WO2022176384A1 - 通信装置、制御方法、およびプログラム - Google Patents

通信装置、制御方法、およびプログラム Download PDF

Info

Publication number
WO2022176384A1
WO2022176384A1 PCT/JP2021/047538 JP2021047538W WO2022176384A1 WO 2022176384 A1 WO2022176384 A1 WO 2022176384A1 JP 2021047538 W JP2021047538 W JP 2021047538W WO 2022176384 A1 WO2022176384 A1 WO 2022176384A1
Authority
WO
WIPO (PCT)
Prior art keywords
link
links
gtk
encryption key
update
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2021/047538
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
裕彦 猪膝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Inc
Original Assignee
Canon Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Inc filed Critical Canon Inc
Priority to EP21926807.5A priority Critical patent/EP4297506A4/en
Priority to KR1020267009934A priority patent/KR20260046545A/ko
Priority to KR1020237030017A priority patent/KR102948684B1/ko
Priority to CN202180093560.4A priority patent/CN116868607A/zh
Publication of WO2022176384A1 publication Critical patent/WO2022176384A1/ja
Priority to US18/449,300 priority patent/US12445284B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/15Setup of multiple wireless link connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/30Connection release
    • H04W76/34Selective release of ongoing connections

Definitions

  • the present invention relates to communication control technology using multiple wireless links.
  • the IEEE 802.11 standard is known as a communication standard for wireless LANs (Wireless Local Area Networks).
  • the IEEE802.11ax standard one of the standards in the IEEE802.11 standard series, uses OFDMA (Orthogonal Frequency Division Multiple Access) to achieve high peak throughput and improved communication speeds even under congested conditions. (See Patent Document 1).
  • a Task Group has been formed to formulate a new standard, the IEEE802.11be standard, in order to further improve throughput.
  • one access point (AP) establishes multiple wireless links with one station (STA) via multiple different frequency channels, and multilink communication is performed in parallel. being considered.
  • PTK Packetwise Transient Key
  • GTK Group Transient Key
  • Predetermined frames are exchanged between the AP and the STA when the GTK is updated.
  • GTK is generated for each link and updated every predetermined period as described above. Therefore, when the number of links in multilink communication increases, the communication overhead increases accordingly.
  • the present invention provides efficient communication control technology in a wireless communication system that can configure multilinks.
  • a communication device is a communication device that establishes a plurality of links with another device and performs wireless communication conforming to the IEEE802.11 standard series, wherein each of the plurality of links: updating means for updating the encryption key individually set by executing a predetermined process including sending a predetermined message to the other device, the updating means comprising: In the predetermined processing, the predetermined message includes information about two or more of the plurality of links and is transmitted to the other device.
  • FIG. 1 is a diagram showing a configuration example of a system.
  • FIG. 2 is a diagram illustrating a hardware configuration example of an AP.
  • FIG. 3 is a diagram illustrating a functional configuration example of an AP.
  • FIG. 4 is a diagram showing a first example of GTK update processing executed between AP and STA.
  • FIG. 5 is a diagram showing a second example of GTK update processing executed between AP and STA.
  • FIG. 6 is a diagram showing a third example of GTK update processing executed between AP and STA.
  • FIG. 7 is a diagram illustrating a first example of processing for setting the GTK update interval by the AP.
  • FIG. 8 is a diagram illustrating a second example of processing for setting the GTK update interval by the AP.
  • FIG. 9 is a diagram showing an example of a screen for setting a GTK update interval.
  • FIG. 10 is a diagram illustrating an example of processing performed by an AP when communicating with an STA.
  • FIG. 11 is a table showing the fields contained in the MLO GTK KDE and their contents.
  • FIG. 1 shows a configuration example of a wireless communication system according to this embodiment.
  • This wireless communication system includes wireless LAN (Local Area Network) access points (AP 102) and stations (STA 103) as wireless communication devices.
  • Wireless communication is performed between the AP 102 and the STA 103 by the STA 103 participating in the network 101 formed by the AP 102 .
  • both the AP 102 and the STA 103 are capable of wireless communication conforming to the IEEE (Institute of Electrical and Electronics Engineers) 802.11be (EHT) standard.
  • EHT Institute of Electrical and Electronics Engineers
  • EHT IEEE 802.11be
  • the STA 103 is configured to be able to establish multiple wireless links with the AP 102 to perform multilink communication, and can transmit and receive frames on each of the multiple wireless links.
  • FIG. 1 shows an example where two links, a first link 104 and a second link 105, are used.
  • Channels (frequency channels) in frequency bands of 2.4 GHz, 5 GHz, and 6 GHz can be used in each link. Note that the frequency band used is not limited to this, and another frequency band such as the 60 GHz band may be used.
  • the AP 102 and the STAs 103 connect the first link 104 using channels in a first frequency band (eg, 2.4 GHz band) and the second link 104 using channels in a second frequency band (eg, 5 GHz band).
  • Link 105 may be established in parallel to communicate.
  • the frequency channel to be used can be selected according to multilink communication capability information of the STA and AP. For example, channels of the 2.4 GHz band and the 5 GHz band may be combined and used, or multiple channels selected from the 6 GHz band may be combined and used.
  • Multi-link communications may also be performed using multiple channels within one frequency band. That is, any combination of frequency channels may be used in a plurality of links in multilink communication as long as different frequency channels are used.
  • the frequency channels to be used are selected so that the channel spacing of the frequency channels used in multiple links established by AP 102 and STA 103 is at least greater than 20 MHz.
  • the AP 102 maintains a second link 105 on a second frequency channel concurrently with maintaining a first link 104 on the first frequency channel.
  • FIG. 1 shows an example in which two links are established between the AP 102 and the STA 103
  • three or more links may be established.
  • the three or more links may use frequency channels of different frequency bands, or two or more of the three or more links may use different frequency channels within the same frequency band. may be In this way, the AP 102 can improve throughput in communication with the STA 103 by establishing links with the STA 103 via multiple frequency channels. Also, by establishing multiple connections with STA 103 using different frequency channels, AP 102 can communicate with STA 103 using other frequency channels even if one frequency channel is congested. Therefore, the AP 102 can prevent the throughput of communication with the STA 103 from decreasing as a whole even in a situation where sufficient throughput cannot be achieved due to congestion or the like on some frequency channels.
  • the AP 102 when executing multilink communication, constructs a plurality of wireless networks respectively corresponding to a plurality of links.
  • the AP 102 internally has multiple APs, each operating to build a wireless network.
  • a plurality of APs inside the AP 102 may be realized by separate physical APs (communication circuits having AP functions, etc.), or may be realized by a single physical AP as a plurality of virtual APs. may be implemented. Note that when multiple links are established on different frequency channels belonging to a common frequency band, a common wireless network may be constructed for the multiple links.
  • the AP 102 and STA 103 can divide one piece of data and transmit it to the partner device via a plurality of links. Also, the AP 102 and the STA 103 may transmit the same data on each of a plurality of links, so that communications on some links may serve as backup communications for communications on other links. For example, AP 102 can transmit the same data to STA 103 over a first link using a first frequency channel and a second link using a second frequency channel. In this case, for example, even if an error occurs in the communication on the first link, the same data is transmitted on the second link, so the STA 103 receives the data transmitted from the AP 102 via the second link. Data can be received.
  • the AP 102 and the STA 103 may use different links depending on the type of frame or data to be communicated. For example, when transmitting data related to a captured image, the AP 102 transmits meta information such as date, parameters (aperture value and shutter speed) at the time of capturing, and position information via the first link, and transmits pixel information via the second link. can be sent with the link of Also, the AP 102 may transmit management frames conforming to the IEEE 802.11 standard series over the first link, and transmit data frames containing data over the second link.
  • the management frame includes, for example, a Beacon frame, a Probe Request frame/Response frame, and an Association Request frame/Response frame.
  • Disassociation frames Authentication frames, De-Authentication frames, and Action frames are also called management frames.
  • a beacon frame is a frame for announcing network information.
  • the Probe Request frame is a frame for requesting network information
  • the Probe Response frame is a frame for providing network information in response.
  • the Association Request frame is a frame requesting a connection
  • the Association Response frame is a response to it, indicating permission for connection, an error, and the like.
  • a Disassociation frame is a frame for disconnecting.
  • the Authentication frame is a frame for authenticating the partner device
  • the De-Authentication frame is a frame for interrupting the authentication of the partner device and cutting the connection.
  • Action frames are frames used for additional functions other than the above.
  • the AP 102 may transmit at least one of a FILS Discovery frame and an Unsolicited Probe Response frame in addition to the Beacon frame in order to notify network information.
  • FILS is an acronym for Fast Initial Link Setup.
  • the AP 102 and the STA 103 are compliant with the IEEE802.11be standard, they may also be compliant with at least one of the legacy standards that precede the IEEE802.11be standard.
  • Legacy standards include, for example, the IEEE 802.11a/b/g/n/ac/ax standards.
  • at least one of the IEEE802.11a/b/g/n/ac/ax/be standards is referred to as the IEEE802.11 standard series.
  • other communication standards such as Bluetooth (registered trademark), NFC, UWB, Zigbee, and MBOA may be supported.
  • UWB is an acronym for Ultra Wide Band
  • MBOA Multi Band OFDM Alliance.
  • OFDM Orthogonal Frequency Division Multiplexing
  • NFC is an acronym for Near Field Communication
  • UWB includes wireless USB (Universal Serial Bus), wireless 1394, and Winet. Also, it may correspond to a wired communication standard such as a wired LAN.
  • the AP 102 may be, for example, a wireless LAN router or a PC (personal computer), but is not limited to these, and may be any communication device capable of executing multilink communication with other communication devices.
  • the STA 103 can be, for example, a camera, tablet, smartphone, PC, mobile phone, video camera, etc., but is not limited to these, and can perform multi-link communication with other communication devices like the AP 102. Any communication device capable of doing so will suffice.
  • FIG. 1 shows only one AP and one STA, the number of APs and STAs is not limited to this.
  • the AP 102 is an access point and the STA 103 is a station in this embodiment, the present invention is not limited to this, and both the AP 102 and the STA 103 may be stations. In this case, the AP 102 is a station, but operates as a device responsible for building a wireless network for establishing a link with the STA 103 .
  • FIG. 2 is a diagram showing a hardware configuration example of the AP 102 according to this embodiment.
  • the AP 102 has, for example, a storage unit 201, a control unit 202, a function unit 203, an input unit 204, an output unit 205, a communication unit 206, and an antenna 207.
  • the STA 103 may also have a similar configuration.
  • the storage unit 201 includes, for example, one or more memories such as ROM and RAM, and stores computer programs for performing various operations described later and various information such as communication parameters for wireless communication.
  • ROM is an acronym for Read Only Memory
  • RAM is an acronym for Random Access Memory.
  • storage unit 201 may include flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, magnetic tape, non-volatile memory card, A storage medium such as a DVD may also be included. Also, the storage unit 201 may include a plurality of memories and the like.
  • the control unit 202 is composed of one or more processors such as a CPU and MPU, for example, and controls the entire AP 102 by executing a computer program stored in the storage unit 201, for example.
  • CPU is an acronym for Central Processing Unit
  • MPU is an acronym for Micro Processing Unit.
  • control unit 202 can be configured to execute processing for generating data and signals to be transmitted in communication with another communication device (eg, STA 103).
  • the control unit 202 may be configured to execute processing such as overall control of the AP 102 through cooperation between a computer program stored in the storage unit 201 and an OS (Operating System), for example.
  • OS Operating System
  • control unit 202 may include a plurality of processors such as multi-core processors, and may execute processing such as overall control of the AP 102 by the plurality of processors. Also, the control unit 202 may be configured by an ASIC (Application Specific Integrated Circuit), a DSP (Digital Signal Processor), an FPGA (Field Programmable Gate Array), or the like.
  • ASIC Application Specific Integrated Circuit
  • DSP Digital Signal Processor
  • FPGA Field Programmable Gate Array
  • control unit 202 controls the function unit 203 to perform predetermined processing such as imaging, printing, and projection.
  • the functional unit 203 is hardware for the AP 102 to execute predetermined processing.
  • the functional unit 203 is an imaging unit and performs imaging processing.
  • the functional unit 203 is a printing unit and performs print processing.
  • the functional unit 203 is a projection unit and performs projection processing.
  • the data processed by the function unit 203 may be data stored in the storage unit 201, or may be data communicated with another communication device (for example, the STA 103) via the communication unit 206, which will be described later. .
  • the input unit 204 receives various operations from the user.
  • the output unit 205 performs various outputs to the user.
  • the output from the output unit 205 includes, for example, at least one of display on a screen, audio output from a speaker, vibration output, and the like.
  • both the input unit 204 and the output unit 205 may be realized by one module like a touch panel.
  • the input unit 204 and the output unit 205 may each be built in the AP 102, or may be configured as an external device connected to the communication device.
  • the communication unit 206 controls wireless communication conforming to the IEEE802.11 standard series and IP communication.
  • the communication unit 206 is configured to control wireless communication, particularly in compliance with the IEEE802.11be standard.
  • the communication unit 206 may control wireless communication conforming to other IEEE802.11 standard series, and wired communication such as a wired LAN.
  • the communication unit 206 controls the antenna 207 to transmit and receive signals for wireless communication generated by the control unit 202, for example.
  • AP 102 may have multiple communication units 206 . When the AP 102 has multiple communication units 206, one link can be established by one communication unit 206 when establishing multiple links in multi-link communication.
  • the AP 102 may establish one link for some of the communication units 206 and establish multiple links for the other communication units 206 . Also, the AP 102 may establish multiple links using one communication unit 206 . In this case, the communication unit 206 can perform communication via a plurality of links by switching the operating frequency channel in a time division manner. Note that if the AP 102 supports the NFC standard, the Bluetooth standard, etc. in addition to the IEEE802.11be standard, wireless communication may be controlled in compliance with these communication standards. Also, when the AP 102 is capable of executing wireless communication conforming to a plurality of communication standards, the AP 102 may have separate communication units and antennas corresponding to each communication standard.
  • the AP 102 communicates data such as image data, document data, and video data with a communication partner device (for example, the STA 103) via the communication unit 206.
  • a communication partner device for example, the STA 103
  • the antenna 207 may be prepared separately from the communication unit 206 or may be configured as one module together with the communication unit 206 .
  • Antenna 207 is an antenna capable of communication in the sub-GHz band, 2.4 GHz band, 5 GHz band, and 6 GHz band.
  • the AP 102 may have a multi-band antenna as the antenna 207, or may have a plurality of antennas corresponding to each frequency band. Further, when AP 102 has a plurality of antennas, it may have one communication unit 206 for the plurality of antennas, or may have a plurality of communication units 206 corresponding to each of the plurality of antennas. good.
  • the antenna 207 may be a single antenna or an antenna array. That is, the antenna 207 may have a plurality of antenna elements and may be configured to be able to execute communication in MIMO (Multi-Input and Multi-Output), for example.
  • MIMO Multi-Input and Multi-Output
  • FIG. 3 shows an example of the functional configuration of the AP 102 of this embodiment.
  • the AP 102 for example, has a multilink control unit 301, a GTK update interval input unit 302, an encryption key management unit 303, a GTK update interval control unit 304, a GTK update request frame generation unit 305, and a frame transmission/reception unit 306 as its functional configuration.
  • these functional units can be realized, for example, by the control unit 202 executing programs stored in the storage unit 201 . However, this is only an example, and at least part of these functions may be configured by dedicated hardware.
  • the multi-link control unit 301 performs, for example, communication start processing for establishing one or more links for wireless communication between the AP 102 and the STA 103, processing for adding/deleting links after the start of communication, and communication for deleting all links. Controls termination processing.
  • the AP 102 may establish a plurality of link connections in advance, or may add another link during communication on a certain link. Also, the AP 102 can establish multiple links with the STA 103 and delete any one of the multiple links during communication.
  • Connection processing executed between the AP 102 and the STA 103 includes, for example, Authentication processing, Association processing, and 4-Way-Handshake (4WHS) processing.
  • the AP 102 and the STA 103 After completing the 4WHS processing, the AP 102 and the STA 103 generate PTK, which is an encryption key for unicast communication, and GTK, which is an encryption key for broadcast/multicast communication.
  • PTK is an acronym for Pairwise Transient Key
  • GTK is an acronym for Group Transient Key.
  • PTKs are generated on a device-by-device basis (that is, at each of AP 102 and STA 103) regardless of the number of links, and are managed only between two devices communicating with each other.
  • GTK is generated separately for each of multiple links in multilink communication.
  • the GTK update interval input unit 302 provides an interface for allowing the user to input the GTK update interval, for example, by outputting a predetermined web page.
  • the GTK update interval input unit 302 receives user input designating the GTK update interval via the interface.
  • the AP 102 may be configured to use, for example, a GTK update interval preset in a program executed within the device, in which case the GTK update interval input unit 302 may be omitted.
  • the encryption key management unit 303 manages encryption keys acquired by the multilink control unit 301 . As described above, there are PTK and GTK encryption keys, and PTK is managed for each device and GTK is managed for each link.
  • the GTK update interval control unit 304 manages the GTK update timing of each link.
  • the GTK update interval control unit 304 notifies the GTK update request frame generation unit 305 that the GTK should be updated at a predetermined timing based on the managed update timing.
  • the predetermined timing may be equal to the update timing, or may be a timing earlier than the update timing by a predetermined time, such as the time from when the update process is started until the update process is completed.
  • the GTK update request frame generation unit 305 generates a GTK update request frame based on the reception of the update request notification from the GTK update interval control unit 304 .
  • the frame transmitting/receiving unit 306 transmits radio frames such as GTK update request frames and data frames, and receives radio frames from the partner device.
  • a GTK update request frame generated by the GTK update request frame generator 305 includes one or more MLO GTK KDEs.
  • MLO is an acronym for Multi-Link Operation
  • KDE is an acronym for Key Data Encapsulation.
  • MLO GTK KDE includes information such as Link ID, which is identification information for each link in multi-link communication, and GTK, which is information on (for example, updated) cryptographic keys. That is, the MLO GTK KDE here can be configured as an information element that includes identification information of the link and information of the (updated) encryption key to be used in the link for one link.
  • FIG. 11 shows the fields included in the MLO GTK KDE defined by the IEEE802.11be standard and their contents.
  • a GTK update request frame is sent each time a GTK update occurs on each link. Therefore, by updating the GTK in a large number of links, a large number of GTK update request frames are transmitted, which may waste radio resources. For this reason, the AP 102 according to the present embodiment completes GTK update for a plurality of links in one update process. That is, the AP 102 may send, for example, one GTK update request frame with separate MLO GTK KDEs for each of two or more links. This reduces the number of times the GTK update request frame is transmitted and prevents waste of radio resources.
  • the AP 102 sets the update cycles of the two or more links so that the update timings of those links match. can perform admission control for According to this, for a plurality of links having a common GTK update timing, the MLO GTK KDE for those links can be included in one GTK update request frame and transmitted without disturbing the update period. An example of such processing will be described below.
  • FIG. 4 shows a first example of the flow of processing performed between AP 102 and STA 103 .
  • FIG. 4 shows an example of the flow of processing when the AP 102 has the same GTK update interval between link 1 and link 2 . This process is performed when the user inputs through a setting screen displayed by the AP 102 (for example, on an external display) such that the GTK update intervals are equal, or when the AP 102 is preset so that the GTK update intervals of a plurality of links are equal.
  • AP 102 and STA 103 Corresponds to the processing when AP 102 and STA 103 process communication via a first frequency channel (eg, 1ch of 2.4 GHz band) on link 1, and communicate via a second frequency channel (eg, 36ch of 5 GHz band) on link 2.
  • a first frequency channel eg, 1ch of 2.4 GHz band
  • a second frequency channel eg, 36ch of 5 GHz band
  • the processing in FIG. 4 is started by, for example, STA 103 activating processing for establishing connection to AP 102 .
  • AP 102 and STA 103 transmit and receive messages for authentication on the first frequency channel (S401).
  • STA 103 transmits an Authentication Request frame for authentication to AP 102 .
  • AP 102 transmits an Authentication Response frame to STA 103 .
  • an authentication method an SAE (Simultaneous Authentication Equal) method can be used.
  • the Authentication Request frame and the Authentication Response frame are transmitted and received multiple times.
  • the AP 102 and the STA 103 transmit and receive messages for establishing connection (S402).
  • STA 103 transmits an Association Request frame to AP 102 in order to establish a connection.
  • AP 102 transmits an Association Response frame to STA 103 (S402).
  • the STA 103 can indicate to the AP 102 that it is requesting connection with multiple links by including a multi-link element in the Association Request frame.
  • the multi-link element includes information such as identification information (Link ID) for identifying the link requesting connection.
  • the AP 102 can include a multi-link element containing information on the links for which connection is permitted in the Association Response frame and transmit it to the STA 103 .
  • the AP 102 and STA 103 execute 4WHS processing in order to generate encryption keys used for communication (S403).
  • 4WHS process flow four predetermined messages (message 1 to message 4) are sent and received as before.
  • AP 102 sends message 3 (4WHS Msg3) to STA 103 including MLO GTK KDE having Link ID and GTK for each of the multiple links.
  • FIG. 4 shows an example in which MLO GTK KDE1 for link 1 and MLO GTK KDE2 for link 2 are included in message 3 and sent.
  • AP 102 and STA 103 set GTK for each of link 1 and link 2 in the radio chips in their own devices by this processing. After setting the GTK, the AP 102 resets and activates the GTK update timer for each link, and starts measuring time.
  • AP 102 determines that the GTK update timing has arrived, and starts GKHS (Group Key Handshake) processing for updating GTK with STA 103. do.
  • GKHS Group Key Handshake
  • predetermined messages (message 1 to message 2) are transmitted and received between devices (AP 102 and STA 103) establishing a link corresponding to GTK to be updated.
  • the AP 102 sends to the STA 103 a message 1 (GKHS Msg1) having an MLO GTK KDE containing the Link ID of the link whose GTK is to be updated and the GTK (S404).
  • STA 103 transmits message 2 (GKHS Msg2) to AP 102 based on successful reception of message 1 (S405).
  • GTK is shared between AP 102 and STA 103, and GTK update is completed.
  • message 1 having the MLO GTK KDE for the multiple links is transmitted to this message 1 .
  • the GTK update intervals of link 1 and link 2 are set to be equal, so the GTK update timings of link 1 and link 2 match. Therefore, AP 102 sends message 1 containing MLO GTK KDE1 for link 1 and MLO GTK KDE2 for link 2 .
  • AP 102 includes two MLO GTK KDEs for both link 1 and link 2 in one message 1 and sends it. Then, the STA 103 sends a message 2 in response to this message 1, whereby the GTKs for the two links are updated together. That is, one message 1 can complete two GTK updates without sending two message 1s for two GTK updates. After that, AP 102 and STA 103 continuously update the GTK of link 1 and link 2 at the same timing. As described above, it is possible to reduce the number of messages for updating GTK and suppress waste of radio resources.
  • an example is shown in which one message 1 containing MLO GTK KDE for multiple links is transmitted over link 1, but it may be transmitted over link 2. That is, for example, on link 2, GKHS processing may be performed, and message 1 containing MLO GTK KDE1 for link 1 and MLO GTK KDE2 for link 2 may be sent on link 2. . Also, the case where AP 102 transmits message 1 has been described, but STA 103 may transmit this message. Note that these are the same for other processing examples.
  • FIG. 4 shows an example of the processing flow when the length of the GTK update interval of link 2 is double the length of the GTK update interval of link 1 . Note that the GTK setting process after the 4WHS is completed and the process up to resetting and starting the timer are the same as in FIG.
  • the GTK update timing for link 1 since the length of the GTK update interval for link 2 is double the length of the GTK time interval for link 1, the GTK update timing for link 1 only arrives first. Therefore, at this update timing, AP 102 transmits message 1 including MLO GTK KDE1 for link 1 to STA 103 and executes GKHS processing (S501). It should be noted that at this time, it is not the GTK update timing for link 2, so AP 102 transmits message 1 that does not include MLO GTK KDE2 for link 2 to STA 103. When STA 103 successfully receives message 1, STA 103 transmits message 2 to AP 102. FIG. AP 102 and STA 103 thereby update the GTK of link 1 . The AP 102 then resets the GTK update timer for link 1 .
  • link 2 when the GTK update timing for link 1 is next reached, link 2 will also be updated for GTK at that timing. Therefore, at this timing, the AP 102 generates a message 1 including the MLO GTK KDE1 of the link 1 and the MLO GTK KDE2 of the link 2, and transmits it to the STA 103 (S503). When the STA 103 successfully receives this message, it sends a message 2 to the AP 102 in response (S504). This allows the AP 102 and the STA 103 to update the GTK of the link 1 and the GTK of the link 2 at the same time. The AP 102 then resets the GTK update timers for Link 1 and Link 2 . After that, the processes of S501 to S504 are repeatedly executed.
  • multiple refers to a positive integer multiple of a reference value, and does not include 0 times or negative integer multiples. However, the multiple may include 1 times (that is, 1:1) the reference value.
  • FIG. 6 shows an example of the flow of processing when link 3 is added while links 1 and 2 are established and used for communication between AP 102 and STA 103 .
  • the GTK update intervals of all links are the same. However, this is only an example. For example, if the GTK update interval of link 2 is twice the GTK update interval of link 1, and the GTK update interval of link 3 is three times the GTK update interval of link 1, There may be. That is, as long as the length of the GTK update cycle of some links among the plurality of links is a multiple or divisor of the length of the GTK update cycle of the other links, what kind of update cycle relationship is there? may be used.
  • AP 102 sends a message containing the MLO GTK KDE of link 1 and link 2 when the GTK update timing for these links arrives, as in S404 of FIG. 1 is transmitted to the STA 103 (S601).
  • the STA 103 responds by transmitting message 2 to the AP 102 in the same manner as in S405 of FIG. 4 (S602).
  • AP 102 and STA 103 update GTK for Link 1 and Link 2
  • AP 102 resets the timer for updating GTK for Link 1 and Link 2.
  • the STA 103 decides to add a link (for example, by an application instruction or user operation).
  • the STA 103 transmits an Add Link Request indicating an addition request for link 3 to the AP 102 (S603).
  • AP 102 receives the Add Link Request, it sends GKHS-processed message 1 (GKHS Msg1) containing three MLO GTK KDEs corresponding to links 1 to 3 to STA 103 (S604). Note that this message 1 is transmitted even if the GTK update timing for link 1 and link 2 has not arrived.
  • the STA 103 receives this message 1, it sends a message 2 to the AP 102 in response (S605).
  • the AP 102 and STA 103 update the GTK of the links 1 and 2 and set the GTK of the link 3 accordingly.
  • the AP 102 also resets the GTK update timers for links 1 and 2, and activates the GTK update timer for link 3.
  • the process when a link is added has been described using FIG. 6, the process when a link is deleted may also be performed in the same way.
  • link 3 is deleted.
  • GTK update and timer reset may be performed for link 1 and link 2 in order to adjust the update period of link 1 and link 2 .
  • the update period may be set again.
  • deleting links do not delete links whose update timing of GTK matches the update timing of many other links, and preferentially delete links with a small number of other links whose update timings match. You may make it
  • GTK update intervals can be set by a first method of determining the length of one update interval for a plurality of links and setting the length for all links, as shown in FIGS. 4 and 6, for example.
  • the setting of the update interval of GTK is such that the length of the update interval for some of the multiple links is a multiple or approximately the length of the update interval for the other links, as shown in FIG. It may also be done by a second method that allows for the length of a number.
  • these methods can be implemented by the control unit 202 executing a program stored in the storage unit 201, for example. However, this is only an example, and at least part of these processes may be executed by dedicated hardware.
  • FIG. 7 shows an example of the flow of processing when the AP 102 sets the GTK update interval according to the first method.
  • the process of FIG. 7 is started, for example, by the user accessing the AP 102 using an application such as a web browser and displaying a GTK update interval setting screen.
  • the AP 102 accepts user input specifying a GTK setting interval common to all links (S701).
  • the user may be able to arbitrarily set the value of the update interval with a resolution such as "seconds" or "minutes", or it may be possible to select only from candidate values of the update interval shown in a drop-down list or the like. good too.
  • the AP 102 sets the input GTK update interval as the GTK update interval for all established links (S702). As a result, it is possible to match the GTK update timings of multiple links, reduce the amount of messages sent and received for GTK update as in the examples of FIGS. 4 and 6, and suppress the waste of radio resources. can do.
  • FIG. 8 shows an example of the flow of processing when the AP 102 sets the GTK update interval by the second method.
  • the processing of FIG. 8 is also started by, for example, the user accessing the AP 102 using an application such as a web browser and displaying a GTK update interval setting screen.
  • the AP 102 first accepts the user's selection of a link for which the GTK update interval should be set, from among a plurality of links (S801). Then, the AP 102 determines whether setting of the GTK update interval has been completed for another link different from the selected link (S802). If the AP 102 determines that the GTK update interval has not been set for any of the other links (NO in S802), it accepts user input designating the value of the GTK update interval, and sets the GTK update interval for the selected link. The update interval is set to the input value (S803).
  • the AP 102 determines that the GTK update interval has already been set for another link (YES in S802), the value of the multiple or divisor of the length of the set update interval is set to the selected link. is displayed as a candidate for the length of the GTK update interval (S804). Then, the AP 102 accepts a user's operation to specify one of the candidates displayed in S804, and sets the specified value as the GTK update interval for the selected link (S805). After the process of S803 or S805, the AP 102 determines whether setting of the GTK update interval has been completed for all links (S806). The AP 102 returns the processing to S801 if there is a link for which setting has not been completed (NO in S806), and terminates the processing in FIG. 8 if setting has been completed for all links (YES in S806).
  • FIG. 9 shows transition of the GTK update interval setting screen displayed by the AP 102 when the GTK update interval setting process of FIG. 8 is performed.
  • FIG. 9 shows an example of a screen for setting GTK update intervals for three links.
  • this setting screen can be, for example, a screen that the AP 102 displays on the display of the PC, smart phone, or the like when the user accesses the AP 102 via the PC, smart phone, or the like. Also, if the AP 102 has a display such as a touch panel, this setting screen may be displayed on that display.
  • Screen 901 shows a state in which the GTK update interval is not set for any link.
  • the area corresponding to that "link 1 GTK update interval” is highlighted.
  • the setting screen changes to the screen 902 state.
  • the GTK update interval of link 1 is set.
  • a screen 903 is a setting screen in this state.
  • the user selects one of the displayed values to set the GTK update interval for link 2 .
  • AP 102 first determines whether it has received an Association Request frame containing a multi-link element from STA 103 (S1001). AP 102 then executes Association processing and 4WHS processing with STA 103 (S1002, S1003). Note that the AP 102 generates GTK during 4WHS processing. If the AP 102 determines that it has received an Associate Request frame that does not contain a multi-link element (NO in S1001), it can recognize that a single link is used. Therefore, the AP 102 generates a single GTK for that single link in this case (S1003).
  • AP 102 determines that it has received an Associate Request frame containing a multi-link element (YES in S1001), it can recognize that multiple links are used. In this case, the AP 102 generates GTK for each of the multiple links specified by the Multi-link element (S1003). The AP 102 resets and activates the GTK update timers for all links based on the generation of GTK by these processes (S1004). Then, communication between AP 102 and STA 103 is started.
  • the AP 102 determines whether it has received a Disassociation Request frame or a Disassociation Request frame for disconnecting (ending communication on all links) from the STA 103 (S1005). Then, when the connection is disconnected (YES in S1005), the AP 102 executes disconnection processing and terminates this processing. On the other hand, while the connection is not disconnected (NO in S1005), the AP 102 monitors whether there is a link that has reached the GTK update timing among the links used for communication (S1006). In parallel with this monitoring, the AP 102 monitors whether an Add Link Request frame for requesting addition of a link has been received from the STA 103 (S1007).
  • the AP 102 continues the monitoring of S1005 to S1007 while there is no link that reaches the GTK update timing (NO in S1006) and no link addition is requested (NO in S1007).
  • the AP 102 When the addition of a link is requested (YES in S1007), the AP 102 generates GTK for the link to be added, and further generates GTK for other links in use (S1008). If there is a link whose GTK update timing has been reached (YES in S1006), or if all the GTKs of the link to be added and the link in use have been generated in S1008, then the process of S1009 is executed. .
  • the AP 102 transmits to the STA 103 GKHS Msg1 containing the MLO GTK KDE for each of the GTK update target links. Then, AP 102 waits for reception of the GKHS Msg2 frame, which is a response to GKHS Msg1 (S1010). Then, for example, when GKHS Msg2 is not received within a predetermined period (NO in S1010), AP 102 retransmits GKHS Msg1 (S1009).
  • the AP 102 When the AP 102 receives GKHS Msg2 (YES in S1010), it updates the GTK for each of the links whose GTK is to be updated (S1011), resets the GTK update timer (S1012), and returns the process to S1005. .
  • GTK can be updated efficiently while reducing the amount of messages when updating GTK for multiple links and suppressing waste of radio resources.
  • the setting value can be updated efficiently. Further, by executing the above-described processing so that the update timings of the setting values match, the efficiency can be further improved by facilitating such updating of the setting values.
  • the present invention is not limited to this. That is, the above-described processing may be performed on two or more links among the plurality of links. That is, for two or more links, when the update timings match as described above, the GTKs may be updated simultaneously by one message, and control may be executed so that the update timings match.
  • the AP 102 explained that GTK update is completed in response to receiving GKHS Msg2 after transmitting GKHS Msg1, but the present invention is not limited to this. That is, the AP 102 may transmit GKHS Msg1 or a corresponding message including the GTK or corresponding encryption key for multiple links, and complete the update of the encryption key with this transmission. For example, if the communication quality of the link between AP 102 and STA 103 is sufficient, STA 103 can almost certainly receive GKHS Msg1 from AP 102 or a corresponding message. Therefore, the transmission of GKHS Msg2 or the corresponding message by STA 103 may be omitted.
  • the explanation was given mainly focusing on the AP 102, but the STA 103 may execute the above-described processing of the AP 102.
  • the process of generating an update message containing GTK information about a plurality of links as described above is executed by an information processing device such as a wireless chip capable of performing wireless communication conforming to the IEEE802.11be standard.
  • the AP 102 described above may be read as an information processing device.
  • an information processing device such as a wireless chip can have an antenna for transmitting a generated signal.
  • GTK update when communicating between two STAs using a plurality of links may be controlled by a controller different from the two STAs.
  • the controller may send one message to the two STAs to cause them to update the GTK for each of the multiple radio links.
  • the controller may send one message to the two STAs to cause them to update the GTK for each of the multiple radio links.
  • the controller may send one message to the two STAs to cause them to update the GTK for each of the multiple radio links.
  • the present invention supplies a program that implements one or more functions of the above-described embodiments to a system or apparatus via a network or a storage medium, and one or more processors in the computer of the system or apparatus reads and executes the program. It can also be realized by processing to It can also be implemented by a circuit (for example, ASIC) that implements one or more functions.
  • a circuit for example, ASIC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
PCT/JP2021/047538 2021-02-16 2021-12-22 通信装置、制御方法、およびプログラム Ceased WO2022176384A1 (ja)

Priority Applications (5)

Application Number Priority Date Filing Date Title
EP21926807.5A EP4297506A4 (en) 2021-02-16 2021-12-22 COMMUNICATION DEVICE, CONTROL METHOD AND PROGRAM
KR1020267009934A KR20260046545A (ko) 2021-02-16 2021-12-22 통신 장치, 제어 방법 및 프로그램
KR1020237030017A KR102948684B1 (ko) 2021-02-16 2021-12-22 통신 장치, 제어 방법 및 프로그램
CN202180093560.4A CN116868607A (zh) 2021-02-16 2021-12-22 通信装置、控制方法和程序
US18/449,300 US12445284B2 (en) 2021-02-16 2023-08-14 Communication apparatus, control method, and computer-readable storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2021022706A JP7723483B2 (ja) 2021-02-16 2021-02-16 通信装置、制御方法、およびプログラム
JP2021-022706 2021-02-16

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US18/449,300 Continuation US12445284B2 (en) 2021-02-16 2023-08-14 Communication apparatus, control method, and computer-readable storage medium

Publications (1)

Publication Number Publication Date
WO2022176384A1 true WO2022176384A1 (ja) 2022-08-25

Family

ID=82930622

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/047538 Ceased WO2022176384A1 (ja) 2021-02-16 2021-12-22 通信装置、制御方法、およびプログラム

Country Status (6)

Country Link
US (2) US12445284B2 (https=)
EP (1) EP4297506A4 (https=)
JP (3) JP7723483B2 (https=)
KR (2) KR102948684B1 (https=)
CN (1) CN116868607A (https=)
WO (1) WO2022176384A1 (https=)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12574810B2 (en) * 2022-07-11 2026-03-10 Apple Inc. Station identifier opt-in
JP2025086446A (ja) * 2023-11-28 2025-06-09 キヤノン株式会社 記録材を収容する収容ユニットを備えた収容システム
KR20260043757A (ko) * 2024-09-25 2026-04-01 삼성전자주식회사 무선랜 통신을 위한 전자 장치 및 그의 동작 방법

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017512426A (ja) * 2014-02-28 2017-05-18 アルカテル−ルーセント 公衆Wi−Fiネットワークを介したインターネットプロトコルテレビジョン
JP2018050133A (ja) 2016-09-20 2018-03-29 キヤノン株式会社 通信装置、制御方法、及びプログラム
JP2021022706A (ja) 2019-07-30 2021-02-18 国立大学法人東京工業大学 炭化ケイ素半導体装置及びその製造方法

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5715314A (en) * 1994-10-24 1998-02-03 Open Market, Inc. Network sales system
US9237448B2 (en) * 2012-08-15 2016-01-12 Interdigital Patent Holdings, Inc. Enhancements to enable fast security setup
JP6112874B2 (ja) * 2013-01-21 2017-04-12 キヤノン株式会社 通信装置、通信装置の制御方法、および、プログラム
JP7387275B2 (ja) 2019-03-28 2023-11-28 キヤノン株式会社 通信装置、通信方法及びプログラム
JP7319807B2 (ja) 2019-03-29 2023-08-02 キヤノン株式会社 通信装置、通信方法、及び、プログラム
US11272364B2 (en) * 2019-06-19 2022-03-08 Nxp Usa, Inc. Security in a multi-band wireless communication system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017512426A (ja) * 2014-02-28 2017-05-18 アルカテル−ルーセント 公衆Wi−Fiネットワークを介したインターネットプロトコルテレビジョン
JP2018050133A (ja) 2016-09-20 2018-03-29 キヤノン株式会社 通信装置、制御方法、及びプログラム
JP2021022706A (ja) 2019-07-30 2021-02-18 国立大学法人東京工業大学 炭化ケイ素半導体装置及びその製造方法

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
PO-KAI HUANG (INTEL): "Multi-link security consideration", IEEE DRAFT; 11-19-1822-09-00BE-MULTI-LINK-SECURITY-CONSIDERATION, IEEE-SA MENTOR, PISCATAWAY, NJ USA, vol. 802.11 EHT; 802.11be, no. 9, 12 May 2020 (2020-05-12), Piscataway, NJ USA , pages 1 - 17, XP068167867 *
See also references of EP4297506A4

Also Published As

Publication number Publication date
CN116868607A (zh) 2023-10-10
JP7723483B2 (ja) 2025-08-14
KR20230138012A (ko) 2023-10-05
US20230388117A1 (en) 2023-11-30
JP2022124835A (ja) 2022-08-26
US12445284B2 (en) 2025-10-14
JP2025166236A (ja) 2025-11-05
EP4297506A1 (en) 2023-12-27
JP2025131793A (ja) 2025-09-09
KR20260046545A (ko) 2026-04-07
KR102948684B1 (ko) 2026-04-06
US20260019254A1 (en) 2026-01-15
EP4297506A4 (en) 2024-12-18

Similar Documents

Publication Publication Date Title
JP2025131793A (ja) 通信装置、制御方法、およびプログラム
EP4037249A1 (en) Communication apparatus, control method, and program
JP7688751B2 (ja) 通信装置、制御方法、およびプログラム
JP7793739B2 (ja) 通信装置、通信方法及びプログラム
JP2025063257A (ja) 通信装置、通信方法およびプログラム
JP2024542572A (ja) 無線通信方法及び機器
JP7657555B2 (ja) 通信装置、制御方法、およびプログラム
WO2022097375A1 (ja) 通信装置、制御方法、およびプログラム
US20230262789A1 (en) Communication apparatus, control method, and program
JP7682663B2 (ja) 通信装置、通信方法、およびプログラム
EP4679874A1 (en) Communication device, control method, and program
WO2025100324A1 (ja) 通信装置、制御方法、及び、プログラム
BR122024010437A2 (pt) Aparelho de comunicação e método de comunicação

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21926807

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 202317051994

Country of ref document: IN

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112023015088

Country of ref document: BR

WWE Wipo information: entry into national phase

Ref document number: 202180093560.4

Country of ref document: CN

ENP Entry into the national phase

Ref document number: 20237030017

Country of ref document: KR

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1020237030017

Country of ref document: KR

ENP Entry into the national phase

Ref document number: 112023015088

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20230727

WWE Wipo information: entry into national phase

Ref document number: 2021926807

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2021926807

Country of ref document: EP

Effective date: 20230918

WWE Wipo information: entry into national phase

Ref document number: 11202305878P

Country of ref document: SG