security of the positioning and prevent the positioning system from being maliciously attacked.
  • FIG. 3 is a flowchart of Embodiment 2 of a method for ensuring the validity of positioning provided by the present invention, as shown in FIG. 3: , ' , , , , , ,
  • S301 Receive a location tracking notification frame sent by the STA, where the location tracking notification frame includes message integrity information generated by using the ILTK.
  • the positioning device in this embodiment may be an AP, and the STA receives the associated AP to send.
  • the STA After the positioning configuration request frame for instructing the STA to send the location tracking notification frame, according to its own support capability and whether there is a positioning requirement, it is determined whether the positioning configuration is successfully accepted, and the positioning configuration response frame of the success or failure is sent to the associated AP.
  • the positioning configuration response frame the STA sends a location tracking notification frame to the AP according to the configuration of the positioning configuration request frame.
  • the location tracking notification frame contains message integrity information generated using ILTK.
  • the message integrity information in the location tracking notification frame may specifically be a MIC, and the MIC uses the ILTK to perform a digest processing on the location tracking notification frame, so that the attacker (without holding the ILTK) cannot tamper with the location tracking notification frame. Because any tampering will be checked by the target AP.
  • the positioning server sends the ILTK to the positioning target AP. It can be understood that the positioning server may also send the ILTK to the target AP at the same time. Send ILTK.
  • the AP verifies the location tracking notification frame according to the ILTK sent by the positioning server. If the location tracking notification frame received by the target AP is not maliciously tampering and is not maliciously copied, the received location tracking notification frame is a valid frame, and the target The AP sends the measured positioning data to the positioning server, and the positioning server estimates the position coordinates of the STA according to the positioning data received from the plurality of target APs in a short time, and if the verification finds that the received location tracking notification frame is maliciously tampered with. Or maliciously copied, the measured positioning data is not sent to the positioning server.
  • the AP receives the location tracking notification frame sent by the STA, and the location tracking notification frame includes the message integrity information generated by using the ILTK, and checks according to the ILTK and the message integrity information sent by the positioning server.
  • the integrity of the location tracking notification frame can improve the security of the positioning, thereby improving the accuracy of the positioning.
  • FIG. 4 is a flowchart of Embodiment 3 of the method for ensuring the validity of positioning provided by the present invention, as shown in FIG. 4: , ' , , , , and
  • the positioning configuration request frame includes at least an ILTK
  • the positioning configuration request frame further includes information for periodically sending the location tracking notification frame and working channel information of the positioning device, and the working channel information of the positioning device is sent.
  • the location tracking notification uses the channel for the frame.
  • the ILTK is encrypted and carried in the positioning configuration request frame.
  • the positioning device in this embodiment may be an AP, and the embodiment may carry the ILTK in the security sub-element Security Subelement added in the positioning parameter element included in the positioning configuration request frame received by the STA, where the security sub- The element may be configured by the STA element ID, the length, and the ILTK field.
  • the STA may receive the positioning configuration request frame, and perform BIP encapsulation processing on the location tracking notification frame sent by the STA to each target AP according to the read ILTK.
  • the APs in the positioning process can be classified into two types: one is an associated AP that initiates positioning, and also receives a location tracking notification frame; the other is an AP that only accepts the location tracking notification frame for positioning, S401 is The associated AP that initiated the positioning is executed.
  • a location tracking notification frame sent by the STA where the location tracking notification frame includes message integrity information generated by using the ILTK, and the location tracking notification frame further includes a tracking sequence number, and the tracking sequence number is used for each time the location tracking notification frame is generated. Change processing.
  • the tracking sequence number in the location tracking notification frame received by the positioning device performs one-way recursive processing each time the location tracking notification frame is generated to ensure that the target AP receives the location tracking notification without malicious copying.
  • the fields of the tracking sequence number in the frame are different.
  • the message integrity information in the location tracking notification frame sent by the STA to the positioning device, the working channel information of the positioning device, and the tracking sequence number may be carried in the LME, and the location tracking notification frame may be further used by the LME. BIP package.
  • the LME in this embodiment may be the same as the LME in the first embodiment of the present invention, and details are not described herein.
  • the same tracking sequence number may be used, that is, the tracking sequence has its own independent space on each channel number and performs one-way gradual processing on each channel.
  • the tracking notification frame also needs to include the working channel information of the positioning device, and the positioning device can determine whether the received location tracking notification frame is maliciously copied according to the working channel information and the tracking sequence number of the positioning device.
  • the target AP according to the ILTK check location integrity of the notification frame may include a malicious tamper check and a malicious copy check, wherein the malicious tamper check is the target AP according to the target AP.
  • the information in the received location tracking notification frame is checked by the message integrity check algorithm to check whether the received location tracking notification frame has been tampered with, if the calculated value of the message integrity information is carried in the location tracking notification frame. If the value of the message integrity information is the same, the received location tracking notification frame has not been tampered with. If not, the received location tracking notification frame has been tampered with; the malicious replication verification includes the target AP comparison location tracking notification frame.
  • the channel number included in the working channel information is consistent with its actual working channel information, and whether the location tracking notification frame that is the same as the tracking sequence number included in the location tracking notification frame is received, if the work included in the location tracking notification frame is included
  • the channel information Channel Number is consistent with its actual working channel information, and the location tracking notification frame that is the same as the tracking sequence number included in the location tracking notification frame is not received, and the received location tracking notification frame is not copied by the malicious STA.
  • Send, if the work channel included in the location tracking notification frame Channel Number information with their actual working channel information is inconsistent, or received over the same track the location notification frame including the tracking position tracking number notification frame, then the received frame is unavailable position tracking notification.
  • the AP sends a receiving positioning configuration request frame to the STA, and receives the location tracking notification frame sent by the STA.
  • the location tracking notification frame includes message integrity information generated by using the ILTK, and then according to the positioning server.
  • the transmitted ILTK and message integrity information verify the integrity of the location tracking notification frame, which can improve the security of the positioning and improve the accuracy of the positioning.
  • the associated AP is the AP that initiates the positioning, and also receives the location tracking notification frame and performs checksum positioning.
  • the target AP is an AP that only receives the location tracking notification frame for checksum positioning.
  • the method for ensuring the validity of the positioning includes:
  • the positioning server sends an ILTK to the associated AP.
  • the associated AP sends a positioning configuration request frame including at least an ILTK to the STA.
  • the ILTK is encrypted and carried in the positioning configuration request frame.
  • the STA sends a positioning configuration response frame to the associated AP.
  • the STA determines whether the positioning configuration is successfully accepted according to its own support capability and whether there is a positioning requirement, and sends a positioning configuration response frame to the associated AP, and if the positioning configuration response frame indicates positioning If the configuration succeeds, the subsequent operations are continued. If the positioning configuration response frame indicates that the positioning configuration fails, the process ends. 5504.
  • the positioning server sends an ILTK to the target AP.
  • the associated AP can be one.
  • the STA generates a location tracking notification frame, and generates message integrity information of the location tracking notification frame according to the ILTK.
  • the STA sends a location tracking notification frame that includes message integrity information to the associated AP and the target AP.
  • the associated AP and the target AP verify the integrity of the location tracking notification frame according to the message integrity information contained in the ILTK and the location tracking notification frame.
  • the associated AP and the target AP send the positioning data to the positioning server.
  • the positioning data is sent to the positioning server, so that the positioning server estimates the coordinates of the STA according to the received positioning data; If the location tracking notification frame received by the associated AP is maliciously falsified or maliciously repeated, the positioning data is not sent to the positioning server, which can improve the security of the positioning.
  • the AP sends a positioning configuration request frame including at least the ILTK to the STA, and the STA generates the message integrity information of the location tracking notification frame according to the ILTK, and sends the message integrity information to the associated AP and the target AP.
  • the location tracking notification frame including the message integrity information, the associated AP and the target AP verify the integrity of the location tracking notification frame according to the ILTK and the message integrity information, thereby improving the security of the positioning and improving the positioning accuracy.
  • FIG. 6 is a schematic structural diagram of Embodiment 1 of a workstation device according to the present invention.
  • the workstation device of the present embodiment includes: a first receiving module 61, a first processing module 62, and a first sending module 63, where The first receiving module 61 is configured to receive a positioning configuration request frame, where the positioning configuration request frame includes at least an integrity positioning temporary key ILTK; the first processing module 62 is configured to generate a location tracking notification frame, where the location tracking notification frame is generated by using the ILTK Message integrity information, the message integrity information is used by the positioning device that receives the location tracking notification frame to verify the integrity of the location tracking notification frame; the first sending module 63 is configured to send the location tracking notification frame.
  • the first receiving module 61 is configured to receive a positioning configuration request frame, where the positioning configuration request frame includes at least an integrity positioning temporary key ILTK
  • the first processing module 62 is configured to generate a location tracking notification frame, where the location tracking notification frame is generated by using the ILTK
  • the ILTK is encrypted and carried in the positioning configuration request frame.
  • the positioning configuration request frame further includes information for periodically transmitting the location tracking notification frame and working channel information of the positioning device, where the working channel information of the positioning device indicates the channel used by the sending location tracking notification frame, and the location tracking notification frame is further Including the tracking sequence number, the tracking sequence number is subjected to one-way recursive processing each time the location tracking notification frame is generated.
  • the location tracking notification frame further includes working channel information of the positioning device.
  • the workstation device of this embodiment may be a STA.
  • the device in this embodiment may be used to implement the technical solution of the method embodiment shown in FIG. 1.
  • the implementation principle and technical effects are similar, and details are not described herein again.
  • FIG. 7 is a schematic structural diagram of Embodiment 2 of a workstation device according to the present invention.
  • the workstation device of this embodiment includes a transmitter 71, a receiver 72, a memory 73, and a transmitter 71 and a receiver 72, respectively.
  • the processor 74 is connected to the memory 74.
  • the workstation device may also include a common component such as an antenna, a baseband processing component, a medium-frequency processing component, and an input/output device.
  • the embodiment of the present invention does not impose any limitation here.
  • the memory 73 stores a set of program codes, and the processor 74 is configured to call the program code stored in the memory 73 for performing the following operations:
  • the positioning configuration request frame includes at least an integrity positioning temporary key ILTK;
  • the location tracking notification frame containing message integrity information generated using the ILTK, and the message integrity information for receiving the location tracking notification frame by the positioning device to verify the integrity of the location tracking notification frame;
  • FIG. 8 is a schematic structural diagram of Embodiment 1 of a positioning device according to the present invention.
  • the positioning device of this embodiment includes: a second receiving module 81 and a second processing module 82, where the second receiving module 81 is used. And receiving, by the receiving station STA, a location tracking notification frame, where the location tracking notification frame includes message integrity information generated by using the integrity positioning temporary key ILTK; and the second processing module 82 is configured to verify the location tracking notification according to the ILTK and the message integrity information. The integrity of the frame, in order to obtain the data required to locate the STA based on the location tracking notification frame when the message integrity information is correct.
  • the locating device of the embodiment further includes: a second sending module, where the second sending module is configured to send a positioning configuration request frame to the STA, and locate the configuration request frame at least before receiving the location tracking notification frame sent by the station STA Includes ILTK.
  • the ILTK is encrypted and carried in the positioning configuration request frame.
  • the positioning configuration request frame further includes information for periodically transmitting the location tracking notification frame and working channel information of the positioning device, where the working channel information of the positioning device indicates the channel used by the sending location tracking notification frame, and the location tracking notification frame is further Including tracking number, tracking number is every time One-way recursive processing when generating a location tracking notification frame;
  • the second processing module 82 is further configured to:
  • the location tracking notification frame further includes working channel information of the positioning device.
  • the second processing module 82 is further configured to:
  • the working channel information included in the comparison location tracking notification frame is consistent with its own working channel information.
  • the positioning device of this embodiment may be an AP.
  • the device in this embodiment may be used to implement the technical solution of the method embodiment shown in FIG. 2 or FIG. 3, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • FIG. 9 is a schematic structural diagram of Embodiment 2 of a positioning apparatus according to the present invention.
  • the positioning apparatus of this embodiment includes a transmitter 91, a receiver 92, a memory 93, and a transmitter 91 and a receiver 92, respectively.
  • the processor 93 is connected to the memory 93.
  • the locating device may also include a common component such as an antenna, a baseband processing component, a medium-frequency processing component, and an input/output device.
  • the embodiment of the present invention is not limited herein.
  • the memory 93 stores a set of program codes, and the processor 94 is configured to call the program code stored in the memory 93 for performing the following operations:
  • the location tracking notification frame includes message integrity information generated by using the integrity positioning temporary key ILTK;
  • the integrity of the location tracking notification frame is verified to obtain the data required to locate the STA based on the location tracking notification frame when the message integrity information is correct.
  • FIG. 10 is a schematic structural diagram of Embodiment 1 of a network system according to the present invention.
  • the network system of this embodiment includes: a workstation device 100, a positioning device 200, and a positioning server 300, where the workstation device 100 may be
  • the locating device 200 of any one of the above-mentioned locating device embodiments may be the locating device of any one or two of the locating device embodiments.
  • the network system provided in this embodiment sends a location tracking notification frame to the positioning device by using the workstation device.
  • the location tracking notification frame includes message integrity information generated according to the ILTK, and then checks the location according to the ILTK and message integrity information sent by the positioning server. Tracking the integrity of the notification frame can improve the security of the positioning, thereby improving the accuracy of the positioning.
  • the disclosed apparatus and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a hardware plus software functional unit.
  • the above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium.
  • the above software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the methods of the various embodiments of the present invention. Part of the steps.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .

Abstract

Provided in the embodiments of the present invention are a method, a device and a network system for ensuring positioning validity, the method comprising: receiving a positioning configuration request frame at least comprising an integrity location temporal key (ILTK); generating a location tracking notification frame which includes message integrity information generated by means of the ILTK, said message integrity information being used by the positioning device receiving the location tracking notification frame for testing the integrity of same; transmitting the location tracking notification frame. By verifying that a received location tracking notification frame has not been subjected to malicious tampering or copying before location data is sent to a location server, the technical solution of the present invention is able to improve positioning security and prevent malicious attacks on positioning systems.

Description

保证定位有效性的方法、 装置及网络系统 本申请要求于 2013年 2月 19日提交中国专利局、 申请号为 201310053499.8中国专利申请的优先权,其全部内容通过引用结合在本申请 中。  The present application claims priority to Chinese Patent Application No. 201310053499.8, filed on Feb. 19, 2013, the entire disclosure of which is hereby incorporated by reference.
技术领域 本发明实施例涉及通信技术, 尤其涉及一种保证定位有效性的方法、 装置及网络系统。 背景技术 随着社会经济与科学技术的发展, 越来越多的大型复杂建筑出现在我 们的生活中。 这些大型建筑其内部结构极其复杂, 从而产生了在这些建筑 内进行定位导航的需求, 然而, 传统的全球定位系统 (Globe Positioning System, 简称 GPS )信号在室内不能被接收到, 为了满足室内定位需求, 需要开发一种使用其它信号的定位系统, 目前已出现一些分别使用红外线TECHNICAL FIELD Embodiments of the present invention relate to communication technologies, and in particular, to a method, an apparatus, and a network system for ensuring positioning effectiveness. BACKGROUND OF THE INVENTION With the development of social economy and science and technology, more and more large and complex buildings are appearing in our lives. These large buildings have extremely complex internal structures, which creates the need for positioning and navigation within these buildings. However, traditional Global Positioning System (GPS) signals cannot be received indoors, in order to meet indoor positioning needs. There is a need to develop a positioning system that uses other signals.
( Infrared,简称 IR )、超宽带( Ultra Wideband,简称 UWB )、射频识别( Radio Frequency Identification , 简称 RFID )、 蓝牙 (Bluetooth ) 以及无线保真(Infrared, referred to as IR), Ultra Wideband (UWB), Radio Frequency Identification (RFID), Bluetooth, and Wireless Fidelity
( Wireless Fidelity , 简称 Wi-Fi )等技术的室内定位系统。 Indoor positioning system for technologies such as Wireless Fidelity (Wi-Fi).
在 IEEE802.i l无线通信系统协议中, 提供了一种可供定位的机制, 可 以由定位发起者对目标工作站 (Station, 简称 STA )进行位置跟踪。 其具 体过程是: 定位发起者向目标工作站发送定位配置请求帧, 定位配置请求 帧中指定目标工作站发送位置跟踪通知帧的发送周期、 目的地址和信道信 息; 目标工作站按照指定的周期在指定的信道上向指定的地址发送位置跟 踪通知帧; 位置跟踪通知帧的接收者在收到位置跟踪通知帧后可测量定位 所需数据以及位置跟踪通知帧中包含的数据用于对目标工作站进行位置估 计。 定位发起者和位置跟踪通知帧的接收者通常为 AP, 位置跟踪通知帧的 接收者需要有多个, 可以分别工作于不同的信道, 也可以在一个信道上部 署多个用于定位的 AP,被跟踪的工作站釆用广播 /组播方式发送位置跟踪通 知帧。 位置跟踪配置帧中的目的地址指示了这些接收位置跟踪通知帧的 AP 的地址或者是广播 /组播地址。 具体的位置估计可以由位置跟踪通知帧的接 收者后面的定位服务器完成,即用于定位的 AP接收到位置跟踪通知帧获得 定位所需数据后将这些数据发送给定位服务器, 定位服务器根据从多个 AP 获得的定位相关数据对目标工作站进行位置估计。 In the IEEE 802.il wireless communication system protocol, a mechanism for positioning is provided, and the location initiator can perform location tracking on a target workstation (Station, referred to as STA). The specific process is: the positioning initiator sends a positioning configuration request frame to the target workstation, and the sending target period, the destination address, and the channel information of the specified target station in the positioning configuration request frame are sent; the target workstation is in the designated channel according to the specified period. The location tracking notification frame is sent to the specified address; the receiver of the location tracking notification frame can measure the data required for the positioning and the data contained in the location tracking notification frame after the location tracking notification frame is received for location estimation of the target workstation. The receiver of the location initiator and the location tracking notification frame is usually an AP, and the receiver of the location tracking notification frame needs to have multiple, and may work on different channels separately, or multiple APs for positioning may be deployed on one channel. Tracked workstations use the broadcast/multicast method to send location tracking Know the frame. The destination address in the location tracking configuration frame indicates the address of the AP that receives the location tracking notification frame or the broadcast/multicast address. The specific location estimation may be completed by the positioning server behind the receiver of the location tracking notification frame, that is, the AP for positioning receives the location tracking notification frame to obtain the data required for the positioning, and then sends the data to the positioning server, and the positioning server according to the multiple The location-related data obtained by the APs is used to estimate the location of the target workstation.
然而, 上述现有无线通信系统协议中的定位机制存在安全性不高的问 题, 定位系统容易受到恶意攻击, 例如攻击设备在另外的位置使用目标工 作站的地址发送位置跟踪通知帧, 使得定位系统获得目标工作站的不真实 的位置, 使各种基于这种定位方式的应用发生错误, 造成不可预测的损害。 发明内容 本发明实施例提供一种保证定位有效性的方法、 装置及网络系统, 用 以提高定位的安全性, 防止被恶意攻击造成定位错误。  However, the positioning mechanism in the existing wireless communication system protocol has a problem of low security, and the positioning system is vulnerable to malicious attacks. For example, the attack device sends a location tracking notification frame at another location using the address of the target workstation, so that the positioning system obtains The unrealistic location of the target workstation causes errors in various applications based on this positioning method, causing unpredictable damage. SUMMARY OF THE INVENTION Embodiments of the present invention provide a method, a device, and a network system for ensuring location validity, which are used to improve the security of positioning and prevent a positioning error caused by a malicious attack.
本发明第一方面, 提供一种保证定位有效性的方法, 包括:  In a first aspect of the present invention, a method for ensuring location validity is provided, including:
接收定位配置请求帧, 所述定位配置请求帧至少包括完整性定位暂时 密钥 ILTK;  Receiving a positioning configuration request frame, where the positioning configuration request frame includes at least an integrity positioning temporary key ILTK;
生成位置跟踪通知帧 ,所述位置跟踪通知帧包含使用所述 ILTK生成的 消息完整性信息, 所述消息完整性信息用于接收到所述位置跟踪通知帧的 定位设备检验所述位置跟踪通知帧的完整性;  Generating a location tracking notification frame, the location tracking notification frame including message integrity information generated using the ILTK, the message integrity information being used by a positioning device receiving the location tracking notification frame to verify the location tracking notification frame Integrity
发送所述位置跟踪通知帧。  Sending the location tracking notification frame.
在第一方面的第一种可能的实现方式中,所述 ILTK被加密后携带在所 述定位配置请求帧中。  In a first possible implementation manner of the first aspect, the ILTK is encrypted and carried in the positioning configuration request frame.
结合第一方面或第一方面的第一种可能的实现方式, 在第一方面的第 二种可能的实现方式中, 所述定位配置请求帧中还包含周期性发送所述位 置跟踪通知帧的信息和所述定位设备的工作信道信息, 所述定位设备的工 作信道信息指示发送所述位置跟踪通知帧使用的信道, 所述位置跟踪通知 帧中还包括跟踪序号, 所述跟踪序号在每次生成所述位置跟踪通知帧时作 单向递变处理。  With reference to the first aspect, or the first possible implementation manner of the first aspect, in the second possible implementation manner of the first aspect, the positioning configuration request frame further includes periodically sending the location tracking notification frame The information and the working channel information of the positioning device, the working channel information of the positioning device indicates a channel used for sending the location tracking notification frame, and the location tracking notification frame further includes a tracking sequence number, where the tracking sequence number is The one-way recursive processing is performed when the location tracking notification frame is generated.
根据第一方面的第二种可能的实现方式, 在第一方面的第三种可能的 实现方式中, 所述位置跟踪通知帧中还包括所述定位设备的工作信道信息。 本发明第二方面, 提供一种保证定位有效性的方法, 包括: According to a second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the location tracking notification frame further includes working channel information of the positioning device. In a second aspect of the present invention, a method for ensuring positioning effectiveness is provided, including:
接收工作站 STA发送的位置跟踪通知帧, 所述位置跟踪通知帧包含使 用完整性定位暂时密钥 ILTK生成的消息完整性信息;  Receiving a location tracking notification frame sent by the station STA, the location tracking notification frame containing message integrity information generated by using the integrity positioning temporary key ILTK;
根据所述 ILTK和所述消息完整性信息,检验所述位置跟踪通知帧的完 整性, 以便在所述消息完整性信息正确时根据所述位置跟踪通知帧获得定 位所述 STA所需的数据。  And verifying the integrity of the location tracking notification frame according to the ILTK and the message integrity information, so as to obtain data required to locate the STA according to the location tracking notification frame when the message integrity information is correct.
在第二方面的第一种可能的实现方式中, 所述接收工作站 STA发送的 位置跟踪通知帧之前, 还包括:  In a first possible implementation manner of the second aspect, before the location tracking notification frame sent by the receiving station STA, the method further includes:
向所述 STA发送定位配置请求帧, 所述定位配置请求帧至少包括所述 ILTK。  Sending a positioning configuration request frame to the STA, where the positioning configuration request frame includes at least the ILTK.
根据第二方面的第一种可能的实现方式, 在第二方面的第二种可能的 实现方式中, 所述 ILTK被加密后携带在所述定位配置请求帧中。  According to the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the ILTK is encrypted and carried in the positioning configuration request frame.
结合第二方面或第二方面的第一种或第二种可能的实现方式中任意一 种, 在第二方面的第三种可能的实现方式中, 所述定位配置请求帧中还包 含周期性发送所述位置跟踪通知帧的信息和定位设备的工作信道信息, 所 述定位设备的工作信道信息指示发送所述位置跟踪通知帧使用的信道, 所 述位置跟踪通知帧中还包括跟踪序号, 所述跟踪序号在每次生成所述位置 跟踪通知帧时作单向递变处理;  With reference to the second aspect, or any one of the first or the second possible implementation manner of the second aspect, in a third possible implementation manner of the second aspect, the positioning configuration request frame further includes a periodicity Transmitting the information of the location tracking notification frame and the working channel information of the positioning device, where the working channel information of the positioning device indicates the channel used for sending the location tracking notification frame, and the location tracking notification frame further includes a tracking sequence number. The tracking sequence number is subjected to one-way gradation processing each time the location tracking notification frame is generated;
相应地, 所述方法还包括:  Correspondingly, the method further includes:
判断是否接收到过与所述位置跟踪通知帧中包括的跟踪序号相同的位 置跟踪通知帧。  It is judged whether or not the location tracking notification frame identical to the tracking sequence number included in the location tracking notification frame has been received.
根据第二方面的第三种可能的实现方式, 在第二方面的第四种可能的 实现方式中, 所述位置跟踪通知帧中还包括所述定位设备的工作信道信息; 相应地, 所述方法还包括:  According to a third possible implementation manner of the second aspect, in a fourth possible implementation manner of the second aspect, the location tracking notification frame further includes working channel information of the positioning device; The method also includes:
对比所述位置跟踪通知帧中包括的所述工作信道信息与自身的工作信 道信息是否一致。  Comparing whether the working channel information included in the location tracking notification frame is consistent with its own working channel information.
本发明第三方面, 提供一种工作站装置, 包括:  According to a third aspect of the present invention, a workstation apparatus is provided, including:
第一接收模块, 用于接收定位配置请求帧, 所述定位配置请求帧至少 包括完整性定位暂时密钥 ILTK;  a first receiving module, configured to receive a positioning configuration request frame, where the positioning configuration request frame includes at least an integrity positioning temporary key ILTK;
第一处理模块, 用于生成位置跟踪通知帧, 所述位置跟踪通知帧包含 使用所述 ILTK生成的消息完整性信息,所述消息完整性信息用于接收到所 述位置跟踪通知帧的定位设备检验所述位置跟踪通知帧的完整性; 第一发送模块, 用于发送所述位置跟踪通知帧。 a first processing module, configured to generate a location tracking notification frame, where the location tracking notification frame includes message integrity information generated by using the ILTK, where the message integrity information is used to receive the location The positioning device of the location tracking notification frame checks the integrity of the location tracking notification frame. The first sending module is configured to send the location tracking notification frame.
在第三方面的第一种可能的实现方式中,所述 ILTK被加密后携带在所 述定位配置请求帧中。  In a first possible implementation manner of the third aspect, the ILTK is encrypted and carried in the positioning configuration request frame.
结合第三方面或第三方面的第一种可能的实现方式, 在第三方面的第 二种可能的实现方式中, 所述定位配置请求帧中还包含周期性发送所述位 置跟踪通知帧的信息和所述定位设备的工作信道信息, 所述定位设备的工 作信道信息指示发送所述位置跟踪通知帧使用的信道, 所述位置跟踪通知帧 中还包括跟踪序号, 所述跟踪序号在每次生成所述位置跟踪通知帧时作单向 递变处理。  With the third aspect or the first possible implementation manner of the third aspect, in a second possible implementation manner of the third aspect, the positioning configuration request frame further includes periodically sending the location tracking notification frame The information and the working channel information of the positioning device, the working channel information of the positioning device indicates a channel used for sending the location tracking notification frame, and the location tracking notification frame further includes a tracking sequence number, where the tracking sequence number is The one-way recursive processing is performed when the location tracking notification frame is generated.
根据第三方面的第二种可能的实现方式, 在第三方面的第三种可能的 实现方式中, 所述位置跟踪通知帧中还包括所述定位设备的工作信道信息。  According to a second possible implementation manner of the third aspect, in a third possible implementation manner of the third aspect, the location tracking notification frame further includes working channel information of the positioning device.
本发明第四方面, 提供一种定位设备, 包括:  A fourth aspect of the present invention provides a positioning apparatus, including:
第二接收模块, 用于接收工作站 STA发送的位置跟踪通知帧, 所述位 置跟踪通知帧包含使用完整性定位暂时密钥 ILTK生成的消息完整性信息; 第二处理模块, 用于根据所述 ILTK和所述消息完整性信息,检验所述 位置跟踪通知帧的完整性, 以便在所述消息完整性信息正确时根据所述位 置跟踪通知帧获得定位所述 STA所需的数据。  a second receiving module, configured to receive a location tracking notification frame sent by the workstation STA, where the location tracking notification frame includes message integrity information generated by using the integrity positioning temporary key ILTK; and a second processing module, configured to use, according to the ILTK And verifying the integrity of the location tracking notification frame with the message integrity information to obtain data required to locate the STA according to the location tracking notification frame when the message integrity information is correct.
在第四方面的第一种可能的实现方式中, 还包括:  In a first possible implementation manner of the fourth aspect, the method further includes:
第二发送模块, 用于在所述接收工作站 STA发送的位置跟踪通知帧之 前, 向所述 STA发送定位配置请求帧, 所述定位配置请求帧至少包括所述 ILTK。  And a second sending module, configured to send a positioning configuration request frame to the STA before the location tracking notification frame sent by the receiving station STA, where the positioning configuration request frame includes at least the ILTK.
根据第四方面的第一种可能的实现方式, 在第四方面的第二种可能的 实现方式中, 所述 ILTK被加密后携带在所述定位配置请求帧中。  According to the first possible implementation manner of the fourth aspect, in a second possible implementation manner of the fourth aspect, the ILTK is encrypted and carried in the positioning configuration request frame.
结合第四方面或第四方面的第一种或第二种可能的实现方式中任意一 种, 在第四方面的第三种可能的实现方式中, 所述定位配置请求帧中还包 含周期性发送所述位置跟踪通知帧的信息和定位设备的工作信道信息, 所 述定位设备的工作信道信息指示发送所述位置跟踪通知帧使用的信道, 所 述位置跟踪通知帧中还包括跟踪序号, 所述跟踪序号在每次生成所述位置 跟踪通知帧时作单向递变处理;  With reference to the fourth aspect, or any one of the first or the second possible implementation manner of the fourth aspect, in a third possible implementation manner of the fourth aspect, the positioning configuration request frame further includes a periodicity Transmitting the information of the location tracking notification frame and the working channel information of the positioning device, where the working channel information of the positioning device indicates the channel used for sending the location tracking notification frame, and the location tracking notification frame further includes a tracking sequence number. The tracking sequence number is subjected to one-way gradation processing each time the location tracking notification frame is generated;
相应地, 所述第二处理模块, 还用于: 判断是否接收到过与所述位置跟踪通知帧中包括的跟踪序号相同的位 置跟踪通知帧。 Correspondingly, the second processing module is further configured to: It is judged whether or not the location tracking notification frame identical to the tracking sequence number included in the location tracking notification frame has been received.
根据第四方面的第三种可能的实现方式, 在第四方面的第四种可能的 实现方式中, 所述位置跟踪通知帧中还包括所述定位设备的工作信道信息; 相应地, 所述第二处理模块, 还用于:  According to a third possible implementation manner of the fourth aspect, in a fourth possible implementation manner of the fourth aspect, the location tracking notification frame further includes working channel information of the positioning device; The second processing module is further configured to:
对比所述位置跟踪通知帧中包括的所述工作信道信息与自身的工作信 道信息是否一致。  Comparing whether the working channel information included in the location tracking notification frame is consistent with its own working channel information.
本发明第五方面, 提供一种网络系统, 包括: 如第三方面或第三方面 的任意一种可能的实现方式中的工作站装置, 以及如第四方面或第四方面 的任意一种可能的实现方式中的定位设备, 以及定位服务器。  A fifth aspect of the present invention provides a network system, comprising: the workstation device in any one of the possible implementations of the third aspect or the third aspect, and any one of the fourth aspect or the fourth aspect The positioning device in the implementation, and the positioning server.
本发明实施例提供一种保证定位有效性的方法、 装置及网络系统, 通 过 STA先接收至少包括 ILTK的定位配置请求帧,生成包含使用所述 ILTK 生成的消息完整性信息的位置跟踪通知帧, 消息完整性信息用于接收到所 述位置跟踪通知帧的定位设备检验所述位置跟踪通知帧的完整性, 并发送 所述位置跟踪通知帧 ,以供接收到位置跟踪通知帧的目标 AP根据接收自定 位服务器的 ILTK, 对位置跟踪通知帧进行校验, 可以提高定位的安全性, 防止定位系统被恶意攻击。 附图说明 为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对 实施例或现有技术描述中所需要使用的附图作一简单地介绍, 显而易见地, 下面描述中的附图是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动性的前提下, 还可以根据这些附图获得其他的附图。  An embodiment of the present invention provides a method, a device, and a network system for ensuring the validity of a positioning. The STA first receives a positioning configuration request frame including at least an ILTK, and generates a location tracking notification frame including message integrity information generated by using the ILTK. The message integrity information is used by the positioning device receiving the location tracking notification frame to verify the integrity of the location tracking notification frame, and send the location tracking notification frame for receiving the location tracking notification frame by the target AP according to the receiving The ILTK of the self-positioning server verifies the location tracking notification frame, which can improve the security of the positioning and prevent the positioning system from being maliciously attacked. BRIEF DESCRIPTION OF THE DRAWINGS In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. The drawings are some embodiments of the present invention, and those skilled in the art can obtain other drawings based on these drawings without any inventive labor.
图 1为本发明提供的保证定位有效性的方法实施例一的流程图; 图 2A为本发明提供的保证定位有效性的方法实施例一中定位配置请 求帧的定位参数元素的格式示意图;  1 is a flowchart of Embodiment 1 of a method for ensuring location validity provided by the present invention; FIG. 2A is a schematic diagram of a format of a positioning parameter element of a positioning configuration request frame in Embodiment 1 of a method for ensuring location validity according to the present invention;
图 2B 为本发明提供的保证定位有效性的方法实施例一中消息完整性 码元素的格式示意图;  2B is a schematic diagram of a format of a message integrity code element in Embodiment 1 of a method for ensuring location validity according to the present invention;
图 3为本发明提供的保证定位有效性的方法实施例二的流程图; 图 4为本发明提供的保证定位有效性的方法实施例三的流程图; 图 6为本发明提供的工作站装置实施例一的结构示意图; 图 7为本发明提供的工作站装置实施例二的结构示意图; 3 is a flowchart of Embodiment 2 of a method for ensuring location validity provided by the present invention; FIG. 4 is a flowchart of Embodiment 3 of a method for ensuring location validity provided by the present invention; FIG. 6 is a schematic structural diagram of Embodiment 1 of a workstation device according to the present invention; FIG. 7 is a schematic structural diagram of Embodiment 2 of a workstation device according to the present invention;
图 8为本发明提供的定位设备实施例一的结构示意图;  FIG. 8 is a schematic structural diagram of Embodiment 1 of a positioning device according to the present invention;
图 9为本发明提供的定位设备实施例二的结构示意图;  FIG. 9 is a schematic structural diagram of Embodiment 2 of a positioning device according to the present invention;
图 10为本发明提供的网络系统实施例一的结构示意图。 具体实施方式 为使本发明实施例的目的、 技术方案和优点更加清楚, 下面将结合本 发明实施例中的附图, 对本发明实施例中的技术方案进行清楚、 完整地描 述, 显然, 所描述的实施例是本发明一部分实施例, 而不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作出创造性劳动前提 下所获得的所有其他实施例, 都属于本发明保护的范围。  FIG. 10 is a schematic structural diagram of Embodiment 1 of a network system according to the present invention. The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. The embodiments are a part of the embodiments of the invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明的技术方案可以适用的场景为基于无线通信系统的定位服务, 可以由关联接入点 (Access Point, 简称 AP )发起定位服务, 从而可以对 STA进行位置跟踪, 首先由关联 AP对 STA作位置跟踪配置, 当 STA成功 响应了位置跟踪配置后, STA按照配置信息在指定的信道上向指定的目标 AP发送定位通知, 以使目标 AP测量相应的定位数据, 以便定位服务器根 据这些获得的定位数据估计 STA的位置坐标。  A scenario in which the technical solution of the present invention can be applied is a positioning service based on a wireless communication system, and an access point (AP) can be used to initiate a location service, so that the STA can be used for location tracking. The location tracking configuration, after the STA successfully responds to the location tracking configuration, the STA sends a positioning notification to the specified target AP on the specified channel according to the configuration information, so that the target AP measures the corresponding positioning data, so that the positioning server obtains the positioning according to the positioning. The data estimates the position coordinates of the STA.
图 1为本发明提供的保证定位有效性的方法实施例一的流程图,如图 1  FIG. 1 is a flowchart of Embodiment 1 of a method for ensuring location validity provided by the present invention, as shown in FIG. 1
S101、 接收定位配置请求帧, 定位配置请求帧至少包括 ILTK。 S101. Receive a positioning configuration request frame, where the positioning configuration request frame includes at least an ILTK.
举例来说, 关联 AP发起定位服务后, 会向 STA发送定位配置请求帧, 用于对 STA作位置跟踪配置, 本实施例的定位配置请求帧至少包括完整性 定位暂时密钥 ( Integrity Location Temporal Key, 简称 ILTK ) , ILTK由定 位服务器在定位服务开始时发送给关联 AP。  For example, after the associated AP initiates the location service, the location configuration request frame is sent to the STA for location tracking configuration. The location configuration request frame in this embodiment includes at least an integrity location temporary key (Integrity Location Temporal Key). , referred to as ILTK), ILTK is sent by the location server to the associated AP when the location service starts.
可选地, ILTK被加密后携带在定位配置请求帧中。  Optionally, the ILTK is encrypted and carried in the positioning configuration request frame.
图 2A为本发明提供的保证定位有效性的方法实施例一中定位配置请 求帧的定位参数元素的格式示意图, 如图 2A所示, 现有技术中定位配置请 求帧中的定位参数元素 Location Parameters Element中包括元素 ID、长度以 及定位子元素三个字段, 本实施例通过在定位配置请求帧所包括的定位参 数元素中增加的安全子元素(Security Subelement )来携带 ILTK, 其中, 安 全子元素又可以包括子元素 ID、 长度以及 ILTK三个字段, STA接收到定 位配置请求帧后, 可以根据读取到的 ILTK对 STA发送给各目标 AP的位 置跟踪通知帧进行广播 /多播完整性保护 ( Broadcast/Multicast Integrity Protocol , 简称 ΒΙΡ )封装处理。 2A is a schematic diagram of a format parameter of a positioning parameter of a positioning configuration request frame in Embodiment 1 of the method for ensuring the validity of the positioning provided in the present invention. As shown in FIG. 2A, the positioning parameter element in the positioning configuration request frame in the prior art is located. Element includes element ID and length to And locating the three elements of the sub-element, the embodiment carries the ILTK by adding a security subelement (Security Subelement) in the positioning parameter element included in the positioning configuration request frame, wherein the security sub-element may further include the sub-element ID and the length. And the three fields of the ILTK, after receiving the positioning configuration request frame, the STA may perform broadcast/multicast integrity protection on the location tracking notification frame sent by the STA to each target AP according to the read ILTK (Broadcast/Multicast Integrity Protocol, referred to as ΒΙΡ) Package processing.
可以理解的是, 定位配置请求帧还中可以包括有多个工作信道号, 用 于指示在各工作信道号对应的工作信道上向各目标 ΑΡ发送位置跟踪通知 帧。  It can be understood that the positioning configuration request frame may further include a plurality of working channel numbers for indicating that the location tracking notification frame is sent to each target channel on the working channel corresponding to each working channel number.
具体来说, 由于定位服务的目标 ΑΡ由定位服务器配置, 可以在定位配 置请求帧中包括有多个工作信道号, 将包含有工作信道号的定位配置请求 帧发送给 STA, 用于指示 STA在各工作信道号对应的工作信道上向各 ΑΡ 发送位置跟踪通知帧, 多个工作信道号可以包括在定位配置请求帧中的定 位子元素中。  Specifically, the target of the location service is configured by the location server, and the location configuration request frame may include multiple working channel numbers, and the location configuration request frame including the working channel number is sent to the STA, where A location tracking notification frame is sent to each of the working channels corresponding to each working channel number, and the plurality of working channel numbers may be included in the positioning sub-element in the positioning configuration request frame.
S102、生成位置跟踪通知帧,位置跟踪通知帧包含使用 ILTK生成的消 息完整性信息, 消息完整性信息用于接收到位置跟踪通知帧的定位设备检 验位置跟踪通知帧的完整性。  S102. Generate a location tracking notification frame, where the location tracking notification frame includes message integrity information generated by using the ILTK, and the message integrity information is used by the positioning device that receives the location tracking notification frame to check the integrity of the location tracking notification frame.
具体来说, STA可以根据 ILTK生成消息完整性信息, 消息完整性信 息具体可以是消息完整性密码(Message Integrity Code, 简称 MIC ) 。  Specifically, the STA may generate message integrity information according to the ILTK, and the message integrity information may specifically be a Message Integrity Code (MIC).
可选地, 定位配置请求帧中还包含周期性发送位置跟踪通知帧的信息 和定位设备的工作信道信息, 定位设备的工作信道信息指示发送位置跟踪 通知帧使用的信道, 位置跟踪通知帧中还包括跟踪序号, 跟踪序号在每次 生成位置跟踪通知帧时作单向递变处理。  Optionally, the positioning configuration request frame further includes information for periodically transmitting the location tracking notification frame and working channel information of the positioning device, where the working channel information of the positioning device indicates the channel used by the sending location tracking notification frame, and the location tracking notification frame is further Including the tracking sequence number, the tracking sequence number is subjected to one-way recursive processing each time the location tracking notification frame is generated.
具体来说, 位置跟踪通知帧中的跟踪序号在每次生成位置跟踪通知帧 时作单向递变处理可以保证在无恶意复制的情况下,目标 AP接收到的位置 跟踪通知帧中的跟踪序号的字段不同。  Specifically, the tracking sequence number in the location tracking notification frame performs one-way recursive processing each time the location tracking notification frame is generated to ensure the tracking sequence number in the location tracking notification frame received by the target AP in the case of no malicious copying. The fields are different.
举例来说, 上述消息完整性信息、 定位设备的工作信道信息以及跟踪 序号可以携带在定位消息完整性码元素 (Location Message Integrity Code Element , 简称 LME ) 中, 本实施例中可以釆用 LME对位置跟踪通知帧进 行 BIP封装。  For example, the message integrity information, the working channel information of the locating device, and the tracking sequence number may be carried in a Location Message Integrity Code Element (LME). In this embodiment, the LME pair location may be used. Track notification frames for BIP encapsulation.
可选地, 位置跟踪通知帧中还包括定位设备的工作信道信息。 具体来说, 由于在不同的信道中发送位置跟踪通知帧时, 可能使用相 同的跟踪序号, 也就是说, 跟踪序号在每个信道号上有自己的独立空间并 在每个信道上作单向递变处理, 则位置跟踪通知帧中还包括定位设备的工 作信道信息, 定位设备可以根据定位设备的工作信道信息和跟踪序号判断 接收到的位置跟踪通知帧是否被恶意复制。 Optionally, the location tracking notification frame further includes working channel information of the positioning device. Specifically, since the location tracking notification frame is transmitted in different channels, the same tracking sequence number may be used, that is, the tracking sequence number has its own independent space on each channel number and is unidirectional on each channel. In the case of the change processing, the location tracking notification frame further includes the working channel information of the positioning device, and the positioning device can determine whether the received location tracking notification frame is maliciously copied according to the working channel information and the tracking sequence number of the positioning device.
图 2B为本发明提供的保证定位有效性的方法实施例一中 LME的格式 示意图 , 如图 2B所示, 本实施例的 LME包括 6个字段: 元素 ID ( Element ID ) , 长度( Length ) , 密钥 ID ( Key ID ) , 信道号 ( Channel Number ) , LIPN和 MIC, 其中, Element ID, Length, KeylD和 MIC均和现有技术中 的管理 MIC元素 ( Management MIC Element, 简称 MME ) 中同名字段的 含义相同, Channel Number表示目标 AP工作的信道, 而定位 IGTK包序号 ( Location IGTK Packet Number, 简称 LIPN ) 包含 5个字节, 为一个 40位 的无符号整型数, 位置跟踪通知帧的发送次数每增加一次序号作单向递变 处理, 其中, LIPN可以为本实施例中的跟踪序号, 可以防止位置跟踪通知 帧被复制后重新发送, 而 Channel Number可以为本实施例中的工作信道信 息, 用于进一步防止某一信道上的位置跟踪通知帧被复制后在另一信道上 重新发送,若 STA获得多个 ILTK,在每个指定的信道上使用不同的 ILTK, 则可以不必在 LME中包含 Channel Number。  2B is a schematic diagram of a format of an LME in the first embodiment of the method for ensuring the validity of the positioning provided by the present invention. As shown in FIG. 2B, the LME of the embodiment includes six fields: an element ID (Element ID), and a length (Length). Key ID, Channel Number, LIPN, and MIC, where Element ID, Length, KeylD, and MIC are the same as those in the Management MIC Element (MME) in the prior art. The meaning is the same, the Channel Number indicates the channel on which the target AP works, and the location IGTK Packet Number (LIPN) contains 5 bytes, which is a 40-bit unsigned integer, and the location tracking notification frame is sent. Each time the number of times is incremented, the sequence number is unidirectionally changed. The LIPN may be the tracking sequence number in the embodiment, and the location tracking notification frame may be prevented from being retransmitted after being copied, and the channel number may be the working channel information in this embodiment. , for further preventing the location tracking notification frame on a certain channel from being retransmitted after being copied on another channel, if the STA obtains A plurality ILTK, using different ILTK in each designated channel, it may not necessarily be contained in the Channel Number of the LME.
需要说明的是, 上述 LME只是一种携带本实施例的 MIC、 LIPN以及 Channel Number信息可能的组织数据的方式, 本发明并不限制携带 MIC、 LIPN以及 Channel Number信息所釆用的方式。  It should be noted that the above LME is only a way of carrying the organization data of the MIC, LIPN and Channel Number information of the embodiment, and the present invention does not limit the manner in which the MIC, LIPN and Channel Number information are carried.
S103、 发送位置跟踪通知帧。  S103. Send a location tracking notification frame.
具体来说, STA接收到关联 AP发送的用于指示 STA如何发送位置跟 踪通知帧的定位配置请求帧后, 根据自身的支持能力以及是否有定位需要 确定是否成功接受定位配置, 向关联 AP发送成功或失败的定位配置响应 帧,若是成功的定位配置响应帧, 则定位服务器向定位目标 AP发送 ILTK, 可以理解的是, 定位服务器也可以在向关联 AP发送 ILTK的同时向目标 AP发送 ILTK。  Specifically, after receiving the positioning configuration request frame sent by the associated AP to instruct the STA to send the location tracking notification frame, the STA sends the positioning configuration to the associated AP according to its own support capability and whether there is a positioning requirement. Or the failed positioning configuration response frame. If the positioning configuration response frame is successful, the positioning server sends the ILTK to the positioning target AP. It can be understood that the positioning server can also send the ILTK to the target AP while sending the ILTK to the associated AP.
具体来说, MIC是使用 ILTK对位置跟踪通知帧作摘要处理, 使得攻 击者(不持有 ILTK )无法对位置跟踪通知帧进行篡改, 因为任何篡改都会 被目标 AP检查出来。 为了防止攻击者恶意复制发送位置跟踪通知帧, 所以 位置跟踪通知帧中增加跟踪序号信息, 目标 AP知道跟踪序号在每个位置跟 踪通知帧中都不一样, 否则即为恶意复制。 另外, 由于在不同的信道中发 送位置跟踪通知帧时, 可能使用相同的跟踪序号, 也就是说, 跟踪序号在 每个信道号上有自己的独立空间并在每个信道上作单向递变, 所以位置跟 踪通知帧中还包含信道号信息。 可以理解的是, 若跟踪序号在全局单调递 变, 则可以不携带工作信道信息, 而位置跟踪通知帧中包含工作信道信息 可以更好地防止攻击者恶意复制发送位置跟踪通知帧。 Specifically, the MIC uses ILTK to digest the location tracking notification frame so that the attacker (without ILTK) cannot tamper with the location tracking notification frame because any tampering will be checked by the target AP. In order to prevent an attacker from maliciously copying the location tracking notification frame, The tracking sequence number information is added to the location tracking notification frame, and the target AP knows that the tracking sequence number is different in each location tracking notification frame, otherwise it is malicious replication. In addition, since the location tracking notification frame is transmitted in different channels, the same tracking sequence number may be used, that is, the tracking sequence has its own independent space on each channel number and performs one-way transformation on each channel. Therefore, the location tracking notification frame also includes channel number information. It can be understood that if the tracking sequence number is monotonically changed globally, the working channel information may not be carried, and the location tracking notification frame includes the working channel information to better prevent the attacker from maliciously copying the sending location tracking notification frame.
若目标 AP接收到的位置跟踪通知帧未被恶意篡改并且未被恶意复制, 则接收到的位置跟踪通知帧为有效帧, 目标 AP将测量到的定位数据发送给 定位服务器,定位服务器则根据短时间内从多个目标 AP接收到的定位数据 估计 STA的位置坐标, 若经过校验发现接收到的位置跟踪通知帧被恶意篡 改或恶意复制, 则不向定位服务器发送测量到的定位数据。  If the location tracking notification frame received by the target AP is not maliciously tampering and is not maliciously copied, the received location tracking notification frame is a valid frame, and the target AP sends the measured positioning data to the positioning server, and the positioning server is short. The location data received from the plurality of target APs in the time estimate the location coordinates of the STA. If the received location tracking notification frame is found to be maliciously falsified or maliciously copied, the measured positioning data is not sent to the positioning server.
现有技术存在其他恶意 STA在信道上窃听到位置跟踪通知帧后进行篡 改或复制的问题, 例如恶意 STA窃听到位置跟踪通知帧后复制该帧, 并发 送到不同的信道上, 目标 AP接收到这些复制帧后, 无法判断哪些帧是有效 帧, 因而会对 STA的位置做出错误估计, 进而影响定位的准确度。  In the prior art, there is a problem that other malicious STAs tamper or copy after the location tracking notification frame is audible on the channel. For example, after the malicious STA steers the location tracking notification frame, the frame is copied and sent to different channels, and the target AP receives the target AP. After copying the frames, it is impossible to determine which frames are valid frames, and thus the position of the STA is incorrectly estimated, thereby affecting the accuracy of the positioning.
本实施例的保证定位有效性的方法, 通过 STA先接收至少包括 ILTK 的定位配置请求帧,生成包含使用 ILTK生成的消息完整性信息的位置跟踪 通知帧, 消息完整性信息用于接收到位置跟踪通知帧的定位设备检验位置 跟踪通知帧的完整性, 并发送位置跟踪通知帧, 以供接收到位置跟踪通知 帧的目标 AP根据接收自定位服务器的 ILTK,对位置跟踪通知帧进行校验, 若目标 AP校验接收到的位置跟踪通知帧未经恶意篡改或恶意复制,则将测 量到的定位数据发送给定位服务器, 若经过校验发现接收到的位置跟踪通 知帧被恶意篡改或恶意复制, 则不向定位服务器发送测量到的定位数据, 可以提高定位的安全性, 防止定位系统被恶意攻击。  In the method for ensuring the positioning validity of the embodiment, the STA first receives the positioning configuration request frame including at least the ILTK, and generates a location tracking notification frame including the message integrity information generated by using the ILTK, and the message integrity information is used to receive the location tracking. The positioning device of the notification frame checks the integrity of the location tracking notification frame, and sends a location tracking notification frame, so that the target AP that receives the location tracking notification frame checks the location tracking notification frame according to the ILTK received from the positioning server. After the target AP verifies that the received location tracking notification frame has not been maliciously falsified or maliciously copied, the measured positioning data is sent to the positioning server, and if the received location tracking notification frame is verified to be maliciously falsified or maliciously copied, The measured positioning data is not sent to the positioning server, which can improve the security of the positioning and prevent the positioning system from being maliciously attacked.
图 3为本发明提供的保证定位有效性的方法实施例二的流程图,如图 3 括: 、 ' 、 、 、 、  FIG. 3 is a flowchart of Embodiment 2 of a method for ensuring the validity of positioning provided by the present invention, as shown in FIG. 3: , ' , , , , ,
S301、 接收 STA发送的位置跟踪通知帧, 位置跟踪通知帧包含使用 ILTK生成的消息完整性信息。  S301. Receive a location tracking notification frame sent by the STA, where the location tracking notification frame includes message integrity information generated by using the ILTK.
具体来说, 本实施例的定位设备可以是 AP, STA接收到关联 AP发送 的用于指示 STA如何发送位置跟踪通知帧的定位配置请求帧后, 根据自身 的支持能力以及是否有定位需要确定是否成功接受定位配置,向关联 AP发 送成功或失败的定位配置响应帧, 若是成功的定位配置响应帧, STA根据 定位配置请求帧的配置向 AP发送位置跟踪通知帧。位置跟踪通知帧包含使 用 ILTK生成的消息完整性信息。 Specifically, the positioning device in this embodiment may be an AP, and the STA receives the associated AP to send. After the positioning configuration request frame for instructing the STA to send the location tracking notification frame, according to its own support capability and whether there is a positioning requirement, it is determined whether the positioning configuration is successfully accepted, and the positioning configuration response frame of the success or failure is sent to the associated AP. The positioning configuration response frame, the STA sends a location tracking notification frame to the AP according to the configuration of the positioning configuration request frame. The location tracking notification frame contains message integrity information generated using ILTK.
具体来说,位置跟踪通知帧中的消息完整性信息具体可以是 MIC, MIC 是使用 ILTK对位置跟踪通知帧作摘要处理, 使得攻击者(不持有 ILTK ) 无法对位置跟踪通知帧进行篡改, 因为任何篡改都会被目标 AP检查出来。  Specifically, the message integrity information in the location tracking notification frame may specifically be a MIC, and the MIC uses the ILTK to perform a digest processing on the location tracking notification frame, so that the attacker (without holding the ILTK) cannot tamper with the location tracking notification frame. Because any tampering will be checked by the target AP.
S302、 根据 ILTK和消息完整性信息, 检验位置跟踪通知帧的完整性, 以便在消息完整性信息正确时根据位置跟踪通知帧获得定位 STA所需的数 据。  S302. Verify the integrity of the location tracking notification frame according to the ILTK and the message integrity information, so as to obtain the data required to locate the STA according to the location tracking notification frame when the message integrity information is correct.
具体来说, 若 STA向关联 AP发送的定位配置响应帧指示定位配置成 功, 则定位服务器向定位目标 AP发送 ILTK, 可以理解的是, 定位服务器 也可以在向关联 AP发送 ILTK的同时向目标 AP发送 ILTK。  Specifically, if the positioning configuration response frame sent by the STA to the associated AP indicates that the positioning configuration is successful, the positioning server sends the ILTK to the positioning target AP. It can be understood that the positioning server may also send the ILTK to the target AP at the same time. Send ILTK.
AP根据定位服务器发送的 ILTK, 对位置跟踪通知帧进行校验, 若目 标 AP接收到的位置跟踪通知帧未被恶意篡改并且未被恶意复制,则接收到 的位置跟踪通知帧为有效帧,目标 AP将测量到的定位数据发送给定位服务 器,定位服务器则根据短时间内从多个目标 AP接收到的定位数据估计 STA 的位置坐标, 若经过校验发现接收到的位置跟踪通知帧被恶意篡改或恶意 复制, 则不向定位服务器发送测量到的定位数据。  The AP verifies the location tracking notification frame according to the ILTK sent by the positioning server. If the location tracking notification frame received by the target AP is not maliciously tampering and is not maliciously copied, the received location tracking notification frame is a valid frame, and the target The AP sends the measured positioning data to the positioning server, and the positioning server estimates the position coordinates of the STA according to the positioning data received from the plurality of target APs in a short time, and if the verification finds that the received location tracking notification frame is maliciously tampered with. Or maliciously copied, the measured positioning data is not sent to the positioning server.
本实施例提供的保证定位有效性的方法, 通过 AP接收 STA发送的位 置跟踪通知帧,位置跟踪通知帧包含使用 ILTK生成的消息完整性信息,根 据定位服务器发送的 ILTK和消息完整性信息,检验位置跟踪通知帧的完整 性, 可以提高定位的安全性, 进而提高定位的准确度。  The method for ensuring the validity of the positioning provided by the embodiment, the AP receives the location tracking notification frame sent by the STA, and the location tracking notification frame includes the message integrity information generated by using the ILTK, and checks according to the ILTK and the message integrity information sent by the positioning server. The integrity of the location tracking notification frame can improve the security of the positioning, thereby improving the accuracy of the positioning.
图 4为本发明提供的保证定位有效性的方法实施例三的流程图,如图 4 括: 、 ' 、 、 、 、 口  FIG. 4 is a flowchart of Embodiment 3 of the method for ensuring the validity of positioning provided by the present invention, as shown in FIG. 4: , ' , , , , and
S401、 向 STA发送定位配置请求帧, 定位配置请求帧至少包括 ILTK, 定位配置请求帧中还包含周期性发送位置跟踪通知帧的信息和定位设备的 工作信道信息, 定位设备的工作信道信息指示发送位置跟踪通知帧使用的 信道。 可选地, ILTK被加密后携带在定位配置请求帧中。 S401. Send a positioning configuration request frame to the STA, where the positioning configuration request frame includes at least an ILTK, where the positioning configuration request frame further includes information for periodically sending the location tracking notification frame and working channel information of the positioning device, and the working channel information of the positioning device is sent. The location tracking notification uses the channel for the frame. Optionally, the ILTK is encrypted and carried in the positioning configuration request frame.
具体来说, 本实施例的定位设备可以是 AP, 本实施例可以通过在 STA 接收到的定位配置请求帧所包括的定位参数元素中增加的安全子元素 Security Subelement中携带 ILTK, 其中, 安全子元素可以由子元素 ID、 长 度以及 ILTK三个字段, STA接收到定位配置请求帧, 可以根据读取到的 ILTK对 STA发送给各目标 AP的位置跟踪通知帧进行 BIP封装处理。  Specifically, the positioning device in this embodiment may be an AP, and the embodiment may carry the ILTK in the security sub-element Security Subelement added in the positioning parameter element included in the positioning configuration request frame received by the STA, where the security sub- The element may be configured by the STA element ID, the length, and the ILTK field. The STA may receive the positioning configuration request frame, and perform BIP encapsulation processing on the location tracking notification frame sent by the STA to each target AP according to the read ILTK.
需要说明的是, 定位过程中的 AP可以分为两类: 一种是发起定位的关 联 AP, 同时也接收位置跟踪通知帧; 另一类是仅接受位置跟踪通知帧进行 定位的 AP, S401由发起定位的关联 AP执行。  It should be noted that the APs in the positioning process can be classified into two types: one is an associated AP that initiates positioning, and also receives a location tracking notification frame; the other is an AP that only accepts the location tracking notification frame for positioning, S401 is The associated AP that initiated the positioning is executed.
5402、 接收 STA发送的位置跟踪通知帧, 位置跟踪通知帧包含使用 ILTK生成的消息完整性信息, 位置跟踪通知帧中还包括跟踪序号, 跟踪序 号在每次生成位置跟踪通知帧时作单向递变处理。  5402. Receive a location tracking notification frame sent by the STA, where the location tracking notification frame includes message integrity information generated by using the ILTK, and the location tracking notification frame further includes a tracking sequence number, and the tracking sequence number is used for each time the location tracking notification frame is generated. Change processing.
具体来说, 定位设备接收到的位置跟踪通知帧中的跟踪序号在每次生 成位置跟踪通知帧时作单向递变处理可以保证在无恶意复制的情况下, 目 标 AP接收到的位置跟踪通知帧中的跟踪序号的字段不同。  Specifically, the tracking sequence number in the location tracking notification frame received by the positioning device performs one-way recursive processing each time the location tracking notification frame is generated to ensure that the target AP receives the location tracking notification without malicious copying. The fields of the tracking sequence number in the frame are different.
举例来说, 本实施中 STA发送给定位设备的位置跟踪通知帧中的消息 完整性信息、 定位设备的工作信道信息以及跟踪序号可以携带在 LME中, 进一步可以釆用 LME对位置跟踪通知帧进行 BIP封装。  For example, the message integrity information in the location tracking notification frame sent by the STA to the positioning device, the working channel information of the positioning device, and the tracking sequence number may be carried in the LME, and the location tracking notification frame may be further used by the LME. BIP package.
本实施例的 LME可以和本发明实施例一中的 LME相同 , 此处不再赘 述。  The LME in this embodiment may be the same as the LME in the first embodiment of the present invention, and details are not described herein.
5403、 判断是否接收到过与位置跟踪通知帧中包括的跟踪序号相同的 位置跟踪通知帧。  5403. Determine whether a location tracking notification frame that is the same as the tracking sequence number included in the location tracking notification frame is received.
5404、 对比位置跟踪通知帧中包括的工作信道信息与自身的工作信道 信息是否一致。  5404. Check whether the working channel information included in the location tracking notification frame is consistent with its working channel information.
对于在不同的信道中发送位置跟踪通知帧时, 可能使用相同的跟踪序 号, 即跟踪序号在每个信道号上有自己的独立空间并在每个信道上作单向 递变处理的情况, 位置跟踪通知帧中还需要包括定位设备的工作信道信息, 定位设备可以根据定位设备的工作信道信息和跟踪序号判断接收到的位置 跟踪通知帧是否被恶意复制。  When transmitting a location tracking notification frame in different channels, the same tracking sequence number may be used, that is, the tracking sequence has its own independent space on each channel number and performs one-way gradual processing on each channel. The tracking notification frame also needs to include the working channel information of the positioning device, and the positioning device can determine whether the received location tracking notification frame is maliciously copied according to the working channel information and the tracking sequence number of the positioning device.
具体来说, 目标 AP根据 ILTK检验位置跟踪通知帧的完整性可以包括 恶意篡改校验和恶意复制校验两部分, 其中, 恶意篡改校验为目标 AP根据 ILTK、 接收到的位置跟踪通知帧中的信息通过消息完整性校验算法校验接 收到的位置跟踪通知帧是否被篡改过, 若计算得到的消息完整性信息的值 与位置跟踪通知帧中携带的消息完整性信息的值相同, 则接收到的位置跟 踪通知帧没有被篡改过, 若不相同, 则接收到的位置跟踪通知帧被篡改过; 恶意复制校验包括目标 AP对比位置跟踪通知帧中包括的工作信道信息 Channel Number与自身实际的工作信道信息是否一致, 以及判断是否接收 到过与位置跟踪通知帧中包括的跟踪序号相同的位置跟踪通知帧, 若位置 跟踪通知帧中包括的工作信道信息 Channel Number与自身实际的工作信道 信息一致, 且未接收到过与位置跟踪通知帧中包括的跟踪序号相同的位置 跟踪通知帧,则接收到的位置跟踪通知帧并非被恶意 STA进行复制后发送, 若位置跟踪通知帧中包括的工作信道信息 Channel Number与自身实际的工 作信道信息不一致, 或者, 接收到过与位置跟踪通知帧中包括的跟踪序号 相同的位置跟踪通知帧, 则接收到的位置跟踪通知帧不可用。 Specifically, the target AP according to the ILTK check location integrity of the notification frame may include a malicious tamper check and a malicious copy check, wherein the malicious tamper check is the target AP according to the target AP. The information in the received location tracking notification frame is checked by the message integrity check algorithm to check whether the received location tracking notification frame has been tampered with, if the calculated value of the message integrity information is carried in the location tracking notification frame. If the value of the message integrity information is the same, the received location tracking notification frame has not been tampered with. If not, the received location tracking notification frame has been tampered with; the malicious replication verification includes the target AP comparison location tracking notification frame. Whether the channel number included in the working channel information is consistent with its actual working channel information, and whether the location tracking notification frame that is the same as the tracking sequence number included in the location tracking notification frame is received, if the work included in the location tracking notification frame is included The channel information Channel Number is consistent with its actual working channel information, and the location tracking notification frame that is the same as the tracking sequence number included in the location tracking notification frame is not received, and the received location tracking notification frame is not copied by the malicious STA. Send, if the work channel included in the location tracking notification frame Channel Number information with their actual working channel information is inconsistent, or received over the same track the location notification frame including the tracking position tracking number notification frame, then the received frame is unavailable position tracking notification.
本实施例提供的保证定位有效性的方法, 通过 AP向 STA发送接收定 位配置请求帧, 接收 STA发送的位置跟踪通知帧, 位置跟踪通知帧包含使 用 ILTK生成的消息完整性信息, 再根据定位服务器发送的 ILTK和消息完 整性信息, 检验位置跟踪通知帧的完整性, 可以提高定位的安全性, 进而 提高定位的准确度。 联 AP为发起定位的 AP , 同时也接收位置跟踪通知帧并进行校验和定位, 目标 AP是仅接收位置跟踪通知帧进行校验和定位的 AP。 所示, 本实施例的保证定位有效性的方法, 包括:  The method for ensuring the validity of the positioning provided by the embodiment, the AP sends a receiving positioning configuration request frame to the STA, and receives the location tracking notification frame sent by the STA. The location tracking notification frame includes message integrity information generated by using the ILTK, and then according to the positioning server. The transmitted ILTK and message integrity information verify the integrity of the location tracking notification frame, which can improve the security of the positioning and improve the accuracy of the positioning. The associated AP is the AP that initiates the positioning, and also receives the location tracking notification frame and performs checksum positioning. The target AP is an AP that only receives the location tracking notification frame for checksum positioning. As shown in the embodiment, the method for ensuring the validity of the positioning includes:
5501、 定位服务器向关联 AP发送 ILTK。  5501. The positioning server sends an ILTK to the associated AP.
5502、 关联 AP向 STA发送至少包括有 ILTK的定位配置请求帧。 举例来说, ILTK被加密后携带在定位配置请求帧中。  S502. The associated AP sends a positioning configuration request frame including at least an ILTK to the STA. For example, the ILTK is encrypted and carried in the positioning configuration request frame.
5503、 STA向关联 AP发送定位配置响应帧。  S503. The STA sends a positioning configuration response frame to the associated AP.
具体来说, STA接收到关联 AP发送的定位配置请求帧后, 根据自身 的支持能力以及是否有定位需要确定是否成功接受定位配置,向关联 AP发 送定位配置响应帧, 若定位配置响应帧指示定位配置成功, 则继续后续操 作; 若定位配置响应帧指示定位配置失败, 则结束。 5504、 定位服务器向目标 AP发送 ILTK。 Specifically, after receiving the positioning configuration request frame sent by the associated AP, the STA determines whether the positioning configuration is successfully accepted according to its own support capability and whether there is a positioning requirement, and sends a positioning configuration response frame to the associated AP, and if the positioning configuration response frame indicates positioning If the configuration succeeds, the subsequent operations are continued. If the positioning configuration response frame indicates that the positioning configuration fails, the process ends. 5504. The positioning server sends an ILTK to the target AP.
可以理解的是, 关联 AP可以为一个。  It can be understood that the associated AP can be one.
5505、 STA生成位置跟踪通知帧, 并根据 ILTK生成位置跟踪通知帧 的消息完整性信息。  S505. The STA generates a location tracking notification frame, and generates message integrity information of the location tracking notification frame according to the ILTK.
5506、 STA向关联 AP和目标 AP发送包含消息完整性信息的位置跟踪 通知帧。  S506. The STA sends a location tracking notification frame that includes message integrity information to the associated AP and the target AP.
S507、 关联 AP和目标 AP根据 ILTK和位置跟踪通知帧包含的消息完 整性信息, 检验位置跟踪通知帧的完整性。  S507. The associated AP and the target AP verify the integrity of the location tracking notification frame according to the message integrity information contained in the ILTK and the location tracking notification frame.
S508、 关联 AP和目标 AP向定位服务器发送定位数据。  S508. The associated AP and the target AP send the positioning data to the positioning server.
具体来说, 若目标 AP和关联 AP校验接收到的位置跟踪通知帧为有效 帧, 才向定位服务器发送定位数据, 以供定位服务器根据接收到的定位数 据估计 STA的坐标; 若目标 AP和关联 AP校验接收到的位置跟踪通知帧 被恶意篡改或被恶意重复, 则不向定位服务器发送定位数据, 可以提高定 位的安全性。  Specifically, if the target AP and the associated AP check that the received location tracking notification frame is a valid frame, the positioning data is sent to the positioning server, so that the positioning server estimates the coordinates of the STA according to the received positioning data; If the location tracking notification frame received by the associated AP is maliciously falsified or maliciously repeated, the positioning data is not sent to the positioning server, which can improve the security of the positioning.
本实施例提供的保证定位有效性的方法, 通过关联 AP向 STA发送至 少包括有 ILTK的定位配置请求帧, STA根据 ILTK生成位置跟踪通知帧的 消息完整性信息, 并向关联 AP和目标 AP发送包含有消息完整性信息的位 置跟踪通知帧, 关联 AP和目标 AP根据 ILTK和消息完整性信息, 检验位 置跟踪通知帧的完整性, 可以提高定位的安全性, 进而提高定位的准确度。  The method for ensuring the validity of the positioning provided by the embodiment, the AP sends a positioning configuration request frame including at least the ILTK to the STA, and the STA generates the message integrity information of the location tracking notification frame according to the ILTK, and sends the message integrity information to the associated AP and the target AP. The location tracking notification frame including the message integrity information, the associated AP and the target AP verify the integrity of the location tracking notification frame according to the ILTK and the message integrity information, thereby improving the security of the positioning and improving the positioning accuracy.
图 6为本发明提供的工作站装置实施例一的结构示意图, 如图 6所示, 本实施例的工作站装置, 包括: 第一接收模块 61、 第一处理模块 62以及第 一发送模块 63 , 其中, 第一接收模块 61用于接收定位配置请求帧, 定位配 置请求帧至少包括完整性定位暂时密钥 ILTK; 第一处理模块 62用于生成 位置跟踪通知帧, 位置跟踪通知帧包含使用 ILTK生成的消息完整性信息, 消息完整性信息用于接收到位置跟踪通知帧的定位设备检验位置跟踪通知 帧的完整性; 第一发送模块 63用于发送位置跟踪通知帧。  FIG. 6 is a schematic structural diagram of Embodiment 1 of a workstation device according to the present invention. As shown in FIG. 6, the workstation device of the present embodiment includes: a first receiving module 61, a first processing module 62, and a first sending module 63, where The first receiving module 61 is configured to receive a positioning configuration request frame, where the positioning configuration request frame includes at least an integrity positioning temporary key ILTK; the first processing module 62 is configured to generate a location tracking notification frame, where the location tracking notification frame is generated by using the ILTK Message integrity information, the message integrity information is used by the positioning device that receives the location tracking notification frame to verify the integrity of the location tracking notification frame; the first sending module 63 is configured to send the location tracking notification frame.
可选地, ILTK被加密后携带在定位配置请求帧中。  Optionally, the ILTK is encrypted and carried in the positioning configuration request frame.
可选地, 定位配置请求帧中还包含周期性发送位置跟踪通知帧的信息 和定位设备的工作信道信息, 定位设备的工作信道信息指示发送位置跟踪 通知帧使用的信道, 位置跟踪通知帧中还包括跟踪序号, 跟踪序号在每次 生成位置跟踪通知帧时作单向递变处理。 可选地, 位置跟踪通知帧中还包括定位设备的工作信道信息。 Optionally, the positioning configuration request frame further includes information for periodically transmitting the location tracking notification frame and working channel information of the positioning device, where the working channel information of the positioning device indicates the channel used by the sending location tracking notification frame, and the location tracking notification frame is further Including the tracking sequence number, the tracking sequence number is subjected to one-way recursive processing each time the location tracking notification frame is generated. Optionally, the location tracking notification frame further includes working channel information of the positioning device.
本实施例的工作站装置可以是 STA。  The workstation device of this embodiment may be a STA.
本实施例的装置, 可以用于执行图 1 所示方法实施例的技术方案, 其 实现原理和技术效果类似, 此处不再赘述。  The device in this embodiment may be used to implement the technical solution of the method embodiment shown in FIG. 1. The implementation principle and technical effects are similar, and details are not described herein again.
图 7为本发明提供的工作站装置实施例二的结构示意图, 如图 7所示, 本实施例的工作站装置包括发射机 71、 接收机 72、 存储器 73 以及分别与 发射机 71、 接收机 72和存储器 73连接的处理器 74。 当然, 工作站装置还 可以包括天线、 基带处理部件、 中射频处理部件、 输入输出装置等通用部 件, 本发明实施例在此不做任何限制。  FIG. 7 is a schematic structural diagram of Embodiment 2 of a workstation device according to the present invention. As shown in FIG. 7, the workstation device of this embodiment includes a transmitter 71, a receiver 72, a memory 73, and a transmitter 71 and a receiver 72, respectively. The processor 74 is connected to the memory 74. Of course, the workstation device may also include a common component such as an antenna, a baseband processing component, a medium-frequency processing component, and an input/output device. The embodiment of the present invention does not impose any limitation here.
其中, 存储器 73中存储一组程序代码, 且处理器 74用于调用存储器 73中存储的程序代码, 用于执行以下操作:  The memory 73 stores a set of program codes, and the processor 74 is configured to call the program code stored in the memory 73 for performing the following operations:
接收定位配置请求帧, 定位配置请求帧至少包括完整性定位暂时密钥 ILTK;  Receiving a positioning configuration request frame, where the positioning configuration request frame includes at least an integrity positioning temporary key ILTK;
生成位置跟踪通知帧 ,位置跟踪通知帧包含使用 ILTK生成的消息完整 性信息, 消息完整性信息用于接收到位置跟踪通知帧的定位设备检验位置 跟踪通知帧的完整性;  Generating a location tracking notification frame, the location tracking notification frame containing message integrity information generated using the ILTK, and the message integrity information for receiving the location tracking notification frame by the positioning device to verify the integrity of the location tracking notification frame;
发送位置跟踪通知帧。  Send a location tracking notification frame.
图 8为本发明提供的定位设备实施例一的结构示意图, 如图 8所示, 本实施例的定位设备包括: 第二接收模块 81和第二处理模块 82, 其中, 第 二接收模块 81用于接收工作站 STA发送的位置跟踪通知帧,位置跟踪通知 帧包含使用完整性定位暂时密钥 ILTK生成的消息完整性信息;第二处理模 块 82用于根据 ILTK和消息完整性信息, 检验位置跟踪通知帧的完整性, 以便在消息完整性信息正确时根据位置跟踪通知帧获得定位 STA所需的数 据。  FIG. 8 is a schematic structural diagram of Embodiment 1 of a positioning device according to the present invention. As shown in FIG. 8, the positioning device of this embodiment includes: a second receiving module 81 and a second processing module 82, where the second receiving module 81 is used. And receiving, by the receiving station STA, a location tracking notification frame, where the location tracking notification frame includes message integrity information generated by using the integrity positioning temporary key ILTK; and the second processing module 82 is configured to verify the location tracking notification according to the ILTK and the message integrity information. The integrity of the frame, in order to obtain the data required to locate the STA based on the location tracking notification frame when the message integrity information is correct.
可选地, 本实施例的定位设备, 还包括: 第二发送模块, 第二发送模 块用于在接收工作站 STA发送的位置跟踪通知帧之前,向 STA发送定位配 置请求帧, 定位配置请求帧至少包括 ILTK。  Optionally, the locating device of the embodiment further includes: a second sending module, where the second sending module is configured to send a positioning configuration request frame to the STA, and locate the configuration request frame at least before receiving the location tracking notification frame sent by the station STA Includes ILTK.
可选地, ILTK被加密后携带在定位配置请求帧中。  Optionally, the ILTK is encrypted and carried in the positioning configuration request frame.
可选地, 定位配置请求帧中还包含周期性发送位置跟踪通知帧的信息 和定位设备的工作信道信息, 定位设备的工作信道信息指示发送位置跟踪 通知帧使用的信道, 位置跟踪通知帧中还包括跟踪序号, 跟踪序号在每次 生成位置跟踪通知帧时作单向递变处理; Optionally, the positioning configuration request frame further includes information for periodically transmitting the location tracking notification frame and working channel information of the positioning device, where the working channel information of the positioning device indicates the channel used by the sending location tracking notification frame, and the location tracking notification frame is further Including tracking number, tracking number is every time One-way recursive processing when generating a location tracking notification frame;
相应地, 第二处理模块 82, 还用于:  Correspondingly, the second processing module 82 is further configured to:
判断是否接收到过与位置跟踪通知帧中包括的跟踪序号相同的位置跟 踪通知帧。  It is judged whether or not the position tracking notification frame having the same tracking number included in the position tracking notification frame has been received.
可选地, 位置跟踪通知帧中还包括定位设备的工作信道信息; 相应地, 第二处理模块 82, 还用于:  Optionally, the location tracking notification frame further includes working channel information of the positioning device. Correspondingly, the second processing module 82 is further configured to:
对比位置跟踪通知帧中包括的工作信道信息与自身的工作信道信息是 否一致。  The working channel information included in the comparison location tracking notification frame is consistent with its own working channel information.
本实施例的定位设备可以是 AP。  The positioning device of this embodiment may be an AP.
本实施例的装置, 可以用于执行图 2或图 3所示方法实施例的技术方 案, 其实现原理和技术效果类似, 此处不再赘述。  The device in this embodiment may be used to implement the technical solution of the method embodiment shown in FIG. 2 or FIG. 3, and the implementation principle and the technical effect are similar, and details are not described herein again.
图 9为本发明提供的定位设备实施例二的结构示意图, 如图 9所示, 本实施例的定位设备包括发射机 91、 接收机 92、 存储器 93以及分别与发 射机 91、 接收机 92和存储器 93连接的处理器 94。 当然, 定位设备还可以 包括天线、 基带处理部件、 中射频处理部件、 输入输出装置等通用部件, 本发明实施例在此不做任何限制。  FIG. 9 is a schematic structural diagram of Embodiment 2 of a positioning apparatus according to the present invention. As shown in FIG. 9, the positioning apparatus of this embodiment includes a transmitter 91, a receiver 92, a memory 93, and a transmitter 91 and a receiver 92, respectively. The processor 93 is connected to the memory 93. Of course, the locating device may also include a common component such as an antenna, a baseband processing component, a medium-frequency processing component, and an input/output device. The embodiment of the present invention is not limited herein.
其中, 存储器 93中存储一组程序代码, 且处理器 94用于调用存储器 93中存储的程序代码, 用于执行以下操作:  The memory 93 stores a set of program codes, and the processor 94 is configured to call the program code stored in the memory 93 for performing the following operations:
接收工作站 STA发送的位置跟踪通知帧, 位置跟踪通知帧包含使用完 整性定位暂时密钥 ILTK生成的消息完整性信息;  Receiving a location tracking notification frame sent by the STA, the location tracking notification frame includes message integrity information generated by using the integrity positioning temporary key ILTK;
根据 ILTK和消息完整性信息,检验位置跟踪通知帧的完整性, 以便在 消息完整性信息正确时根据位置跟踪通知帧获得定位 STA所需的数据。  Based on the ILTK and message integrity information, the integrity of the location tracking notification frame is verified to obtain the data required to locate the STA based on the location tracking notification frame when the message integrity information is correct.
图 10为本发明提供的网络系统实施例一的结构示意图, 如图 10所示, 本实施例的网络系统, 包括: 工作站装置 100、 定位设备 200以及定位服务 器 300, 其中, 工作站装置 100可以是上述工作站装置实施例一或二中任意 一种工作站装置, 定位设备 200可以是上述定位设备实施例一或二中任意 一种定位设备。  FIG. 10 is a schematic structural diagram of Embodiment 1 of a network system according to the present invention. As shown in FIG. 10, the network system of this embodiment includes: a workstation device 100, a positioning device 200, and a positioning server 300, where the workstation device 100 may be The locating device 200 of any one of the above-mentioned locating device embodiments may be the locating device of any one or two of the locating device embodiments.
本实施例提供的网络系统, 通过工作站装置向定位设备发送位置跟踪 通知帧,位置跟踪通知帧包含有根据 ILTK生成的消息完整性信息,再根据 定位服务器发送的 ILTK和消息完整性信息, 检验位置跟踪通知帧的完整 性, 可以提高定位的安全性, 进而提高定位的准确度。 在本发明所提供的几个实施例中, 应该理解到, 所揭露的装置和方法, 可以通过其它的方式实现。 例如, 以上所描述的装置实施例仅仅是示意性 的, 例如, 所述单元的划分, 仅仅为一种逻辑功能划分, 实际实现时可以 有另外的划分方式, 例如多个单元或组件可以结合或者可以集成到另一个 系统, 或一些特征可以忽略, 或不执行。 另一点, 所显示或讨论的相互之 间的耦合或直接耦合或通信连接可以是通过一些接口, 装置或单元的间接 耦合或通信连接, 可以是电性, 机械或其它的形式。 作为单元显示的部件可以是或者也可以不是物理单元, 即可以位于一个地 方, 或者也可以分布到多个网络单元上。 可以根据实际的需要选择其中的 部分或者全部单元来实现本实施例方案的目的。 The network system provided in this embodiment sends a location tracking notification frame to the positioning device by using the workstation device. The location tracking notification frame includes message integrity information generated according to the ILTK, and then checks the location according to the ILTK and message integrity information sent by the positioning server. Tracking the integrity of the notification frame can improve the security of the positioning, thereby improving the accuracy of the positioning. In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form. The components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外, 在本发明各个实施例中的各功能单元可以集成在一个处理单元 中, 也可以是各个单元单独物理存在, 也可以两个或两个以上单元集成在 一个单元中。 上述集成的单元既可以釆用硬件的形式实现, 也可以釆用硬 件加软件功能单元的形式实现。  In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a hardware plus software functional unit.
上述以软件功能单元的形式实现的集成的单元, 可以存储在一个计算 机可读取存储介质中。 上述软件功能单元存储在一个存储介质中, 包括若 干指令用以使得一台计算机设备(可以是个人计算机, 服务器, 或者网络 设备等)或处理器( processor )执行本发明各个实施例所述方法的部分步骤。 而前述的存储介质包括: U盘、移动硬盘、只读存储器(Read-Only Memory, ROM ), 随机存取存储器(Random Access Memory, RAM ), 磁碟或者光盘 等各种可以存储程序代码的介质。  The above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium. The above software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the methods of the various embodiments of the present invention. Part of the steps. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .
本领域技术人员可以清楚地了解到, 为描述的方便和简洁, 仅以上述 各功能模块的划分进行举例说明, 实际应用中, 可以根据需要而将上述功 能分配由不同的功能模块完成, 即将装置的内部结构划分成不同的功能模 块, 以完成以上描述的全部或者部分功能。 上述描述的装置的具体工作过 程, 可以参考前述方法实施例中的对应过程, 在此不再赘述。  A person skilled in the art can clearly understand that for the convenience and brevity of the description, only the division of each functional module described above is exemplified. In practical applications, the above function assignment can be completed by different functional modules as needed, that is, the device is installed. The internal structure is divided into different functional modules to perform all or part of the functions described above. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiments, and details are not described herein again.
最后应说明的是: 以上各实施例仅用以说明本发明的技术方案, 而非 对其限制; 尽管参照前述各实施例对本发明进行了详细的说明, 本领域的 普通技术人员应当理解: 其依然可以对前述各实施例所记载的技术方案进 行修改, 或者对其中部分或者全部技术特征进行等同替换; 而这些修改或 者替换, 并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。 It should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art The technical solutions described in the foregoing embodiments can still be A modification of the line, or equivalent replacement of some or all of the technical features, and the modifications or substitutions do not depart from the scope of the technical solutions of the embodiments of the present invention.

Claims

权利要求 Rights request
1、 一种保证定位有效性的方法, 其特征在于, 包括: A method for ensuring the effectiveness of positioning, characterized in that it comprises:
接收定位配置请求帧, 所述定位配置请求帧至少包括完整性定位暂时 密钥 ILTK;  Receiving a positioning configuration request frame, where the positioning configuration request frame includes at least an integrity positioning temporary key ILTK;
生成位置跟踪通知帧 ,所述位置跟踪通知帧包含使用所述 ILTK生成的 消息完整性信息, 所述消息完整性信息用于接收到所述位置跟踪通知帧的 定位设备检验所述位置跟踪通知帧的完整性;  Generating a location tracking notification frame, the location tracking notification frame including message integrity information generated using the ILTK, the message integrity information being used by a positioning device receiving the location tracking notification frame to verify the location tracking notification frame Integrity
发送所述位置跟踪通知帧。  Sending the location tracking notification frame.
2、 根据权利要求 1所述的方法, 其特征在于, 所述 ILTK被加密后携 带在所述定位配置请求帧中。  2. The method according to claim 1, wherein the ILTK is encrypted and carried in the positioning configuration request frame.
3、 根据权利要求 1或 2所述的方法, 其特征在于, 所述定位配置请求 帧中还包含周期性发送所述位置跟踪通知帧的信息和所述定位设备的工作 信道信息, 所述定位设备的工作信道信息指示发送所述位置跟踪通知帧使 用的信道, 所述位置跟踪通知帧中还包括跟踪序号, 所述跟踪序号在每次 生成所述位置跟踪通知帧时作单向递变处理。  The method according to claim 1 or 2, wherein the positioning configuration request frame further includes information for periodically transmitting the location tracking notification frame and working channel information of the positioning device, where the positioning The working channel information of the device indicates the channel used for sending the location tracking notification frame, and the location tracking notification frame further includes a tracking sequence number, where the tracking sequence number is unidirectionally processed each time the location tracking notification frame is generated. .
4、 根据权利要求 3所述的方法, 其特征在于, 所述位置跟踪通知帧中 还包括所述定位设备的工作信道信息。  The method according to claim 3, wherein the location tracking notification frame further includes working channel information of the positioning device.
5、 一种保证定位有效性的方法, 其特征在于, 包括:  5. A method for ensuring the effectiveness of positioning, characterized in that it comprises:
接收工作站 STA发送的位置跟踪通知帧, 所述位置跟踪通知帧包含使 用完整性定位暂时密钥 ILTK生成的消息完整性信息;  Receiving a location tracking notification frame sent by the station STA, the location tracking notification frame containing message integrity information generated by using the integrity positioning temporary key ILTK;
根据所述 ILTK和所述消息完整性信息,检验所述位置跟踪通知帧的完 整性, 以便在所述消息完整性信息正确时根据所述位置跟踪通知帧获得定 位所述 STA所需的数据。  And verifying the integrity of the location tracking notification frame according to the ILTK and the message integrity information, so as to obtain data required to locate the STA according to the location tracking notification frame when the message integrity information is correct.
6、 根据权利要求 5 所述的方法, 其特征在于, 所述接收工作站 STA 发送的位置跟踪通知帧之前, 还包括:  The method according to claim 5, wherein before the receiving the location tracking notification frame sent by the STA, the method further includes:
向所述 STA发送定位配置请求帧, 所述定位配置请求帧至少包括所述 ILTK。  Sending a positioning configuration request frame to the STA, where the positioning configuration request frame includes at least the ILTK.
7、 根据权利要求 6所述的方法, 其特征在于, 所述 ILTK被加密后携 带在所述定位配置请求帧中。  7. The method according to claim 6, wherein the ILTK is encrypted and carried in the positioning configuration request frame.
8、 根据权利要求 5-7任一所述的方法, 其特征在于, 所述定位配置请 求帧中还包含周期性发送所述位置跟踪通知帧的信息和定位设备的工作信 道信息, 所述定位设备的工作信道信息指示发送所述位置跟踪通知帧使用 的信道, 所述位置跟踪通知帧中还包括跟踪序号, 所述跟踪序号在每次生 成所述位置跟踪通知帧时作单向递变处理; The method according to any one of claims 5-7, wherein the positioning configuration is The request frame further includes information for periodically transmitting the location tracking notification frame and working channel information of the positioning device, where the working channel information of the positioning device indicates a channel used for sending the location tracking notification frame, and the location tracking notification frame The tracking sequence number is further included in the tracking sequence number, and the tracking sequence number is subjected to one-way gradation processing each time the location tracking notification frame is generated;
相应地, 所述方法还包括:  Correspondingly, the method further includes:
判断是否接收到过与所述位置跟踪通知帧中包括的跟踪序号相同的位 置跟踪通知帧。  It is judged whether or not the location tracking notification frame identical to the tracking sequence number included in the location tracking notification frame has been received.
9、 根据权利要求 8所述的方法, 其特征在于, 所述位置跟踪通知帧中 还包括所述定位设备的工作信道信息;  The method according to claim 8, wherein the location tracking notification frame further includes working channel information of the positioning device;
相应地, 所述方法还包括:  Correspondingly, the method further includes:
对比所述位置跟踪通知帧中包括的所述工作信道信息与自身的工作信 道信息是否一致。  Comparing whether the working channel information included in the location tracking notification frame is consistent with its own working channel information.
10、 一种工作站装置, 其特征在于, 包括:  10. A workstation device, comprising:
第一接收模块, 用于接收定位配置请求帧, 所述定位配置请求帧至少 包括完整性定位暂时密钥 ILTK;  a first receiving module, configured to receive a positioning configuration request frame, where the positioning configuration request frame includes at least an integrity positioning temporary key ILTK;
第一处理模块, 用于生成位置跟踪通知帧, 所述位置跟踪通知帧包含 使用所述 ILTK生成的消息完整性信息,所述消息完整性信息用于接收到所 述位置跟踪通知帧的定位设备检验所述位置跟踪通知帧的完整性;  a first processing module, configured to generate a location tracking notification frame, where the location tracking notification frame includes message integrity information generated by using the ILTK, where the message integrity information is used to receive the location tracking notification frame Verifying the integrity of the location tracking notification frame;
第一发送模块, 用于发送所述位置跟踪通知帧。  The first sending module is configured to send the location tracking notification frame.
11、 根据权利要求 10所述的工作站装置, 其特征在于, 所述 ILTK被 加密后携带在所述定位配置请求帧中。  The workstation device according to claim 10, wherein the ILTK is encrypted and carried in the positioning configuration request frame.
12、 根据权利要求 10或 11所述的工作站装置, 其特征在于, 所述定 位配置请求帧中还包含周期性发送所述位置跟踪通知帧的信息和所述定位 设备的工作信道信息, 所述定位设备的工作信道信息指示发送所述位置跟 踪通知帧使用的信道, 所述位置跟踪通知帧中还包括跟踪序号, 所述跟踪 序号在每次生成所述位置跟踪通知帧时作单向递变处理。  The workstation device according to claim 10 or 11, wherein the positioning configuration request frame further includes information for periodically transmitting the location tracking notification frame and working channel information of the positioning device, where The working channel information of the positioning device indicates the channel used for sending the location tracking notification frame, and the location tracking notification frame further includes a tracking sequence number, and the tracking sequence number is unidirectionally changed each time the location tracking notification frame is generated. deal with.
13、 根据权利要求 12所述的工作站装置, 其特征在于, 所述位置跟踪 通知帧中还包括所述定位设备的工作信道信息。  The workstation device according to claim 12, wherein the location tracking notification frame further includes working channel information of the positioning device.
14、 一种定位设备, 其特征在于, 包括:  14. A positioning device, comprising:
第二接收模块, 用于接收工作站 STA发送的位置跟踪通知帧, 所述位 置跟踪通知帧包含使用完整性定位暂时密钥 ILTK生成的消息完整性信息; 第二处理模块, 用于根据所述 ILTK和所述消息完整性信息,检验所述 位置跟踪通知帧的完整性, 以便在所述消息完整性信息正确时根据所述位 置跟踪通知帧获得定位所述 STA所需的数据。 a second receiving module, configured to receive a location tracking notification frame sent by the workstation STA, where the location tracking notification frame includes message integrity information generated by using the integrity positioning temporary key ILTK; a second processing module, configured to verify integrity of the location tracking notification frame according to the ILTK and the message integrity information, so as to obtain a location location according to the location tracking notification frame when the message integrity information is correct Describe the data required by the STA.
15、 根据权利要求 14所述的定位设备, 其特征在于, 还包括: 第二发送模块, 用于在所述接收工作站 STA发送的位置跟踪通知帧之 前, 向所述 STA发送定位配置请求帧, 所述定位配置请求帧至少包括所述 ILTK。  The locating device according to claim 14, further comprising: a second sending module, configured to send a positioning configuration request frame to the STA before the location tracking notification frame sent by the receiving station STA, The positioning configuration request frame includes at least the ILTK.
16、 根据权利要求 15所述的定位设备, 其特征在于, 所述 ILTK被加 密后携带在所述定位配置请求帧中。  The positioning device according to claim 15, wherein the ILTK is encrypted and carried in the positioning configuration request frame.
17、根据权利要求 14-16任一所述的定位设备, 其特征在于, 所述定位 配置请求帧中还包含周期性发送所述位置跟踪通知帧的信息和定位设备的 工作信道信息, 所述定位设备的工作信道信息指示发送所述位置跟踪通知 帧使用的信道, 所述位置跟踪通知帧中还包括跟踪序号, 所述跟踪序号在 每次生成所述位置跟踪通知帧时作单向递变处理;  The positioning device according to any one of claims 14-16, wherein the positioning configuration request frame further includes information for periodically transmitting the location tracking notification frame and working channel information of the positioning device, where The working channel information of the positioning device indicates the channel used for sending the location tracking notification frame, and the location tracking notification frame further includes a tracking sequence number, and the tracking sequence number is unidirectionally changed each time the location tracking notification frame is generated. deal with;
相应地, 所述第二处理模块, 还用于:  Correspondingly, the second processing module is further configured to:
判断是否接收到过与所述位置跟踪通知帧中包括的跟踪序号相同的位 置跟踪通知帧。  It is judged whether or not the location tracking notification frame identical to the tracking sequence number included in the location tracking notification frame has been received.
18、 根据权利要求 17所述的定位设备, 其特征在于, 所述位置跟踪通 知帧中还包括所述定位设备的工作信道信息;  The positioning device according to claim 17, wherein the location tracking notification frame further includes working channel information of the positioning device;
相应地, 所述第二处理模块, 还用于:  Correspondingly, the second processing module is further configured to:
对比所述位置跟踪通知帧中包括的所述工作信道信息与自身的工作信 道信息是否一致。  Comparing whether the working channel information included in the location tracking notification frame is consistent with its own working channel information.
19、 一种网络系统, 其特征在于, 包括: 如权利要求 10至 13任一项 所述的工作站装置、 如权利要求 14至 18任一项所述的定位设备, 以及定 位服务器。  A network system, comprising: the workstation device according to any one of claims 10 to 13, the positioning device according to any one of claims 14 to 18, and a positioning server.
PCT/CN2014/072263 2013-02-19 2014-02-19 Method, device and network system to ensure positioning validity WO2014127717A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310053499.8 2013-02-19
CN201310053499.8A CN103997481B (en) 2013-02-19 2013-02-19 Ensure method, device and the network system of positioning validity

Publications (1)

Publication Number Publication Date
WO2014127717A1 true WO2014127717A1 (en) 2014-08-28

Family

ID=51311489

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/072263 WO2014127717A1 (en) 2013-02-19 2014-02-19 Method, device and network system to ensure positioning validity

Country Status (2)

Country Link
CN (1) CN103997481B (en)
WO (1) WO2014127717A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101189858A (en) * 2005-02-25 2008-05-28 思科技术公司 Location-based enhancements for wireless intrusion detection
CN101228763A (en) * 2005-06-20 2008-07-23 意大利电信股份公司 System and method for managing judge right of mobile terminal in communication network, corresponding network and computer program product
US20110261820A1 (en) * 2004-07-16 2011-10-27 Applied Micro Circuits Corporation User-specified key creation from attributes independent of encapsulation type

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110261820A1 (en) * 2004-07-16 2011-10-27 Applied Micro Circuits Corporation User-specified key creation from attributes independent of encapsulation type
CN101189858A (en) * 2005-02-25 2008-05-28 思科技术公司 Location-based enhancements for wireless intrusion detection
CN101228763A (en) * 2005-06-20 2008-07-23 意大利电信股份公司 System and method for managing judge right of mobile terminal in communication network, corresponding network and computer program product

Also Published As

Publication number Publication date
CN103997481B (en) 2017-07-07
CN103997481A (en) 2014-08-20

Similar Documents

Publication Publication Date Title
JP6694952B2 (en) Generate and publish verified location information
CN110678770B (en) Positioning information verification
KR101783662B1 (en) Authenticated time-of-flight indoor positioning systems and methods
US10694407B2 (en) Method and devices for secure measurement exchange
JP4701434B2 (en) Wireless communication system and wireless communication method
US11490251B2 (en) System and method of secure ranging measurement
US8730863B2 (en) Network communication systems and methods
WO2014032612A1 (en) Method, device, server, system, and apparatus for preventing information leakage
KR20120055683A (en) Methods and apparatus for deriving, communicating and/or verifying ownership of expressions
CN104967595A (en) Method and apparatus for registering devices on Internet of things platform
US10869195B2 (en) Network assisted validation of secure connection to cellular infrastructure
KR20110031752A (en) Method and apparatus for detecting sybil attack node using localization information and hash chain in ubiquitous sensor networks
WO2018205148A1 (en) Data packet checking method and device
JP7183392B2 (en) Method and apparatus for configuring and detecting information integrity
WO2016065647A1 (en) Mic verification method in d2d communications and d2d communications system
US20150172918A1 (en) Method for transmitting data, access point and station
JP2022548137A (en) Air interface information security protection method and apparatus
WO2020169505A1 (en) System for trusted distance measurement
CN110663275B (en) Improving security of multipoint timing advance
WO2014127717A1 (en) Method, device and network system to ensure positioning validity
CN113455020B (en) System for trusted distance measurement
CN111182548B (en) Pseudo network equipment identification method and communication device
WO2019201257A1 (en) Device-to-x (d2x) communication method, device, and storage medium
US20140024344A1 (en) Mobile communication method, radio base station, mobile management node, and mobile station
RU2810171C2 (en) Reliable distance measuring system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14753792

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14753792

Country of ref document: EP

Kind code of ref document: A1