WO2024012198A1 - 一种包数量的同步方法,相关设备以及系统 - Google Patents

一种包数量的同步方法,相关设备以及系统 Download PDF

Info

Publication number
WO2024012198A1
WO2024012198A1 PCT/CN2023/103023 CN2023103023W WO2024012198A1 WO 2024012198 A1 WO2024012198 A1 WO 2024012198A1 CN 2023103023 W CN2023103023 W CN 2023103023W WO 2024012198 A1 WO2024012198 A1 WO 2024012198A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
sta
sends
value
determines
Prior art date
Application number
PCT/CN2023/103023
Other languages
English (en)
French (fr)
Inventor
徐帆
王祥
甘爽
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2024012198A1 publication Critical patent/WO2024012198A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0007Control or signalling for completing the hand-off for multicast or broadcast services, e.g. MBMS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0055Transmission or use of information for re-establishing the radio link
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/08Reselecting an access point

Definitions

  • the present application relates to the field of communications, and in particular to a packet number synchronization method, related equipment and systems.
  • the networking methods are divided into networking with the same basic service set identifier (BSSID) and networking with different BSSIDs.
  • BSSID networking means that all APs in the same network have the same BSSID.
  • Different BSSID networking means that different APs in the same network have different BSSIDs.
  • the data frames exchanged between the AP and the STA can be encrypted.
  • the encrypted data frames will carry the packet number (PN) field.
  • PN packet number
  • the STA Every time the AP sends a data frame, the PN carried in the data frame will be incremented by one.
  • the STA maintains a counter. When the STA receives a data frame, if the STA determines that the PN carried by the data frame is greater than the count value of the counter, the STA updates the count value of the counter to the value of the PN carried by the data frame. If the STA determines that the PN carried in the data frame is less than or equal to the count value of the counter, the STA discards the data frame.
  • the AP and STA do not need to re-authenticate, associate, and key negotiate the process, so the STA will not sense that a roaming switch has occurred.
  • the number of multicast or broadcast data frames sent by different APs in the same BSSID network will vary over time. If the PN of the AP after roaming switching is less than the count value of the STA counter, then the AP after roaming switching needs to retransmit data frames to the STA multiple times until the STA determines that the PN from the AP after roaming switching is greater than the count value of the STA counter. The efficiency of communication between AP and STA after roaming handover is reduced.
  • Embodiments of the present invention provide a packet number synchronization method, related equipment and systems, which can reduce the number of broadcast data frames or multicasts between the STA and the AP after roaming switching while ensuring safe communication between the AP and the STA.
  • the number of lost data frames improves communication efficiency.
  • the first aspect of the embodiment of the present invention provides a method for synchronizing the number of packets.
  • the method includes: the access controller AC receives the first number of packets PN from the first access node AP, and the first AP is the Any one of multiple APs that the AC has been associated with, the first PN is used to indicate the number of multicast data frames or broadcast data frames that the first AP has sent; the AC sends a second PN to the second AP , the second PN is one of multiple PNs corresponding to the multiple APs, each PN in the multiple PNs comes from an AP in the multiple APs, and the second AP is the An AP among multiple APs.
  • the second AP sends broadcast data frames or multicast data frames to the STA according to the second PN from the AC. If the STA switches after roaming, Effectively reduces the number of lost multicast data frames or broadcast data frames, reduces the communication overhead between the STA and the AP after roaming switching, and realizes secure communication between the STA and the AP after roaming switching to avoid replay attacks or In the case of injection attacks, the waste of communication resources is reduced.
  • the The second PN is the maximum value among the plurality of PNs. As shown in this implementation, the second PN is the maximum value among multiple PNs corresponding to multiple APs included in the network. Then, the second PN uses the second PN to send broadcast data frames or multicast data frames to the STA, This effectively reduces the number of lost broadcast data frames or multicast data frames sent by the first AP to the STA, and improves communication efficiency.
  • the The second PN is the minimum value among the plurality of PNs. As shown in this implementation, the second PN is the minimum value among multiple PNs corresponding to multiple APs included in the network. Then, the second PN uses the second PN to send broadcast data frames or multicast data frames to the STA, This effectively reduces the number of lost broadcast data frames or multicast data frames sent by the first AP to the STA, and improves communication efficiency.
  • the method before the access controller AC receives the first number of packets PN from the first access node AP, the method includes: the AC sends a request to the first access node AP.
  • the AP sends a first message, the first message carries a first message type field, and the first message type field is used to request the first PN;
  • the AC receives the second message from the first AP, so The second message carries a second message type field and the first PN, and the second message type field is used to indicate that the second message carries the first PN.
  • the AC triggers the first AP to report the first PN through the first message.
  • the AC determines the first PN among the multiple PNs.
  • the second PN ensures that each AP included in the network is synchronized with the second PN, reduces the number of lost broadcast data frames or multicast data frames sent by each AP to the STA, and improves communication efficiency.
  • the first message further carries a first round value, and the first round value is used to indicate the round in which the AC sends the first message.
  • the first round value enables the AC to synchronize the PNs of each AP in different rounds, thereby improving the accuracy of synchronizing the PNs of each AP.
  • the second message carries a second round value
  • the method further includes: the AC determines the The first round value is the same as the second round value.
  • the AC can determine that the second round value carried in the second message is specifically used to synchronize the PN round, which improves the efficiency of synchronizing the PN of each AP. accuracy.
  • the method before the AC sends the second PN to the second AP, the method further includes: the AC determines that the multiple APs are in a first synchronization success state, so The first synchronization success state means that the plurality of PNs include PNs from each of the plurality of APs, and among the plurality of APs, the second round of synchronization from different APs The secondary values are all the same.
  • the AC determines the second PN based on the status of the first synchronization success state of multiple APs included in the network, which improves the accuracy of synchronizing the PNs of each AP and reduces the number of broadcast data frames or groups sent by the AP to the STA. The number of broadcast data frames lost.
  • the first message further carries a first timestamp, and the first timestamp is used to indicate the time when the AC sends the first message.
  • This implementation allows the AC to synchronize the PNs of each AP in different rounds through the first timestamp, thereby improving the accuracy of synchronizing the PNs of each AP.
  • the second message carries a second timestamp
  • the method further includes: the AC determines the The first timestamp is the same as the second timestamp.
  • the AC can determine that the second timestamp carried in the second message is specifically used to synchronize the PN round, which improves the accuracy of synchronizing the PN of each AP. .
  • the method before the AC sends the second PN to the second AP, the method further includes: the AC determines that the multiple APs are in the second synchronization success state, so The second synchronization success state means that the plurality of PNs include PNs from each of the plurality of APs, and the second time from different APs among the plurality of APs. The stamps are all the same.
  • the AC determines the second PN based on the status of multiple APs included in the network being in the second synchronization success state, which improves the accuracy of synchronizing the PNs of each AP and reduces the number of broadcast data frames or groups sent by the AP to the STA. The number of broadcast data frames lost.
  • the access controller AC receiving the first packet number PN from the first access node AP includes: the AC receiving the third packet number PN from the first access node AP.
  • the third message carries a third message type field, the first PN and an identifier used to identify the first AP, and the third message type field is used to indicate that the third message carries the One PN.
  • the AP triggers the AC to synchronize the PNs of each AP included in the network through the third message, which effectively reduces the interaction information between the AC and AP during the process of synchronizing the PNs of each AP included in the network. This command improves the efficiency of synchronizing the PNs of each AP included in the network.
  • the method before the AC sends the second PN to the second AP, the method further includes: the AC determines that the multiple APs are in a third synchronization success state, so The third synchronization success state means that the AC receives the multiple PNs within one synchronization cycle, and the multiple PNs include PNs from each AP in the multiple APs.
  • the AC determines the second PN based on the state that multiple APs included in the network are in the third synchronization success state, which improves the accuracy of synchronizing the PNs of each AP and reduces the number of broadcast data frames or groups sent by the AP to the STA. The number of broadcast data frames lost.
  • the AC sending the second PN to the second AP includes: the AC sending a fourth message to the second AP, the fourth message carrying a fourth message Type field and the second PN, and the fourth message type field is used to indicate that the fourth message carries the second PN.
  • the AC indicates the second PN to the second AP through the fourth message, which improves the success rate of the AP obtaining the second PN.
  • the AC sending the second PN to the second AP includes: the AC determines that the target difference is less than or equal to a threshold, and the AC sends the second PN to the second AP.
  • the second PN wherein the target difference is the difference between the maximum value and the minimum value in the plurality of PNs.
  • the AC triggers synchronization of the PNs of each AP included in the network only when it determines that the target difference is less than or equal to the threshold, thus avoiding the waste of communication resources caused by the AC repeatedly synchronizing PNs.
  • any two different APs have the same basic service set identifier BSSID.
  • the network is a network with the same BSSID, so that when the STA roams and switches from one AP included in the network to another AP, the STA will not be aware of the AP switch.
  • the second AP can continue to use the second PN to communicate with the STA, which reduces the number of broadcast data frames or multicast data frames lost between the STA and the AP after roaming switching, and improves communication efficiency.
  • the second aspect of the embodiment of the present invention provides a method for synchronizing the number of packets.
  • the method includes: the access node AP sends the first packet number PN to the access controller AC, and the AP is a multi-package number that the AC has been associated with. Any one of the APs, the first PN is used to indicate the number of multicast data frames or broadcast data frames that the AP has sent; the AP receives the second PN from the AC; the AP The second PN determines a target PN, and the target PN is a PN used by the multicast data frame or broadcast data frame to be sent by the AP.
  • the beneficial effects in this aspect please refer to the first aspect, and details will not be repeated.
  • the beneficial effects in this aspect please refer to the first aspect, and details will not be repeated.
  • the method further includes: the AP receives the first packet number PN from the AC.
  • a message, the first message carries a first message type field, and the first message type field is used to request the first PN; the access node AP sends a request to the access control
  • the controller AC sending the first packet quantity PN includes: the AP sends a second message to the AC according to the first message, the second message carries a second message type field and the first PN, and the second message The second message type field is used to indicate that the second message carries the first PN.
  • the first message also carries a first round value, and the first round value is used to indicate the round in which the AC sends the first message
  • the AP sending a second message to the AC according to the first message includes: the AP sending the second message carrying a second round value to the AC, where the first round value is the same as the first round value.
  • the second round has the same value.
  • the first message also carries a first timestamp, and the first timestamp is used to indicate the time when the AC sends the first message
  • the AP Sending a second message to the AC according to the first message includes: the AP sending the second message carrying a second timestamp to the AC, where the second timestamp is the same as the first timestamp.
  • the access node AP sending the first packet number PN to the access controller AC includes: the AP sending a third message to the AC, and the third The message carries a third message type field, the first PN and an identifier used to identify the AP, and the third message type field is used to indicate that the third message carries the first PN.
  • the AP determines the target PN according to the second PN including: the more the number of multicast data frames or broadcast data frames sent by the AP, the first When the value of PN is larger, if the AP determines that the second PN is less than or equal to the latest PN of the AP, the AP determines that the target PN is the latest PN, and the latest PN is The PN currently stored by the AP; if the AP determines that the second PN is greater than the latest PN, the AP determines that the target PN is the second PN.
  • the AP determines the target PN according to the second PN including: the greater the number of multicast data frames or broadcast data frames sent by the first AP, the In the case where the value of the first PN is smaller, if the AP determines that the second PN is greater than the latest PN, the AP determines that the target PN is the latest PN, and the latest PN is the current PN of the AP. The stored PN; if the AP determines that the second PN is smaller than the latest PN, the AP determines that the target PN is the second PN.
  • the third aspect of the embodiment of the present invention provides an access controller.
  • the access controller includes a processor, a memory and a transceiver; the processor is connected to the memory and the transceiver respectively; the transceiver
  • the processor is configured to receive a first packet number PN from a first access node AP, which is any one of multiple APs associated with the AC, and the first PN is used to indicate to the first AP The number of multicast data frames or broadcast data frames that have been sent; the processor is configured to obtain a second PN, where the second PN is one of multiple PNs corresponding to the multiple APs.
  • Each PN of is from one AP among the plurality of APs; the transceiver is further configured to send a second PN to a second AP, where the second AP is an AP among the plurality of APs.
  • the beneficial effects in this aspect please refer to the first aspect, and details will not be repeated.
  • the fourth aspect of the embodiment of the present invention provides an access node.
  • the access node includes a processor, a memory and a transceiver; the processor is connected to the memory and the transceiver respectively; the transceiver is used to Send a first packet number PN to the access controller AC.
  • the AP is any one of multiple APs associated with the AC.
  • the first PN is used to indicate the multicast data frame that the AP has sent or The number of broadcast data frames;
  • the transceiver is also used to receive a second PN from the AC;
  • the processor is used to determine a target PN according to the second PN, and the target PN is a group to be sent by the AP broadcast data frame or the PN used by the broadcast data frame.
  • the beneficial effects in this aspect please refer to the first aspect, and details will not be repeated.
  • the fifth aspect of the embodiment of the present invention provides a wireless network.
  • the wireless network includes an access controller AC, multiple access nodes AP associated with the AC, and at least one terminal device associated with each AP.
  • STA access controller
  • the first AP is used to send the first packet number PN to the AC
  • the first AP is any one of the multiple APs
  • the first PN is used to indicate The number of multicast data frames or broadcast data frames that the first AP has sent to the STA
  • the AC is used to receive the first PN from the first AP, and to send the first PN to the second AP.
  • the second PN is one of multiple PNs corresponding to the multiple APs, each PN in the multiple PNs is from one AP in the multiple APs, and the second AP is One of the plurality of APs; the second AP is configured to receive the second PN from the AC; the second AP is also configured to determine a target PN according to the second PN, and the target PN The PN used by the second AP for multicast data frames or broadcast data frames to be sent.
  • a sixth aspect of the embodiment of the present invention provides a computer-readable storage medium.
  • the computer storage medium stores a computer program.
  • the computer program includes program instructions. When executed by a processor, the program instructions cause the processor to execute The method described in any one of the above first to third aspects.
  • Figure 1 is an example structural diagram of a wireless network provided by an embodiment of the present application.
  • Figure 2 is a first step flow chart of the PN synchronization method provided by the embodiment of the present application.
  • Figure 3a is an example diagram of the first message format of the first message provided by the embodiment of the present application.
  • Figure 3b is an example diagram of the first message format of the second message provided by the embodiment of the present application.
  • Figure 3c is an example diagram of the first message format of the fourth message provided by the embodiment of the present application.
  • Figure 4 is a second step flow chart of the PN synchronization method provided by the embodiment of the present application.
  • Figure 5a is an example diagram of the second message format of the first message provided by the embodiment of the present application.
  • Figure 5b is an example diagram of the second message format of the second message provided by the embodiment of the present application.
  • Figure 5c is an example diagram of the second message format of the fourth message provided by the embodiment of the present application.
  • Figure 6 is a third step flow chart of the PN synchronization method provided by the embodiment of the present application.
  • Figure 7 is an example diagram of a message format of the third message provided by the embodiment of the present application.
  • Figure 8 is a fourth step flow chart of the PN synchronization method provided by the embodiment of the present application.
  • Figure 9 is a first structural example diagram of a communication device provided by an embodiment of the present application.
  • Figure 10 is a diagram showing a second structural example of a communication device provided by an embodiment of the present application.
  • FIG. 1 is a wireless network provided by an embodiment of the present application.
  • FIG. 1 is a wireless network provided by an embodiment of the present application.
  • the wireless network 100 shown in Figure 1 includes multiple access devices, for example, the first access device 101 and the second access device 102 shown in Figure 1 .
  • the first access device 101 and the second access device 102 shown in this embodiment have been cascaded into a network 110.
  • the network 110 includes two access devices as an example for illustration. In other examples, the network 110 may include any number of access devices.
  • the first access device 101 may be an AP in a wireless local area network (WLAN) or a fifth generation mobile communication technology (5G).
  • WLAN wireless local area network
  • 5G fifth generation mobile communication technology
  • Network equipment in the network for example, the network equipment can be a transmission point (transmission reception point, TRP), base station, small base station equipment, etc., which is not limited in this application.
  • This embodiment improves signal coverage through a network 110 including multiple access devices. How many connections are there with this network 110? There are terminal devices, and each terminal device communicates with an access device included in the network 110.
  • the multiple terminal devices associated with the network 110 may include the terminal device 131, the terminal device 132 and the terminal device 133 shown in Figure 1. This embodiment does not limit the number of terminal devices associated with the network 110. Among them, the terminal device 131 and the terminal device 132 are associated with the first access device 101, and the terminal device 133 is associated with the second access device 102.
  • the terminal equipment 131 may be called STA, access terminal, user equipment, user unit, user station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, wireless Communication equipment, user agent or user device, etc. are not specifically limited in this application.
  • the device type of the terminal device 131 may be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, or a personal digital assistant (PDA). , handheld devices with wireless communication capabilities, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, wearable devices, and user equipment in 5G networks, etc.
  • SIP session initiation protocol
  • WLL wireless local loop
  • PDA personal digital assistant
  • the wireless network 100 shown in this embodiment also includes an access controller (access controller, AC) 120.
  • the access controller 120 is associated with each access device included in the network 110 . Specifically, the access controller 120 is associated with the first access device 101, and the access controller 120 is associated with the second access device 102.
  • the access controller 120 is responsible for aggregating data from various access devices in the network 110 and connecting it to the Internet, and implements configuration management of each access device, authentication and management of wireless users, broadband access, and security. and other control functions.
  • Step 201 The STA accesses the first AP based on the access process.
  • the first AP is any one of multiple APs associated with the AC.
  • the first AP can be the first access device 101 of the network 110 shown in Figure 1
  • the STA can be the first access device 101 of the network 110 shown in Figure 1 .
  • the terminal device 131 please refer to the corresponding description in Figure 1 for specific descriptions of the first AP, STA and AC, which will not be described again.
  • the first AP and STA access the target frequency band based on access processes such as detection process, authentication process, association process, and key exchange.
  • the first AP and STA can Communicate on one frequency band.
  • the target frequency band is a frequency band supported by the first AP.
  • the target frequency band may be a 2.4 gigahertz (GHz) frequency band.
  • the target frequency band may be a 5GHz frequency band. This embodiment does not limit the target frequency band. .
  • the following is an overview of the specific process for STA to access the first AP:
  • the STA sends a detection request frame to the first AP.
  • the detection request frame carries the STA's media access control address (MAC) address.
  • the first AP After receiving the detection request frame from the STA, the first AP returns a detection response frame to the STA.
  • the detection response frame carries the target BSSID of the first AP and the MAC address of the first AP.
  • the target BSSID corresponds to the target frequency band.
  • the first AP can also directly send a beacon frame to the STA without receiving the probe request frame, and the beacon frame also carries the target BSSID and the MAC address of the first AP.
  • the STA and the first AP Only after the STA and the first AP determine that the other party has passed the authentication based on the authentication process can the STA and the first AP be associated. For example, the STA and the first AP can perform the authentication process based on shared-key authentication.
  • the STA sends an association request frame to the first AP.
  • the association request frame may include various parameters of the STA itself, such as the rate supported by the STA, encoding method, quality of service (QoS) capabilities, etc.
  • the first AP determines to allow the STA to associate with the first AP, that is, the first AP allows communication between the first AP and the STA on the target frequency band, and the first AP sends a response message to the STA to complete the association.
  • the first AP and the STA negotiate a key for subsequent secure communication in the target frequency band.
  • the description of the access process in this embodiment is an optional example and is not limiting, as long as the first AP can communicate with the STA on the target frequency band based on the access process.
  • Step 202 The first AP and STA communicate on the target frequency band.
  • the STA and the first AP communicate on the target frequency band, and the first AP and the STA obtain access information respectively. Based on the access information, the first AP and STA communicate on the target frequency band.
  • the first AP sends the encrypted data frame to the STA.
  • the data frame may be a broadcast data frame. Specifically, the first AP sends the broadcast data frame to all associated STAs.
  • the data frame may also be a multicast data frame, and the first AP sends the multicast data frame to some associated STAs.
  • the first AP uses the counter mode with cipher block chaining message authentication code protocol (CCMP) protocol to encrypt the data to obtain the medium access control layer protocol data unit (medium access control protocol) data unit, MPDU).
  • CCMP cipher block chaining message authentication code protocol
  • the MPDU is a broadcast data frame or a multicast data frame that the first AP needs to send to the STA.
  • the first AP sets an AP-side anti-duplication counter.
  • the initial value of the AP-side anti-duplication counter is 0. Every time the first AP has a multicast or broadcast MPDU to be sent, the first AP sets the value of the AP-side anti-duplication counter. plus 1.
  • the first AP sets the value of the PN field in the MPDU to the current count of the AP side anti-duplication counter.
  • the STA sets an STA-side anti-duplication counter.
  • the initial value of the STA-side anti-duplication counter is 0. Every time the STA successfully receives an MPDU, the STA increases the value of the STA-side anti-duplication counter by 1.
  • the initial values of the AP side anti-gravity counter and the STA side anti-gravity counter are both 0 as an example, without limitation. In other examples, the initial values of the AP side anti-gravity counter and the STA side anti-gravity counter can be arbitrary. numerical value.
  • the STA determines that the value of the PN field in the MPDU is 1, and the value of the anti-duplication counter on the STA side is the initial value (that is, 0). Then, the STA determines that the PN field in the received MPDU is 1.
  • the value of the field i.e.
  • the STA determines that the MPDU is an MPDU in a safe state, and the STA sets the value of the STA-side anti-duplication counter to the PN in the MPDU.
  • the value of the field i.e. 1).
  • Example 2 when the first AP needs to send an MPDU to the STA for the Nth time, the first AP sets the value of the anti-duplication counter on the AP side to N, where N is any positive integer greater than 1. , the first AP also sets the value of the PN field in the MPDU sent for the Nth time to the current value of the AP side anti-duplication counter (that is, N).
  • the STA receives the MPDU, the STA determines that the value of the PN field in the MPDU is N, and the value of the anti-duplication counter on the STA side is N-1. Then, the STA determines that the value of the PN field in the received MPDU is N.
  • the value (i.e., N) is greater than the value of the STA side anti-duplication counter (i.e., N-1).
  • the STA determines that the MPDU is an MPDU in a safe state, and the STA sets the value of the STA side anti-duplication counter to the PN in the MPDU.
  • the value of the field (i.e. N) is greater than the value of the STA side anti-duplication counter (i.e., N).
  • the MPDU in a safe state shown in this embodiment means that the MPDU is not used for playback attacks or injection attacks.
  • the replay attack means that the attacking device obtains the MPDU that the STA has successfully received, and then resends the MPDU to the STA to deceive the STA.
  • the attacking device uses this MPDU to steal STA information and achieve attack purposes such as destroying the correctness of the authentication between the first AP and the STA.
  • the attacking device obtains the MPDU received by the STA for the Nth time and the value of the PN field in the MPDU is N, the attacking device resends the MPDU to the STA.
  • the STA determines that the value of the PN field in the MPDU is N (because the PN from the attacking device has not been processed by the first AP on the PN field), and the value of the anti-duplication counter on the STA side is N, then the STA determines that the value of the PN field in the received MPDU (i.e. N) is equal to the value of the STA side anti-duplication counter (i.e. N).
  • the STA determines that the value of the PN field in the received MPDU is less than Or equal to the value of the anti-duplication counter on the STA side, the STA directly discards the MPDU. Then, the STA shown in this example drops MPDUs from the attacking device.
  • the first AP ensures secure communication between the first AP and the STA by sending the MPDU including the PN to the STA, so as to prevent the STA from being subjected to playback attacks or injection attacks from the attacking device.
  • Example 1 and Example 2 the first AP uses the first key to encrypt the data frame to obtain the MPDU, the first AP can periodically change the key, for example, update the first key to the second key, then, Subsequent MPDUs sent by the first AP to the STA are encrypted using the second key.
  • the first AP determines that the first key is updated to the second key, the first AP prevents the AP from recalculating.
  • the value of the counter is reset to the initial value.
  • the first AP instructs the STA to update the first key to the second key. Then, the STA also resets the value of the AP side anti-duplication counter to the initial value.
  • the subsequent process of the first AP sending the MPDU to the STA based on the second key is shown in Example 1 and Example 2 above, and details will not be described again.
  • This embodiment does not limit the types of the first key and the second key.
  • the first key and the second key may be pairwise transient keys (PTK) or group address frame encryption.
  • Group temporal key (GTK) may be pairwise transient keys (PTK) or group address frame encryption.
  • GTK Group temporal key
  • Step 203 The AC sends the first message to the first AP.
  • the first message is used to request the first AP to send a first PN, where the first PN is the current count of the AP side anti-duplication counter.
  • the current count of the AP side anti-duplication counter refers to, if The initial negotiated key is always used between the first AP and the STA, so the current count of the anti-duplication counter on the AP side refers to the number of MPDUs that the first AP has broadcast or multicast sent. If a key update has occurred between the first AP and the STA, the current count of the anti-duplication counter on the AP side refers to the latest key update as the starting time.
  • the first AP has broadcast or grouped The number of MPDUs sent by broadcast.
  • the AC sends the first message to each AP included in an associated network, so that each AP included in the network sends its own first PN to the AC.
  • the format of the first message shown in this embodiment can be seen in Figure 3a, where Figure 3a is an example diagram of a first message format of the first message provided by this embodiment of the application.
  • the first message 300 includes a first message type field 301 and a first round value 302 .
  • the first message type field 301 is used to request the first PN.
  • the first message type field 301 is used to indicate the parsing method of parsing the first message, for example, decoding method, number of decoded bits, etc., so that the first The AP can successfully parse the first round value 302 from the first message 300 according to the first message type field 301.
  • the first AP When the first AP receives the first message 300, the first AP sends the first PN to the AC according to the indication of the first message type field 301.
  • the first round value 302 included in the first message 300 is used to indicate the round in which the AC sends the first message 300 .
  • Each time the AC sends the first message to each AP included in the same network is one round of AC synchronization PN.
  • the AC will receive the first message from the AP included in the same network based on the first message.
  • the first PN of a message returned. It can be understood that when the AC sends the first message to APs included in the same network multiple times, the AC will receive different first PNs for the same AP in different rounds. In order to improve the accuracy of the synchronization PN, then , the AC needs to distinguish different rounds among multiple first PNs from the same AP.
  • the AC can store the round statistics table as shown in Table 1:
  • the AC sends a round value of 1 to each AP in the same network through the first message.
  • the AC sends a round value of 2 to each AP in the same network through the first message, and so on.
  • the AC sends a round value of 2 to each AP in the same network.
  • Each AP in the same network sends a round value of M through the first message, where M is any positive integer greater than 1.
  • the description of the round value in this embodiment is an optional example. As long as the AC synchronizes PN in different rounds, the round values corresponding to different rounds are different.
  • different round values carried by the first message are used to distinguish the statistical rounds used by different first messages.
  • the corresponding round values also increase sequentially as an example.
  • the corresponding round values may also increase.
  • the values decrease in sequence.
  • the changing rules of the round value and the specific value of the synchronization PN in each round are not limited in this embodiment, as long as different round values uniquely correspond to different rounds of the synchronization PN.
  • the first message shown in this embodiment may also carry fields used to implement other functions.
  • the first message may also carry fields used to implement cyclic redundancy check (cyclic redundancy check, CRC).
  • CRC cyclic redundancy check
  • This embodiment does not limit the execution timing between step 202 and step 203.
  • Step 204 The first AP sends the second message to the AC according to the first message.
  • the first AP when the first AP receives the first message from the AC, it sends the second message to the AC.
  • the second message carries the first PN.
  • the specific format of the second message can be seen in Figure 3b.
  • Figure 3b is an example diagram of the first message format of the second message provided by the embodiment of the present application.
  • the second message 310 includes a second message type field 311, a second round value 312, an identification of the first AP 313 and a first PN 314.
  • the second message type field 311 shown in this embodiment is used to indicate that the second message is a message that carries the first PN. According to the indication of the second message type field 311, the AC can parse the second message to obtain the second message. Each field carried.
  • the second message 310 also includes a second round value 312, the identification of the first AP 313 and the first PN. Specifically, after receiving the first message, the first AP parses the first round value from the first message.
  • the second round value is equal to the first round value, For example, if the first round value parsed by the first AP from the first message is the round value M, then the second message sets the round value M in the second message 310. It can be understood that the first AP sets the round value parsed from the first message in the second message 310 .
  • the identifier 313 of the first AP is used to identify the first AP.
  • the identifier 313 of the first AP may be the media access control address (MAC) address of the first AP.
  • the first AP may directly send the second message to the first AC after receiving the first message, or the first AP may send the second message to the first AC after determining that the reporting conditions are met.
  • the AC sends the second message, and the first PN sent by the first AP to the AC when the reporting conditions are met is the latest PN that the first AP has not sent to the AC.
  • the reporting condition is that the first round value is greater than the current round value of the round counter.
  • the first AP determines that the current round value of the round counter is the round value M. It can be seen that the current round value recorded by the round value counter is the maximum value among all round values that the first AP has received.
  • the current count of the round value counter of the first AP is round value J
  • the round value carried by the first message currently received by the first AP is round value K
  • J is greater than or equal to K
  • the K-th round of PN synchronization process of AC has been completed synchronously (that is, the first AP has sent the round value K to the AC to realize the K-th round of synchronization PN)
  • the first AP determines to carry the round value K
  • the first message is caused by anomalies such as retransmission, and the first AP will not return the second message carrying the round value K to the AC.
  • J is less than K, it means that the AC's K-th round of synchronization PN has not yet been completed (that is, the first AP has not sent the round value K used to implement the K-th round of synchronization PN to the AC), and the first AP returns to the AC The second message carrying the round value K.
  • Step 205 The AC obtains the first PN list corresponding to the networking.
  • the AC receives the first PN from each AP included in the network.
  • the process of the AC receiving the first PN from each AP please refer to steps 203 to 204, and details will not be described again.
  • the AC creates a corresponding first PN list for each round of PN synchronization process. It can be understood that AC creates a first PN list for each round value. Combined with the example shown in Table 1, a corresponding first PN list is created for round value 1, and a corresponding first PN list is created for round value 2. A PN list, and so on, to create a corresponding first PN list for the round value M.
  • the following is an exemplary description of the process of AC creating the first PN list as shown in Table 2 for the round value M.
  • the AC-associated network includes four APs, namely AP1, AP2, AP3, and AP4.
  • the description of the number of APs included in the network is optional and will not be used. limited.
  • AC receives the second message from AP1, AC root
  • the second message is parsed according to the second message type field carried in the second message to obtain each field of the second message. For specific description, please refer to Figure 3b, which will not be described again. If the second round value parsed by the AC from the second message is round value M, then the AC determines that the second message from AP1 is used for the Mth round of synchronization PN, and the AC can use the first round value carried in the second message.
  • the PN is set in the first PN list, and the AC can also set the identity of AP1 (that is, the MAC address of the AP) carried in the second message in the first PN list. It can be seen that the AC synchronizes the PN in the Mth round. , for the first PN list created by AP1, including the round value M, the MAC address of AP1 and the corresponding relationship of AP1's first PN, and so on. During the Mth round of PN synchronization process, AC creates for AP4 The first PN list includes the round value M, the MAC address of AP4, and the first PN of AP4.
  • the first synchronization success state means that the first PN list created by the AC for the round value M includes the PN of each AP associated with the AC. Specifically, the first synchronization success state refers to the first PN list created by the AC for the round value M, including the MAC address of each AP associated with the AC.
  • the AC determines that the network includes AP1, AP2, AP3, and AP4, the AC determines that the first PN list created for the round value M includes the MAC address of AP1, the MAC address of AP2, the address of AP3, and the address of AP4 MAC address, it is determined that the first synchronization success state is satisfied.
  • the first PN list created by the AC for the round value M includes the first PN of each first AP associated with the AC.
  • the first PN list corresponding to the round value M satisfies the first synchronization success state as an example.
  • the AC receives the associated part during the M-th round of PN synchronization process.
  • the first PN of the first AP and the AC may determine the second PN among the received first part of the first PN to perform PN synchronization. For example, among AP1, AP2, AP3 and AP4 associated with the AC, the AC has received the first PN from AP1, the first PN from AP2 and the first PN from AP3, but has not yet received the first PN of AP4.
  • the second PN may be determined based only on the first PN of AP1, the first PN of AP2, and the first PN of AP3 to synchronize the PN of each AP associated with the AC through the second PN.
  • Step 206 The AC sends the fourth message to the second AP.
  • the AC sends the second PN to the second AP in the following optional ways:
  • the AC sends the fourth message to each AP in the associated network.
  • the second AP in this example is each AP in the network to which the AC has been associated.
  • the specific format of the fourth message can be seen in Figure 3c, where Figure 3c is an example diagram of the first message format of the fourth message provided by the embodiment of the present application.
  • the fourth message 320 includes a fourth message type field 321, a third round value 322 and a second PN 323.
  • the fourth message type field 321 is used to instruct the second AP to obtain the second PN 323 and the third round value 322 carried in the fourth message.
  • the second PN carried in the fourth message is explained: when the AC successfully creates the first PN list corresponding to the round value M, the AC determines that the second PN is a plurality of first PNs included in the first PN list. the maximum value in . Continuing to refer to the example shown in Table 2, the AC determines that the maximum value among the first PN of AP1, the first PN of AP2, the first PN of AP3 and the first PN of AP4 included in the first PN list is the second PN. . For example, if the first PN of AP4 in the first PN list has the largest value among the first PNs included in the first PN list, the AC determines that the first PN of AP4 is the second PN.
  • the third round value is the round in which the AC obtains the second PN. Continuing to refer to the example shown in Table 2, the AC obtains the second PN in the Mth round, then the AC determines the third round carried in the third message.
  • the value 322 is the round value M.
  • the AC only sends the fourth message to the second AP included in the network that satisfies the synchronization PN condition.
  • the second AP in this example is an AP that satisfies the synchronization PN condition in the network to which the AC has been associated.
  • the second AP that satisfies the synchronization PN condition means that in the first PN list corresponding to the round value M, the third PN of the second AP is smaller than the second PN.
  • the third PN is the PN carried in the second message from the second AP.
  • the AC determines that the second PN is the first PN of AP4 (for specific instructions, please refer to the example of method 1 above, and will not be described in detail). Then, the AC determines that the PN stored by AP4 is already the round. The maximum value among multiple first PNs in the first PN list corresponding to value M, Then, during the Mth round of PN synchronization, the first PN stored by AP4 does not need to be synchronized. Therefore, the AC determines that AP1, AP2, and AP3 are all the second APs that need to synchronize PNs. The included MAC address of AP1 sends a fourth message to AP1, and by analogy, the AC sends the fourth message to AP3 according to the MAC address of AP3 included in the first PN list.
  • the second AP and the first AP shown in this embodiment can be the same AP in the same network, or the second AP and the first AP can also be different APs in the same network.
  • Step 207 The second AP determines the target PN according to the fourth message.
  • the target PN is the PN used by the second AP for data frames to be sent. Specifically, when the second AP determines the target PN, the second AP subsequently broadcasts or multicasts the MPDU sent to the STA carrying the target PN to ensure secure communication between the second AP and the STA.
  • the following is an exemplary description of several optional ways for the second AP to determine the target PN according to the fourth message:
  • the second AP obtains the third round value and the second PN carried in the fourth message from the fourth message from the AC. Specifically, the second AP parses the fourth message according to the fourth message type field of the fourth message to obtain each field carried in the fourth message.
  • the second message sent by the second AP to the AC carries the second round value. For the description of the second round value, please refer to step 204, and details will not be described again.
  • the second AP determines that the target PN is the second PN.
  • the second round value is equal to the third round value, indicating that the second AP has sent the PN of the second AP to the AC (see step 204 for the specific process, which will not be described in detail). Therefore, the second AP determines the target PN.
  • the target PN is the maximum value among the PNs corresponding to each AP in the network.
  • the second AP obtains the second PN carried in the fourth message from the fourth message from the AC.
  • the second AP obtains the latest PN stored by the second AP itself.
  • the latest PN is the latest PN stored by the second AP before the second AP receives the fourth message. That is, the latest PN is the current count of the AP-side anti-duplication counter of the second AP.
  • the AP-side anti-duplication counter please refer to Example 1 and Example 2 of step 202, which will not be described again.
  • the latest PN is the PN carried in the MPDU sent by the second AP to the STA for the Mth time.
  • the second AP determines that the target PN is the latest PN. Specifically, during the M-th round of PN synchronization process, the second AP sends the round value M and the first PN to the AC, indicating that the second AP has completed the M-th round of PN synchronization process (that is, the second AP has sent the AC the second message carrying the round value M). At this time, the count of the anti-duplication counter on the AP side is the first PN.
  • the second AP when the second AP has not received the second PN from the AC, the second AP continues to broadcast or multicast new MPDUs to the STA, causing the second AP's AP side anti-duplication counter to continue to increase.
  • the second AP After the AP side anti-duplication counter of the second AP increments to the latest PN, the second AP receives the second PN from the AC, causing the second PN to be smaller than the latest PN.
  • the second AP uses the second PN to If the STA broadcasts or multicasts MPDUs, the MPDU carrying the second PN cannot be successfully received by the STA (because the anti-duplication counter on the STA side is greater than the second PN). For this reason, the second AP shown in this example determines the second PN. If it is less than or equal to the latest PN, the second AP will not update the anti-duplication counter on the AP side, but will continue to use the latest PN to send MPDUs to the STA. Therefore, the second AP shown in this example determines that the target PN is the latest PN.
  • the second AP determines that the target PN is the second PN. Specifically, during the M-th round of PN synchronization process, the second AP sends the round value M and the first PN to the AC, indicating that the second AP has completed the M-th round of PN synchronization process (that is, the second AP has sent the AC the second message carrying the round value M). At this time, the count of the AP side anti-duplication counter is the first PN. Then, the second AP received the second PN from the AC. The second PN is the largest PN in the network associated with the AC.
  • the second AP determines that the target PN is the second PN.
  • the target PN is set in the MPDU to achieve secure communication between the second AP and the STA.
  • the STA is associated with AP1, and the process of MPDU transmission between AP1 and STA is shown in Example 1 and Example 2 above. The details will not be described again. If the STA roams and switches, that is, the STA roams and switches from AP1 to AP2. For example, when the target parameters between AP1 and STA are smaller than the target parameters between AP2 and STA, the STA roams and switches from AP1 to AP2, where , the target parameter can be at least one of the following:
  • RSSI Received signal strength indicator
  • RSRP reference signal receiving power
  • RSRQ reference signal receiving quality
  • SINR signal and interference plus noise Ratio
  • AP1 and AP2 are in the same network.
  • the network is a network with the same BSSID.
  • the BSSID of AP1 is the same as the BSSID of AP2. Then, when the STA roams and switches from AP1 to AP2, there is no need to perform the detection process, authentication process, association process, key exchange and other access processes again between the STA and AP2.
  • the STA can use AP1 to roam and switch to AP2.
  • the secure communication key used by the communication to continue communicating with AP2.
  • the count of the AP-side anti-duplication counter of AP1 and the count of the AP-side anti-duplication counter of AP2 are different.
  • the count of the AP-side anti-duplication counter of AP1 is 150
  • the count of the AP-side anti-duplication counter of AP2 is different.
  • the count of the counter is 100.
  • the count of the anti-duplication counter on the STA side is 149.
  • the count of the STA's anti-replication counter on the STA side remains at 149.
  • the AP-side anti-duplication counter of AP2 counts 100. Then, the PN value carried in the MPDU sent by AP2 in broadcast or multicast is 100, and the STA-side anti-duplication counter of STA is 149.
  • the STA-side anti-duplication counter of STA is 149.
  • the STA will discard the MPDU to prevent the STA from receiving retransmitted MPDUs. Therefore, the STA will discard the MPDU from AP2.
  • the PN value carried by the MPDU sent by AP2 again by broadcast or multicast is 101, and the STA determines that the value of the anti-duplication counter on the STA side is still greater than or equal to the PN carried by the MPDU, and the STA continues to discard the MPDU, and so on. Until the STA determines that the value of the anti-duplication counter on the STA side is less than the PN carried in the MPDU, the STA will successfully receive the MPDU of AP2 after the roaming switch.
  • the STA needs to discard 50 MPDUs before This will cause the STA to successfully receive the MPDU from AP2 after roaming switching, reduce the efficiency of successful communication between the STA and the AP after roaming switching, and increase the communication overhead between the STA and the AP after roaming switching.
  • the AC can determine the second PN among multiple first PNs corresponding to the network based on the first PN from each AP in the network.
  • the second PN is the corresponding first PN in the network.
  • the AC sends the second PN to the APs included in the network to ensure that the PNs stored by each AP included in the network are all second PNs.
  • the count of the AP-side anti-duplication counter of AP1 is 150
  • the count of the AP-side anti-duplication counter of AP2 is 100.
  • the AC determines that the maximum value of the AP-side anti-duplication counter corresponding to each AP in the network is 150, then The AC sends a PN with a value of 150 to the AP, and AP2 changes the value of its stored PN from 100 to 150. It can be understood that when the STA roams and switches from AP1 to AP2, the PN value in the MPDU from AP2 is 150, and the value of the anti-duplication counter on the STA side is 149. After the STA roams and switches to AP2, it can directly and successfully communicate with AP2.
  • the STA When the STA undergoes roaming handover, it can effectively improve the efficiency of successful communication between the STA and the AP after roaming handover, and reduce the communication overhead between the STA and the AP after roaming handover, achieving secure communication between the AP and STA. In order to avoid replay attacks or injection attacks, it effectively reduces the number of data frame losses and reduces communication resources. waste of resources.
  • Step 401 The STA accesses the first AP based on the access process.
  • Step 402 The first AP and STA communicate on the target frequency band.
  • steps 401-402 shown in this embodiment please refer to steps 201-202 shown in Figure 2, and details will not be described again.
  • Step 403 The AC sends the first message carrying the first timestamp to the first AP.
  • the first message is used to request the first AP to send the first PN.
  • the first PN please refer to step 203 of Figure 2, and details will not be described again.
  • the format of the first message shown in this embodiment is shown in Figure 5a, where Figure 5a is an example diagram of the second message format of the first message provided by this embodiment of the application.
  • the first message 500 includes a first message type field 501 and a first timestamp 502 .
  • the first timestamp 502 included in the first message 500 is used to indicate the timestamp when the AC sends the first message.
  • the first PN of a message returned. It can be understood that when the AC sends the first message to each AP included in the same network in multiple rounds, the AC will receive multiple PNs for the same AP in different rounds. In order to improve the accuracy of synchronized PN, Then, the AC needs to distinguish the first PNs from different rounds among multiple first PNs from the same AP.
  • the AC can store the round statistics table as shown in Table 3:
  • the round statistics table created by the AC includes the correspondence between different rounds of synchronized PN and the corresponding first timestamp.
  • the AC sends the first timestamp b1 through the first message to each AP in the same network.
  • the first timestamp b1 is used to indicate that the AC sends the first timestamp b1 in the first round.
  • Time of first message By analogy, when the AC synchronizes the PN in the Mth round, the AC sends the first timestamp bM through the first message to each AP in the same network.
  • the timestamp bM is used to instruct the AC to send the first timestamp bM in the Mth round. The time of the message.
  • Step 404 The first AP sends the second message carrying the second timestamp to the AC.
  • FIG. 5b is an example diagram of the second message format of the second message provided by the embodiment of the present application.
  • the second message 510 includes a second message type field 511, a second timestamp 512, an identification of the first AP 513 and a first PN 514, and a description of the second message type field 511, the identification of the first AP 513 and the first PN 514. , please refer to the corresponding description in Figure 3b, and the details will not be repeated.
  • the first AP may directly send the second message to the first AP after receiving the first message, or the first AP may determine that the first message satisfies the reporting conditions.
  • the first AP sends the second message to the AC according to the first message.
  • the reporting condition is that the first timestamp is later than the latest timestamp stored by the first AP.
  • the AC sends the first timestamp bM-1 to the first AP, and the first AP stores the first timestamp bM-1.
  • a timestamp bM-1 is the latest first timestamp stored by the first AP.
  • the AC sends the first timestamp bM to the first AP.
  • the first AP determines that the first timestamp bM is later than the first timestamp bM-1, and then determines to carry the first timestamp bM.
  • the first message meets the reporting conditions. Then, the first AP carries the first time Stamp bM's first message and send the second message to AC.
  • the first AP parses the first timestamp from the first message.
  • the second timestamp is equal to the first timestamp. For example, if the first AP The timestamp bM parsed from the first message, then the first AP sets the timestamp bM in the second message, so that the timestamp carried in the second message is also the timestamp bM.
  • Step 405 The AC obtains the first PN list corresponding to the networking.
  • step 405 For the execution process of step 405 shown in this embodiment, please refer to step 205 in Figure 2 , and details will not be described again.
  • Step 406 The AC sends the fourth message to the second AP.
  • the AC sends a fourth message to each AP in the associated network.
  • the specific format of the fourth message can be seen in Figure 5c.
  • Figure 5c is the second type of the fourth message provided by the embodiment of the present application.
  • the fourth message 520 includes a fourth message type field 521, a third timestamp 522 and a second PN 523.
  • the fourth message type field 521 and the second PN 523 please refer to the description of Figure 3c, and details will not be repeated.
  • the third timestamp 522 is the first timestamp obtained by the AC in the M-th round.
  • Table 3 please refer to the example shown in Table 3 and will not be described again. .
  • the AC may only send the fourth message to the second AP included in the network that satisfies the synchronization PN condition.
  • the synchronization PN condition please refer to step 206 of Figure 2, and details will not be described again.
  • Step 407 The second AP determines the target PN according to the fourth message.
  • the target PN is the PN used by the data frame to be sent by the second AP. Specifically, when the second AP determines the target PN, the second AP subsequently broadcasts or multicasts the MPDU sent to the STA. The target PN is carried to ensure secure communication between the second AP and the STA.
  • the second AP obtains the third timestamp and the second PN carried in the fourth message from the fourth message from the AC. Specifically, the second AP parses the fourth message according to the fourth message type field of the fourth message to obtain each field carried in the fourth message.
  • the second message sent by the second AP to the AC carries the second timestamp. For the description of the second timestamp, please refer to step 404, and details will not be described again.
  • the second AP determines that the target PN is the second PN.
  • the second timestamp is equal to the third timestamp carried in the fourth message, indicating that the second AP has sent the PN of the second AP to the AC (see step 404 for the specific process, which will not be described in detail). Therefore, the second AP determines When the target PN is the second PN, the target PN is the maximum value among the PNs corresponding to each AP in the network.
  • the second AP obtains the second PN carried in the fourth message from the fourth message from the AC. Secondly, the second AP determines the target PN based on the second PN and the latest PN. For a description of the specific process, please refer to step 207 in Figure 2, which will not be described again.
  • the AC when the AC obtains the first PN list and the AC determines that the first PN list satisfies the synchronization condition, the AC sends the fourth message carrying the second PN to the second AP.
  • the synchronization condition is that the target difference between the maximum value and the minimum value among the plurality of PNs included in the first PN list is greater than or equal to a threshold.
  • the maximum value of PN may be The first PN
  • the minimum value of PN may be the first PN of AP2
  • the target difference is equal to the difference between the first PN of AP4 and the first PN of AP2.
  • the target difference is less than the threshold, it means that when the STA roams and switches from one AP included in the network to another AP, because the difference in the counts of the AP-side anti-duplication counters corresponding to the two APs is not large, then the AC Without sending the second PN to the second AP, even if the STA roams and switches from one AP included in the network to another AP, the communication process between the STA and the AP after the roaming switch will not cause any major problems. Communication overhead, for example, as shown in Example 4, the network only includes AP1 and AP2. The count of the AP-side anti-duplication counter of AP1 is 150, and the count of the AP-side anti-duplication counter of AP2 is 145.
  • Example 3 corresponding to Figure 2, which will not be described again. It can be understood that when the target difference is less than the threshold, the AC does not need to send the fourth message to the second AP to achieve PN synchronization of each AP in the network, and secure communication will not bring excessive overhead loss. Then, the AC There is no need to waste communication resources to synchronize the PN of each AP in the network.
  • the method shown in this embodiment can effectively improve the efficiency of successful communication between the STA and the AP after roaming handover when the STA undergoes roaming handover, and also reduces the communication overhead between the STA and the AP after roaming handover. While ensuring secure communication between AP and STA to avoid replay attacks or injection attacks, it effectively reduces the number of data frame losses and reduces the waste of communication resources.
  • the AC triggers the synchronization of the PNs stored by each AP in the network based on the first message.
  • the AP triggers the synchronization of PNs stored by each AP in the network.
  • Figure 6 is a third step flow chart of the PN synchronization method provided by the embodiment of the present application.
  • Step 601 The STA accesses the first AP based on the access process.
  • Step 602 The first AP and STA communicate on the target frequency band.
  • steps 601-602 shown in this embodiment please refer to steps 201-202 shown in Figure 2, and details will not be described again.
  • Step 603 The first AP sends the third message to the AC.
  • the third message is used by the first AP to actively report the first PN to the AC.
  • the first PN is the current count of the anti-duplication counter on the AP side.
  • the description of the first PN please refer to the description of step 203 corresponding to Figure 2. The details are not To elaborate.
  • the format of the third message shown in this embodiment can be seen in Figure 7 , where Figure 7 is an example of a message format of the third message provided by this embodiment of the application.
  • the third message 700 includes a third message type field 701, a first PN 702 and an identifier 703 used to identify the first AP.
  • the third message type field 701 is used to indicate that the third message is used to report the first PN.
  • For a description of the first PN 702 and the identifier 703 used to identify the first AP please refer to the description of the second message shown in Figure 3b, and details will not be described again.
  • Step 604 The AC obtains the second PN list corresponding to the networking.
  • the AC receives the first PN from each AP included in the network and creates a second PN list. If the AC determines that the multiple associated APs are in the third synchronization success state, the AC sends the second PN to the second AP according to the second PN list. Specifically, the AC sets a synchronization period in advance. If the AC successfully creates the second PN list within a synchronization period, the AC determines that the multiple associated APs are in the third synchronization success state. This embodiment does not limit the duration of the synchronization period. For example, the duration of the synchronization period may be 10 minutes.
  • the network that the AC has been associated with includes AP1, AP2, AP3, and AP4. If the AC successfully receives the first PN from AP1, the first PN from AP2, the first PN from AP3, and the first PN from AP3 within a synchronization period, The first PN of AP4, the AC determines that the associated multiple APs are in the third synchronization state.
  • the correspondence relationship included in the second PN list please refer to the description of the first PN list shown in Table 2, and details will not be described again.
  • Step 605 The AC sends the fourth message to the second AP.
  • Step 606 The second AP determines the target PN according to the fourth message.
  • steps 605-606 For an explanation of the execution process of steps 605-606 shown in this embodiment, please refer to the corresponding steps 206 to 207 shown in Figure 2, and details will not be described again.
  • the first AP actively reports the first PN to the AC, and the AC synchronizes the PNs of each AP included in the network based on the first PN actively reported by the first AP.
  • the amount of signaling exchanged between the AC and the AP can also be reduced, thereby reducing the utilization efficiency of communication resources.
  • the more the number of multicast data frames or broadcast data frames sent by the first AP the greater the count of the AP-side anti-duplication counter of the first AP.
  • the implementation shown in Figure 8 As shown in the example, the more the number of multicast data frames or broadcast data frames sent by the first AP, the smaller the count of the AP side anti-duplication counter of the first AP is taken as an example, where Figure 8 shows the PN provided by the embodiment of the present application.
  • the fourth step flow chart of the synchronization method is taken as an example, where Figure 8 shows the PN provided by the embodiment of the present application.
  • Step 801 The STA accesses the first AP based on the access process.
  • Step 802 The first AP and STA communicate on the target frequency band.
  • steps 801-802 For an explanation of the execution process of steps 801-802 shown in this embodiment, please refer to the corresponding steps 201 to 202 shown in Figure 2, and details will not be described again.
  • the first AP in this embodiment will also set an AP-side anti-duplication counter.
  • the initial value of the AP-side anti-duplication counter is the maximum value of the MPDU sent by the first AP in one cycle. For example, the initial value of the AP-side anti-duplication counter It can be 100. Every time the first AP has a multicast or broadcast MPDU to be sent, the first AP decrements the value of the anti-duplication counter on the AP side by 1.
  • the first AP sets the value of the PN field in the MPDU to the current count of the AP side anti-duplication counter (that is, 99).
  • the STA also sets an STA-side anti-duplication counter.
  • the initial value of the STA-side anti-duplication counter is the same as the count of the AP-side anti-duplication counter, which is also 100. Every time the STA successfully receives an MPDU, the STA changes the value of the STA-side anti-duplication counter. Decrease the value by 1.
  • the initial values of the AP side anti-gravity counter and the STA side anti-gravity counter are both 100 as an example. There is no limitation. In other examples, the initial values of the AP side anti-gravity counter and the STA side anti-gravity counter can be arbitrary. numerical value.
  • the STA receives the MPDU, the STA determines that the value of the PN field in the MPDU is 99, and the value of the anti-duplication counter on the STA side is the initial value (i.e. 100). Then, the STA determines that the PN field in the received MPDU is 99.
  • the value of the field (i.e., 99) is less than the value of the STA-side anti-duplication counter (i.e., 100).
  • the STA determines that the MPDU is an MPDU in a safe state, and the STA sets the value of the STA-side anti-duplication counter to the PN in the MPDU.
  • the value of the field (i.e. 99), and so on, will not be described in detail.
  • the MPDU in a safe state shown in this embodiment means that the MPDU is not used for playback attacks or injection attacks. Take the replay attack as an example. Continue to refer to Example 5 above. If the attacking device obtains the MPDU received by the STA for the first time and the value of the PN field in the MPDU is 99, the attacking device resends the MPDU to the STA. . When the STA receives the MPDU, the STA determines that the value of the PN field in the MPDU is 99 (because the PN from the attacking device has not been processed by the first AP), and the value of the anti-duplication counter on the STA side is is 99, then the STA determines that the value of the PN field in the received MPDU (i.e.
  • the STA determines that the value of the PN field in the received MPDU is greater than Or equal to the value of the anti-duplication counter on the STA side, the STA directly discards the MPDU. Then, the STA shown in this example drops MPDUs from the attacking device. It can be understood that the first AP ensures secure communication between the first AP and the STA by sending the MPDU including the PN to the STA, so as to prevent the STA from being subjected to playback attacks or injection attacks from the attacking device.
  • Step 803 The AC sends the first message to the first AP.
  • the first message is used to request the first AP to send the first PN.
  • the first message includes the first round value used to indicate the round of synchronizing PN as an example.
  • the description of the first round value please refer to the corresponding description in Figure 2 , and details will not be described again.
  • Step 804 The first AP sends the second message to the AC according to the first message.
  • Step 805 The AC obtains the first PN list corresponding to the networking.
  • step 805 For an explanation of the execution process of step 805 shown in this embodiment, please refer to step 205 corresponding to Figure 2, and details will not be described again.
  • Step 806 The AC sends the fourth message to the second AP.
  • the AC sends the fourth message to each AP in the associated network.
  • the format of the fourth message please refer to Figure 2. As shown in step 206, the details will not be described again.
  • the second PN carried in the fourth message is explained: when the AC successfully creates the first PN list corresponding to the round value M, the AC determines that the second PN is a plurality of first PNs included in the first PN list. the minimum value in . Continuing to refer to the example shown in Table 2, the AC determines that the minimum value among the first PN of AP1, the first PN of AP2, the first PN of AP3 and the first PN of AP4 included in the first PN list is the second PN. . For example, if the first PN of AP1 in the first PN list is the smallest value among the first PNs included in the first PN list, the AC determines that the first PN of AP1 is the second PN.
  • the AC can only send the fourth message to the second AP included in the network that meets the synchronization PN condition.
  • the second AP in this example is the second AP in the network that the AC is associated with that satisfies the synchronization PN condition.
  • the second AP that satisfies the synchronization PN condition means that in the first PN list corresponding to the round value M, the third PN of the second AP is greater than the second PN.
  • the third PN is the PN carried in the second message from the second AP.
  • the AC determines that the second PN is the first PN of AP1.
  • the AC determines that the PN stored by AP1 is already one of multiple first PNs in the first PN list corresponding to the round value M. minimum value, then, during the Mth round of PN synchronization, the first PN stored by AP1 does not need to be synchronized. Therefore, AC determines that AP2, AP3 and AP4 are all second APs that need to synchronize PN.
  • the MAC address of AP2 included in a PN list sends the fourth message to AP2, and by analogy, the AC sends the fourth message to AP4 based on the MAC address of AP4 included in the first PN list.
  • Step 807 The second AP determines the target PN according to the fourth message.
  • the target PN is the PN used by the second AP for data frames to be sent. Specifically, when the second AP determines the target PN, the second AP subsequently broadcasts or multicasts the MPDU sent to the STA carrying the target PN to ensure secure communication between the second AP and the STA.
  • the following is an exemplary description of several optional ways for the second AP to determine the target PN according to the fourth message:
  • the second AP obtains the third round value and the second PN carried in the fourth message from the fourth message from the AC. Specifically, the second AP parses the fourth message according to the fourth message type field of the fourth message to obtain each field carried in the fourth message.
  • the second message sent by the second AP to the AC carries the second round value. For the description of the second round value, please refer to step 204, and details will not be described again.
  • the second AP determines that the target PN is the second PN.
  • the second round value is equal to the third round value, indicating that the second AP has sent the PN of the second AP to the AC (see step 204 for the specific process, which will not be described in detail). Therefore, the second AP determines the target PN.
  • the target PN is the minimum value among the PNs corresponding to each AP in the network.
  • the second AP obtains the second PN carried in the fourth message from the fourth message from the AC.
  • the second AP obtains the latest PN stored by the second AP itself.
  • the latest PN is the latest PN stored by the second AP before the second AP receives the fourth message. That is, the latest PN is the current count of the AP-side anti-duplication counter of the second AP.
  • the AP-side anti-duplication counter please refer to Example 5 of step 202, which will not be described again.
  • the latest PN is the PN carried in the MPDU sent by the second AP to the STA for the Mth time.
  • the second AP determines that the target PN is the latest PN. Specifically, during the M-th round of PN synchronization process, the second AP sends the round value M and the first PN to the AC, indicating that the second AP has completed the M-th round of PN synchronization process (that is, the second AP has sent the AC the second message carrying the round value M). At this time, the count of the anti-duplication counter on the AP side is the first PN.
  • the second AP when the second AP has not received the second PN from the AC, the second AP continues to broadcast or multicast new MPDUs to the STA, causing the AP side anti-duplication counter of the second AP to continue to decrease. Please refer to the description of Example 5 above for the description, and no further details will be given. After the AP side anti-duplication counter of the second AP decreases to the latest PN, the second AP receives the second PN from the AC, causing the second PN to be larger than the latest PN.
  • the second AP uses the second PN to send a message to the STA If the MPDU is sent by broadcast or multicast, the MPDU carrying the second PN cannot be successfully received by the STA (because the anti-duplication counter on the STA side is smaller than the second PN), for this reason, when the second AP shown in this example determines that the second PN is greater than the latest PN, the second AP will not update the count of the AP side anti-duplication counter, but will continue to use the latest PN to send MPDUs to the STA. . Therefore, the second AP shown in this example determines that the target PN is the latest PN.
  • the second AP determines that the target PN is the second PN. Specifically, during the M-th round of PN synchronization process, the second AP sends the round value M and the first PN to the AC, indicating that the second AP has completed the M-th round of PN synchronization process (that is, the second AP has sent the AC the second message carrying the round value M). At this time, the count of the AP side anti-duplication counter is the first PN. Then, the second AP receives the second PN from the AC.
  • the second AP determines that the target PN is the second PN.
  • the AC determines the round of synchronizing the PN through the round value as an example.
  • the AC shown in this embodiment can also determine the round of synchronizing the PN through the timestamp to realize the networking included.
  • the PN synchronization of each AP please refer to the description of the corresponding embodiment in Figure 4 for the specific process, which will not be described again.
  • the first AP can also trigger the AC to implement the control of each AP included in the network.
  • the specific execution process of PN synchronization please refer to the process of realizing PN synchronization of each AP included in the network shown in Figure 6, which will not be described in detail.
  • the target PN is set in the MPDU to achieve secure communication between the second AP and the STA.
  • the STA roams and switches from AP1 to AP2, it can directly and successfully communicate with AP2.
  • the STA undergoes roaming handover, it can effectively improve the efficiency of successful communication between the STA and the AP after roaming handover, and reduce the communication overhead between the STA and the AP after roaming handover, achieving secure communication between the AP and STA.
  • the number of lost data frames is effectively reduced, and the waste of communication resources is reduced.
  • FIG. 9 is a first structural example diagram of the communication device provided by the embodiment of the present application.
  • the communication device 900 shown in this embodiment includes a processor 901, a memory 902 and a transceiver 903.
  • the processor 901 is connected to the memory 902 and the transceiver 903 respectively.
  • the processor 901 may include an application processor (application processor, AP), modem processor, graphics processing unit (GPU), image signal processor (image signal processor, ISP), controller, video codec , at least one of a digital signal processor (DSP), a baseband processor or a neural-network processing unit (NPU).
  • the transceiver 903 receives electromagnetic waves, frequency modulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 901 .
  • the transceiver 903 can also receive the signal to be sent from the processor 901, frequency modulate it, amplify it, and convert it into electromagnetic waves for radiation.
  • Memory 902 stores program instructions.
  • the communication device 900 shown in this embodiment is an AP, when the program instructions stored in the memory 902 are executed by the processor 901, the AP will execute any of the method embodiments in Figure 2, Figure 4, Figure 6 or Figure 8 The process performed by the AP.
  • the communication device 900 shown in this embodiment is an AC, when the program instructions stored in the memory 902 are executed by the processor 901, the AC is caused to execute any of the methods in Figure 2, Figure 4, Figure 6 or Figure 8. Example of the process performed by AC.
  • the communication device 900 shown in this embodiment is an STA, when the program instructions stored in the memory 902 are executed by the processor 901, the STA is caused to execute any of the method embodiments in Figure 2, Figure 4, Figure 6 or Figure 8 Process executed by STA.
  • FIG. 10 illustrates the structure of the communication device from the perspective of functional modules. Among them, FIG. 10 is a second structural example diagram of a communication device provided by an embodiment of the present application.
  • the communication device 1000 shown in this embodiment includes a transceiver module 1001 and a processing module connected to the transceiver module 1001 1002. If the communication device 1000 shown in this embodiment is an AC, the transceiver module 1001 is used to perform the transceiver-related steps performed by the AC in any of the method embodiments in Figure 2, Figure 4, Figure 6 or Figure 8.
  • the processing module 1002 is configured to perform processing-related steps performed by the AC in any of the method embodiments in Figure 2, Figure 4, Figure 6 or Figure 8.
  • the transceiver module 1001 is used to perform transceiver-related steps performed by the AP in any of the method embodiments in Figure 2, Figure 4, Figure 6 or Figure 8.
  • the processing module 1002 is configured to perform processing-related steps performed by the AP in any of the method embodiments in Figure 2, Figure 4, Figure 6 or Figure 8. If the communication device 1000 shown in this embodiment is an STA, the transceiver module 1001 is used to perform steps related to transceiver performed by the STA in any of the method embodiments in Figure 2, Figure 4, Figure 6 or Figure 8. The processing module 1002 is configured to perform processing-related steps performed by the STA in any of the method embodiments in FIG. 2, FIG. 4, FIG. 6 or FIG. 8.
  • Embodiments of the present application also provide a computer-readable storage medium.
  • the computer storage medium stores a computer program.
  • the computer program includes program instructions. When executed by a processor, the program instructions cause the processor to execute FIG. 2 , the method shown in any method embodiment in Figure 4, Figure 6 or Figure 8.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明实施例公开了一种包数量的同步方法,相关设备以及系统,其用于保证AP和STA之间的安全通信的情况下,降低STA与漫游切换后的AP之间广播数据帧或组播数据帧丢失的数量,提高通信效率。所述方法包括:AC接收来自第一AP的第一包数量PN,所述第一AP为所述AC已关联的多个AP中的任一个,所述第一PN用于指示所述第一AP已发送的组播数据帧或广播数据帧的数量;所述AC向第二AP发送第二PN,所述第二PN为所述多个AP对应的多个PN中的一个,所述多个PN中的每个PN来自所述多个AP中的一个AP,所述第二AP为所述多个AP中的一个AP。

Description

一种包数量的同步方法,相关设备以及系统
本申请要求于2022年7月11日提交中国国家知识产权局、申请号为202210808985.5、申请名称为“一种包数量的同步方法,相关设备以及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及通信领域,尤其涉及一种包数量的同步方法,相关设备以及系统。
背景技术
在已有的无线网络通信技术(wireless fidelity,WiFi)网络中,为了提升信号的覆盖范围,采用多个接入节点(access point,AP)进行级联组网。而组网方式又分为同基本服务集标识符(basic service set identifier,BSSID)组网和不同BSSID组网。同BSSID组网是指,同一组网内,各个AP的BSSID均相同。不同BSSID组网是指,同一组网内,不同的AP的BSSID不同。为保护AP与终端设备(Station,STA)之间传输数据的安全,可对AP和STA之间所交互的数据帧进行加密,加密后的数据帧会携带包数量(packet number,PN)字段。AP每次向组网内的STA发送一个数据帧,加密后的数据帧所携带的PN字段的取值会加一,以防止回放式或注入式攻击。
AP每发送一个数据帧,该数据帧携带的PN就会加一。STA会维护一个计数器,当STA接收到数据帧时,若STA确定数据帧携带的PN大于计数器的计数值,则STA将计数器的计数值更新为数据帧所携带的PN的取值。若STA确定数据帧携带的PN小于或等于计数器的计数值,则STA丢弃该数据帧。
在同BSSID组网的场景下,若STA需要在不同的AP之间漫游切换,因无需AP和STA重新进行认证、关联以及密钥协商的过程,所以该STA不会感知到发生了漫游切换。但是,同BSSID组网内的不同的AP发送的组播或广播数据帧的数量随着时间的推移会存在差异。若漫游切换后的AP的PN小于STA计数器的计数值,那么,漫游切换后的AP需要向STA重传多次数据帧,直至STA确定来自漫游切换后的AP的PN大于STA计数器的计数值,降低了漫游切换后的AP和STA之间通信的效率。
发明内容
本发明实施例提供了一种包数量的同步方法,相关设备以及系统,其能保证AP和STA之间的安全通信的情况下,降低STA与漫游切换后的AP之间广播数据帧或组播数据帧丢失的数量,提高通信效率。
本发明实施例第一方面提供了一种包数量的同步方法,所述方法包括:接入控制器AC接收来自第一接入节点AP的第一包数量PN,所述第一AP为所述AC已关联的多个AP中的任一个,所述第一PN用于指示所述第一AP已发送的组播数据帧或广播数据帧的数量;所述AC向第二AP发送第二PN,所述第二PN为所述多个AP对应的多个PN中的一个,所述多个PN中的每个PN来自所述多个AP中的一个AP,所述第二AP为所述多个AP中的一个AP。本方面所示,第二AP根据来自AC的第二PN向STA发送广播数据帧或组播数据帧,若STA漫游切换后, 有效地降低了组播数据帧或广播数据帧丢失的数量,降低了STA与漫游切换后的AP之间的通信开销,在实现了STA和漫游切换后的AP之间安全通信以避免回放攻击或注入式攻击的情况下,降低了通信资源的浪费。
基于第一方面,一种可选的实现方式中,在所述第一AP发送组播数据帧或广播数据帧的数量越多,所述第一PN的取值越大的情况下,所述第二PN为所述多个PN中的最大值。本实现方式所示,第二PN为组网所包括的多个AP对应的多个PN中的最大值,那么,第二PN使用该第二PN向STA发送广播数据帧或组播数据帧,有效的降低了第一AP向STA所发送的广播数据帧或组播数据帧丢失的数量,提高了通信效率。
基于第一方面,一种可选的实现方式中,在所述第一AP发送组播数据帧或广播数据帧的数量越多,所述第一PN的取值越小的情况下,所述第二PN为所述多个PN中的最小值。本实现方式所示,第二PN为组网所包括的多个AP对应的多个PN中的最小值,那么,第二PN使用该第二PN向STA发送广播数据帧或组播数据帧,有效的降低了第一AP向STA所发送的广播数据帧或组播数据帧丢失的数量,提高了通信效率。
基于第一方面,一种可选的实现方式中,所述接入控制器AC接收来自第一接入节点AP的第一包数量PN之前,所述方法包括:所述AC向所述第一AP发送第一消息,所述第一消息携带第一消息类型字段,所述第一消息类型字段用于请求所述第一PN;所述AC接收来自所述第一AP的第二消息,所述第二消息携带第二消息类型字段和所述第一PN,所述第二消息类型字段用于指示所述第二消息携带所述第一PN。本实现方式所示,由AC通过第一消息触发第一AP上报第一PN,AC在接收到组网所包括的多个AP对应的多个PN的情况下,AC在多个PN中确定第二PN,保证了组网所包括的各个AP同步该第二PN,降低了各AP向STA发送的广播数据帧或组播数据帧丢失的数量,提高了通信效率。
基于第一方面,一种可选的实现方式中,所述第一消息还携带第一轮次值,所述第一轮次值用于指示所述AC发送所述第一消息的轮次。本实现方式,通过第一轮次值使得AC能够在不同的轮次同步各个AP的PN,提高了同步各个AP的PN的准确性。
基于第一方面,一种可选的实现方式中,所述第二消息携带第二轮次值,所述AC向第二AP发送第二PN之前,所述方法还包括:所述AC确定所述第一轮次值与所述第二轮次值相同。本实现方式,在第二消息携带的第二轮次值的情况下,AC能够确定第二消息所携带的第二轮次值具体用于同步PN的轮次,提高了同步各个AP的PN的准确性。
基于第一方面,一种可选的实现方式中,所述AC向第二AP发送第二PN之前,所述方法还包括:所述AC确定所述多个AP处于第一同步成功态,所述第一同步成功态是指,所述多个PN中包括来自所述多个AP中的每个AP的PN,且所述多个AP中,来自不同的所述AP的所述第二轮次值均相同。本实现方式,AC基于组网所包括的多个AP处于第一同步成功态的状态确定第二PN,提高了同步各个AP的PN的准确性,以降低AP向STA发送的广播数据帧或组播数据帧丢失的数量。
基于第一方面,一种可选的实现方式中,所述第一消息还携带第一时间戳,所述第一时间戳用于指示所述AC发送所述第一消息的时间。本实现方式,通过第一时间戳使得AC能够在不同的轮次同步各个AP的PN,提高了同步各个AP的PN的准确性。
基于第一方面,一种可选的实现方式中,所述第二消息携带第二时间戳,所述AC向第二AP发送第二PN之前,所述方法还包括:所述AC确定所述第一时间戳与所述第二时间戳相同。本实现方式,在第二消息携带的第二时间戳的情况下,AC能够确定第二消息所携带的第二时间戳具体用于同步PN的轮次,提高了同步各个AP的PN的准确性。
基于第一方面,一种可选的实现方式中,所述AC向第二AP发送第二PN之前,所述方法还包括:所述AC确定所述多个AP处于第二同步成功态,所述第二同步成功态是指,所述多个PN中包括来自所述多个AP中的每个AP的PN,且所述多个AP中,来自不同的所述AP的所述第二时间戳均相同。本实现方式,AC基于组网所包括的多个AP处于第二同步成功态的状态确定第二PN,提高了同步各个AP的PN的准确性,以降低AP向STA发送的广播数据帧或组播数据帧丢失的数量。
基于第一方面,一种可选的实现方式中,所述接入控制器AC接收来自第一接入节点AP的第一包数量PN包括:所述AC接收来自所述第一AP的第三消息,所述第三消息携带第三消息类型字段,所述第一PN以及用于标识所述第一AP的标识,所述第三消息类型字段用于指示所述第三消息携带所述第一PN。本实现方式,由AP通过第三消息触发AC同步组网所包括的各个AP的PN,有效的降低了同步组网所包括的各个AP的PN的过程中,AC和AP之间的交互的信令,提高了同步组网所包括的各个AP的PN的效率。
基于第一方面,一种可选的实现方式中,所述AC向第二AP发送第二PN之前,所述方法还包括:所述AC确定所述多个AP处于第三同步成功态,所述第三同步成功态是指,所述AC在一个同步周期内接收所述多个PN,且所述多个PN中包括来自所述多个AP中的每个AP的PN。本实现方式,AC基于组网所包括的多个AP处于第三同步成功态的状态确定第二PN,提高了同步各个AP的PN的准确性,以降低AP向STA发送的广播数据帧或组播数据帧丢失的数量。
基于第一方面,一种可选的实现方式中,所述AC向第二AP发送第二PN包括:所述AC向所述第二AP发送第四消息,所述第四消息携带第四消息类型字段以及所述第二PN,所述第四消息类型字段用于指示所述第四消息携带所述第二PN。本实现方式,AC通过该第四消息向第二AP指示该第二PN,提高了AP获取该第二PN的成功率。
基于第一方面,一种可选的实现方式中,所述AC向第二AP发送第二PN包括:所述AC确定目标差值小于或等于阈值,所述AC向所述第二AP发送所述第二PN,其中,所述目标差值为所述最大值和所述多个PN中最小值之间的差值。本实现方式中,AC在确定目标差值小于或等于阈值的情况下,才触发对组网所包括的各个AP的PN的同步,避免了AC反复同步PN所带来的通信资源的浪费。
基于第一方面,一种可选的实现方式中,所述多个AP中,任意不同的两个所述AP的基本服务集标识BSSID相同。本实现方式中,组网为同BSSID组网,使得STA由组网所包括的一个AP漫游切换至另一AP时,STA不会感知到AP的切换。第二AP能够继续使用第二PN与STA通信,降低了STA与漫游切换后的AP之间广播数据帧或组播数据帧丢失的数量,提高通信效率。
本发明实施例第二方面提供了一种包数量的同步方法,所述方法包括:接入节点AP向接入控制器AC发送第一包数量PN,所述AP为所述AC已关联的多个AP中的任一个,所述第一PN用于指示所述AP已发送的组播数据帧或广播数据帧的数量;所述AP接收来自所述AC的第二PN;所述AP根据所述第二PN确定目标PN,所述目标PN为所述AP待发送的组播数据帧或广播数据帧所使用的PN。本方面有益效果的说明,请参见第一方面所示,具体不做赘述。本方面有益效果的说明,请参见第一方面所示,具体不做赘述。
基于第二方面,一种可选的实现方式中,所述接入节点AP向接入控制器AC发送第一包数量PN之前,所述方法还包括:所述AP接收来自所述AC的第一消息,所述第一消息携带第一消息类型字段,所述第一消息类型字段用于请求所述第一PN;所述接入节点AP向接入控 制器AC发送第一包数量PN包括:所述AP根据所述第一消息向所述AC发送第二消息,所述第二消息携带第二消息类型字段和所述第一PN,所述第二消息类型字段用于指示所述第二消息携带所述第一PN。
基于第二方面,一种可选的实现方式中,所述第一消息还携带第一轮次值,所述第一轮次值用于指示所述AC发送所述第一消息的轮次,所述AP根据所述第一消息向所述AC发送第二消息包括:所述AP向所述AC发送携带第二轮次值的所述第二消息,所述第一轮次值与所述第二轮次值相同。
基于第二方面,一种可选的实现方式中,所述第一消息还携带第一时间戳,所述第一时间戳用于指示所述AC发送所述第一消息的时间,所述AP根据所述第一消息向所述AC发送第二消息包括:所述AP向所述AC发送携带第二时间戳的所述第二消息,所述第二时间戳与所述第一时间戳相同。
基于第二方面,一种可选的实现方式中,所述接入节点AP向接入控制器AC发送第一包数量PN包括:所述AP向所述AC发送第三消息,所述第三消息携带第三消息类型字段,所述第一PN以及用于标识所述AP的标识,所述第三消息类型字段用于指示所述第三消息携带所述第一PN。
基于第二方面,一种可选的实现方式中,所述AP根据所述第二PN确定目标PN包括:在所述AP发送组播数据帧或广播数据帧的数量越多,所述第一PN的取值越大的情况下,若所述AP确定所述第二PN小于或等于所述AP的最新PN,则所述AP确定所述目标PN为所述最新PN,所述最新PN为所述AP当前所存储的PN;若所述AP确定所述第二PN大于所述最新PN,则所述AP确定所述目标PN为所述第二PN。
基于第二方面,一种可选的实现方式中,所述AP根据所述第二PN确定目标PN包括:在所述第一AP发送组播数据帧或广播数据帧的数量越多,所述第一PN的取值越小的情况下,若所述AP确定所述第二PN大于最新PN,则所述AP确定所述目标PN为所述最新PN,所述最新PN为所述AP当前所存储的PN;若所述AP确定所述第二PN小于所述最新PN,则所述AP确定所述目标PN为所述第二PN。
本发明实施例第三方面提供了一种接入控制器,所述接入控制器包括处理器,存储器和收发器;所述处理器分别与所述存储器和所述收发器连接;所述收发器用于接收来自第一接入节点AP的第一包数量PN,所述第一AP为所述AC已关联的多个AP中的任一个,所述第一PN用于指示所述第一AP已发送的组播数据帧或广播数据帧的数量;所述处理器用于获取第二PN,所述第二PN为所述多个AP对应的多个PN中的一个,所述多个PN中的每个PN来自所述多个AP中的一个AP;所述收发器还用于向第二AP发送第二PN,所述第二AP为所述多个AP中的一个AP。本方面有益效果的说明,请参见第一方面所示,具体不做赘述。
本发明实施例第四方面提供了一种接入节点,所述接入节点包括处理器,存储器和收发器;所述处理器分别与所述存储器和所述收发器连接;所述收发器用于向接入控制器AC发送第一包数量PN,所述AP为所述AC已关联的多个AP中的任一个,所述第一PN用于指示所述AP已发送的组播数据帧或广播数据帧的数量;所述收发器还用于接收来自所述AC的第二PN;所述处理器用于根据所述第二PN确定目标PN,所述目标PN为所述AP待发送的组播数据帧或广播数据帧所使用的PN。本方面有益效果的说明,请参见第一方面所示,具体不做赘述。
本发明实施例第五方面提供了一种无线网络,所述无线网络包括接入控制器AC,与所述AC关联的多个接入节点AP以及与每个所述AP关联的至少一个终端设备STA;第一AP用于向所述AC发送第一包数量PN,所述第一AP为所述多个AP中的任一个,所述第一PN用于指示 所述第一AP已向所述STA发送的组播数据帧或广播数据帧的数量;所述AC用于接收来自所述第一AP的所述第一PN,并用于向第二AP发送第二PN,所述第二PN为所述多个AP对应的多个PN中的一个,所述多个PN中的每个PN来自所述多个AP中的一个AP,所述第二AP为所述多个AP中的一个;所述第二AP用于接收来自所述AC的所述第二PN;所述第二AP还用于根据所述第二PN确定目标PN,所述目标PN为所述第二AP待发送的组播数据帧或广播数据帧所使用的PN。
本发明实施例第六方面提供了一种计算机可读存储介质,所述计算机存储介质存储计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行如上述第一方面至第三方面任一项所述的方法。
附图说明
图1为本申请实施例所提供的一种无线网络的结构示例图;
图2为本申请实施例提供的PN同步方法的第一种步骤流程图;
图3a为本申请实施例提供的第一消息的第一种消息格式示例图;
图3b为本申请实施例提供的第二消息的第一种消息格式示例图;
图3c为本申请实施例提供的第四消息的第一种消息格式示例图;
图4为本申请实施例提供的PN的同步方法的第二种步骤流程图;
图5a为本申请实施例提供的第一消息的第二种消息格式示例图;
图5b为本申请实施例提供的第二消息的第二种消息格式示例图;
图5c为本申请实施例提供的第四消息的第二种消息格式示例图;
图6为本申请实施例提供的PN的同步方法的第三种步骤流程图;
图7为本申请实施例提供的第三消息的一种消息格式示例图;
图8为本申请实施例提供的PN的同步方法的第四种步骤流程图;
图9为本申请实施例提供的通信设备的第一种结构示例图;
图10为本申请实施例提供的通信设备的第二种结构示例图。
具体实施方式
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。
为更好的理解本申请所提供的包数量的同步方法,首先结合图1所示对本申请所提供的无线网络100的结构进行说明,其中,图1为本申请实施例所提供的一种无线网络的结构示例图。
图1所示的无线网络100包括多个接入设备,例如,图1所示的第一接入设备101以及第二接入设备102。本实施例所示的第一接入设备101和第二接入设备102已级联为一个组网110。图1所示以组网110包括两个接入设备为例进行示例性说明,在其他示例中,组网110可包括任意数量的接入设备。以第一接入设备101为例,该第一接入设备101可为无线局域网(wireless local area network,WLAN)中的AP,或者为第五代移动通信技术(5th generation mobile communication technology,5G)网络中的网络设备,例如,该网络设备可为传输点(transmission reception point,TRP),基站,小基站设备等,本申请不做限定。
本实施例通过包括多个接入设备的组网110提高信号的覆盖范围。与该组网110关联有多 个终端设备,每个终端设备与组网110所包括的一个接入设备通信。与该组网110关联的多个终端设备可包括图1所示的终端设备131,终端设备132以及终端设备133,本实施例对与组网110关联的终端设备的数量不做限定。其中,终端设备131和终端设备132与第一接入设备101关联,终端设备133与第二接入设备102关联。以终端设备131为例,该终端设备131可称为STA,接入终端,用户设备,用户单元,用户站,移动站,移动台,远方站,远程终端,移动设备,用户终端,终端,无线通信设备,用户代理或用户装置等,具体在本申请中不做限定。该终端设备131的设备类型可为蜂窝电话,无绳电话,会话启动协议(session initiation protocol,SIP)电话,无线本地环路(wireless local loop,WLL)站,个人数字处理(personal digital assistant,PDA),具有无线通信功能的手持设备,计算设备或连接到无线调制解调器的其它处理设备,车载设备,可穿戴设备以及5G网络中的用户设备等。
本实施例所示的无线网络100还包括接入控制器(access controller,AC)120。该接入控制器120与组网110所包括的每个接入设备关联。具体的,接入控制器120与第一接入设备101关联,接入控制器120与第二接入设备102关联。接入控制器120负责把来自组网110的各个接入设备的数据进行汇聚并接入互联网(internet),并实现对各接入设备的配置管理、无线用户的认证、管理及宽带访问、安全等控制功能。
基于图1所示的无线网络,以下结合图2所示对本申请实施例提供的PN同步方法的执行过程进行说明,其中,图2为本申请实施例提供的PN同步方法的第一种步骤流程图。
步骤201、STA基于接入流程接入第一AP。
该第一AP为与AC已关联的多个AP中的任一个,例如,该第一AP可为图1所示的组网110的第一接入设备101,STA可为图1所示的终端设备131,对第一AP,STA以及AC具体说明请参见图1对应的说明,具体不做赘述。
第一AP和STA基于探测流程,认证流程,关联流程以及密钥交互等接入流程接入目标频段,在第一AP和STA接入目标频段的情况下,该第一AP和STA能够在第一频段上通信。该目标频段为第一AP所支持的一个频段,例如,该目标频段可为2.4千兆赫兹(GHz)频段,又如,该目标频段可为5GHz频段,本实施例对该目标频段不做限定。以下对STA接入第一AP的具体过程进行概述性说明:
基于探测流程,STA向第一AP发送探测请求帧,该探测请求帧携带STA的媒体存取控制位地址(media access control address,MAC)地址。第一AP接收到来自STA的探测请求帧后,向STA返回探测响应帧。其中,该探测响应帧携带第一AP的目标BSSID以及第一AP的MAC地址。其中,目标BSSID与目标频段对应。可选的,第一AP也可在无需接收到探测请求帧的情况下,直接向STA发送信标帧,该信标帧中也携带目标BSSID和第一AP的MAC地址。
STA和第一AP基于认证流程确定对方通过认证后,STA和第一AP之间才能进行关联。例如,STA和第一AP可基于共享密钥认证(shared-key authentication)执行认证流程。
基于关联流程,STA向第一AP发送关联请求帧,该关联请求帧可包括STA自身的各种参数,例如,STA支持的速率,编码方式,服务质量(quality of service,QoS)的能力等。第一AP确定允许STA与第一AP关联,即第一AP允许第一AP和STA之间在目标频段上通信,第一AP向STA发送响应信息以完成关联。
基于该密钥交互流程,第一AP和STA之间协商后续用于目标频段安全通信的密钥。需明确的是,本实施例对接入流程的说明为可选的示例,不做限定,只要基于该接入流程,第一AP能够在该目标频段上与STA进行通信即可。
步骤202、第一AP和STA在目标频段上通信。
基于上述接入流程,STA和第一AP为在目标频段上通信,第一AP和STA分别获取接入信息。第一AP和STA基于该接入信息,在目标频段上通信。
为保证数据安全,第一AP将加密后的数据帧发送至STA,该数据帧可为广播数据帧,具体的,第一AP向所关联的所有STA发送该广播数据帧。该数据帧还可为组播数据帧,第一AP向所关联的一部分STA发送组播数据帧。具体的,第一AP采用计数器模式密码块链消息完整码协议(counter mode with cipher block chaining message authentication code protocol,CCMP)协议对数据进行加密以获取媒体接入控制层协议数据单元(medium access control protocol data unit,MPDU)。该MPDU为第一AP需要向STA发送的广播数据帧或组播数据帧。
第一AP设置一个AP侧防重计数器,该AP侧防重计数器的初始值为0,第一AP每次有待发送的组播或广播MPDU,第一AP将该AP侧防重计数器的取值加1。该第一AP将该MPDU中PN字段的取值设置为AP侧防重计数器的当前计数。STA设置一个STA侧防重计数器,该STA侧防重计数器的初始值为0,STA每成功接收到一个MPDU,STA将该STA侧防重计数器的取值加1。本实施例以AP侧防重计数器和STA侧防重计数器的初始值均为0为例,不做限定,在其他示例中,AP侧防重计数器和STA侧防重计数器的初始值可为任意数值。
示例1,在第一AP第一次需要向STA发送MPDU的情况下,该第一AP设置该AP侧防重计数器的取值=初始值+1=0+1=1,第一AP还将该MPDU中的PN字段的取值设置为AP侧防重计数器的当前取值(即1)。STA接收到该MPDU的情况下,STA确定该MPDU中PN字段的取值为1,而STA侧防重计数器的取值为初始值(即0),那么,STA确定接收到的MPDU中的PN字段的取值(即1)大于STA侧防重计数器的取值(即0),STA确定该MPDU为处于安全状态的MPDU,则STA将STA侧防重计数器的取值设置为MPDU中的PN字段的取值(即1)。
示例2,依次类推,在第一AP第N次需要向STA发送MPDU的情况下,该第一AP设置该AP侧的防重计数器的取值为N,N为取值大于1的任意正整数,第一AP还将第N次发送的MPDU中的PN字段的取值设置为AP侧防重计数器的当前取值(即N)。STA接收到该MPDU的情况下,STA确定该MPDU中的PN字段的取值为N,而STA侧防重计数器的取值为N-1,那么,STA确定接收到的MPDU中的PN字段的取值(即N)大于STA侧防重计数器的取值(即N-1),STA确定该MPDU为处于安全状态的MPDU,该STA将STA侧防重计数器的取值设置为MPDU中的PN字段的取值(即N)。
本实施例所示的处于安全状态的MPDU是指,该MPDU不是用于回放攻击或注入式攻击的
MPDU。以回放攻击为例,回放攻击是指,攻击设备获取STA已成功接收过的MPDU,攻击设备再将这个MPDU重新向STA发送,以达到欺骗STA的目的。攻击设备通过该MPDU窃取STA的信息以及实现破坏第一AP和STA之间认证的正确性等攻击目的。继续参见上述示例所示,若攻击设备获取到STA第N次接收到的该MPDU,该MPDU中的PN字段的取值为N,攻击设备重新将该MPDU发送给STA。STA接收到该MPDU的情况下,STA确定该MPDU中的PN字段的取值为N(因来自攻击设备的PN未经过第一AP对PN字段的处理),而STA侧防重计数器的取值为N,那么,STA确定接收到的MPDU中的PN字段的取值(即N)等于STA侧防重计数器的取值(即N),STA在确定接收到的MPDU的PN字段的取值小于或等于STA侧防重计数器的取值的情况下,STA直接丢弃该MPDU。那么,本示例所示的STA会丢弃来自攻击设备的MPDU。可以理解,第一AP通过向STA发送包括PN的MPDU,保证了第一AP和STA之间的安全通信,以避免STA受到攻击设备的回放攻击或注入式攻击。
若示例1和示例2中,第一AP使用第一密钥加密数据帧以获取MPDU,第一AP可周期性的更换密钥,例如,将第一密钥更新为第二密钥,那么,后续第一AP向STA所发送的MPDU使用第二密钥进行加密以生成,第一AP确定第一密钥更新为第二密钥的情况下,第一AP将AP侧防重计 数器的取值重新取值为初始值。第一AP指示STA第一密钥更新为第二密钥,那么,STA也将AP侧防重计数器的取值重新取值为初始值。后续第一AP基于第二密钥向STA发送MPDU的过程,请参见上述示例1和示例2所示,具体不做赘述。本实施例对第一密钥和第二密钥的类型不做限定,例如,第一密钥和第二密钥可为成对瞬时密钥(pairwise transient key,PTK)或组地址帧加密的组临时密钥(group temporal key,GTK)。
步骤203、AC向第一AP发送第一消息。
该第一消息用于请求第一AP发送第一PN,其中,该第一PN为AP侧防重计数器的当前计数,由步骤202所示可知,AP侧防重计数器的当前计数是指,若第一AP和STA之间一直使用初始协商的密钥,则该AP侧防重计数器的当前计数是指第一AP已广播或组播发送的MPDU的数量。若第一AP和STA之间已出现密钥的更新,则该AP侧防重计数器的当前计数是指以最近一次密钥更新为起始时刻,截止至当前时刻,第一AP已广播或组播发送的MPDU的数量。具体的,AC向所关联的一个组网所包括的每个AP发送该第一消息,以使该组网内所包括的每个AP均向AC发送各自的第一PN。
本实施例所示的第一消息的格式可参见图3a所示,其中,图3a为本申请实施例提供的第一消息的第一种消息格式示例图。该第一消息300包括第一消息类型字段301以及第一轮次值302。该第一消息类型字段301用于请求第一PN,具体的,第一消息类型字段301用于指示解析该第一消息的解析方式,例如,解码方式,解码的比特数等,以使第一AP能够根据该第一消息类型字段301成功的将第一轮次值302从第一消息300中解析出来。第一AP接收到第一消息300的情况下,第一AP根据该第一消息类型字段301的指示,向AC发送该第一PN。该第一消息300所包括的第一轮次值302用于指示AC发送第一消息300的轮次。AC每次向同一组网所包括每个AP发送该第一消息的过程为AC同步PN的一轮,AC在每轮同步PN的过程中,均会接收到同一组网所包括的AP根据第一消息返回的第一PN。可以理解,AC在多次向同一组网所包括的AP发送该第一消息的情况下,AC针对同一AP会在不同轮次接收到不同的第一PN,为提高同步PN的准确性,那么,AC需要针对来自同一AP的多个第一PN中,区分不同的轮次,AC可存储如表1所示的轮次统计表:
表1
例如,AC在第一轮同步PN的过程中,AC向同一组网内的各个AP通过该第一消息发送取值为1的轮次值。AC在第二轮同步PN的过程中,AC向同一组网内的各个AP通过第一消息发送取值为2的轮次值,依次类推,AC在第M论同步PN的过程中,AC向同一组网内的各个AP通过第一消息发送取值为M的轮次值,M为取值为大于1的任意正整数,本实施例对轮次值取值的说明为可选的示例,只要AC在不同论次同步PN的过程中,不同轮次对应的轮次值不同即可。可以理解,通过第一消息所携带的不同轮次值,以区分不同的第一消息所用于统计的轮次。本实施例以随着同步PN轮次的递增,对应的轮次值的取值也依次递增为例,而在其他示例中,也可随着同步PN轮次的递增,对应的轮次值的取值依次递减,轮次值的变化规律以及每轮同步PN的具体取值在本实施例中不做限定,只要不同的轮次值,唯一对应同步PN的不同轮次即可。
本实施例所示的第一消息还可携带用于实现其他功能的字段,例如,该第一消息还可携带用于实现循环冗余校验(cyclic redundancy check,CRC)校验的字段。
本实施例对步骤202和步骤203之间的执行时序不做限定。
步骤204、第一AP根据第一消息,向AC发送第二消息。
本实施例中,第一AP接收到来自AC的第一消息的情况下,向AC发送该第二消息。该第二消息携带第一PN,第二消息的具体格式可参见图3b所示,其中,图3b为本申请实施例提供的第二消息的第一种消息格式示例图。该第二消息310包括第二消息类型字段311,第二轮次值312,第一AP的标识313和第一PN314。
本实施例所示的第二消息类型字段311用于指示第二消息为已携带第一PN的消息,AC根据第二消息类型字段311的指示,能够解析该第二消息以获取该第二消息所携带的各个字段。第二消息类型字段311的说明可参见图3a所示对第一消息类型字段的说明,具体不做赘述。该第二消息310还包括第二轮次值312,第一AP的标识313以及第一PN。具体的,第一AP接收到第一消息后,从该第一消息中解析出第一轮次值,第二AP所生成的第二消息中,第二轮次值等于第一轮次值,例如,若第一AP从第一消息中解析出的第一轮次值为轮次值M,那么,第二消息将该轮次值M设置在第二消息310中。可以理解,第一AP将从第一消息中解析出的轮次值设置在第二消息310中。第一AP的标识313用于标识第一AP,例如,该第一AP的标识313可为第一AP的媒体存取控制位地址(media access control address,MAC)地址。
本实施例中,所述第一AP可以在接收到所述第一消息的情况下,直接向第一AC发送该第二消息,或者,第一AP可以在确定满足上报条件的情况下,向AC发送该第二消息,第一AP在满足上报条件的情况下向AC所发送的第一PN,为第一AP未向AC发送过的且为最新的PN。具体的,该上报条件为第一轮次值大于轮次计数器的当前轮次值。结合表1所示的示例,AC在第一轮同步PN的过程中,因AC向第一AP发送的轮次值1,则第一AP确定轮次计数器的当前轮次值为轮次值1,依次类推,AC在第M轮同步PN的过程中,因AC向第一AP发送的轮次值M,则第一AP确定轮次计数器的当前轮次值为轮次值M。可见,该轮次值计数器所记录的当前轮次值为第一AP已接收到的所有轮次值中的最大值。
可以理解,若第一AP的轮次值计数器的当前计数为轮次值J,而第一AP当前接收到的第一消息所携带的轮次值为轮次值K,若J大于或等于K,则说明AC第K轮同步PN的过程已同步完成(即,第一AP已经向AC发送过用于实现第K轮同步PN的轮次值K),第一AP确定携带该轮次值K的第一消息为重传等异常导致的,第一AP不会向AC返回携带轮次值K的第二消息。若J小于K,则说明AC第K轮同步PN还未同步完成(即,第一AP还未向AC发送过用于实现第K轮同步PN的轮次值K),第一AP向AC返回携带轮次值K的第二消息。
步骤205、AC获取组网对应的第一PN列表。
本实施例中,AC从组网所包括的每个AP接收第一PN,AC从每个AP接收第一PN的过程的说明,请参见步骤203至步骤204所示,具体不做赘述。
该AC针对每轮同步PN的过程,创建对应的第一PN列表。可以理解,AC针对每个轮次值均创建一个第一PN列表,结合表1所示的示例,针对轮次值1创建一个对应的第一PN列表,针对轮次值2创建一个对应的第一PN列表,依次类推,针对轮次值M创建一个对应的第一PN列表。以下以AC针对轮次值M创建如表2所示的第一PN列表的过程进行示例性说明,对AC针对任一轮次值创建第一PN列表的过程请参见下述对表2的说明,具体不做赘述。
表2
表2所示的示例,以AC关联的组网包括四个AP,即AP1,AP2,AP3以及AP4为例,本示例对组网所包括的AP的数量的说明为可选的示例,不做限定。AC接收来自AP1的第二消息,AC根 据第二消息所携带的第二消息类型字段解析该第二消息以获取第二消息的各个字段,具体说明,请参见图3b所示,具体不做赘述。若AC从第二消息中解析出的第二轮次值为轮次值M,那么AC确定来自AP1的第二消息用于第M轮同步PN,AC即可将第二消息所携带的第一PN设置于第一PN列表中,AC还能够将该第二消息所携带的AP1的标识(即AP的MAC地址)设置于第一PN列表中,可见,AC在第M轮同步PN的过程中,针对AP1所创建的第一PN列表,包括轮次值M,AP1的MAC地址以及AP1的第一PN的对应关系,依次类推,AC在第M轮同步PN的过程中,针对AP4所创建的第一PN列表,包括轮次值M,AP4的MAC地址以及AP4的第一PN。
AC若确定与轮次值M对应的第一PN列表满足第一同步成功态,则AC确定与轮次值M对应的第一PN列表创建完成。其中,第一同步成功态是指,AC针对轮次值M创建的第一PN列表包括AC关联的每个AP的PN。具体的,第一同步成功态是指,AC针对轮次值M创建的第一PN列表,包括与AC关联的每个AP的MAC地址。例如,若AC确定组网内包括AP1,AP2,AP3以及AP4,AC在确定针对轮次值M所创建的第一PN列表中,包括AP1的MAC地址,AP2的MAC地址,AP3的地址以及AP4的MAC地址,则确定满足第一同步成功态。可以理解,AC针对轮次值M创建的第一PN列表,包括与AC已关联的每个第一AP的第一PN。可选的,本实施例以与轮次值M对应的第一PN列表满足第一同步成功态为例,在其他示例中,AC在第M轮同步PN的过程中,接收到已关联的部分第一AP的第一PN,AC可以在已接收到的部分第一PN中,确定第二PN,以进行PN同步。例如,与AC关联的AP1,AP2,AP3以及AP4中,AC接收到的来自AP1的第一PN,来自AP2的第一PN以及来自AP3的第一PN,尚未接收到AP4的第一PN,AC可仅根据AP1的第一PN,AP2的第一PN以及AP3的第一PN确定第二PN,以通过该第二PN同步与AC关联的每个AP的PN。
步骤206、AC向第二AP发送第四消息。
本实施例中,AC向第二AP发送第二PN的方式可参见如下几种可选的方式:
方式1
AC向已关联的组网中的每个AP发送第四消息,可以理解,此示例下的第二AP为AC已关联的组网内的每个AP。所述第四消息的具体格式可参见图3c所示,其中,图3c为本申请实施例提供的第四消息的第一种消息格式示例图。该第四消息320包括第四消息类型字段321,第三轮次值322以及第二PN323。所述第四消息类型字段321用于指示第二AP获取该第四消息所携带的第二PN323以及第三轮次值322。
对第四消息所携带的第二PN进行说明:在AC创建成功与轮次值M对应的第一PN列表的情况下,AC确定第二PN为第一PN列表所包括的多个第一PN中的最大值。继续参见表2所示的示例,AC确定该第一PN列表所包括的AP1的第一PN,AP2的第一PN,AP3的第一PN以及AP4的第一PN中的最大值为第二PN。例如,若第一PN列表中的AP4的第一PN在第一PN列表中所包括的第一PN中的最大值,则AC确定AP4的第一PN为第二PN。
该第三轮次值为AC获取该第二PN的轮次,继续参见表2所示的示例,AC在第M轮获取该第二PN,则AC确定第三消息所携带的第三轮次值322为轮次值M。
方式2
AC仅向组网所包括的满足同步PN条件的第二AP发送该第四消息,可以理解,此示例下的第二AP为AC已关联的组网内满足同步PN条件的AP。该第四消息的说明请参见上述方式1所示,具体不做赘述。满足同步PN条件的第二AP是指,在与轮次值M对应的第一PN列表中,第二AP的第三PN小于该第二PN。其中,该第三PN为来自第二AP的第二消息所携带的PN。继续参见表2所示的示例,AC确定第二PN为AP4的第一PN(具体说明请参见上述方式1的示例,具体不做赘述),那么,AC确定AP4所存储的PN已经是轮次值M对应的第一PN列表中多个第一PN中的最大值, 那么,在第M轮同步PN的过程中,AP4所存储的第一PN是不需要同步的,因此,AC确定AP1,AP2以及AP3均为需要同步PN的第二AP,AC根据第一PN列表所包括的AP1的MAC地址向AP1发送第四消息,依次类推,AC根据第一PN列表所包括的AP3的MAC地址向AP3发送该第四消息。
可以理解,本实施例所示的第二AP与第一AP可为同一组网内的同一AP,或,第二AP和第一AP也可同一组网内的不同AP。
步骤207、第二AP根据第四消息确定目标PN。
该目标PN为所述第二AP待发送的数据帧所使用的PN。具体的,在第二AP确定出该目标PN的情况下,第二AP后续向STA广播或组播所发送的MPDU中携带该目标PN,以保证第二AP和STA之间的安全通信。以下对第二AP根据第四消息确定目标PN的几种可选方式进行示例性说明:
方式1
第二AP从来自AC的第四消息中,获取第四消息所携带的第三轮次值以及第二PN。具体的,第二AP根据第四消息的第四消息类型字段解析该第四消息,以获取该第四消息所携带的各字段。第二AP向AC发送的第二消息中携带了第二轮次值,对第二轮次值的说明,请参见步骤204所示,具体不做赘述。
在第二轮次值等于第三轮次值的情况下,第二AP确定该目标PN为所述第二PN。第二轮次值等于第三轮次值相等,说明第二AP已向AC发送过第二AP的PN(具体过程参见步骤204所示,具体不做赘述),因此,第二AP确定目标PN为第二PN的情况下,该目标PN为组网中各个AP对应的PN中的最大值。
方式2
首先,第二AP从来自AC的第四消息中,获取第四消息所携带的第二PN。其次,第二AP获取第二AP自身存储的最新PN,该最新PN为第二AP接收第四消息之前,第二AP所存储的最新PN。即,该最新PN为第二AP的AP侧防重计数器的当前计数,对AP侧防重计数器的具体说明,请参见步骤202的示例1和示例2所示,具体不做赘述。例如,若第二AP已向STA发送M次MPDU,那么,该最新PN为第二AP第M次向STA发送MPDU中所携带的PN。
若第二AP确定来自AC的第二PN小于或等于最新PN,则第二AP确定所述目标PN为所述最新PN。具体的,第M轮同步PN的过程中,第二AP向AC发送轮次值M以及第一PN,说明第二AP已经完成了第M轮同步PN的过程(即第二AP已向AC发送了携带轮次值M的第二消息)。此时的AP侧防重计数器的计数为第一PN。但是,在第二AP尚未接收来自AC的第二PN的情况下,第二AP又继续向STA广播或组播发送新的MPDU,导致第二AP的AP侧防重计数器的计数继续递增,递增的说明请参见上述示例1以及示例2的说明,不做赘述。在第二AP的AP侧防重计数器的计数递增至了最新PN后,第二AP才从AC接收到该第二PN,导致第二PN小于了最新PN,若第二AP使用第二PN向STA广播或组播发送MPDU,则携带该第二PN的MPDU无法被STA成功接收(因STA侧防重计数器大于第二PN),为此,本示例所示的第二AP在确定第二PN小于或等于最新PN的情况下,第二AP不会更新AP侧防重计数器的计数,而是继续使用最新PN向STA发送MPDU。因此,本示例所示的第二AP确定目标PN为最新PN。
若第二AP确定来自AC的第二PN大于最新PN,则第二AP确定所述目标PN为所述第二PN。具体的,第M轮同步PN的过程中,第二AP向AC发送轮次值M以及第一PN,说明第二AP已经完成了第M轮同步PN的过程(即第二AP已向AC发送了携带轮次值M的第二消息)。此时的AP侧防重计数器的计数为第一PN。而后,第二AP接收到了来自AC的第二PN,第二PN为与AC关联的组网内的最大的PN,在第二PN大于最新PN的情况下,说明第二AP的AP侧防重计数器的计数小于组网所包括的另一AP所存储的第二PN,因此,为保证第二AP向STA广播或组播发送的MPDU能够被STA 成功接收,则本示例所示的第二AP确定目标PN为第二PN。
在第二AP获取了目标PN的情况下,第二AP后续向STA发送MPDU的过程中,将该目标PN设置于MPDU中,以实现第二AP和STA之间的安全通信。为更好的理解本实施例所提供的方法的有益效果的说明,首先对已有方案的技术缺陷进行说明:
STA与AP1关联,AP1和STA之间传输MPDU的过程,请参见上述示例1和示例2所示,具体不做赘述。STA若出现漫游切换的情况,即STA由AP1漫游切换至AP2,例如,在AP1和STA之间的目标参数小于AP2和STA之间的目标参数的情况下,STA由AP1漫游切换至AP2,其中,该目标参数可为如下所示的至少一项:
接收信号强度指示(receiving signal strength indicator,RSSI),信道质量,传输速率,参考信号接收功率(reference signal receiving power,RSRP),参考信号接收质量(reference signal receiving quality,RSRQ)或信号与干扰加噪声比(signal to interference plus noise ratio,SINR)。
AP1和AP2位于同一组网内,该组网为同BSSID组网,AP1的BSSID和AP2的BSSID相同。那么,在STA由AP1漫游切换至AP2的情况下,STA与AP2之间无需再次执行探测流程,认证流程,关联流程以及密钥交互等接入流程漫游切换至AP2,STA可以使用和AP1之间通信所使用的安全通信的密钥,继续与AP2进行通信。
但是,AP1的AP侧防重计数器的计数和AP2的AP侧防重计数器的计数存在不相同的情况,例如示例3,AP1的AP侧防重计数器的计数为150,而AP2的AP侧防重计数器的计数为100,STA与AP1通信的过程中,STA的STA侧防重计数器的计数为149。对AP侧防重计数器以及STA侧防重计数器的说明,请参见步骤202的说明,具体不做赘述。那么,在STA漫游切换至AP2的情况下,STA的STA侧防重计数器的计数保持149的计数。
该AP2的AP侧防重计数器的计数为100,那么,AP2广播或组播发送的MPDU所携带的PN的取值为100,而STA的STA侧防重计数器为149。MPDU所包括的PN取值与AP侧防重计数器的关系的说明,请参见上述示例1以及示例2所示,具体不做赘述。在STA侧防重计数器的取值大于或等于MPDU所携带的PN的情况下,STA会丢弃该MPDU以避免STA接收到重传的MPDU,因此,STA会丢弃来自AP2的MPDU。AP2再次广播或组播发送的MPDU携带的PN取值为101,而STA确定STA侧防重计数器的取值还是处于大于或等于MPDU所携带的PN的情况,STA继续丢弃该MPDU,依次类推,直至STA确定STA侧防重计数器的取值处于小于MPDU所携带的PN的情况,STA才会成功接收漫游切换后的AP2的MPDU,可以理解,在本示例中,STA需要丢弃50个MPDU,才会使得STA成功接收来自漫游切换后的AP2的MPDU,降低了STA与漫游切换后的AP成功通信的效率,提高了STA与漫游切换后的AP之间的通信开销。
而本实施例所示的方法,AC能够根据来自组网的每个AP的第一PN,并在组网对应的多个第一PN中确定第二PN,该第二PN为组网对应的多个第一PN中的最大值,AC向组网所包括的AP发送该第二PN,以保证组网所包括的各个AP所存储的PN均为第二PN,继续参见上述示例3所示,AP1的AP侧防重计数器的计数为150,AP2的AP侧防重计数器的计数为100,若AC确定组网内各个AP分别对应的AP侧防重计数器的取值最大值为150,则AC向AP发送取值为150的PN,AP2将自身存储的PN的取值由100更改为150,可以理解,在STA由AP1漫游切换至AP2的情况下,来自AP2的MPDU中的PN取值为150,而STA侧防重计数器的取值为149,STA漫游切换至AP2后,能够直接成功的与AP2通信。在STA出现漫游切换的情况,能够有效地提高STA与漫游切换后的AP成功通信的效率,而且降低了STA与漫游切换后的AP之间的通信开销,在实现了AP和STA之间安全通信以避免回放攻击或注入式攻击的情况下,有效地降低了数据帧丢失的数量,降低了通信资 源的浪费。
图2所示的实施例中,AC通过轮次值以区分同步PN的不同轮次,而图4所示的本实施例所示的AC通过时间戳以区分同步PN的不同轮次,图4为本申请实施例提供的PN的同步方法的第二种步骤流程图。
步骤401、STA基于接入流程接入第一AP。
步骤402、第一AP和STA在目标频段上通信。
本实施例所示的步骤401-402的执行过程,请参见图2所示的步骤201-202所示,具体不做赘述。
步骤403、AC向第一AP发送携带第一时间戳的第一消息。
该第一消息用于请求第一AP发送第一PN,第一PN的说明,请参见图2的步骤203所示,具体不做赘述。
本实施例所示的第一消息的格式请参见图5a所示,其中,图5a为本申请实施例提供的第一消息的第二种消息格式示例图。该第一消息500包括第一消息类型字段501以及第一时间戳502。第一消息类型字段501的说明,请参见图2的步骤203所示,具体不做赘述。所述第一消息500所包括的第一时间戳502用于指示AC发送第一消息的时间戳。AC每次向同一组网所包括每个AP发送该第一消息为AC同步PN的一轮,AC在每轮同步PN的过程中,均会接收到同一组网所包括的每个AP根据第一消息返回的第一PN。可以理解,AC在多轮次向同一组网所包括的每个AP发送该第一消息的情况下,AC针对同一AP会在不同轮次接收到多个PN,为提高同步PN的准确性,那么,AC需要针对来自同一AP的多个第一PN中,区分来自不同轮次的第一PN,AC可存储如表3所示的轮次统计表:
表3
可见,AC创建的轮次统计表包括同步PN的不同轮次,与对应的第一时间戳的对应关系。例如,AC在第一轮同步PN的过程中,AC向同一组网内的每个AP通过该第一消息发送第一时间戳b1,该第一时间戳b1用于指示AC在第一轮发送第一消息的时间。依次类推,AC在第M论同步PN的过程中,AC向同一组网内的每个AP通过第一消息发送第一时间戳bM,该时间戳bM用于指示AC在第M轮发送第一消息的时间。
步骤404、第一AP向AC发送携带第二时间戳的第二消息。
本实施例中,第一AP接收到来自AC的第一消息的情况下,向AC发送该第二消息,该第二消息携带第一PN,第二消息的具体格式可参见图5b所示,其中,图5b为本申请实施例提供的第二消息的第二种消息格式示例图。该第二消息510包括第二消息类型字段511,第二时间戳512,第一AP的标识513和第一PN514,对第二消息类型字段511,第一AP的标识513和第一PN514的说明,请参见图3b对应的说明,具体不做赘述。
本实施例中,所述第一AP可以在接收到第一消息的情况下,直接向第一AP发送该第二消息,或者,第一AP可以在确定第一消息满足上报条件的情况下,第一AP根据该第一消息向AC发送该第二消息。具体的,该上报条件为第一时间戳晚于第一AP已存储的最新时间戳。结合表3所示的示例,AC在第M-1轮同步PN的过程中,AC向第一AP发送第一时间戳bM-1,第一AP存储该第一时间戳bM-1,该第一时间戳bM-1为第一AP已存储的最新的第一时间戳。在AC第M轮同步PN的过程中,AC向第一AP发送第一时间戳bM,第一AP确定第一时间戳bM晚于第一时间戳bM-1,则确定携带第一时间戳bM的第一消息满足上报条件。那么,第一AP根据携带第一时间 戳bM的第一消息,向AC发送第二消息。
第一AP接收到第一消息后,从该第一消息中解析出第一时间戳,第二AP所生成的第二消息中,第二时间戳等于第一时间戳,例如,若第一AP从第一消息中解析出的时间戳bM,那么,第一AP将该时间戳bM设置在第二消息中,以使该第二消息所携带的时间戳也为时间戳bM。
步骤405、AC获取组网对应的第一PN列表。
本实施例所示的步骤405的执行过程,请参见图2的步骤205所示,具体不做赘述。
步骤406、AC向第二AP发送第四消息。
AC向已关联的组网中的每个AP发送第四消息,所述第四消息的具体格式可参见图5c所示,其中,图5c为本申请实施例提供的第四消息的第二种消息格式示例图。该第四消息520包括第四消息类型字段521,第三时间戳522以及第二PN523。所述第四消息类型字段521以及第二PN523的说明,请参见图3c的说明,具体不做赘述。若第四消息520用于第M轮同步PN,那么,该第三时间戳522为AC在第M轮所获取到的第一时间戳,具体说明请参见表3所示的示例,不做赘述。
可选的,AC可仅向组网所包括的满足同步PN条件的第二AP发送该第四消息,对同步PN条件的说明请参见图2的步骤206所示,具体不做赘述。
步骤407、第二AP根据第四消息确定目标PN。
该目标PN为所述第二AP待发送的数据帧所使用的PN,具体的,在第二AP确定出该目标PN的情况下,第二AP后续向STA广播或组播所发送的MPDU中携带该目标PN,以保证第二AP和STA之间的安全通信。
第二AP从来自AC的第四消息中,获取第四消息所携带的第三时间戳以及第二PN。具体的,第二AP根据第四消息的第四消息类型字段解析该第四消息,以获取该第四消息所携带的各字段。第二AP已向AC发送的第二消息中携带了第二时间戳,对第二时间戳的说明,请参见步骤404所示,具体不做赘述。
在第二时间戳等于第四消息所携带的第三时间戳的情况下,第二AP确定该目标PN为所述第二PN。第二时间戳等于第四消息所携带的第三时间戳说明第二AP已向AC发送过第二AP的PN(具体过程参见步骤404所示,具体不做赘述),因此,第二AP确定目标PN为第二PN的情况下,该目标PN为组网中各个AP对应的PN中的最大值。
方式2
首先,第二AP从来自AC的第四消息中,获取第四消息所携带的第二PN。其次,第二AP根据第二PN和最新PN确定目标PN,具体过程的说明,请参见图2的步骤207所示,具体不做赘述。
可选的,本实施例中,AC获取到第一PN列表的情况下,AC确定第一PN列表满足同步条件的情况下,AC才会向第二AP发送携带第二PN的第四消息。其中,该同步条件为,该第一PN列表所包括的多个PN中的最大值和最小值之间的目标差值大于或等于阈值。继续参见表2所示的示例,若第一PN列表所包括的AP1的第一PN,AP2的第一PN,AP3的第一PN以及AP4的第一PN中,PN的最大值可为AP4的第一PN,PN的最小值可为AP2的第一PN,那么,目标差值等于AP4的第一PN和AP2的第一PN之间的差。在目标差值小于阈值的情况下,说明STA由组网所包括的一个AP漫游切换至另一个AP时,因两个AP对应的AP侧防重计数器计数的差值不大,那么,AC在不向第二AP发送第二PN的情况下,STA即便由组网所包括的一个AP漫游切换至另一个AP,STA与漫游切换后的AP通信的过程中,也不会带来很大的通信开销,例如示例4所示,组网仅包括AP1和AP2,AP1的AP侧防重计数器的计数为150,AP2的AP侧防重计数器的计数为145。那么目标差值为150-145=5。若阈值为10,可知示例4所示的目标差值小于阈值,那么,STA由AP1漫游切 换至AP2的情况下,STA仅丢弃来自AP2的5个MPDU,即可保证STA与AP2后续通信的正常,具体说明请参见图2对应的示例3所示,具体不做赘述。可以理解,在目标差值小于阈值的情况下,AC无需向第二AP发送第四消息以实现组网内的各个AP的PN同步,安全通信不会带来过大的开销损耗,那么,AC无需耗费通信资源同步组网内各个AP的PN。
本实施例所示的方法,在STA出现漫游切换的情况,能够有效地提高STA与漫游切换后的AP成功通信的效率,而且降低了STA与漫游切换后的AP之间的通信开销,在实现了AP和STA之间安全通信以避免回放攻击或注入式攻击的情况下,有效地降低了数据帧丢失的数量,降低了通信资源的浪费。
图2和图4所示的实施例中,由AC基于第一消息触发组网内的各个AP所存储的PN的同步。图6所示的实施例由AP触发组网内的各个AP所存储的PN的同步,图6为本申请实施例提供的PN的同步方法的第三种步骤流程图。
步骤601、STA基于接入流程接入第一AP。
步骤602、第一AP和STA在目标频段上通信。
本实施例所示的步骤601-602的执行过程,请参见图2所示的步骤201-202所示,具体不做赘述。
步骤603、第一AP向AC发送第三消息。
该第三消息用于第一AP向AC主动上报第一PN,该第一PN为AP侧防重计数器的当前计数,该第一PN的说明请参见图2对应的步骤203的说明,具体不做赘述。
本实施例所示的第三消息的格式可参见图7所示,其中,图7为本申请实施例提供的第三消息的一种消息格式示例图。该第三消息700包括第三消息类型字段701,第一PN702以及用于标识第一AP的标识703。第三消息类型字段701用于指示该第三消息用于上报第一PN,对第三消息类型字段701的说明,请参见图2对应的第一消息类型字段的说明,具体不做赘述。对第一PN702以及用于标识第一AP的标识703的说明,请参见图3b所示的第二消息的说明,具体不做赘述。
步骤604、AC获取组网对应的第二PN列表。
本实施例中,AC从组网所包括的每个AP接收第一PN,并创建第二PN列表。若AC确定已关联的多个AP处于第三同步成功态,则AC根据该第二PN列表向第二AP发送第二PN。具体的,AC预先设置同步周期,若AC在一个同步周期内创建该第二PN列表成功,则AC确定已关联的多个AP处于第三同步成功态。本实施例对同步周期的持续时间长度不做限定,例如,该同步周期的持续时间可为10分钟。
例如,AC已关联的组网包括AP1,AP2,AP3以及AP4,若AC在一个同步周期内,成功接收到来自AP1的第一PN,来自AP2的第一PN,来自AP3的第一PN以及来自AP4的第一PN,则AC确定关联的多个AP处于第三同步态。该第二PN列表所包括的对应关系的说明,请参见如表2所示的第一PN列表的说明,具体不做赘述。
步骤605、AC向第二AP发送第四消息。
步骤606、第二AP根据第四消息确定目标PN。
本实施例所示的步骤605-606的执行过程的说明,请参见图2对应的步骤206至207所示,具体不做赘述。
采用本实施例所示的方法,由第一AP主动向AC上报第一PN,由AC根据第一AP主动上报的第一PN,从而同步组网所包括的各个AP的PN,在实现了AC同步组网所包括的各个AP的PN的情况下,还能够降低AC和AP之间所交互的信令的数量,降低了通信资源的利用效率。
在图2所示的实施例中,第一AP发送组播数据帧或广播数据帧的数量越多,第一AP的AP侧防重计数器的计数越大为例,而图8所示的实施例所示的第一AP发送组播数据帧或广播数据帧的数量越多,第一AP的AP侧防重计数器的计数越小为例,其中,图8为本申请实施例提供的PN的同步方法的第四种步骤流程图。
步骤801、STA基于接入流程接入第一AP。
步骤802、第一AP和STA在目标频段上通信。
本实施例所示的步骤801-802的执行过程的说明,请参见图2对应的步骤201至步骤202所示,具体不做赘述。
本实施例的第一AP也会设置一个AP侧防重计数器,该AP侧防重计数器的初始值为第一AP在一个周期发送MPDU的最大值,例如,该AP侧防重计数器的初始值可为100,第一AP每次有待发送的组播或广播MPDU,第一AP将该AP侧防重计数器的取值减1。该第一AP将该MPDU中PN字段的取值设置为AP侧防重计数器的当前计数(即99)。STA也设置一个STA侧防重计数器,该STA侧防重计数器的初始值和AP侧防重计数器的计数相同,也为100,STA每成功接收到一个MPDU,STA将该STA侧防重计数器的取值减1。本实施例以AP侧防重计数器和STA侧防重计数器的初始值均为100为例,不做限定,在其他示例中,AP侧防重计数器和STA侧防重计数器的初始值可为任意数值。
示例5,在第一AP第一次需要向STA发送MPDU的情况下,该第一AP设置该AP侧防重计数器的取值=初始值-1=100-1=99,第一AP还将该MPDU中的PN字段的取值设置为AP侧防重计数器的当前取值(即99)。STA接收到该MPDU的情况下,STA确定该MPDU中PN字段的取值为99,而STA侧防重计数器的取值为初始值(即100),那么,STA确定接收到的MPDU中的PN字段的取值(即99)小于STA侧防重计数器的取值(即100),STA确定该MPDU为处于安全状态的MPDU,则STA将STA侧防重计数器的取值设置为MPDU中的PN字段的取值(即99),依次类推,具体不做赘述。
本实施例所示的处于安全状态的MPDU是指,该MPDU不是用于回放攻击或注入式攻击的MPDU。以回放攻击为例,继续参见上述示例5所示,若攻击设备获取到STA第一次接收到的该MPDU,该MPDU中的PN字段的取值为99,攻击设备重新将该MPDU发送给STA。STA接收到该MPDU的情况下,STA确定该MPDU中的PN字段的取值为99(因来自攻击设备的PN未经过第一AP对PN字段的处理),而STA侧防重计数器的取值为99,那么,STA确定接收到的MPDU中的PN字段的取值(即99)等于STA侧防重计数器的取值(即99),STA在确定接收到的MPDU的PN字段的取值大于或等于STA侧防重计数器的取值的情况下,STA直接丢弃该MPDU。那么,本示例所示的STA会丢弃来自攻击设备的MPDU。可以理解,第一AP通过向STA发送包括PN的MPDU,保证了第一AP和STA之间的安全通信,以避免STA受到攻击设备的回放攻击或注入式攻击。
步骤803、AC向第一AP发送第一消息。
该第一消息用于请求第一AP发送第一PN,该第一消息的具体说明请参见图2对应的步骤203的说明,具体不做赘述。本实施例以第一消息包括用于指示同步PN的轮次的第一轮次值为例,该第一轮次值的说明,请参见图2对应的说明,具体不做赘述。
步骤804、第一AP根据第一消息,向AC发送第二消息。
步骤805、AC获取组网对应的第一PN列表。
本实施例所示的步骤805的执行过程的说明,请参见图2对应的步骤205所示,具体不做赘述。
步骤806、AC向第二AP发送第四消息。
AC向已关联的组网中的每个AP发送第四消息,对第四消息的格式的说明,请参见图2对应 的步骤206所示,具体不做赘述。
对第四消息所携带的第二PN进行说明:在AC创建成功与轮次值M对应的第一PN列表的情况下,AC确定第二PN为第一PN列表所包括的多个第一PN中的最小值。继续参见表2所示的示例,AC确定该第一PN列表所包括的AP1的第一PN,AP2的第一PN,AP3的第一PN以及AP4的第一PN中的最小值为第二PN。例如,若第一PN列表中的AP1的第一PN在第一PN列表中所包括的第一PN中的最小值,则AC确定AP1的第一PN为第二PN。
可选的,AC可仅向组网所包括的满足同步PN条件的第二AP发送该第四消息,可以理解,此示例下的第二AP为AC已关联的组网内满足同步PN条件的AP。满足同步PN条件的第二AP是指,在与轮次值M对应的第一PN列表中,第二AP的第三PN大于该第二PN。其中,该第三PN为来自第二AP的第二消息所携带的PN。继续参见表2所示的示例,AC确定第二PN为AP1的第一PN,那么,AC确定AP1所存储的PN已经是轮次值M对应的第一PN列表中多个第一PN中的最小值,那么,在第M轮同步PN的过程中,AP1所存储的第一PN是不需要同步的,因此,AC确定AP2,AP3以及AP4均为需要同步PN的第二AP,AC根据第一PN列表所包括的AP2的MAC地址向AP2发送第四消息,依次类推,AC根据第一PN列表所包括的AP4的MAC地址向AP4发送该第四消息。
步骤807、第二AP根据第四消息确定目标PN。
该目标PN为所述第二AP待发送的数据帧所使用的PN。具体的,在第二AP确定出该目标PN的情况下,第二AP后续向STA广播或组播所发送的MPDU中携带该目标PN,以保证第二AP和STA之间的安全通信。以下对第二AP根据第四消息确定目标PN的几种可选方式进行示例性说明:
方式1
第二AP从来自AC的第四消息中,获取第四消息所携带的第三轮次值以及第二PN。具体的,第二AP根据第四消息的第四消息类型字段解析该第四消息,以获取该第四消息所携带的各字段。第二AP向AC发送的第二消息中携带了第二轮次值,对第二轮次值的说明,请参见步骤204所示,具体不做赘述。
在第二轮次值等于第三轮次值的情况下,第二AP确定该目标PN为所述第二PN。第二轮次值等于第三轮次值相等,说明第二AP已向AC发送过第二AP的PN(具体过程参见步骤204所示,具体不做赘述),因此,第二AP确定目标PN为第二PN的情况下,该目标PN为组网中各个AP对应的PN中的最小值。
方式2
首先,第二AP从来自AC的第四消息中,获取第四消息所携带的第二PN。其次,第二AP获取第二AP自身存储的最新PN,该最新PN为第二AP接收第四消息之前,第二AP所存储的最新PN。即,该最新PN为第二AP的AP侧防重计数器的当前计数,对AP侧防重计数器的具体说明,请参见步骤202的示例5所示,具体不做赘述。例如,若第二AP已向STA发送M次MPDU,那么,该最新PN为第二AP第M次向STA发送MPDU中所携带的PN。
若第二AP确定来自AC的第二PN大于或等于最新PN,则第二AP确定所述目标PN为所述最新PN。具体的,第M轮同步PN的过程中,第二AP向AC发送轮次值M以及第一PN,说明第二AP已经完成了第M轮同步PN的过程(即第二AP已向AC发送了携带轮次值M的第二消息)。此时的AP侧防重计数器的计数为第一PN。但是,在第二AP尚未接收来自AC的第二PN的情况下,第二AP又继续向STA广播或组播发送新的MPDU,导致第二AP的AP侧防重计数器的计数继续递减,递减的说明请参见上述示例5的说明,不做赘述。在第二AP的AP侧防重计数器的计数递减至了最新PN后,第二AP才从AC接收到该第二PN,导致第二PN大于最新PN,若第二AP使用第二PN向STA广播或组播发送MPDU,则携带该第二PN的MPDU无法被STA成功接收(因STA侧防重计数器小于第二 PN),为此,本示例所示的第二AP在确定第二PN大于最新PN的情况下,第二AP不会更新AP侧防重计数器的计数,而是继续使用最新PN向STA发送MPDU。因此,本示例所示的第二AP确定目标PN为最新PN。
若第二AP确定来自AC的第二PN小于最新PN,则第二AP确定所述目标PN为所述第二PN。具体的,第M轮同步PN的过程中,第二AP向AC发送轮次值M以及第一PN,说明第二AP已经完成了第M轮同步PN的过程(即第二AP已向AC发送了携带轮次值M的第二消息)。此时的AP侧防重计数器的计数为第一PN。而后,第二AP接收到了来自AC的第二PN,在第二PN小于最新PN的情况下,说明第二AP的AP侧防重计数器的计数大于组网所包括的另一AP所存储的第二PN,因此,为保证第二AP向STA广播或组播发送的MPDU能够被STA成功接收,则本示例所示的第二AP确定目标PN为第二PN。
需明确的是,本实施例中以AC通过轮次值确定同步PN的轮次为例,本实施例所示的AC还可通过时间戳确定同步PN的轮次,以实现组网所包括的各个AP的PN同步,具体过程请参见图4对应的实施例的说明,具体不做赘述。在所述第一AP发送组播数据帧或广播数据帧的数量越多,所述第一PN的取值越小的情况下,也可由第一AP触发AC实现组网所包括的各个AP的PN同步,具体执行过程,请参见图6所示的实现组网所包括的各个AP的PN同步的过程,具体不做赘述。
在第二AP获取了目标PN的情况下,第二AP后续向STA发送MPDU的过程中,将该目标PN设置于MPDU中,以实现第二AP和STA之间的安全通信。在STA由AP1漫游切换至AP2后,能够直接成功的与AP2通信。在STA出现漫游切换的情况,能够有效地提高STA与漫游切换后的AP成功通信的效率,而且降低了STA与漫游切换后的AP之间的通信开销,在实现了AP和STA之间安全通信以避免回放攻击或注入式攻击的情况下,有效地降低了数据帧丢失的数量,降低了通信资源的浪费。
本申请实施例提供了一种通信设备。该通信设备的结构可参见图9所示,其中,图9为本申请实施例提供的通信设备的第一种结构示例图。
本实施例所示的通信设备900包括处理器901,存储器902和收发器903。所述处理器901分别与所述存储器902和所述收发器903连接。处理器901可以包括应用处理器(application processor,AP),调制解调处理器,图形处理器(graphics processingunit,GPU),图像信号处理器(image signal processor,ISP),控制器,视频编解码器,数字信号处理器(digital signal processor,DSP),基带处理器或神经网络处理器(neural-network processing unit,NPU)中的至少一个。收发器903接收电磁波,将电磁波信号调频以及滤波处理,将处理后的信号发送到处理器901。收发器903还可以从处理器901接收待发送的信号,对其进行调频,放大,并转为电磁波辐射出去。存储器902存储程序指令。
若本实施例所示的通信设备900为AP,当所述存储器902存储的程序指令被所述处理器901执行时使得AP执行图2,图4,图6或图8中任一方法实施例由AP执行的过程。若本实施例所示的通信设备900为AC,当所述存储器902存储的程序指令被所述处理器901执行时使得AC执行上述图2,图4,图6或图8中任一方法实施例由AC执行的过程。若本实施例所示的通信设备900为STA,当所述存储器902存储的程序指令被所述处理器901执行时使得STA执行图2,图4,图6或图8中任一方法实施例由STA执行的过程。
本实施例还提供了一种如图10所示的通信设备,图10从功能模块的角度说明该通信设备的结构。其中,图10为本申请实施例提供的通信设备的第二种结构示例图。
本实施例所示的通信设备1000包括收发模块1001以及与收发模块1001连接的处理模块 1002。若本实施例所示的通信设备1000为AC,所述收发模块1001用于执行图2,图4,图6或图8中任一方法实施例中由AC所执行的与收发相关的步骤。所述处理模块1002用于执行图2,图4,图6或图8中任一方法实施例中由AC所执行的与处理相关的步骤。若本实施例所示的通信设备1000为AP,所述收发模块1001用于执行图2,图4,图6或图8中任一方法实施例中由AP所执行的与收发相关的步骤。所述处理模块1002用于执行图2,图4,图6或图8中任一方法实施例中由AP所执行的与处理相关的步骤。若本实施例所示的通信设备1000为STA,所述收发模块1001用于执行图2,图4,图6或图8中任一方法实施例中由STA所执行的与收发相关的步骤。所述处理模块1002用于执行图2,图4,图6或图8中任一方法实施例中由STA所执行的与处理相关的步骤。
本申请实施例还提供了一种计算机可读存储介质,所述计算机存储介质存储计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行图2,图4,图6或图8中任一方法实施例所示的方法。
以上所述,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。

Claims (25)

  1. 一种包数量的同步方法,其特征在于,所述方法包括:
    接入控制器AC接收来自第一接入节点AP的第一包数量PN,所述第一AP为所述AC已关联的多个AP中的任一个,所述第一PN用于指示所述第一AP已发送的组播数据帧或广播数据帧的数量;
    所述AC向第二AP发送第二PN,所述第二PN为所述多个AP对应的多个PN中的一个,所述多个PN中的每个PN来自所述多个AP中的一个AP,所述第二AP为所述多个AP中的一个AP。
  2. 根据权利要求1所述的方法,其特征在于,在所述第一AP发送组播数据帧或广播数据帧的数量越多,所述第一PN的取值越大的情况下,所述第二PN为所述多个PN中的最大值。
  3. 根据权利要求1所述的方法,其特征在于,在所述第一AP发送组播数据帧或广播数据帧的数量越多,所述第一PN的取值越小的情况下,所述第二PN为所述多个PN中的最小值。
  4. 根据权利要求1至3任一项所述的方法,其特征在于,所述接入控制器AC接收来自第一接入节点AP的第一包数量PN之前,所述方法包括:
    所述AC向所述第一AP发送第一消息,所述第一消息携带第一消息类型字段,所述第一消息类型字段用于请求所述第一PN;
    所述AC接收来自所述第一AP的第二消息,所述第二消息携带第二消息类型字段和所述第一PN,所述第二消息类型字段用于指示所述第二消息携带所述第一PN。
  5. 根据权利要求4所述的方法,其特征在于,所述第一消息还携带第一轮次值,所述第一轮次值用于指示所述AC发送所述第一消息的轮次。
  6. 根据权利要求5所述的方法,其特征在于,所述第二消息携带第二轮次值,所述AC向第二AP发送第二PN之前,所述方法还包括:
    所述AC确定所述第一轮次值与所述第二轮次值相同。
  7. 根据权利要求6所述的方法,其特征在于,所述AC向第二AP发送第二PN之前,所述方法还包括:
    所述AC确定所述多个AP处于第一同步成功态,所述第一同步成功态是指,所述多个PN中包括来自所述多个AP中的每个AP的PN,且所述多个AP中,来自不同的所述AP的所述第二轮次值均相同。
  8. 根据权利要求4所述的方法,其特征在于,所述第一消息还携带第一时间戳,所述第一时间戳用于指示所述AC发送所述第一消息的时间。
  9. 根据权利要求8所述的方法,其特征在于,所述第二消息携带第二时间戳,所述AC向第二AP发送第二PN之前,所述方法还包括:
    所述AC确定所述第一时间戳与所述第二时间戳相同。
  10. 根据权利要求9所述的方法,其特征在于,所述AC向第二AP发送第二PN之前,所述方法还包括:
    所述AC确定所述多个AP处于第二同步成功态,所述第二同步成功态是指,所述多个PN中包括来自所述多个AP中的每个AP的PN,且所述多个AP中,来自不同的所述AP的所述第二时间戳均相同。
  11. 根据权利要求1至3任一项所述的方法,其特征在于,所述接入控制器AC接收来自第一接入节点AP的第一包数量PN包括:
    所述AC接收来自所述第一AP的第三消息,所述第三消息携带第三消息类型字段,所述第一PN以及用于标识所述第一AP的标识,所述第三消息类型字段用于指示所述第三消息携带所述第一PN。
  12. 根据权利要求11所述的方法,其特征在于,所述AC向第二AP发送第二PN之前,所述方法还包括:
    所述AC确定所述多个AP处于第三同步成功态,所述第三同步成功态是指,所述AC在一个同步周期内接收所述多个PN,且所述多个PN中包括来自所述多个AP中的每个AP的PN。
  13. 根据权利要求1至12任一项所述的方法,其特征在于,所述AC向第二AP发送第二PN包括:
    所述AC向所述第二AP发送第四消息,所述第四消息携带第四消息类型字段以及所述第二PN,所述第四消息类型字段用于指示所述第四消息携带所述第二PN。
  14. 根据权利要求1至13任一项所述的方法,其特征在于,所述AC向第二AP发送第二PN包括:
    所述AC确定目标差值小于或等于阈值,所述AC向所述第二AP发送所述第二PN,其中,所述目标差值为所述最大值和所述多个PN中最小值之间的差值。
  15. 根据权利要求1至14任一项所述的方法,其特征在于,所述多个AP中,任意不同的两个所述AP的基本服务集标识BSSID相同。
  16. 一种包数量的同步方法,其特征在于,所述方法包括:
    接入节点AP向接入控制器AC发送第一包数量PN,所述AP为所述AC已关联的多个AP中的任一个,所述第一PN用于指示所述AP已发送的组播数据帧或广播数据帧的数量;
    所述AP接收来自所述AC的第二PN;
    所述AP根据所述第二PN确定目标PN,所述目标PN为所述AP待发送的组播数据帧或广播数据帧所使用的PN。
  17. 根据权利要求16所述的方法,其特征在于,所述接入节点AP向接入控制器AC发送第一包数量PN之前,所述方法还包括:
    所述AP接收来自所述AC的第一消息,所述第一消息携带第一消息类型字段,所述第一消息类型字段用于请求所述第一PN;
    所述接入节点AP向接入控制器AC发送第一包数量PN包括:
    所述AP根据所述第一消息向所述AC发送第二消息,所述第二消息携带第二消息类型字段和所述第一PN,所述第二消息类型字段用于指示所述第二消息携带所述第一PN。
  18. 根据权利要求17所述的方法,其特征在于,所述第一消息还携带第一轮次值,所述第一轮次值用于指示所述AC发送所述第一消息的轮次,所述AP根据所述第一消息向所述AC发送第二消息包括:
    所述AP向所述AC发送携带第二轮次值的所述第二消息,所述第一轮次值与所述第二轮次值相同。
  19. 根据权利要求17所述的方法,其特征在于,所述第一消息还携带第一时间戳,所述第一时间戳用于指示所述AC发送所述第一消息的时间,所述AP根据所述第一消息向所述AC发送第二消息包括:
    所述AP向所述AC发送携带第二时间戳的所述第二消息,所述第二时间戳与所述第一时间戳相同。
  20. 根据权利要求16所述的方法,其特征在于,所述接入节点AP向接入控制器AC发送第一包数量PN包括:
    所述AP向所述AC发送第三消息,所述第三消息携带第三消息类型字段,所述第一PN以及用于标识所述AP的标识,所述第三消息类型字段用于指示所述第三消息携带所述第一PN。
  21. 根据权利要求16至20任一项所述的方法,其特征在于,所述AP根据所述第二PN确定目标PN包括:
    在所述AP发送组播数据帧或广播数据帧的数量越多,所述第一PN的取值越大的情况下,若所述AP确定所述第二PN小于或等于所述AP的最新PN,则所述AP确定所述目标PN为所述最新PN,所述最新PN为所述AP当前所存储的PN;
    若所述AP确定所述第二PN大于所述最新PN,则所述AP确定所述目标PN为所述第二PN。
  22. 根据权利要求16至20任一项所述的方法,其特征在于,所述AP根据所述第二PN确定目标PN包括:
    在所述第一AP发送组播数据帧或广播数据帧的数量越多,所述第一PN的取值越小的情况下,若所述AP确定所述第二PN大于最新PN,则所述AP确定所述目标PN为所述最新PN,所述最新PN为所述AP当前所存储的PN;
    若所述AP确定所述第二PN小于所述最新PN,则所述AP确定所述目标PN为所述第二PN。
  23. 一种接入控制器,其特征在于,所述接入控制器包括处理器,存储器和收发器;所述处理器分别与所述存储器和所述收发器连接;
    所述收发器用于接收来自第一接入节点AP的第一包数量PN,所述第一AP为所述AC已关联的多个AP中的任一个,所述第一PN用于指示所述第一AP已发送的组播数据帧或广播数据帧的数量;
    所述处理器用于获取第二PN,所述第二PN为所述多个AP对应的多个PN中的一个,所述多个PN中的每个PN来自所述多个AP中的一个AP;
    所述收发器还用于向第二AP发送第二PN,所述第二AP为所述多个AP中的一个AP。
  24. 一种接入节点,其特征在于,所述接入节点包括处理器,存储器和收发器;所述处理器分别与所述存储器和所述收发器连接;
    所述收发器用于向接入控制器AC发送第一包数量PN,所述AP为所述AC已关联的多个AP中的任一个,所述第一PN用于指示所述AP已发送的组播数据帧或广播数据帧的数量;
    所述收发器还用于接收来自所述AC的第二PN;
    所述处理器用于根据所述第二PN确定目标PN,所述目标PN为所述AP待发送的组播数据帧或广播数据帧所使用的PN。
  25. 一种无线网络,其特征在于,所述无线网络包括接入控制器AC,与所述AC关联的多个接入节点AP以及与每个所述AP关联的至少一个终端设备STA;
    第一AP用于向所述AC发送第一包数量PN,所述第一AP为所述多个AP中的任一个,所述第一PN用于指示所述第一AP已向所述STA发送的组播数据帧或广播数据帧的数量;
    所述AC用于接收来自所述第一AP的所述第一PN,并用于向第二AP发送第二PN,所述第二PN为所述多个AP对应的多个PN中的一个,所述多个PN中的每个PN来自所述多个AP中的一个AP,所述第二AP为所述多个AP中的一个;
    所述第二AP用于接收来自所述AC的所述第二PN;
    所述第二AP还用于根据所述第二PN确定目标PN,所述目标PN为所述第二AP待发送的组播数据帧或广播数据帧所使用的PN。
PCT/CN2023/103023 2022-07-11 2023-06-28 一种包数量的同步方法,相关设备以及系统 WO2024012198A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210808985.5A CN117425182A (zh) 2022-07-11 2022-07-11 一种包数量的同步方法,相关设备以及系统
CN202210808985.5 2022-07-11

Publications (1)

Publication Number Publication Date
WO2024012198A1 true WO2024012198A1 (zh) 2024-01-18

Family

ID=89521587

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/103023 WO2024012198A1 (zh) 2022-07-11 2023-06-28 一种包数量的同步方法,相关设备以及系统

Country Status (2)

Country Link
CN (1) CN117425182A (zh)
WO (1) WO2024012198A1 (zh)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080024882A (ko) * 2006-09-15 2008-03-19 삼성전자주식회사 광대역 무선 접속 통신 시스템에서 핸드오버 지연 감소를위한 장치 및 방법
CN102318259A (zh) * 2009-02-12 2012-01-11 Lg电子株式会社 用于业务计数密钥管理和密钥计数管理的方法和装置
CN103686890A (zh) * 2012-09-07 2014-03-26 中兴通讯股份有限公司 无线局域网中实现无线终端漫游切换的方法及系统
WO2015100733A1 (zh) * 2014-01-03 2015-07-09 华为技术有限公司 一种用户设备切换方法及基站

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080024882A (ko) * 2006-09-15 2008-03-19 삼성전자주식회사 광대역 무선 접속 통신 시스템에서 핸드오버 지연 감소를위한 장치 및 방법
CN102318259A (zh) * 2009-02-12 2012-01-11 Lg电子株式会社 用于业务计数密钥管理和密钥计数管理的方法和装置
CN103686890A (zh) * 2012-09-07 2014-03-26 中兴通讯股份有限公司 无线局域网中实现无线终端漫游切换的方法及系统
WO2015100733A1 (zh) * 2014-01-03 2015-07-09 华为技术有限公司 一种用户设备切换方法及基站

Also Published As

Publication number Publication date
CN117425182A (zh) 2024-01-19

Similar Documents

Publication Publication Date Title
US11445404B2 (en) Method and apparatus for wireless communication in wireless communication system
CN103348726B (zh) 用于在网络中进行通信的系统和方法
CN109889912B (zh) 早期分组丢失检测和反馈
US20230015036A1 (en) Method and device for controlling beam in wireless communication system
CN114208295A (zh) 用于启用多链路wlan的方法
KR101779436B1 (ko) 무선랜 시스템에서 짧은 mac 헤더를 지원하는 프레임 송수신 방법 및 장치
KR20180093454A (ko) 무선 통신 시스템에서 기지국 종류에 따른 핸드오버 수행 방법 및 장치
JP2022544447A (ja) 非認識応答モード(um)データ無線ベアラ(drb)のためのロスレス送信
US20230089319A1 (en) Address randomization schemes
US20230085657A1 (en) Address randomization schemes for multi-link devices
EP3879780A1 (en) Method and device for identifying security key based on pdcp layer device in next-generation mobile communication system
US20240129795A1 (en) Method and device for identifying security key based on pdcp layer device in next-generation mobile communication system
US20240284287A1 (en) Method and device for handover without suspension of data transmission and reception in next generation mobile communication system
US9462465B2 (en) Apparatus and methods for separated security implementations in wireless communications
WO2024012198A1 (zh) 一种包数量的同步方法,相关设备以及系统
KR20210125854A (ko) 차세대 이동 통신 시스템에서 nr에서 en-dc로 핸드오버 하는 방법 및 장치
Upadhyay et al. Improvement in Performance of the VoIP over WLAN
US20240163673A1 (en) Method and device for applying integrity protection or verification procedure to enhance security in wireless communication system
WO2022027682A1 (zh) 无线通信方法和设备
CN115669067B (zh) 无线通信方法和设备
US20240340638A1 (en) Multi-link device (mld) based relay architecture
WO2023071699A1 (zh) 组播业务的数据传输方法、通信装置及存储介质
WO2024169671A1 (zh) 通信的方法和装置
KR102684280B1 (ko) 차세대 이동 통신 시스템에서 pdcp 계층 장치 기반 보안키 확인 방법 및 장치
WO2024211006A1 (en) Multi-link device (mld) based relay architecture

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23838692

Country of ref document: EP

Kind code of ref document: A1