WO2024088140A1 - 一种数据传输方法及装置 - Google Patents
一种数据传输方法及装置 Download PDFInfo
- Publication number
- WO2024088140A1 WO2024088140A1 PCT/CN2023/125273 CN2023125273W WO2024088140A1 WO 2024088140 A1 WO2024088140 A1 WO 2024088140A1 CN 2023125273 W CN2023125273 W CN 2023125273W WO 2024088140 A1 WO2024088140 A1 WO 2024088140A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- multicast key
- local area
- area network
- wireless local
- devices
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 101
- 230000005540 biological transmission Effects 0.000 title claims abstract description 39
- 230000008569 process Effects 0.000 claims abstract description 30
- 238000004891 communication Methods 0.000 claims description 47
- 238000004590 computer program Methods 0.000 claims description 17
- 238000012545 processing Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 description 38
- 101100161473 Arabidopsis thaliana ABCB25 gene Proteins 0.000 description 28
- 101100096893 Mus musculus Sult2a1 gene Proteins 0.000 description 28
- 101150081243 STA1 gene Proteins 0.000 description 28
- 101100395869 Escherichia coli sta3 gene Proteins 0.000 description 21
- 239000003999 initiator Substances 0.000 description 21
- 238000010586 diagram Methods 0.000 description 19
- OVGWMUWIRHGGJP-WVDJAODQSA-N (z)-7-[(1s,3r,4r,5s)-3-[(e,3r)-3-hydroxyoct-1-enyl]-6-thiabicyclo[3.1.1]heptan-4-yl]hept-5-enoic acid Chemical compound OC(=O)CCC\C=C/C[C@@H]1[C@@H](/C=C/[C@H](O)CCCCC)C[C@@H]2S[C@H]1C2 OVGWMUWIRHGGJP-WVDJAODQSA-N 0.000 description 17
- 101000988961 Escherichia coli Heat-stable enterotoxin A2 Proteins 0.000 description 17
- 230000015654 memory Effects 0.000 description 12
- 230000006855 networking Effects 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 6
- 101100233916 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) KAR5 gene Proteins 0.000 description 5
- 239000000284 extract Substances 0.000 description 5
- 230000003993 interaction Effects 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 101000752249 Homo sapiens Rho guanine nucleotide exchange factor 3 Proteins 0.000 description 4
- 102100021689 Rho guanine nucleotide exchange factor 3 Human genes 0.000 description 4
- 101100012902 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) FIG2 gene Proteins 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 4
- 230000011664 signaling Effects 0.000 description 4
- 101100048435 Caenorhabditis elegans unc-18 gene Proteins 0.000 description 3
- 101001121408 Homo sapiens L-amino-acid oxidase Proteins 0.000 description 3
- 102100026388 L-amino-acid oxidase Human genes 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 101000827703 Homo sapiens Polyphosphoinositide phosphatase Proteins 0.000 description 2
- 102100023591 Polyphosphoinositide phosphatase Human genes 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003190 augmentative effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
- 238000001356 surgical procedure Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
- H04W48/10—Access restriction or access information delivery, e.g. discovery data delivery using broadcasted information
Definitions
- the present application relates to the field of communication technology, and in particular to a data transmission method and device.
- access point (AP) devices such as routers and hotspots serve as central devices
- terminal devices such as mobile phones, network cards, TVs, and smart homes serve as stations (STA).
- STA stations
- multiple STAs can access the AP, and then the multiple STAs access the network through the AP to form a wireless local area network.
- the STA When each of the multiple STAs accesses the AP, the STA, as the initiator of the connection, sends a connection request to the AP. Accordingly, the AP, as the receiver of the connection, generates a group temporary multicast key (GTK) and sends the GTK to the STA. Since the AP generates the GTK and then sends the GTK to each STA, each STA can obtain the same GTK. In this way, when the AP encrypts data using the GTK, all STAs can decrypt the encrypted data based on the pre-acquired GTK.
- GTK group temporary multicast key
- each device can initiate a connection request to another device, and each device can also receive a connection request from another device.
- each device can initiate a connection request to another device, and each device can also receive a connection request from another device.
- how to realize the transmission of multicast data is a technical problem that needs to be solved urgently.
- the present application provides a data transmission method and apparatus for realizing multicast data transmission in a wireless local area network without a central device.
- the present application provides a data transmission method, which is executed by a first device.
- the first device can be an AP in a wireless local area network without a central device, or a STA in a wireless local area network without a central device.
- the data transmission method includes: the first device generates a first multicast key during the process of establishing a wireless local area network connection with a second device in a second wireless local area network, and the first multicast key is used to transmit data between the first device and the second device.
- the second device stores a second multicast key, and the second multicast key is used to transmit data between the second device and other devices in the second wireless local area network.
- the second device sends the second multicast key to the first device, and correspondingly, the first device receives the second multicast key from the second device.
- the first device transmits data to the second device via the second multicast key.
- the first device and the second device are devices of equal status. When the first device is an AP, the second device is also an AP. When the first device is an STA, the second device is also an STA.
- the first multicast key or the second multicast key is a GTK.
- the first device establishes a wireless LAN connection with the second device to access the second wireless LAN. Furthermore, in the process of establishing a wireless LAN connection with the second device, although the first device generates a multicast key for transmitting data between the first device and the second device, since each device in the second wireless LAN has saved the multicast key (i.e., the second multicast key), the first device also obtains the second multicast key from the second device, so that the first device can transmit data with the second device through the second multicast key.
- the multicast key i.e., the second multicast key
- the first device saves the same multicast key as that of each device in the second wireless LAN, so that when any device in the second wireless LAN encrypts data through the second multicast key, the encrypted data can be decrypted by all other devices in the second wireless LAN.
- the first device generates a first multicast key. Specifically, the first device acts as a receiver of a connection request, and the second device acts as an initiator of the connection request. When the second device needs to establish a wireless local area network connection with the first device, the second device sends a connection request to the first device. Accordingly, the first device receives the connection request from the second device and generates the first multicast key in response to the connection request.
- the first device and the second device are devices of equal status.
- the first device as the recipient of the connection request, generates a first multicast key, since each device in the second wireless local area network has stored the second multicast key, when the first device is connected to the second wireless local area network, it can transmit data with each device in the second wireless local area network through the second multicast key.
- the first device further overwrites the first multicast key with the second multicast key, so that the second multicast key is used as a key for transmitting data between the first device and the second device.
- the first device may overwrite the first multicast key with the second multicast key, thereby enabling the first device to transmit data with the second device through the second multicast key.
- the first device when the first device is in the first wireless local area network, the first device further sends an update message to one or more devices in the first wireless local area network other than the first device, wherein the update message indicates that a multicast key used to transmit data in the first wireless local area network is updated to a second multicast key. Accordingly, after receiving the update message, any device in the first wireless local area network other than the first device can obtain the second multicast key from the update message, and then transmit data according to the second multicast key.
- the first device can also be a device that is already in the first wireless local area network.
- the first device establishes a wireless local area network connection with the second device to realize the merger of the first wireless local area network and the second wireless local area network.
- the second multicast key is sent to other devices in the first wireless local area network except the first device. In this way, all devices in the wireless local area network obtained by merging the first wireless local area network and the second wireless local area network can save the second multicast key.
- the wireless local area network obtained by the merger when each device encrypts data using the second multicast key, the encrypted data can be decrypted by all other devices.
- the first wireless local area network also includes one or more third devices, and the one or more third devices are sub-devices of the first device.
- the first wireless local area network includes sub-local area networks without central devices and sub-local area networks with central devices, and this method improves the flexibility of the wireless local area network.
- the first device can not only send the second multicast key to other devices in the sub-local area network without central devices, but also send the second multicast key to sub-devices (i.e., third devices) in the sub-local area network with central devices (i.e., the first device).
- the first device when the first device receives the second multicast key from the second device, specifically, the first device receives the second multicast key from the second device via a short-distance connection; wherein the short-distance connection includes at least one or more of the following: Bluetooth connection, near field communication (NFC) connection, StarFlash connection, wireless local area network connection.
- the short-distance connection includes at least one or more of the following: Bluetooth connection, near field communication (NFC) connection, StarFlash connection, wireless local area network connection.
- the first device when the first device receives the second multicast key from the second device via a wireless local area network connection, specifically, the first device receives the second multicast key via a unicast frame in the wireless local area network connection, where the unicast frame includes one or more of a data frame and a management frame.
- the first device receives the second multicast key from the second device through a unicast frame.
- the unicast frame can be obtained by encrypting the second multicast key with a unicast key (such as a pairwise transient key (PTK)) between the first device and the second device, thereby improving the security of multicast key transmission.
- a unicast key such as a pairwise transient key (PTK)
- the present application provides a data transmission method, including: during a process in which a first device establishes a wireless local area network connection with a second device, the first device receives a second multicast key from the second device, wherein the second device has already stored the second multicast key, and the second multicast key is a multicast key used to transmit data between the second device and other devices in a second wireless local area network to which the second device belongs; the first device transmits data to the second device through the second multicast key.
- the first device serves as a receiver of the connection request
- the second device serves as an initiator of the connection request.
- the second device needs to establish a wireless local area network connection with the first device
- the second device sends a connection request to the first device, and correspondingly, the first device receives the connection request from the second device.
- the second device determines that the second multicast key is stored in the second device, and the second device sends the second multicast key to the first device through message 3, that is, message 3 includes the second multicast key.
- message 3 is specifically message 3 in the process of the second device establishing a wireless local area network connection with the first device based on the Wi-Fi protected access (WPA) protocol.
- WPA Wi-Fi protected access
- the first device first sends a message 1 to the second device, and the message 1 includes the random number of the first device. Accordingly, the second device obtains the random number of the first device from the message 1.
- the second device calculates the PTK, extracts the message integrity check (MIC) value from the PTK, and sends a message 2 to the first device, and the message 2 includes the random number and MIC of the second device.
- the MIC is the first 16 bytes in the PTK. Accordingly, the first device obtains the random number and MIC of the second device from the message 2.
- the first device calculates the PTK and the MIC, and performs an integrity check on the PTK according to the MIC.
- the second device encrypts the second multicast key using the PTK, and sends the encrypted second multicast key and MIC to the first device through the message 3. Accordingly, the first device obtains the encrypted second multicast key and MIC from the message 3, decrypts the second multicast key using the PTK, and stores the PTK and the second multicast key.
- the second device stores the PTK.
- the first device establishes a wireless local area network connection with the second device to access the second wireless local area network. Furthermore, the second device stores the second multicast key, and the first device can directly obtain the second multicast key from the second device, without the need for the first device to generate the first multicast key, thereby reducing unnecessary calculations; and the first device does not need to send the multicast key generated by the first device to the second device, thereby reducing unnecessary signaling interactions.
- the first device acts as the initiator of the connection request
- the second device acts as the receiver of the connection request.
- the first device needs to establish a wireless local area network connection with the second device
- the first device sends a connection request to the second device
- the second device receives the connection request from the first device.
- the second device determines that the second multicast key is stored in the second device, and the second device sends the second multicast key to the first device through message 3, that is, message 3 includes the second multicast key.
- message 3 is specifically message 3 in the process of the second device establishing a wireless local area network connection with the first device based on the WPA protocol.
- the second device first sends message 1 to the first device, and the message 1 includes the random number of the second device. Accordingly, the first device obtains the random number of the second device from message 1.
- the first device calculates the PTK, extracts the MIC from the PTK, and sends message 2 to the second device, and the message 2 includes the random number and MIC of the first device.
- the MIC is the first 16 bytes in the PTK. Accordingly, the second device obtains the random number and MIC of the first device from message 2.
- the second device calculates the PTK and the MIC, and performs an integrity check on the PTK according to the MIC.
- the second device encrypts the second multicast key using the PTK, and sends the encrypted second multicast key and MIC to the first device through message 3. Accordingly, the first device obtains the encrypted second multicast key and MIC from message 3, decrypts the second multicast key using the PTK, and stores the PTK and the second multicast key. The second device stores the PTK.
- the first device establishes a wireless local area network connection with the second device to access the second wireless local area network. Furthermore, the second device stores the second multicast key, and the first device can directly obtain the second multicast key from the second device, without the need for the second device to generate the multicast key, thereby reducing unnecessary calculations; and the second device does not need to send the multicast key generated by the second device to the first device, thereby reducing unnecessary signaling interactions.
- an embodiment of the present application provides a communication device
- the apparatus has the function of implementing the first device in the first aspect or any possible implementation manner of the first aspect, and the apparatus may be the first device or a chip included in the first device;
- the device has the function of implementing the second device in the first aspect or any possible implementation manner of the first aspect, and the device may be the second device or a chip included in the second device;
- the device has the function of implementing the first device in the second aspect or any possible implementation manner of the second aspect, and the device may be the first device or a chip included in the first device;
- the apparatus has the function of implementing the second device in the above-mentioned second aspect or any possible implementation manner of the second aspect.
- the apparatus may be the second device or a chip included in the second device.
- the functions of the above communication device can be implemented by hardware, or by hardware executing corresponding software.
- the hardware or software includes one or more modules or units or means corresponding to the above functions.
- the structure of the device includes a processing module and a transceiver module.
- the processing module is configured to support the device to execute the function corresponding to the first device in the above-mentioned first aspect or any implementation of the first aspect, or execute the function corresponding to the second device in the above-mentioned first aspect or any implementation of the first aspect, or execute the function corresponding to the first device in the above-mentioned second aspect or any implementation of the second aspect, or execute the function corresponding to the second device in the above-mentioned second aspect or any implementation of the second aspect.
- the transceiver module is used to support the communication between the device and other communication devices. For example, when the device is a first device, it can receive a second multicast key from a second device.
- the communication device may also include a storage module, which is coupled to the processing module and stores program instructions and data necessary for the device.
- the processing module may be a processor
- the communication module may be a transceiver
- the storage module may be a memory, which may be integrated with the processor or may be set separately from the processor.
- the structure of the device includes a processor and may also include a memory.
- the processor is coupled to the memory and may be used to execute computer program instructions stored in the memory, so that the device performs the function corresponding to the first device in the first aspect or any implementation of the first aspect, or performs the function corresponding to the second device in the first aspect or any implementation of the first aspect, or performs the function corresponding to the first device in the second aspect or any implementation of the second aspect, or performs the function corresponding to the first device in the second aspect or any implementation of the second aspect.
- the function of the second device in any implementation of the second aspect.
- the apparatus further includes a communication interface, and the processor is coupled to the communication interface.
- the communication interface may be a transceiver or an input/output interface; when the apparatus is a chip included in the first device or a chip included in the second device, the communication interface may be an input/output interface of the chip.
- the transceiver may be a transceiver circuit, and the input/output interface may be an input/output circuit.
- an embodiment of the present application provides a computer-readable storage medium, in which a computer program or instruction is stored.
- the communication device When the computer program or instruction is executed by a communication device, the communication device performs the function corresponding to the first device in the above-mentioned first aspect or any one of the implementations of the first aspect, or performs the function that the second device should perform in the above-mentioned first aspect or any one of the implementations of the first aspect, or performs the function corresponding to the first device in the above-mentioned second aspect or any one of the implementations of the second aspect, or performs the function that the second device should perform in the above-mentioned second aspect or any one of the implementations of the second aspect.
- an embodiment of the present application provides a computer program product, which includes a computer program or instructions.
- the communication device When the computer program or instructions are executed by a communication device, the communication device performs the function corresponding to the first device in the above-mentioned first aspect or any one of the implementations of the first aspect, or performs the function corresponding to the second device in the above-mentioned first aspect or any one of the implementations of the first aspect, or performs the function corresponding to the first device in the above-mentioned second aspect or any one of the implementations of the second aspect, or performs the function corresponding to the second device in the above-mentioned second aspect or any one of the implementations of the second aspect.
- an embodiment of the present application provides a system of a data transmission method, the system comprising the first device in the above-mentioned first aspect or any one of the implementations of the first aspect, and the second device in the above-mentioned first aspect or any one of the implementations of the first aspect; or, the system comprises the first device in the above-mentioned second aspect or any one of the implementations of the second aspect, and the second device in the above-mentioned second aspect or any one of the implementations of the second aspect.
- FIG1 is a schematic diagram of a process of STA accessing an AP based on the WPA protocol
- FIG2(a) is a schematic diagram of networking in a wireless local area network
- FIG2( b) is a schematic diagram of a wireless local area network provided by the present application.
- FIG3( a ) is a schematic diagram of a scenario in which a device provided in the present application is connected to a wireless local area network;
- FIG3( b ) is a schematic diagram of a scenario in which two wireless local area networks are merged provided by the present application;
- FIG4 is a schematic diagram of a flow chart of a first data transmission method provided by the present application.
- FIG5 is a schematic diagram of a flow chart of a second data transmission method provided by the present application.
- FIG6 is a schematic diagram of a flow chart of a third data transmission method provided by the present application.
- FIG7 is a schematic diagram of a flow chart of a fourth data transmission method provided by the present application.
- FIG8 is a schematic diagram of networking in another wireless local area network provided by the present application.
- FIG9 is a flowchart of establishing a wireless LAN connection based on the WPA protocol provided by the present application.
- FIG10 is a flowchart of another method of establishing a wireless LAN connection based on the WPA protocol provided by the present application.
- FIG11 is a schematic diagram of an application scenario of a wireless local area network networking method provided by the present application.
- FIG12 is a schematic diagram of the structure of a data transmission device provided by the present application.
- FIG. 13 is a schematic diagram of the structure of a data transmission device provided in the present application.
- STA also known as a wireless workstation, refers to a device connected to a wireless LAN. These devices can communicate with other devices inside the wireless LAN or with other devices outside the wireless LAN through an access point (AP).
- AP access point
- STA can be an electronic device that supports wireless LAN connection.
- Electronic devices can also be called terminal devices or terminals, including but not limited to mobile phones, tablet computers, laptops, PDAs, mobile internet devices (MID), wearable devices (such as smart watches, smart bracelets, pedometers, etc.), vehicles, vehicle-mounted devices, virtual reality (VR) devices, augmented reality (AR) devices, wireless terminals in industrial control, smart
- the invention can be used for wireless terminals in scenarios such as smart home devices (e.g., refrigerators, televisions, air conditioners, electric meters, etc.), smart robots, workshop equipment, self-driving, remote medical surgery, smart grid, transportation safety, smart city, or smart home, and flying devices (e.g., smart robots, hot air balloons, drones, airplanes).
- the electronic devices of the embodiments of the present application include but are not limited to devices equipped with Or other operating systems.
- Access point also known as access node, wireless access point or hotspot, is a device used to connect STA to a wireless local area network.
- AP can be a centralized unit (CU) or a distributed unit (DU); it can also be a router, a bridge, a wireless gateway, etc. This application does not limit the specific technology and specific device form used by AP.
- Wi-Fi protected access It is a wireless security protocol. Specifically, WPA is a standard-based wireless LAN security enhancement solution that can greatly enhance the data protection and access control level of existing and future wireless LAN systems. WPA helps ensure that STA data is protected and only authorized STAs can access the wireless LAN.
- the AP broadcasts its own data (such as the AP's medium access control (MAC) address and service set identifier (SSID)) in advance, and then the STA can initiate a connection request to the STA based on the data broadcast by the AP, thereby enabling the STA to access the AP based on the process in Figure 1.
- MAC medium access control
- SSID service set identifier
- Step 101 AP sends message 1 to STA, and message 1 includes AP's random number.
- STA receives message 1 from AP and obtains AP's random number from message 1.
- Step 102 STA calculates PTK, where PTK is used for unicast data.
- Step 103 STA extracts MIC from PTK and sends message 2 to AP, which includes the random number and MIC of STA, where MIC is the first 16 bytes of PTK.
- AP receives message 2 from STA and obtains the random number and MIC of STA from message 2.
- step 104 the AP calculates the PTK and the MIC, and performs integrity check on the PTK according to the MIC. Specifically, if the AP determines that the calculated MIC is the same as the MIC in message 2, then the PTK check is successful, and then step 105 is executed; if the AP determines that the calculated MIC is different from the MIC in message 2, then the PTK check fails.
- Step 105 The AP generates a GTK and uses the PTK to encrypt the GTK, wherein the GTK is used to encrypt multicast data and/or broadcast data.
- Step 106 The AP sends a message 3 to the STA, and the message 3 includes the encrypted GTK and MIC.
- the STA receives the message 3 from the AP and obtains the encrypted GTK and MIC from the message 3.
- step 107 the STA uses the PTK generated by itself to decrypt the encrypted GTK in the message 3 to obtain the GTK. Then, the STA performs integrity check on the GTK according to the MIC. Specifically, if the AP determines that the calculated MIC is the same as the MIC in the message 3, it determines that the GTK check is successful, and then executes step 108; if the AP determines that the calculated MIC is different from the MIC in the message 3, it determines that the GTK check fails.
- Step 108 The STA sends an acknowledgement (ACK) to the AP.
- ACK acknowledgement
- Step 109 STA stores PTK and GTK.
- store may also be referred to as "install”.
- Step 110 the AP stores the PTK.
- FIG2(a) it is a schematic diagram of a network in a wireless local area network, including an AP and multiple STAs (FIG2(a) shows STA1 to STA4 as an example, and the present application does not limit the number of STAs).
- Multiple STAs are connected to the AP.
- the AP and multiple STAs constitute a wireless local area network
- the AP is the central device of the wireless local area network.
- each of the multiple STAs is connected to the AP based on the process in FIG1 above, that is, each STA can obtain the same GTK from the AP through the above process (that is, receive message 3 and obtain GTK from message 3). In this way, multiple STAs can obtain the same GTK.
- the AP When the AP sends data in the wireless local area network, the AP can use the GTK to encrypt the original data to obtain encrypted data. Correspondingly, after each of the multiple STAs receives the encrypted data from the AP, it can decrypt the encrypted data according to the GTK to obtain the original data.
- the network can be composed of multiple devices with equal status, such as multiple STAs (excluding APs) or multiple APs. That is, there is no central device in the network.
- Each device can achieve wireless LAN connection with other devices through the process in Figure 1 above.
- the initiator of the connection request hereinafter referred to as the initiator
- the receiver of the connection request hereinafter referred to as the receiver
- the receiver can generate a GTK and send the generated GTK to the initiator, and then the receiver and the initiator establish a wireless LAN connection, and the receiver and the initiator can achieve data transmission through the GTK.
- any device in the network has a wireless LAN connection with one or more other devices.
- FIG. 2(b) it is a networking diagram of a new type of network provided as an example in the present application, wherein the network includes multiple STAs (Figure 2(b) shows STA1 to STA4 as an example, and the present application does not limit the number of STAs), wherein STA1 has wireless LAN connections with STA2 and STA4 respectively; STA2 has wireless LAN connections with STA1, STA3 and STA4 respectively, and so on.
- STA1 and STA2 When STA1 and STA2 establish a wireless LAN connection, assuming that STA1 is the initiator and STA2 is the receiver, the roles of STA1 and STA2 are similar to the STA and AP in Figure 1.
- the interaction between STA1 and STA2 can be seen in the flowchart in Figure 1 above.
- STA2 generates GTK (denoted as GTK12) and sends GTK12 to STA1. In this way, both STA1 and STA2 store GTK12.
- STA1 and STA4 When STA1 and STA4 establish a wireless LAN connection, assuming that STA1 is the initiator and STA4 is the receiver, the roles of STA1 and STA4 are similar to the STA and AP in Figure 1.
- the interaction between STA1 and STA4 can be seen in the flowchart in Figure 1 above.
- STA4 generates GTK (denoted as GTK14) and sends GTK14 to STA1. In this way, both STA1 and STA4 store GTK14.
- the implementation methods of STA2 and STA4 establishing a wireless LAN connection, STA2 and STA3 establishing a wireless LAN connection, and STA3 and STA4 establishing a wireless LAN connection can all refer to the implementation method of STA1 and STA2 establishing a wireless LAN connection, or refer to the implementation method of STA1 and STA4 establishing a wireless LAN connection, which will not be repeated here.
- STA1 Taking STA1 as an example, if STA1 encrypts the original data through GTK12 to obtain encrypted data and broadcasts the encrypted data, then STA2 to STA4 will all receive the encrypted data. Since only STA2 stores the GTK12, only STA2 can decrypt the encrypted data. Similarly, if STA1 encrypts the original data through GTK14 to obtain encrypted data and broadcasts the encrypted data, then STA2 to STA4 will all receive the encrypted data. Since only STA4 stores the GTK14, only STA4 can decrypt the encrypted data.
- each STA in the network does not store a unified GTK, and the encrypted data obtained by any STA using its own stored GTK to encrypt the original data cannot be decrypted by all STAs in the network.
- this problem also exists in networks composed of other devices of equal status (such as multiple APs).
- the present application provides a data transmission method, which is used to implement that all devices in the network store the same multicast key (such as GTK), so that when any device encrypts the original data according to its own multicast key to obtain encrypted data, and then sends (i.e., multicasts or broadcasts) the encrypted data, other devices in the network can decrypt the encrypted data according to their own same multicast key to obtain the original data.
- the same multicast key such as GTK
- the two devices first establish a wireless LAN connection, and the way to establish the connection can be seen in the flowchart shown in Figure 1.
- the two devices can be recorded as device A and device B.
- device A When device A is the initiator, device B generates a multicast key as a receiver and sends the multicast key to device A.
- Device A and device B can use the multicast key to transmit data; when device B is the initiator, device A generates a multicast key as a receiver and sends the multicast key to device B.
- Device A and device B can use the multicast key to transmit data.
- device A and device B have established a wireless LAN connection (i.e., device A and device B have established a wireless LAN)
- a new device such as device C
- the device C can establish a wireless LAN connection with the existing device (such as device A) in the wireless LAN, and obtain a multicast key from device A during the connection establishment process, and device C uses the multicast key as the multicast key for device C to transmit data in the wireless LAN.
- the new devices can establish a wireless LAN connection with the existing devices in the wireless LAN, and obtain a multicast key from the existing devices during the connection establishment process, and the new devices can use the multicast key as the multicast key for transmitting data in the wireless LAN.
- FIG3(a) is a schematic diagram of a scenario in which a device is connected to a wireless local area network provided by the present application.
- the wireless local area network includes device A, device B, and device C.
- device D can communicate with the wireless local area network.
- An existing device in the LAN (such as device A) establishes a wireless LAN connection.
- the present application is not only applicable to the scenario shown in FIG. 3(a) where a single device (i.e., device D) is connected to an existing wireless local area network, but also applicable to the scenario where two existing wireless local area networks are merged. That is, the device newly connected to the wireless local area network is originally an existing device in another wireless local area network.
- wireless LAN 1 includes devices A, B and C
- wireless LAN 2 includes devices D and E.
- device D in wireless LAN 2 can establish a wireless LAN connection with an existing device (such as device A) in wireless LAN 1.
- Scenario 1 A single device is connected to a wireless LAN.
- the single device is referred to as the first device; the device that establishes a wireless LAN connection with the first device and is already in the wireless LAN is referred to as the second device.
- the first device is device D in FIG3(a)
- the second device is device A in FIG3(a).
- the first device Based on whether the first device is a receiver or an initiator, the first device obtains the multicast key from the second device in the wireless local area network in different ways, which are explained below in terms of the two situations.
- the first device Combined with the flow chart of the first data transmission method exemplified in Figure 4, it explains the possible implementation methods of the first device obtaining the multicast key when the first device acts as a receiver and accesses the wireless local area network (that is, the first device is in the process of establishing a wireless local area network connection with the second device in the wireless local area network), and correspondingly, the second device acts as the initiator.
- Step 401 The first device generates a first multicast key, which is used for transmitting data between the first device and the second device. Step 401 is similar to the step of the AP generating a GTK in step 105 above.
- step 400 is also included, in which the second device sends a connection request to the first device, and correspondingly, the first device receives the connection request from the second device. Subsequently, in step 401, the first device generates a multicast key (i.e., a first multicast key) for transmitting data between the first device and the second device in response to the connection request.
- a multicast key i.e., a first multicast key
- Step 402 The second device sends a second multicast key to the first device.
- the first device receives the second multicast key from the second device.
- the second multicast key is used for the second device to transmit data with other devices in the wireless local area network.
- the second device has stored a multicast key (i.e., the second multicast key), which is a unified multicast key stored in all devices in the wireless local area network, and is used for the second device to transmit data with other devices in the wireless local area network.
- the wireless local area network includes device A, device B, and device C, and the second device is device A, then the second multicast key in device A is used for device A to transmit data with devices B and C in the wireless local area network.
- device A encrypts original data A with the second multicast key to obtain encrypted data A, and device A broadcasts encrypted data A in the wireless local area network.
- both device B and device C can receive the encrypted data A, and device B uses the second multicast key to decrypt encrypted data A to obtain original data A.
- device C uses the second multicast key to decrypt encrypted data A to obtain original data A.
- device B encrypts original data B using a second multicast key to obtain encrypted data B, and device B broadcasts encrypted data B in the wireless local area network.
- device A can receive the encrypted data B, and device A uses the second multicast key to decrypt encrypted data B to obtain original data B.
- the second device after sending a connection request to the first device, the second device determines that it has stored the second multicast key, and then sends the second multicast key to the first device.
- the first device after the first device generates the first multicast key, it sends the first multicast key to the second device.
- the second device receives the first multicast key, determines that it has already stored the second multicast key locally, and then sends the second multicast key to the first device.
- the second device discards the first multicast key from the first device.
- the second device can send the second multicast key to the first device through a short-distance connection, and correspondingly, the first device receives the second multicast key from the second device through a short-distance connection.
- the short-distance connection method includes at least one or more of the following: Bluetooth connection, NFC connection, Star Flash connection, and wireless LAN connection.
- Star Flash connection is a method of in-vehicle wireless short-distance communication, which has the characteristics of ultra-low latency, ultra-high reliability, and precise synchronization.
- the first device may specifically receive the second multicast key from the second device via a unicast frame in the wireless local area network connection, wherein the unicast frame may be a data frame or a management frame.
- Step 403 The first device transmits data to the second device using the second multicast key.
- the first device may overwrite the first multicast key with the second multicast key.
- the second multicast key is used as the multicast key for transmitting data between the first device and the second device.
- the transmission of data between the first device and the second device by using the second multicast key may include the following two examples:
- Example 1 when the first device sends data (recorded as the first original data) to the second device: the first device encrypts the first original data through the second multicast key to obtain the first encrypted data, the first device broadcasts the first encrypted data, and accordingly, the second device receives the first encrypted data, and decrypts the first encrypted data according to the second multicast key to obtain the first original data.
- Example 2 when the second device sends data (recorded as second original data) to the first device: the second device encrypts the second original data by the second multicast key to obtain second encrypted data, and the second device broadcasts the second encrypted data.
- the first device receives the second encrypted data and decrypts the second encrypted data according to the second multicast key to obtain the second original data.
- the first device generates a first multicast key for transmitting data between the first device and the second device in step 401
- the first multicast key is overwritten by the second multicast key in step 403, that is, after step 403, the first device and the second device transmit data through the second multicast key.
- the second device receives the first multicast key from the first device and stores the first multicast key
- the first device and the second device can also transmit data through the first multicast key.
- the second multicast key can be replaced with the "first multicast key”.
- the first device may also transmit data with other devices (including the second device) in the wireless local area network except the first device through the second multicast key.
- the wireless local area network includes device A, device B and device C, device D is connected to the wireless local area network as a new device, and device D establishes a wireless local area network connection with device A, that is, device D is the first device, and device A is the second device.
- device D obtains the second multicast key from device A, and device D may transmit data with devices A, device B and device C in the wireless local area network through the second multicast key.
- device D encrypts the first original data according to the second multicast key to obtain the first encrypted data, and broadcasts the first encrypted data in the wireless local area network.
- device A, device B and device C receive the first encrypted data respectively, device A decrypts the first encrypted data according to the second multicast key in device A to obtain the first original data, device B decrypts the first encrypted data according to the second multicast key in device B to obtain the first original data, and device C decrypts the first encrypted data according to the second multicast key in device C to obtain the first original data.
- the first device obtains the multicast key when the first device, as an initiator, accesses the wireless local area network (i.e., the first device is in the process of establishing a wireless local area network connection with the second device in the wireless local area network) is explained.
- the second device acts as a receiver.
- Step 501 The second device sends a second multicast key to the first device.
- the first device receives the second multicast key from the second device.
- the second multicast key is used for the second device to transmit data with other devices in the wireless local area network.
- step 500 is further included, in which the first device sends a connection request to the second device, and correspondingly, the second device receives the connection request from the first device.
- the second device determines that it has stored the second multicast key, and then sends the second multicast key to the first device.
- the second device in response to the connection request, the second device generates a multicast key (referred to as a third multicast key) for transmitting data between the first device and the second device, and sends the third multicast key to the first device. Subsequently, the second device determines that it also stores a second multicast key for transmitting data in the wireless local area network, and then sends the second multicast key to the first device, and instructs the first device to overwrite the third multicast key with the second multicast key. Optionally, the second device also deletes the third multicast key.
- a multicast key referred to as a third multicast key
- Step 502 The first device transmits data to the second device using the second multicast key.
- the specific implementation method can refer to the description in the above step 403.
- Scenario 2 Two wireless LANs are merged.
- the two wireless local area networks to be merged are respectively recorded as the first wireless local area network and the second wireless local area network, and the local area network after the merger is recorded as the third wireless local area network. Further, the first device belongs to the first wireless local area network, and the second device belongs to the second wireless local area network.
- the first wireless local area network is the wireless local area network 2 in FIG. 3( b ), and the first device is the device D in FIG. 3( b ); the second wireless local area network is the wireless local area network 1 in FIG. 3( b ), and the second device is the device A in FIG. 3( b ).
- the networking method of the first wireless local area network can refer to the networking method of the wireless local area network (i.e., the second wireless local area network) in the above scenario 1. It can be understood that before the first device in the first wireless local area network establishes a wireless local area network connection with the second device in the second wireless local area network, all devices in the first wireless local area network store a unified multicast key (recorded as the first multicast key) for transmitting data in the first wireless local area network. four multicast keys).
- the first device When the first device in the first wireless LAN is connected to the second wireless LAN, the first device can receive the second multicast key of the second wireless LAN from the second device, and then send the second multicast key to other devices in the first wireless LAN except the first device, thereby completing the merger of the first wireless LAN and the second wireless LAN. Accordingly, the first device can transmit data in the third wireless LAN through the second multicast key.
- This scenario can also be called the first wireless LAN is connected to the second wireless LAN to obtain the third wireless LAN.
- the first device Based on whether the first device is a receiver or an initiator, the first device obtains the multicast key from the second device in the second wireless local area network in different ways, which are still explained below in terms of these two situations.
- each device in the first wireless local area network obtains a multicast key when the first device in the first wireless local area network acts as a receiver and accesses the second wireless local area network (i.e., the first device is in the process of establishing a wireless local area network connection with the second device). Accordingly, the second device in the second wireless local area network acts as an initiator.
- step 601 the first device generates a first multicast key, and the first multicast key is used for data transmission between the first device and the second device.
- step 600 is also included, in which the second device sends a connection request to the first device, and correspondingly, the first device receives the connection request from the second device. Subsequently, in step 601, the first device generates a multicast key (i.e., the first multicast key) for data transmission between the first device and the second device in response to the connection request.
- a multicast key i.e., the first multicast key
- Step 602 The second device sends a second multicast key to the first device.
- the first device receives the second multicast key from the second device.
- the second multicast key is used for the second device to transmit data with other devices in the second wireless local area network.
- Step 603 The first device sends an update message to one or more devices other than the first device in the first wireless local area network, wherein the update message indicates that the multicast key (ie, the fourth multicast key) used to transmit data in the first wireless local area network is updated to the second multicast key.
- the update message indicates that the multicast key (ie, the fourth multicast key) used to transmit data in the first wireless local area network is updated to the second multicast key.
- the first device after the first device obtains the second multicast key from the second device, it encrypts the second multicast key according to the fourth multicast key, that is, the second multicast key is used as the original data (recorded as original data 1) that the first device needs to transmit in the first wireless local area network, and the first device encrypts the original data 1 according to the fourth multicast key to obtain encrypted data 1. Subsequently, the first device generates an update message carrying the encrypted data 1, and broadcasts the update message in the first wireless local area network. Correspondingly, all other devices in the first wireless local area network except the first device can receive the update message.
- the device obtains the encrypted data 1 from the update information, decrypts the encrypted data 1 according to the fourth multicast key to obtain the original data 1 (that is, the second multicast key), and the device overwrites the currently stored fourth multicast key with the second multicast key.
- the multicast key of each device in the first wireless local area network is also updated from the original fourth multicast key to the second multicast key, and each device in the third local area network composed of the second wireless local area network and the first wireless local area network stores the second multicast key, and each device can transmit data in the third local area network through the second multicast key.
- Step 604 The first device transmits data to the second device using the second multicast key.
- each device in the second wireless local area network obtains a multicast key when the first device in the first wireless local area network acts as an initiator and accesses the second wireless local area network (i.e., the first device is in the process of establishing a wireless local area network connection with the second device), and accordingly, the second device in the second wireless local area network acts as a receiver.
- Step 701 The second device sends a second multicast key to the first device.
- the first device receives the second multicast key from the second device.
- the second multicast key is used for the second device to transmit data with other devices in the second wireless local area network.
- step 700 is also included, in which the first device sends a connection request to the second device, and correspondingly, the second device receives the connection request from the first device.
- step 501 please refer to the description in step 501.
- Step 702 The first device sends an update message to one or more devices other than the first device in the first wireless local area network, wherein the update message indicates that a multicast key used to transmit data in the first wireless local area network is updated to a second multicast key.
- Step 703 The first device transmits data to the second device using the second multicast key.
- the present application does not exclude the scenario in which the second wireless LAN is connected to the first wireless LAN to obtain a third wireless LAN, that is, in the process of the first device and the second device establishing a wireless LAN connection, since the first device also stores the unified multicast key of the first wireless LAN (that is, the fourth multicast key), the first device can also send the fourth multicast key to the second device, and correspondingly, the second device sends the fourth multicast key to other devices in the second wireless LAN except the second device, thereby completing the merger of the second wireless LAN and the first wireless LAN.
- the implementation method of the second device sending the fourth multicast key to other devices in the second wireless local area network except the second device can refer to the implementation method of the first device sending the second multicast key to other devices in the first wireless local area network except the second device.
- the initiator may synchronize the multicast key in the receiver.
- the details are as follows:
- a first device in a first wireless local area network initiates a connection request to a second device in a second wireless local area network
- the first device obtains a second multicast key from the second device, and the first device sends the second multicast key to other devices in the first wireless local area network except the first device, so as to complete the access of the first wireless local area network to the second wireless local area network.
- the second device in the second wireless local area network initiates a connection request to the first device in the first wireless local area network
- the second device obtains the fourth multicast key from the first device, and the second device sends the fourth multicast key to other devices in the second wireless local area network except the second device to complete the access of the second wireless local area network to the first wireless local area network.
- the receiver can also synchronize the multicast key in the initiator.
- the details are as follows:
- a first device in a first wireless local area network initiates a connection request to a second device in a second wireless local area network
- the second device obtains a fourth multicast key from the first device, and the second device sends the fourth multicast key to other devices in the second wireless local area network except the second device, so as to complete the access of the second wireless local area network to the first wireless local area network.
- the first device obtains the second multicast key from the second device, and the first device sends the second multicast key to other devices in the first wireless local area network except the first device to complete the access of the first wireless local area network to the second wireless local area network.
- the second wireless LAN determines whether to access the second wireless LAN from the first wireless LAN or the first wireless LAN from the second wireless LAN based on the number of devices in the first wireless LAN and the number of devices in the second wireless LAN.
- the number of devices in the first wireless LAN is greater than the number of devices in the second wireless LAN, it is determined that the second wireless LAN is accessed to the first wireless LAN; when the number of devices in the second wireless LAN is greater than the number of devices in the first wireless LAN, it is determined that the first wireless LAN is accessed to the second wireless LAN.
- the wireless LAN in the present application may include two types of sub-LANs, namely, a sub-LAN without a central device and a sub-LAN with a central device.
- a sub-LAN without a central device multiple devices have equal status; in a sub-LAN with a central device, there is a central device, and other devices except the central device serve as sub-devices of the central device.
- the central device also serves as a device in a sub-LAN without a central device.
- the networking includes multiple STAs (FIG8 shows STA1 to STA4, and STA1-1 to STA1-3, the present application does not limit the number of STAs), STA1 to STA4 form a sub-LAN without a central device, wherein STA1 has a wireless LAN connection with STA2 and STA4 respectively; STA2 has a wireless LAN connection with STA1, STA3 and STA4 respectively, etc. Further, STA1, STA1-1, STA1-2 and STA1-3 form a sub-LAN with a central device, and STA1-1, STA1-2 and STA1-3 are all connected to STA1 as sub-devices of STA1.
- each device in a sub-LAN without a central device has a unified multicast key.
- each sub-device under the central device can initiate a connection request to access the central device. Further, the central device sends the unified multicast key to the sub-devices under the central device.
- the central device in a sub-LAN with a central device, when each sub-device initiates a connection request to the central device, the central device generates a multicast key (referred to as the fifth multicast key) and sends the generated fifth multicast key to the sub-device. That is, in a sub-LAN with a central device, the central device and each sub-device store the fifth multicast key.
- the sixth multicast key can be encrypted by the fifth multicast key, and then the encrypted sixth multicast key is broadcasted in the sub-local area network without a central device, so that each sub-device decrypts the encrypted sixth multicast key according to the fifth multicast key, and after obtaining the sixth multicast key, the sixth multicast key is used to overwrite the currently stored fifth multicast key. In this way, each device in the entire wireless local area network stores the unified multicast key (i.e., the sixth multicast key).
- the first wireless local area network includes a sub-local area network without a central device and a sub-local area network with a central device.
- the first device is a central device in a sub-local area network with a central device, and one or more third devices are connected to the first device.
- the first device obtains the second multicast key from the second device, it can not only send the second multicast key to the sub-local area network without a central device and other devices except the first device, but also send the second multicast key to the sub-local area network with a central device (that is, one or more third devices under the first device).
- each device in the entire first wireless local area network has a unified multicast key (i.e., the fourth multicast key)
- the first device uses the fourth multicast key to encrypt the original data 1 (i.e., the second key) to obtain encrypted data 1
- all other devices in the first wireless local area network can decrypt the encrypted data 1 to obtain the original data 1 (i.e., the second key).
- all other devices in the first wireless local area network overwrite the fourth multicast key with the second key to complete the access of the first wireless local area network to the second wireless local area network.
- the central device of the sub-local area network with a central device in the first wireless local area network is a device other than the first device
- the above sending method is also applicable.
- the second wireless local area network can also be connected to the first wireless local area network, and the second wireless local area network may also include a sub-local area network without a central device and a sub-local area network with a central device.
- the second device After the second device obtains the fourth multicast key from the first device, it uses a method similar to the above to send the fourth multicast key to other devices in the second wireless local area network except the second device, which will not be repeated.
- the present application provides a specific implementation method of a data transmission method.
- the first device can directly obtain the second multicast key from the second device without first generating the first multicast key, and then obtain the second multicast key from the second device to cover the first multicast key, which helps to reduce unnecessary calculations and signaling transmissions.
- the following is a flowchart of a first device and a second device establishing a wireless local area network connection based on the WPA protocol, which is exemplified in FIG. 9 , wherein the first device and the second device are similar to the AP and the STA in FIG. 1 , respectively.
- Step 900 The second device sends a connection request to the first device.
- Step 901 The first device sends a message 1 to the second device, and the message 1 includes a random number of the first device. Accordingly, the second device receives the message 1 from the first device and obtains the random number of the first device from the message 1.
- Step 902 The second device calculates the PTK.
- Step 903 The second device extracts MIC from PTK and sends message 2 to the first device, where the message 2 includes the random number and MIC of the second device. Accordingly, the first device receives message 2 from the second device and obtains the random number and MIC of the second device from message 2.
- Step 904 The first device calculates the PTK and the MIC, and performs an integrity check on the PTK according to the MIC.
- Step 905 The second device encrypts the second multicast key using the PTK generated by itself.
- Step 906 The second device sends a message 3 to the first device, wherein the message 3 includes the encrypted second multicast key and the MIC. Accordingly, the second device receives the message 3 from the first device and obtains the encrypted second multicast key and the MIC from the message 3.
- Step 907 The first device uses the PTK generated by itself to decrypt the encrypted second multicast key in the message 3 to obtain the second multicast key. Then, the second device performs integrity check on the second multicast key according to the MIC.
- Step 908 The first device sends an ACK to the second device.
- Step 909 The second device stores the PTK.
- Step 910 The first device stores the PTK and the second multicast key.
- Step 911 The first device transmits data to the second device using the second multicast key.
- steps 901 to 910 are the process of establishing a wireless LAN connection between the first device and the second device.
- steps 901 to 910 please refer to the description in the relevant embodiment of Figure 1.
- steps 911 please refer to the description in step 403.
- the present application provides another specific implementation of the data transmission method.
- the first device can directly obtain the second multicast key from the second device without first receiving the third multicast key from the second device and then obtaining the second multicast key from the second device to cover the third multicast key, which helps to reduce unnecessary calculations and signaling transmissions.
- the following is a flowchart of another example of a first device and a second device establishing a wireless local area network connection based on the WPA protocol, shown in conjunction with FIG. 10 , wherein the first device and the second device are similar to the STA and the AP in FIG. 1 , respectively.
- Step 1000 A first device sends a connection request to a second device.
- Step 1001 The second device sends a message 1 to the first device, and the message 1 includes a random number of the second device. Accordingly, the first device receives the message 1 from the second device and obtains the random number of the second device from the message 1.
- Step 1002 The first device calculates the PTK.
- Step 1003 The first device extracts MIC from PTK and sends message 2 to the second device, where the message 2 includes the random number and MIC of the first device. Accordingly, the second device receives message 2 from the first device and obtains the random number and MIC of the first device from message 2.
- Step 1004 The second device calculates the PTK and the MIC, and performs an integrity check on the PTK according to the MIC.
- Step 1005 The second device uses the PTK to encrypt the second multicast key.
- Step 1006 The second device sends a message 3 to the first device, wherein the message 3 includes the encrypted second multicast key and the MIC. Accordingly, the first device receives the message 3 from the second device and obtains the encrypted second multicast key and the MIC from the message 3 .
- Step 1007 The first device uses the PTK generated by itself to decrypt the encrypted second multicast key in the message 3 to obtain the second multicast key. Then, the first device performs integrity check on the second multicast key according to the MIC.
- Step 1008 The first device sends an ACK to the second device.
- Step 1009 The first device stores the PTK and the second multicast key.
- Step 1010 The second device stores the PTK.
- Step 1011 The first device transmits data to the second device using the second multicast key.
- steps 1001 to 1010 are the process of establishing a wireless local area network connection between the first device and the second device.
- steps 1001 to 1010 please refer to the description in the relevant embodiment of Figure 1.
- steps 1011 please refer to the description in step 403.
- FIG11 is an application scenario of a wireless local area network networking method provided by the present application.
- Zhang San is playing games with VR in bedroom A.
- Li Si wants to watch the live broadcast of Zhang San playing games through a mobile phone in bedroom B. Therefore, Li Si can connect the mobile phone in bedroom B with the VR in bedroom A through a wireless local area network, and then watch the live broadcast of Zhang San playing games on the mobile phone.
- Wang Wu wants to watch the live broadcast of Zhang San playing games through a TV in the living room.
- Wang Wu can connect the TV in the living room with the mobile phone in bedroom B through a wireless local area network, and then watch the live broadcast of Zhang San playing games on the TV.
- the TV in the living room, the VR in bedroom A, and the mobile phone in bedroom B all have a unified multicast key.
- the VR in bedroom A encrypts the original live video through the multicast data and sends the encrypted live video in the wireless local area network
- the TV in the living room and the mobile phone in bedroom B can each receive the encrypted live video and decrypt the encrypted live video through the unified multicast key to obtain the original live video.
- the methods and operations implemented by the first device can also be implemented by components (such as chips or circuits) that can be used for the first device
- the methods and operations implemented by the second device can also be implemented by components (such as chips or circuits) that can be used for the second device.
- the methods provided by the embodiments of the present application are introduced from the perspective of interaction between various devices.
- the first device and the second device may include a hardware structure and/or a software module, and the functions are implemented in the form of a hardware structure, a software module, or a hardware structure plus a software module. Whether a function of the above functions is executed in the form of a hardware structure, a software module, or a hardware structure plus a software module depends on the specific application and design constraints of the technical solution.
- each functional module in each embodiment of the present application may be integrated into a processor, or may exist physically separately, or two or more modules may be integrated into one module.
- the above-mentioned integrated modules may be implemented in the form of hardware or in the form of software functional modules.
- FIG. 12 and FIG. 13 are schematic diagrams of the structures of possible devices provided by the present application.
- the communication device can be the device D shown in Figure 3(a), or the device D shown in Figure 3(b), or a module (such as a chip) applied to the device D.
- a module such as a chip
- the communication device can be device A as shown in Figure 3(a), or device A as shown in Figure 3(b), or a module (such as a chip) applied to device A.
- the communication device 1200 includes a processing module 1201 and a transceiver module 1202 .
- the processing module 1201 is used to generate a first multicast key when the device establishes a wireless local area network connection with a second device in a second wireless local area network, and the first multicast key is used to transmit data between the device and the second device; the transceiver module 1202 is used to receive a second multicast key from the second device, and the second multicast key is used to transmit data between the second device and other devices in the second wireless local area network; the transceiver module 1202 transmits data with the second device using the second multicast key.
- the processing module 1201 is further configured to: overwrite the first multicast key with the second multicast key, so as to use the second multicast key as a key for transmitting data between the apparatus and the second device.
- the transceiver module 1202 when the first device is in the first wireless local area network, the transceiver module 1202 is also used to: send an update message to one or more devices other than the device in the first wireless local area network, and the update message indicates: updating the multicast key used to transmit data in the first wireless local area network to a second multicast key.
- the first wireless local area network further includes one or more third devices, and the one or more third devices are sub-devices of the apparatus.
- the transceiver module 1202 when the transceiver module 1202 receives the second multicast key from the second device, it is specifically used to: receive the second multicast key from the second device via a short-distance connection; the short-distance connection includes at least one or more of the following: Bluetooth connection, NFC connection, StarFlash connection, wireless LAN connection.
- the transceiver module 1202 when the transceiver module 1202 receives the second multicast key from the second device via a wireless local area network connection, it is specifically used to: receive the second multicast key via a unicast frame in the wireless local area network connection, where the unicast frame includes one or more of a data frame and a management frame.
- a device 1300 provided in an embodiment of the present application is shown.
- the device shown in FIG13 may be a hardware circuit implementation of the device shown in FIG12.
- the device may be applicable to the flowchart shown above to perform the function of the first device or the function of the second device in the method embodiments related to FIG4 to FIG10.
- FIG13 shows only the main components of the device.
- the device 1300 shown in FIG13 includes a communication interface 1310, a processor 1320 and a memory 1330, wherein the memory 1330 is used to store program instructions and/or data.
- the processor 1320 may operate in coordination with the memory 1330.
- the processor 1320 may execute program instructions stored in the memory 1330. Exemplarily, when the instructions or programs stored in the memory 1330 are executed, the processor 1320 is used to execute the operations performed by the processing module 1201 in the above embodiment, and the communication interface 1310 is used to execute the operations performed by the transceiver module 1202 in the above embodiment.
- the memory 1330 is coupled to the processor 1320.
- the coupling in the embodiment of the present application is an indirect coupling or communication connection between devices, units or modules, which can be electrical, mechanical or other forms, for information exchange between devices, units or modules.
- At least one of the memories 1330 may be included in the processor 1320.
- the communication interface may be a transceiver, a circuit, a bus, a module or other types of communication interfaces.
- the transceiver when the communication interface is a transceiver, the transceiver may include an independent receiver, an independent transmitter, or a transceiver with integrated transceiver functions or a communication interface.
- the device 1300 may further include a communication line 1340.
- the communication interface 1310, the processor 1320, and the memory 1330 may be interconnected via the communication line 1340; the communication line 1340 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus.
- the communication line 1340 may be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, FIG13 is represented by only one thick line, but it does not mean that there is only one bus or one type of bus.
- the embodiment of the present application provides a computer-readable storage medium, wherein the computer-readable storage medium stores A computer program or instruction is stored.
- the communication device executes the function of the first device in the method embodiments related to Figures 4 to 10 above, or executes the function of the second device in the method embodiments related to Figures 4 to 10 above.
- an embodiment of the present application provides a computer program product, which includes a computer program or instructions.
- the communication device When the computer program or instructions are executed by a communication device, the communication device performs the function of the first device in the method embodiments related to Figures 4 to 10 above, or performs the function of the second device in the method embodiments related to Figures 4 to 10 above.
- an embodiment of the present application provides a system of a data transmission method, which includes the first device in the method embodiments related to Figures 4 to 10 above, and the second device in the method embodiments related to Figures 4 to 10 above.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
一种数据传输方法及装置,用于在无中心设备的无线局域网中,实现组播数据的传输。在本申请中,该数据传输方法包括:第一设备在与第二无线局域网中的第二设备建立无线局域网连接的过程中,生成第一组播密钥,第一组播密钥用于第一设备与第二设备传输数据。第二设备中保存有第二组播密钥,该第二组播密钥用于第二设备与第二无线局域网中其他设备传输数据,第二设备向第一设备发送该第二组播密钥,相应的,第一设备从第二设备中接收第二组播密钥。第一设备通过第二组播密钥与第二设备传输数据。
Description
相关申请的交叉引用
本申请要求在2022年10月24日提交中国专利局、申请号为202211302587.2、申请名称为“一种数据传输方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
本申请涉及通信技术领域,尤其涉及一种数据传输方法及装置。
在无线局域网(wireless local area network,WLAN)中,路由器、热点等接入点(access point,AP)设备作为中心设备,手机、网卡、电视、智能家居等终端设备作为站点(station,STA)。具体的,多个STA均可接入至AP中,进而该多个STA通过AP接入至网络,以形成无线局域网。
多个STA中的每个STA在接入至AP中时,该STA作为连接的发起方,向AP发送连接请求,相应的,AP作为连接的接收方,生成组临时组播密钥(group temporal key,GTK),AP将GTK发送至该STA。由于AP生成GTK,进而将GTK分别发送给每个STA,所以每个STA可获取到该相同的GTK。如此,在AP通过GTK加密数据时,所有的STA都可以根据预先获取的该GTK解密该加密数据。
但是随着无线网络技术的发展,无线局域网的组网过程中不再存在有中心设备,比如可以是两个STA组网,或者两个AP组网,即每个设备都可以向另外一个设备发起连接请求,每个设备也可以接收来自另外一个设备的连接请求。在该无中心设备情况下,如何实现组播数据的传输,是目前亟待解决的技术问题。
发明内容
本申请提供一种数据传输方法及装置,用于在无中心设备的无线局域网中,实现组播数据的传输。
第一方面,本申请提供一种数据传输方法,该数据传输方法由第一设备执行,该第一设备可以是无中心设备的无线局域网中AP,还可以是无中心设备的无线局域网中STA。
该数据传输方法包括:第一设备在与第二无线局域网中的第二设备建立无线局域网连接的过程中,生成第一组播密钥,第一组播密钥用于第一设备与第二设备传输数据。第二设备中保存有第二组播密钥,该第二组播密钥用于第二设备与第二无线局域网中其他设备传输数据,第二设备向第一设备发送该第二组播密钥,相应的,第一设备从第二设备中接收第二组播密钥。第一设备通过第二组播密钥与第二设备传输数据。示例性的,第一设备与第二设备是同等地位的设备,当第一设备是AP时,第二设备也是AP,当第一设备是STA时,第二设备也是STA。示例性的,第一组播密钥或第二组播密钥是GTK。
上述技术方案中,第一设备通过与第二设备建立无线局域网连接,以接入至第二无线局域网中,进一步的,第一设备在与第二设备建立无线局域网连接的过程中,虽然生成了用于第一设备和第二设备传输数据的组播密钥,但是由于第二无线局域网中各设备已经保存了组播密钥(即第二组播密钥),所以第一设备还从第二设备中获取第二组播密钥,如此,第一设备可通过第二组播密钥与第二设备传输数据。进一步的,第一设备中保存有与该第二无线局域网中各设备相同的组播密钥,实现第二无线局域网中任一个设备通过第二组播密钥加密数据时,该加密的数据可以被第二无线局域网中的其他的所有设备解密。
在一种可能的实现方式中,第一设备生成第一组播密钥,具体可以是,第一设备作为连接请求的接收方,第二设备作为连接请求的发起方,第二设备在需要建立与第一设备的无线局域网连接时,第二设备向第一设备发送连接请求,相应的,第一设备接收来自第二设备的连接请求,响应于该连接请求生成第一组播密钥。
上述技术方案中,第一设备与第二设备是同等地位的设备,虽然第一设备作为连接请求的接收方,生成了第一组播密钥,但是由于第二无线局域网中的各设备已经存储了第二组播密钥,那么第一设备在接入至第二无线局域网中时,可通过第二组播密钥与第二无线局域网中的各设备传输数据。
在一种可能的实现方式中,第一设备还将第二组播密钥覆盖第一组播密钥,以将第二组播密钥作为第一设备与第二设备传输数据的密钥。
上述技术方案中,第一设备在获取到第二组播密钥之后,可以将第二组播密钥覆盖第一组播密钥,从而实现第一设备通过第二组播密钥与第二设备传输数据。
在一种可能的实现方式中,当第一设备处于第一无线局域网中时,第一设备还向处于第一无线局域网中的、除第一设备以外的一个或多个设备发送更新消息,其中,更新消息指示:将用于在第一无线局域网中传输数据的组播密钥更新为第二组播密钥。相应的,第一无线局域网中的、除第一设备以外的任一个设备在接收到该更新消息之后,可从更新消息中获得第二组播密钥,进而根据第二组播密钥传输数据。
上述技术方案中,第一设备还可以是已经处于第一无线局域网中的设备,第一设备通过与第二设备建立无线局域网连接,以实现第一无线局域与第二无线局域网的合并。进一步的,当第一设备从第二设备中获取第二组播密钥之后,将第二组播密钥发送给第一无线局域网中的、除第一设备以外的其他设备。如此,第一无线局域网与第二无线局域网合并得到的无线局域网中的所有设备都可以保存有该第二组播密钥。在该合并得到的无线局域网中,各设备通过该第二组播密钥加密数据时,该加密的数据能够被其他所有设备解密。
在一种可能的实现方式中,第一无线局域网中还包括一个或多个第三设备,一个或多个第三设备是第一设备的子设备。可以理解,第一无线局域网中包括无中心设备的子局域网,以及有中心设备的子局域网,该方式提高了无线局域网的灵活性。而且,当第一无线局域网与第二无线局域网合并时,第一设备不仅能够将第二组播密钥发送给无中心设备的子局域网中的其他设备,还能够将第二组播密钥发送给有中心设备(即第一设备)的子局域网中的子设备(即第三设备)。
在一种可能的实现方式中,第一设备在从第二设备中接收第二组播密钥时,具体可以是,第一设备通过短距离连接从第二设备中接收第二组播密钥;其中,短距离连接至少包括如下中一项或多项:蓝牙连接、近场通信(near field communication,NFC)连接、星闪连接、无线局域网连接。如上提供第一设备从第二设备中接收第二组播密钥的具体实现方式,其中,该第二组播密钥的传输方式为单播方式,提高组播密钥传输的安全性。
在一种可能的实现方式中,第一设备在通过无线局域网连接从第二设备中接收第二组播密钥时,具体可以是,第一设备通过无线局域网连接中的单播帧接收第二组播密钥,单播帧中包括数据帧、管理帧中一项或多项。
上述技术方案中,第一设备通过单播帧从第二设备中接收第二组播密钥,该单播帧可以是由第一设备与第二设备之间的单播密钥(比如成对传输密钥(pairwise transient key,PTK))对第二组播密钥加密得到,如此,提高组播密钥传输的安全性。
第二方面,本申请提供一种数据传输方法,包括:第一设备在与第二设备建立无线局域网连接的过程中,第一设备接收来自第二设备的第二组播密钥,其中,第二设备中已经存储有第二组播密钥,且第二组播密钥是用于第二设备与第二设备所属的第二无线局域网中的其他设备传输数据的组播密钥;第一设备通过第二组播密钥与第二设备传输数据。
在一种可能的实现方式中,第一设备作为连接请求的接收方,第二设备作为连接请求的发起方,第二设备在需要建立与第一设备的无线局域网连接时,第二设备向第一设备发送连接请求,相应的,第一设备接收来自第二设备的连接请求。随后,第二设备确定第二设备中保存有第二组播密钥,第二设备通过消息3向第一设备发送第二组播密钥,即消息3中包括第二组播密钥。
其中,消息3具体是第二设备基于Wi-Fi网络安全接入(Wi-Fi protected access,WPA)协议与第一设备建立无线局域网连接过程中的消息3。
示例性的,在第二设备基于WPA协议与第一设备建立无线局域网连接过程中,第一设备先向第二设备发送消息1,该消息1中包括第一设备的随机数。相应的,第二设备从消息1中获取第一设备的随机数。第二设备计算PTK,从PTK中提取消息完整性检查(messages integrity check,MIC)值,向第一设备发送消息2,该消息2中包括第二设备的随机数和MIC,示例性的,MIC是PTK中的前16个字节。相应的,第一设备从消息2中获取第二设备的随机数和MIC。第一设备计算PTK和MIC,根据MIC对PTK进行完整性校验。第二设备使用PTK加密第二组播密钥,将加密之后的第二组播密钥和MIC通过消息3发送给第一设备。相应的,第一设备从消息3中获取加密之后的第二组播密钥和MIC,使用PTK解密得到第二组播密钥,存储PTK和第二组播密钥。第二设备存储PTK。
上述技术方案中,第一设备通过与第二设备建立无线局域网连接,以接入至第二无线局域网中。进一步的,第二设备中保存有第二组播密钥,第一设备能够直接从第二设备中获取第二组播密钥,无需第一设备生成第一组播密钥,减少不必要的计算;也无需第一设备向第二设备发送第一设备生成的组播密钥,减少不必要的信令交互。
在另一种可能的实现方式中,第一设备作为连接请求的发起方,第二设备作为连接请求的接收方,第一设备在需要建立与第二设备的无线局域网连接时,第一设备向第二设备发送连接请求,相应的,第二设备接收来自第一设备的连接请求。随后,第二设备确定第二设备中保存有第二组播密钥,第二设备通过消息3向第一设备发送第二组播密钥,即消息3中包括第二组播密钥。
其中,消息3具体是第二设备基于WPA协议与第一设备建立无线局域网连接过程中的消息3。
示例性的,在第二设备基于WPA协议与第一设备建立无线局域网连接过程中,第二设备先向第一设备发送消息1,该消息1中包括第二设备的随机数。相应的,第一设备从消息1中获取第二设备的随机数。第一设备计算PTK,从PTK中提取MIC,向第二设备发送消息2,该消息2中包括第一设备的随机数和MIC,示例性的,MIC是PTK中的前16个字节。相应的,第二设备从消息2中获取第一设备的随机数和MIC。第二设备计算PTK和MIC,根据MIC对PTK进行完整性校验。第二设备使用PTK加密第二组播密钥,将加密之后的第二组播密钥和MIC通过消息3发送给第一设备。相应的,第一设备从消息3中获取加密之后的第二组播密钥和MIC,使用PTK解密得到第二组播密钥,存储PTK和第二组播密钥。第二设备存储PTK。
上述技术方案中,第一设备通过与第二设备建立无线局域网连接,以接入至第二无线局域网中。进一步的,第二设备中保存有第二组播密钥,第一设备能够直接从第二设备中获取第二组播密钥,无需第二设备生成组播密钥,减少不必要的计算;也无需第二设备向第一设备发送第二设备生成的组播密钥,减少不必要的信令交互。
第三方面,本申请实施例提供一种通信装置,
该装置具有实现上述第一方面或第一方面的任一种可能的实现方式中第一设备的功能,该装置可以为第一设备,也可以为第一设备中包括的芯片;
该装置具有实现上述第一方面或第一方面的任一种可能的实现方式中第二设备的功能,该装置可以为第二设备,也可以为第二设备中包括的芯片;
该装置具有实现上述第二方面或第二方面的任一种可能的实现方式中第一设备的功能,该装置可以为第一设备,也可以为第一设备中包括的芯片;
该装置具有实现上述第二方面或第二方面的任一种可能的实现方式中第二设备的功能,该装置可以为第二设备,也可以为第二设备中包括的芯片。
上述通信装置的功能可以通过硬件实现,也可以通过硬件执行相应的软件实现,硬件或软件包括一个或多个与上述功能相对应的模块或单元或手段(means)。
在一种可能的实现方式中,该装置的结构中包括处理模块和收发模块。
其中,处理模块被配置为支持该装置执行上述第一方面或第一方面的任一种实现方式中第一设备相应的功能,或者执行上述第一方面或第一方面的任一种实现方式中第二设备应的功能,或者执行上述第二方面或第二方面的任一种实现方式中第一设备相应的功能,或者执行上述第二方面或第二方面的任一种实现方式中第二设备应的功能。
收发模块用于支持该装置与其他通信设备之间的通信,例如该装置为第一设备时,可接收来自第二设备的第二组播密钥。
该通信装置还可以包括存储模块,存储模块与处理模块耦合,其保存有装置必要的程序指令和数据。作为一种示例,处理模块可以为处理器,通信模块可以为收发器,存储模块可以为存储器,存储器可以和处理器集成在一起,也可以和处理器分离设置。
在另一种可能的实现方式中,该装置的结构中包括处理器,还可以包括存储器。处理器与存储器耦合,可用于执行存储器中存储的计算机程序指令,以使装置执行上述第一方面或第一方面的任一种实现方式中第一设备相应的功能,或者执行上述第一方面或第一方面的任一种实现方式中第二设备应的功能,或者执行上述第二方面或第二方面的任一种实现方式中第一设备相应的功能,或者执行上述第二方面或
第二方面的任一种实现方式中第二设备应的功能。
可选地,该装置还包括通信接口,处理器与通信接口耦合。当装置为第一设备或第二设备时,该通信接口可以是收发器或输入/输出接口;当该装置为第一设备中包含的芯片或第二设备中包含的芯片时,该通信接口可以是芯片的输入/输出接口。可选地,收发器可以为收发电路,输入/输出接口可以是输入/输出电路。
第四方面,本申请实施例提供一种计算机可读存储介质,计算机可读存储介质中存储有计算机程序或指令,当计算机程序或指令被通信装置执行时,通信装置执行上述第一方面或第一方面的任一种实现方式中第一设备相应的功能,或者执行上述第一方面或第一方面的任一种实现方式中第二设备应的功能,或者执行上述第二方面或第二方面的任一种实现方式中第一设备相应的功能,或者执行上述第二方面或第二方面的任一种实现方式中第二设备应的功能。
第五方面,本申请实施例提供一种计算机程序产品,计算机程序产品包括计算机程序或指令,当计算机程序或指令被通信装置执行时,通信装置执行上述第一方面或第一方面的任一种实现方式中第一设备相应的功能,或者执行上述第一方面或第一方面的任一种实现方式中第二设备相应的功能,或者执行上述第二方面或第二方面的任一种实现方式中第一设备相应的功能,或者执行上述第二方面或第二方面的任一种实现方式中第二设备相应的功能。
第六方面,本申请实施例提供一种数据传输方法的系统,该系统中包括上述第一方面或第一方面的任一种实现方式中的第一设备,以及上述第一方面或第一方面的任一种实现方式中的第二设备;或者,该系统中包括上述第二方面或第二方面的任一种实现方式中的第一设备,以及上述第二方面或第二方面的任一种实现方式中的第二设备。
上述第三方面至第六方面中任一方面可以达到的技术效果可以参照上述第一方面或第二方面中有益效果的描述,此处不再重复赘述。
图1为一种STA基于WPA协议接入至AP的流程示意图;
图2(a)为一种无线局域网中的组网示意图;
图2(b)为本申请提供的一种无线局域网中的组网示意图;
图3(a)为本申请提供的一种设备接入至无线局域网中的场景示意图;
图3(b)为本申请提供的两个无线局域网合并的场景示意图;
图4为本申请提供的第一种数据传输方法的流程示意图;
图5为本申请提供的第二种数据传输方法的流程示意图;
图6为本申请提供的第三种数据传输方法的流程示意图;
图7为本申请提供的第四种数据传输方法的流程示意图;
图8为本申请提供的再一种无线局域网中的组网示意图;
图9为本申请提供的一种基于WPA协议建立无线局域网连接的流程图;
图10为本申请提供的再一种基于WPA协议建立无线局域网连接的流程图;
图11为本申请提供的一种无线局域网的组网方式的应用场景示意图;
图12为本申请提供的一种数据传输装置的结构示意图;
图13为本申请提供的一种数据传输装置的结构示意图。
为了便于理解,示例性的给出了与本申请相关术语和技术的说明以供参考。
1、站点(station,STA):也称为无线工作站,指连接至无线局域网中的设备,这些设备可以通过接入点(access point,AP)与无线局域网内部的其它设备或者与无线局域网外部的其他设备通信。
STA可以是支持无线局域网连接的电子设备。电子设备还可以称为终端设备或终端,包括但不限于手机(mobile phone)、平板电脑、笔记本电脑、掌上电脑、移动互联网设备(mobile internet device,MID)、可穿戴设备(例如智能手表、智能手环、计步器等),车辆、车载设备、虚拟现实(virtual reality,VR)设备、增强现实(augmented reality,AR)设备、工业控制(industrial control)中的无线终端、智
能家居设备(例如,冰箱、电视、空调、电表等)、智能机器人、车间设备、无人驾驶(self driving)、远程手术(remote medical surgery)、智能电网(smart grid)、运输安全(transportation safety)、智慧城市(smart city),或智慧家庭(smart home)等场景中的无线终端、飞行设备(例如,智能机器人、热气球、无人机、飞机)等。示例性的,本申请实施例的电子设备包括但不限于搭载
或者其它操作系统。
2、接入点(access point,AP):也称为访问节点、无线接入点或热点等,是用于将STA接入至无线局域网中的设备。例如,AP可以是集中式单元(centralunit,CU),也可以是分布式单元(distributed unit,DU);还也可以是路由器、网桥、无线网关等。本申请对AP所采用的具体技术和具体设备形态不做限定。
3、Wi-Fi网络安全接入(Wi-Fi protected access,WPA):是一种无线安全协议,具体的,WPA是一种基于标准的无线局域网的安全性增强解决方案,可大大增强现有以及未来无线局域网系统中数据保护和访问控制水平。WPA有助于保证STA的数据受到保护,并且只有授权的STA才可以访问无线局域网。
STA基于WPA协议接入至AP的过程,具体可参见图1示例性示出的流程示意图。
预先说明的是,AP预先广播自身数据(比如AP的媒介接入控制(medium access control,MAC)地址和服务集标识(service set identifier,SSID)等),随后,STA可以根据AP广播的数据向STA发起连接请求,进而基于图1中流程实现STA接入至AP中。
步骤101,AP向STA发送消息(message)1,该消息1中包括AP的随机数。相应的,STA接收来自AP的消息1,从消息1中获取AP的随机数。
步骤102,STA计算PTK。其中,PTK用于单播数据。
步骤103,STA从PTK中提取MIC,向AP发送消息2,该消息2中包括STA的随机数和MIC,其中,MIC具体是PTK中的前16个字节。相应的,AP接收来自STA的消息2,从消息2中获取STA的随机数和MIC。
步骤104,AP计算PTK和MIC,根据MIC对PTK进行完整性校验。具体的,AP若确定计算出的MIC和消息2中的MIC相同,则确定对PTK校验成功,进而执行步骤105;AP若确定计算出的MIC和消息2中的MIC不同,则确定对PTK校验失败。
步骤105,AP生成GTK,并使用PTK加密GTK。其中,GTK用于加密组播数据和/或广播数据。
步骤106,AP向STA发送消息3,该消息3中包括加密的GTK和MIC。相应的,STA接收来自AP的消息3,从消息3中获取加密的GTK和MIC。
步骤107,STA使用自己生成的PTK解密该消息3中的加密的GTK,以得到GTK。进而STA根据MIC对GTK进行完整性校验。具体的,AP若确定计算出的MIC和消息3中的MIC相同,则确定对GTK校验成功,进而执行步骤108;AP若确定计算出的MIC和消息3中的MIC不同,则确定对GTK校验失败。
步骤108,STA向AP发送肯定应答(acknowledgement,ACK)。
步骤109,STA存储PTK和GTK。本申请中“存储”还可称为是“安装(install)”。
步骤110,AP存储PTK。
结合上述术语和技术的解释,如下对本申请说明。
如图2(a)为一种无线局域网中的组网示意图,包括一个AP和多个STA(图2(a)示例性示出STA1至STA4,本申请不限定STA的数量),多个STA均接入至AP中,可以理解,AP和多个STA组成无线局域网,AP是该无线局域网的中心设备。进一步的,多个STA中的每个STA均基于上述图1中流程接入至AP,也即每个STA都可以通过上述流程从AP中获取到相同的GTK(即接收消息3,从消息3中获取GTK)。如此,多个STA能够获取到相同的GTK。当AP在无线局域网中发送数据时,AP可以采用GTK加密原始数据,以得到加密数据。相应的,多个STA中的每个STA接收到来自AP的该加密数据之后,可根据GTK对该加密数据解密以得到原始数据。
但随着无线网络技术的发展,一种新型网络的组网方式出现,该网络具体可以是由多个具有同等地位的设备组成,比如由多个STA组成(不包含AP),或者由多个AP组成,也即,该网络中不再存在中心设备。
每个设备都可以与其他设备通过上述图1中流程实现无线局域网连接。具体的,连接请求的发起方(如下简称为发起方)与连接请求的接收方(如下简称为接收方),分别类似于图1中的STA和AP,也即,接收方能够生成GTK,将生成的GTK发送给发起方,随后接收方和发起方建立无线局域网连接,接收方和发起方可通过GTK实现数据传输。进一步的,该网络中的任一个设备与其他的一个或多个设备之间存在无线局域网连接。
如图2(b)为本申请示例性提供的一种新型网络的组网示意图,该网络中包括多个STA(图2(b)示例性示出STA1至STA4,本申请不限定STA的数量),其中,STA1分别与STA2和STA4之间存在无线局域网连接;STA2分别与STA1、SAT3和STA4之间存在无线局域网连接等。
在组网过程中:
STA1与STA2建立无线局域网连接时,假设STA1作为发起方,STA2作为接收方,那么STA1和STA2的角色类似于图1中的STA和AP,STA1与STA2的交互可参见上述图1中的流程图,进一步的,在步骤105和步骤106中,具体是STA2生成GTK(记为GTK12),将GTK12发送至STA1,如此,STA1和STA2均存储有GTK12。
STA1与STA4建立无线局域网连接时,假设STA1作为发起方,STA4作为接收方,那么STA1和STA4的角色类似于图1中的STA和AP,STA1与STA4的交互可参见上述图1中的流程图,进一步的,在步骤105和步骤106中,具体是STA4生成GTK(记为GTK14),将GTK14发送至STA1,如此,STA1和STA4均存储有GTK14。
此处,STA2与STA4建立无线局域网连接,STA2与STA3建立无线局域网连接,STA3与STA4建立无线局域网连接的实现方式,均可参见STA1与STA2建立无线局域网连接,或者参见STA1与STA4建立无线局域网连接的实现方式,不再赘述。
在数据传输过程中:
以STA1为例,若STA1通过GTK12加密原始数据以得到加密数据,广播该加密数据,相应的,STA2至STA4均接收到该加密数据,由于仅有STA2中存储有该GTK12,所以只有STA2可以解密该加密数据。同理的,若STA1通过GTK14加密原始数据以得到加密数据,广播该加密数据,相应的,STA2至STA4均接收到该加密数据,由于仅有STA4中存储有该GTK14,所以只有STA4可以解密该加密数据。
可以理解,网络中各STA未存储有统一的GTK,任一个STA通过自己存储的GTK加密原始数据得到的加密数据,无法被网络中的全部STA解密。同理的,在其他同等地位的设备(比如多个AP)组成的网络中也存在该问题。
为此,本申请提供一种数据传输方法,该数据传输方法用于实现网络中所有的设备都存储有同一个组播密钥(比如GTK),从而任一个设备在根据自己的组播密钥加密原始数据以得到加密数据,然后发送(即组播或广播)该加密数据时,该网络中的其他设备均可以根据自己的该相同的组播密钥,解密该加密数据以得到原始数据。
预先说明的是,在初始阶段两个设备先建立无线局域网连接,建立连接的方式可参见图1示例性示出的流程图。该两个设备可记为设备A和设备B,当设备A是发起方时,那么设备B作为接收方生成组播密钥,将该组播密钥发送至设备A,设备A和设备B可通过该组播密钥进行数据传输;当设备B是发起方时,那么设备A作为接收方生成组播密钥,将该组播密钥发送至设备B,设备A和设备B可通过该组播密钥进行数据传输。
在设备A和设备B已经建立无线局域网连接(即设备A和设备B组建了无线局域网)的基础上,再有新的设备(比如设备C)接入至该无线局域网中时,该设备C可与该无线局域网中的已有设备(比如设备A)建立无线局域网连接,并在建立连接过程中从设备A处获取组播密钥,设备C将该组播密钥作为设备C在该无线局域网中传输数据的组播密钥。以此类推,当再有其他新的设备接入至该无线局域网中时,该新的设备均可与该无线局域网中的已有设备建立无线局域网连接,并在建立连接过程中从该已有设备处获取组播密钥,该新的设备可将该组播密钥作为其在该无线局域网中传输数据的组播密钥。
如图3(a)为本申请示例性提供的一种设备接入至无线局域网中的场景示意图,该场景中,无线局域网中包括设备A、设备B和设备C,当设备D需要接入至该无线局域网中时,设备D可以与无线
局域网中的已有设备(比如设备A)建立无线局域网连接。
还需要说明的是,本申请不仅适用于图3(a)示出的单一设备(即设备D)接入至已有无线局域网的场景中,还适用于两个已有无线局域合并的场景。即新接入至该无线局域网的设备本来是另外一个无线局域网中的已有设备。
如图3(b)为本申请示例性提供的两个无线局域网合并的场景示意图,该场景中,无线局域网1中包括设备A、设备B和设备C,无线局域网2中包括设备D和设备E,当无线局域网1需要与无线局域网2合并时,无线局域网2中的设备D可以与无线局域网1中的已有设备(比如设备A)建立无线局域网连接。
如下基于两种场景分情况说明:
场景一,单一设备接入至无线局域网中。
为方便描述,将该单一设备称为第一设备;将与第一设备建立无线局域网连接的、已经在无线局域网中的设备称为第二设备。示例性的,第一设备是图3(a)中的设备D,第二设备是图3(a)中的设备A。
基于第一设备是作为接收方还是发起方,第一设备从无线局域网的第二设备中获取组播密钥的方式不同,如下分该两种情况解释说明。
结合图4示例性示出的第一种数据传输方法的流程示意图,解释说明第一设备作为接收方,接入至无线局域网(即第一设备在与无线局域网中的第二设备建立无线局域网连接的过程)中时,该第一设备获取组播密钥的可能实现方式,相应的,第二设备作为发起方。
步骤401,第一设备生成第一组播密钥,第一组播密钥用于第一设备与第二设备传输数据。该步骤401类似于上述步骤105中AP生成GTK的步骤。
可选的,在步骤401之前还包括步骤400,第二设备向第一设备发送连接请求,相应的,第一设备接收来自第二设备的连接请求。随后,在步骤401中,第一设备响应于该连接请求,生成用于第一设备与第二设备传输数据的组播密钥(即为第一组播密钥)。
步骤402,第二设备向第一设备发送第二组播密钥,相应的,第一设备接收第二设备中的第二组播密钥,第二组播密钥用于第二设备与无线局域网中其他设备传输数据。
第二设备中已经存储有组播密钥(即为第二组播密钥),该第二组播密钥是无线局域网中所有设备存储的统一的组播密钥,该第二组播密钥用于第二设备与无线局域网中其他设备传输数据。举例来说,无线局域网中包括设备A、设备B和设备C,第二设备是设备A,那么设备A中的第二组播密钥即用于设备A与无线局域网中的设备B和设备C传输数据。具体的,设备A通过第二组播密钥加密原始数据A以得到加密数据A,设备A将加密数据A在无线局域网中广播,相应的,设备B和设备C都可接收到该加密数据A,设备B采用第二组播密钥解密加密数据A以得到原始数据A,同样的,设备C采用第二组播密钥解密加密数据A以得到原始数据A。或者,设备B通过第二组播密钥加密原始数据B得到加密数据B,设备B将加密数据B在无线局域网中广播,相应的,设备A可接收到该加密数据B,设备A采用第二组播密钥解密加密数据B以得到原始数据B。
在一个示例中,第二设备在向第一设备发送连接请求之后,确定自己已经存储有第二组播密钥,于是向第一设备发送第二组播密钥。
再一个示例中,第一设备生成第一组播密钥之后,向第二设备发送第一组播密钥,相应的,第二设备接收第一组播密钥,确定自己本地已经存储有第二组播密钥,于是向第一设备发送第二组播密钥。可选的,第二设备将来自第一设备的第一组播密钥丢弃。
一个具体实现中,第二设备可通过短距离连接向第一设备发送第二组播密钥,相应的,第一设备通过短距离连接从第二设备中接收第二组播密钥。其中,短距离连接方式至少包括如下中一项或多项:蓝牙连接、NFC连接、星闪连接、无线局域网连接。其中,星闪连接是车载无线短距通信的一种方式,其具有超低时延、超高可靠、精准同步的特点。
当第一设备与第二设备是无线局域网连接时:第一设备具体可通过无线局域网连接中的单播帧从第二设备中接收第二组播密钥。其中,该单播帧可以是数据帧或管理帧。
步骤403,第一设备通过第二组播密钥与第二设备传输数据。
可选的,第一设备在接收到来自第二设备中的第二组播密钥之后,可以将第二组播密钥覆盖第一组
播密钥,将第二组播密钥作为第一设备与第二设备传输数据的组播密钥。
第一设备通过第二组播密钥与第二设备传输数据可包括如下两个示例:
示例1,第一设备在向第二设备发送数据(记为第一原始数据)时:第一设备通过第二组播密钥加密第一原始数据以得到第一加密数据,第一设备广播第一加密数据,相应的,第二设备接收到第一加密数据,根据第二组播密钥解密第一加密数据以得到第一原始数据。
示例2,第二设备在向第一设备发送数据(记为第二原始数据)时:第二设备通过第二组播密钥加密第二原始数据以得到第二加密数据,第二设备广播第二加密数据,相应的,第一设备接收到第二加密数据,根据第二组播密钥解密第二加密数据以得到第二原始数据。
需要指出的是,第一设备虽然在步骤401中生成了用于第一设备和第二设备传输数据的第一组播密钥,但是该第一组播密钥在步骤403中被第二组播密钥覆盖,也即,在步骤403之后,第一设备和第二设备通过第二组播密钥传输数据。特别的,在步骤403之前,若第二设备接收来自第一设备的第一组播密钥,且存储有该第一组播密钥,那么第一设备和第二设备还可通过第一组播密钥传输数据,具体实现可参见上述示例1和示例2,可将“第二组播密钥”替换为“第一组播密钥”理解。
进一步的,第一设备还可通过第二组播密钥与无线局域网中的、除第一设备以外的其他设备(包括第二设备)传输数据。示例性的,无线局域网中包括设备A、设备B和设备C,设备D作为新设备接入至该无线局域网中,且设备D与设备A建立无线局域网连接,也即设备D是第一设备,设备A是第二设备,在该情况中,设备D从设备A中获取了第二组播密钥,设备D可通过第二组播密钥与无线局域网中的设备A、设备B和设备C传输数据。举例来说,设备D根据第二组播密钥加密第一原始数据得到第一加密数据,将第一加密数据在无线局域网中广播,相应的,设备A、设备B和设备C分别接收到该第一加密数据,设备A根据设备A中的第二组播密钥解密第一加密数据以得到第一原始数据,设备B根据设备B中的第二组播密钥解密第一加密数据以得到第一原始数据,以及设备C根据设备C中的第二组播密钥解密第一加密数据以得到第一原始数据。
结合图5示例性示出的第二种数据传输方法的流程示意图,解释说明第一设备作为发起方,接入至无线局域网(即第一设备在与无线局域网中的第二设备建立无线局域网连接的过程)中时,该第一设备获取组播密钥的可能实现方式。相应的,第二设备作为接收方。
步骤501,第二设备向第一设备发送第二组播密钥,相应的,第一设备接收第二设备中的第二组播密钥,第二组播密钥用于第二设备与无线局域网中其他设备传输数据。
第二组播密钥的说明可参加上述步骤402中描述。
可选的,在步骤501之前还包括步骤500,第一设备向第二设备发送连接请求,相应的,第二设备接收来自第一设备的连接请求。
一个示例中,第二设备响应于连接请求,确定自己已经存储有第二组播密钥,于是向第一设备发送第二组播密钥。
再一个示例中,第二设备响应于该连接请求,生成用于第一设备与第二设备传输数据的组播密钥(记为第三组播密钥),向第一设备发送第三组播密钥。随后,第二设备确定自己还存储有用于在无线局域网中传输数据的第二组播密钥,于是向第一设备发送第二组播密钥,并指示第一设备将第二组播密钥覆盖第三组播密钥。可选的,第二设备还删除第三组播密钥。
步骤502,第一设备通过第二组播密钥与第二设备传输数据。
具体实现方式可参见上述步骤403中描述。
场景二,两个无线局域网合并。
为方便描述,将两个待合并的无线局域网分别记为是第一无线局域和第二无线局域网,合并之后的局域网记为是第三无线局域网。进一步的,第一设备属于第一无线局域网,第二设备属于第二无线局网。
示例性的,第一无线局域是图3(b)中的无线局域网2,第一设备是图3(b)中的设备D;第二无线局域是图3(b)中的无线局域网1,第二设备是图3(b)中的设备A。
其中,第一无线局域网的组网方式可参见上述场景一中无线局域网(即第二无线局域网)的组网方式,可以理解,第一无线局域网中的第一设备在与第二无线局域网中第二设备建立无线局域网连接之前,第一无线局域网中的所有设备中均存储有用于在第一无线局域网中传输数据的统一的组播密钥(记为第
四组播密钥)。
当第一无线局域网中的第一设备接入至第二无线局域网时,第一设备可从第二设备中接收第二无线局域网的第二组播密钥,进而将第二组播密钥发送给第一无线局域网中除该第一设备以外的其他设备中,从而完成第一无线局域网和第二无线局域网的合并,相应的,第一设备可通过第二组播密钥在第三无线局域网中传输数据。该场景还可以称为是第一无线局域网接入至第二无线局域网中,以得到第三无线局域网。
基于第一设备是作为接收方还是发起方,第一设备从第二无线局域网的第二设备中获取组播密钥的方式不同,如下仍然分该两种情况解释说明。
结合图6示例性示出的第三种数据传输方法的流程示意图,解释说明第一无线局域网中的第一设备作为接收方,接入至第二无线局域网(即第一设备在与第二设备建立无线局域网连接的过程)中时,该第一无线局域网中各设备获取组播密钥的一种可能实现方式,相应的,第二无线局域网中的第二设备作为发起方。
步骤601,第一设备生成第一组播密钥,第一组播密钥用于第一设备与第二设备传输数据。可选的,在步骤601之前还包括步骤600,第二设备向第一设备发送连接请求,相应的,第一设备接收来自第二设备的连接请求。随后,在步骤601中,第一设备响应于该连接请求,生成用于第一设备与第二设备传输数据的组播密钥(即为第一组播密钥)。
步骤602,第二设备向第一设备发送第二组播密钥,相应的,第一设备接收来自第二设备的第二组播密钥,第二组播密钥用于第二设备与第二无线局域网中其他设备传输数据。具体实现可参见步骤402中描述。
步骤603,第一设备向处于第一无线局域网中的、除第一设备以外的一个或多个设备发送更新消息,其中,该更新消息指示:将用于在第一无线局域网中传输数据的组播密钥(即第四组播密钥)更新为第二组播密钥。
一个可能示例中,当第一设备从第二设备中获取到第二组播密钥之后,根据第四组播密钥加密第二组播密钥,也即,第二组播密钥作为第一设备需要在第一无线局域网中传输的原始数据(记为原始数据1),第一设备根据第四组播密钥加密原始数据1得到加密数据1。随后,第一设备生成携带有加密数据1的更新消息,在第一无线局域网中广播该更新消息。相应的,该第一无线局域网中的、除第一设备以外的其他设备均可接收到该更新消息。以第一无线局域网中的、除第一设备以外的任一个设备为例,该设备从更新信息中获取加密数据1,根据第四组播密钥解密该加密数据1得到原始数据1(即第二组播密钥),该设备将第二组播密钥覆盖当前存储的第四组播密钥。
如此,第一无线局域网中的各设备的组播密钥也由原来的第四组播密钥更新为第二组播密钥,第二无线局域网和第一无线局域网组成的第三局域网中的各设备均存储有第二组播密钥,各设备可通过第二组播密钥在第三局域网中传输数据。
步骤604,第一设备通过第二组播密钥与第二设备传输数据。
具体实现可参见步骤403中描述。
结合图7示例性示出的第四种数据传输方法的流程示意图,解释说明第一无线局域网中的第一设备作为发起方,接入至第二无线局域网(即第一设备在与第二设备建立无线局域网连接的过程)中时,该第二无线局域网中各设备获取组播密钥的一种可能实现方式,相应的,第二无线局域网中的第二设备作为接收方。
步骤701,第二设备向第一设备发送第二组播密钥,相应的,第一设备接收来自第二设备的第二组播密钥,第二组播密钥用于第二设备与第二无线局域网中其他设备传输数据。
可选的,在步骤701之前还包括步骤700,第一设备向第二设备发送连接请求,相应的,第二设备接收来自第一设备的连接请求。
具体实现可参见步骤501中描述。
步骤702,第一设备向处于第一无线局域网中的、除第一设备以外的一个或多个设备发送更新消息,其中,该更新消息指示:将用于在第一无线局域网中传输数据的组播密钥更新为第二组播密钥。
具体实现可参见步骤603中描述。
步骤703,第一设备通过第二组播密钥与第二设备传输数据。
具体实现可参见步骤502中描述。
当然,本申请不排除第二无线局域网接入至第一无线局域网中,以得到第三无线局域网的场景,即第一设备与第二设备进行无线局域网连接的过程中,由于第一设备中也存储有其所在第一无线局域网的统一的组播密钥(即第四组播密钥),第一设备还可将第四组播密钥发送至第二设备,相应的,第二设备将第四组播密钥发送给第二无线局域网中除该第二设备以外的其他设备中,从而完成第二无线局域网和第一无线局域网的合并。
其中,第二设备将第四组播密钥发送给第二无线局域网中除该第二设备以外的其他设备的实现方式,可参见上述第一设备将第二组播密钥发送给第一无线局域网中除该第二设备以外的其他设备的实现方式。
可以理解,在第一无线局域网和第二无线局域网合并为第三局域网的过程中,具体可以是,发起方去同步接收方中的组播密钥。具体如下:
若是第一无线局域网中的第一设备向第二无线局域网中的第二设备发起连接请求,那么第一设备从第二设备处获取第二组播密钥,第一设备将第二组播密钥发送至第一无线局域网中除该第一设备以外的其他设备中,以完成第一无线局域接入至第二无线局域网。
若是第二无线局域网中的第二设备向第一无线局域网中的第一设备发起连接请求,那么第二设备从第一设备处获取第四组播密钥,第二设备将第四组播密钥发送至第二无线局域网中除该第二设备以外的其他设备中,以完成第二无线局域接入至第一无线局域网。
此外,还可以是接收方去同步发起方中的组播密钥。具体如下:
若是第一无线局域网中的第一设备向第二无线局域网中的第二设备发起连接请求,那么第二设备从第一设备处获取第四组播密钥,第二设备将第四组播密钥发送至第二无线局域网中除该第二设备以外的其他设备中,以完成第二无线局域接入至第一无线局域网。
若是第二无线局域网中的第二设备向第一无线局域网中的第一设备发起连接请求,那么第一设备从第二设备处获取第二组播密钥,第一设备将第二组播密钥发送至第一无线局域网中除该第一设备以外的其他设备中,以完成第一无线局域接入至第二无线局域网。
当然,还可以基于第一无线局域网中设备数量、第二无线局域网中设备数量确定由第一无线局域网接入至第二无线局域网,还是由第二无线局域网接入至第一无线局域网。示例性的,当第一无线局域网中设备数量大于第二无线局域网中设备数量时,确定由第二无线局域网接入至第一无线局域网;当第二无线局域网中设备数量大于第一无线局域网中设备数量时,确定由第一无线局域网接入至第二无线局域网。
需要补充的是,本申请中的无线局域网可以包括两种类型的子局域网,该两种类型的子局域网分别是无中心设备的子局域网,以及有中心设备的子局域网,具体的,在无中心设备的子局域网中多个设备具备同等地位;在有中心设备的子局域网中存在一个中心设备,除该中心设备以外的其他设备作为该中心设备的子设备,进一步的,该中心设备还作为无中心设备的子局域网中的设备。
如图8为本申请示例性提供的再一种组网示意图,该组网中包括多个STA且(图8示例性示出STA1至STA4,以及STA1-1至STA1-3,本申请不限定STA的数量),STA1至STA4组成无中心设备的子局域网,其中,STA1分别与STA2和STA4之间存在无线局域网连接;STA2分别与STA1、STA3和STA4之间存在无线局域网连接等。进一步的,STA1、STA1-1、STA1-2和STA1-3组成有中心设备的子局域网,STA1-1、STA1-2和STA1-3均作为STA1的子设备接入至STA1中。
可以理解,无中心设备的子局域网中各设备具备统一的组播密钥。而对于有中心设备的子局域网,该中心设备下的每个子设备可发起连接请求以接入至该中心设备,进一步的,该中心设备将统一的组播密钥发送至该中心设备下的子设备中。
一个可能实现中,在有中心设备的子局域网中,每个子设备在向中心设备发起连接请求时,中心设备生成组播密钥(记为第五组播密钥),将生成的第五组播密钥发送给该子设备,也即,有中心设备的子局域网中,中心设备和各子设备均保存有第五组播密钥。随后,中心设备在获取到无中心设备的子局
域网中的统一组播密钥(比如第六组播密钥)之后,可通过第五组播密钥加密该第六组播密钥,然后将加密后的第六组播密钥在无中心设备的子局域网中广播,以使得每个子设备根据第五组播密钥解密该加密后的第六组播密钥,获取到该第六组播密钥之后将第六组播密钥覆盖当前存储的第五组播密钥。如此,整个无线局域网中各设备均存储有该统一组播密钥(即第六组播密钥)。
结合图6或图7示例性示出的流程,第一无线局域网中包括无中心设备的子局域网,以及有中心设备的子局域网。
一个可能情况中,第一设备是有中心设备的子局域网中的中心设备,该第一设备下连接有一个或多个第三设备,在第一设备从第二设备中获取到第二组播密钥之后,不仅可以向无中心设备的子局域网中、除第一设备以外的其他设备发送第二组播密钥,还可以向有中心设备的子局域网中(也即第一设备下面的一个或多个第三设备)发送第二组播密钥。
可以理解,由于整个第一无线局域网中的各设备具备统一的组播密钥(即第四组播密钥),所以第一设备采用第四组播密钥加密原始数据1(即第二密钥)得到加密数据1时,该第一无线局域网中的所有的其他设备(包括无中心设备的子局域网中的其他设备,以及有中心设备的子局域网中的一个或多个第三设备)均可以解密该加密数据1,以得到原始数据1(即第二密钥),随后,该第一无线局域网中的所有的其他设备将第二密钥覆盖第四组播密钥,以完成第一无线局域网接入至第二无线局域网中。
此外,当第一无线局域网中的有中心设备的子局域网的中心设备是除第一设备以外的其他设备时,上述发送方式同样适用。当然还可以是第二无线局域网接入第一无线局域网中,且第二无线局域网中也可能包括无中心设备的子局域网,以及有中心设备的子局域网,第二设备在从第一设备中获取到第四组播密钥之后,采用与上述相类似的方式,将第四组播密钥发送给第二无线局域网中除第二设备以外的其他设备,不再赘述。
基于上述图4或图6中的流程图,本申请提供一种数据传输方法的具体实现方式,在该具体实现方式中,第一设备可直接从第二设备中获取第二组播密钥,而无需先生成第一组播密钥,再将从第二设备中获取第二组播密钥覆盖第一组播密钥,有助于减少不必要的计算和信令传输。
如下结合图9示例性示出的一种第一设备和第二设备基于WPA协议建立无线局域网连接的流程图说明,其中第一设备和第二设备分别类似于图1中的AP和STA。
步骤900,第二设备向第一设备发送连接请求。
步骤901,第一设备向第二设备发送消息1,该消息1中包括第一设备的随机数。相应的,第二设备接收来自第一设备的消息1,从消息1中获取第一设备的随机数。
步骤902,第二设备计算PTK。
步骤903,第二设备从PTK中提取MIC,向第一设备发送消息2,该消息2中包括第二设备的随机数和MIC。相应的,第一设备接收来自第二设备的消息2,从消息2中获取第二设备的随机数和MIC。
步骤904,第一设备计算PTK和MIC,根据MIC对PTK进行完整性校验。
步骤905,第二设备使用自己生成的PTK加密第二组播密钥。
步骤906,第二设备向第一设备发送消息3,消息3中包括加密的第二组播密钥和MIC。相应的,第二设备接收来自第一设备的消息3,从消息3中获取加密的第二组播密钥和MIC。
步骤907,第一设备使用自己生成的PTK解密该消息3中的加密的第二组播密钥,以得到第二组播密钥。进而第二设备根据MIC对第二组播密钥进行完整性校验。
步骤908,第一设备向第二设备发送ACK。
步骤909,第二设备存储PTK。
步骤910,第一设备存储PTK和第二组播密钥。
步骤911,第一设备通过第二组播密钥与第二设备传输数据。
上述步骤901至步骤910即为第一设备与第二设备建立无线局域网连接的过程,步骤901至步骤910中未详尽描述的内容,可参见图1相关实施例中描述。步骤911未详尽描述的内容,可参见步骤403中描述。
基于上述图5或图7中的流程图,本申请提供再一种数据传输方法的具体实现方式,在该具体实现
方式中,第一设备可直接从第二设备中获取第二组播密钥,而无需先接收来自第二设备的第三组播密钥,再将从第二设备中获取第二组播密钥覆盖第三组播密钥,有助于减少不必要的计算和信令传输。
如下结合图10示例性示出的再一种第一设备和第二设备基于WPA协议建立无线局域网连接的流程图说明,其中第一设备和第二设备分别类似于图1中的STA和AP。
步骤1000,第一设备向第二设备发送连接请求。
步骤1001,第二设备向第一设备发送消息1,该消息1中包括第二设备的随机数。相应的,第一设备接收来自第二设备的消息1,从消息1中获取第二设备的随机数。
步骤1002,第一设备计算PTK。
步骤1003,第一设备从PTK中提取MIC,向第二设备发送消息2,该消息2中包括第一设备的随机数和MIC。相应的,第二设备接收来自第一设备的消息2,从消息2中获取第一设备的随机数和MIC。
步骤1004,第二设备计算PTK和MIC,根据MIC对PTK进行完整性校验。
步骤1005,第二设备使用PTK加密第二组播密钥。
步骤1006,第二设备向第一设备发送消息3,该消息3中包括加密的第二组播密钥和MIC。相应的,第一设备接收来自第二设备的消息3,从消息3中获取加密的第二组播密钥和MIC。
步骤1007,第一设备使用自己生成的PTK解密该消息3中的加密的第二组播密钥,以得到第二组播密钥。进而第一设备根据MIC对第二组播密钥进行完整性校验。
步骤1008,第一设备向第二设备发送ACK。
步骤1009,第一设备存储PTK和第二组播密钥。
步骤1010,第二设备存储PTK。
步骤1011,第一设备通过第二组播密钥与第二设备传输数据。
上述步骤1001至步骤1010即为第一设备与第二设备建立无线局域网连接的过程,步骤1001至步骤1010中未详尽描述的内容,可参见图1相关实施例中描述。步骤1011未详尽描述的内容,可参见步骤403中描述。
图11为本申请示例性提供的一种无线局域网的组网方式的应用场景,张三正在卧室A中用VR玩游戏,李四想要在卧室B中通过手机观看张三玩游戏的直播,于是,李四可以将卧室B中的手机与卧室A中的VR通过无线局域网连接,进而在手机上观看张三玩游戏的直播。随后,王五想要在客厅中通过电视观看张三玩游戏的直播,王五可以将客厅中的电视与卧室B中的手机通过无线局域网连接,进而在电视上观看张三玩游戏的直播。在该场景中,客厅中的电视、卧室A中的VR、卧室B中的手机都拥有统一的组播密钥,当卧室A中的VR通过该组播数据加密原始的直播视频,将加密之后的直播视频在无线局域网中发送时,客厅中的电视、卧室B中的手机各自都可以接收到该加密之后的直播视频,并通过该统一的组播密钥解密该加密之后的直播视频,以得到原始的直播视频。
本文中描述的各个实施例可以为独立的方案,也可以根据内在逻辑进行组合,这些方案都落入本申请的保护范围中。
可以理解的是,上述各个方法实施例中,由第一设备实现的方法和操作,也可以由可用于第一设备的部件(例如芯片或者电路)实现,由第二设备实现的方法和操作,也可以由可用于第二设备的部件(例如芯片或者电路)实现。
上述本申请提供的实施例中,分别从各个设备之间交互的角度对本申请实施例提供的方法进行了介绍。为了实现上述本申请实施例提供的方法中的各功能,第一设备与第二设备可以包括硬件结构和/或软件模块,以硬件结构、软件模块、或硬件结构加软件模块的形式来实现上述各功能。上述各功能中的某个功能以硬件结构、软件模块、还是硬件结构加软件模块的方式来执行,取决于技术方案的特定应用和设计约束条件。
本申请实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。另外,在本申请各个实施例中的各功能模块可以集成在一个处理器中,也可以是单独物理存在,也可以两个或两个以上模块集成在一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。
基于上述内容和相同构思,图12和图13为本申请的提供的可能的装置的结构示意图。
这些通信装置可以用于实现上述图4至图10相关方法实施例中第一设备的功能,因此也能实现上述图4至图10相关方法实施例所具备的有益效果。在本申请中,该通信装置可以是如图3(a)所示的设备D,也可以是如图3(b)所示的设备D,还可以是应用于设备D的模块(如芯片)。或者,
这些通信装置可以用于实现图4至图10相关上述方法实施例中第二设备的功能,因此也能实现上述图4至图10相关方法实施例所具备的有益效果。在本申请中,该通信装置可以是如图3(a)所示的设备A,也可以是如图3(b)所示的设备A,还可以是应用于设备A的模块(如芯片)。
如图12所示,该通信装置1200包括处理模块1201和收发模块1202。
在一种可能的实现方式中,处理模块1201,用于装置在与第二无线局域网中的第二设备建立无线局域网连接的过程中,生成第一组播密钥,第一组播密钥用于装置与第二设备传输数据;收发模块1202,用于从第二设备中接收第二组播密钥,第二组播密钥用于第二设备与第二无线局域网中其他设备传输数据;收发模块1202通过第二组播密钥与第二设备传输数据。
在一种可能的实现方式中,处理模块1201还用于:将第二组播密钥覆盖第一组播密钥,以将第二组播密钥作为装置与第二设备传输数据的密钥。
在一种可能的实现方式中,当第一设备处于第一无线局域网中时,收发模块1202还用于:向处于第一无线局域网中的、除装置以外的一个或多个设备发送更新消息,更新消息指示:将用于在第一无线局域网中传输数据的组播密钥更新为第二组播密钥。
在一种可能的实现方式中,第一无线局域网中还包括一个或多个第三设备,一个或多个第三设备是装置的子设备。
在一种可能的实现方式中,收发模块1202在从第二设备中接收第二组播密钥时,具体用于:通过短距离连接从第二设备中接收第二组播密钥;短距离连接至少包括如下中一项或多项:蓝牙连接、NFC连接、星闪连接、无线局域网连接。
在一种可能的实现方式中,收发模块1202通过无线局域网连接从第二设备中接收第二组播密钥时,具体用于:通过无线局域网连接中的单播帧接收第二组播密钥,单播帧中包括数据帧、管理帧中一项或多项。
如图13所示为本申请实施例提供的装置1300,图13所示的装置可以为图12所示的装置的一种硬件电路的实现方式。该装置可适用于前面所示出的流程图中,执行上述图4至图10相关方法实施例中第一设备的功能,或者第二设备的功能。
为了便于说明,图13仅示出了该装置的主要部件。
图13所示的装置1300包括通信接口1310、处理器1320和存储器1330,其中存储器1330用于存储程序指令和/或数据。处理器1320可能和存储器1330协同操作。处理器1320可能执行存储器1330中存储的程序指令。示例性的,存储器1330中存储的指令或程序被执行时,该处理器1320用于执行上述实施例中处理模块1201执行的操作,通信接口1310用于执行上述实施例中收发模块1202执行的操作。
存储器1330和处理器1320耦合。本申请实施例中的耦合是装置、单元或模块之间的间接耦合或通信连接,可以是电性,机械或其它的形式,用于装置、单元或模块之间的信息交互。存储器1330中的至少一个可以包括于处理器1320中。
在本申请实施例中,通信接口可以是收发器、电路、总线、模块或其它类型的通信接口。在本申请实施例中,通信接口为收发器时,收发器可以包括独立的接收器、独立的发射器;也可以集成收发功能的收发器、或者是通信接口。
装置1300还可以包括通信线路1340。其中,通信接口1310、处理器1320以及存储器1330可以通过通信线路1340相互连接;通信线路1340可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。通信线路1340可以分为地址总线、数据总线、控制总线等。为便于表示,图13中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。
基于上述内容和相同构思,本申请实施例提供一种计算机可读存储介质,计算机可读存储介质中存
储有计算机程序或指令,当计算机程序或指令被通信装置执行时,通信装置执行上述图4至图10相关方法实施例中第一设备的功能,或者执行上述图4至图10相关方法实施例中第二设备的功能。
基于上述内容和相同构思,本申请实施例提供一种计算机程序产品,计算机程序产品包括计算机程序或指令,当计算机程序或指令被通信装置执行时,通信装置执行上述图4至图10相关方法实施例中第一设备的功能,或者执行上述图4至图10相关方法实施例中第二设备的功能。
基于上述内容和相同构思,本申请实施例提供一种数据传输方法的系统,该系统中包括上述图4至图10相关方法实施例中的第一设备,以及上述图4至图10相关方法实施例中的第二设备。
可以理解的是,在本申请的实施例中涉及的各种数字编号仅为描述方便进行的区分,并不用来限制本申请的实施例的范围。上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定。
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的保护范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。
Claims (15)
- 一种数据传输方法,其特征在于,包括:第一设备在与第二无线局域网中的第二设备建立无线局域网连接的过程中,生成第一组播密钥,所述第一组播密钥用于所述第一设备与所述第二设备传输数据;所述第一设备从所述第二设备中接收第二组播密钥,所述第二组播密钥用于所述第二设备与第二无线局域网中其他设备传输数据;所述第一设备通过所述第二组播密钥与所述第二设备传输数据。
- 如权利要求1所述的方法,其特征在于,还包括:所述第一设备将所述第二组播密钥覆盖所述第一组播密钥,以将所述第二组播密钥作为所述第一设备与所述第二设备传输数据的密钥。
- 如权利要求1或2所述的方法,其特征在于,还包括:当所述第一设备处于第一无线局域网中时,所述第一设备向处于所述第一无线局域网中的、除所述第一设备以外的一个或多个设备发送更新消息,所述更新消息指示:将用于在所述第一无线局域网中传输数据的组播密钥更新为所述第二组播密钥。
- 如权利要求1-3中任一项所述的方法,其特征在于,所述第一无线局域网中还包括一个或多个第三设备,所述一个或多个第三设备是所述第一设备的子设备。
- 如权利要求1-4中任一项所述的方法,其特征在于,所述第一设备从所述第二设备中接收第二组播密钥,包括:所述第一设备通过短距离连接从所述第二设备中接收所述第二组播密钥;其中,所述短距离连接至少包括如下中一项或多项:蓝牙连接、近场通信NFC连接、星闪连接、无线局域网连接。
- 如权利要求5所述的方法,其特征在于,所述第一设备通过所述无线局域网连接从所述第二设备中接收所述第二组播密钥,包括:所述第一设备通过所述无线局域网连接中的单播帧接收所述第二组播密钥,所述单播帧中包括数据帧、管理帧中一项或多项。
- 一种数据传输装置,其特征在于,包括:处理模块,用于所述装置在与第二无线局域网中的第二设备建立无线局域网连接的过程中,生成第一组播密钥,所述第一组播密钥用于所述装置与所述第二设备传输数据;收发模块,用于从所述第二设备中接收第二组播密钥,所述第二组播密钥用于所述第二设备与第二无线局域网中其他设备传输数据;所述收发模块通过所述第二组播密钥与所述第二设备传输数据。
- 如权利要求7所述的装置,其特征在于,所述处理模块还用于:将所述第二组播密钥覆盖所述第一组播密钥,以将所述第二组播密钥作为所述装置与所述第二设备传输数据的密钥。
- 如权利要求7或8所述的装置,其特征在于,当所述第一设备处于第一无线局域网中时,所述收发模块还用于:向处于所述第一无线局域网中的、除所述装置以外的一个或多个设备发送更新消息,所述更新消息指示:将用于在所述第一无线局域网中传输数据的组播密钥更新为所述第二组播密钥。
- 如权利要求7-9中任一项所述的装置,其特征在于,所述第一无线局域网中还包括一个或多个第三设备,所述一个或多个第三设备是所述装置的子设备。
- 如权利要求7-10中任一项所述的装置,其特征在于,所述收发模块在从所述第二设备中接收第二组播密钥时,具体用于:通过短距离连接从所述第二设备中接收所述第二组播密钥;其中,所述短距离连接至少包括如下中一项或多项:蓝牙连接、近场通信NFC连接、星闪连接、无线局域网连接。
- 如权利要求11所述的装置,其特征在于,所述收发模块通过所述无线局域网连接从所述第二设备中接收所述第二组播密钥时,具体用于:通过所述无线局域网连接中的单播帧接收所述第二组播密钥,所述单播帧中包括数据帧、管理帧中一项或多项。
- 一种通信装置,其特征在于,包括处理器和通信接口,所述通信接口用于接收来自所述通信装置之外的其它通信装置的信号并传输至所述处理器或将来自所述处理器的信号发送给所述通信装置之外的其它通信装置,所述处理器通过逻辑电路或执行代码指令用于实现权利要求1至6中任一项所述的方法。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有计算机程序或指令,当所述计算机程序或指令被通信装置执行时,实现权利要求1至6中任一项所述的方法。
- 一种计算机程序产品,其特征在于,所述计算机程序产品包括计算机程序或指令,当所述计算机程序或指令被通信装置执行时,实现权利要求1至6中任一项所述的方法。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211302587.2A CN117979285A (zh) | 2022-10-24 | 2022-10-24 | 一种数据传输方法及装置 |
CN202211302587.2 | 2022-10-24 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2024088140A1 true WO2024088140A1 (zh) | 2024-05-02 |
Family
ID=90830033
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2023/125273 WO2024088140A1 (zh) | 2022-10-24 | 2023-10-18 | 一种数据传输方法及装置 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN117979285A (zh) |
WO (1) | WO2024088140A1 (zh) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140301552A1 (en) * | 2011-10-10 | 2014-10-09 | Lg Electronics Inc. | Method for wireless local area network (wlan)-based peer to peer (p2p) communication and apparatus for same |
CN105247835A (zh) * | 2013-05-23 | 2016-01-13 | 三星电子株式会社 | 用于在无线对接网络中将对接方设备直接连接到外围设备的方法和装置 |
CN105264815A (zh) * | 2013-06-04 | 2016-01-20 | 三星电子株式会社 | 使用组密钥的基于无线对接的服务的方法和设备 |
CN106576042A (zh) * | 2014-07-14 | 2017-04-19 | 三菱电机株式会社 | 无线通信系统以及无线通信方法 |
CN114390491A (zh) * | 2020-10-20 | 2022-04-22 | 华为技术有限公司 | 一种组网方法、装置和系统 |
-
2022
- 2022-10-24 CN CN202211302587.2A patent/CN117979285A/zh active Pending
-
2023
- 2023-10-18 WO PCT/CN2023/125273 patent/WO2024088140A1/zh unknown
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140301552A1 (en) * | 2011-10-10 | 2014-10-09 | Lg Electronics Inc. | Method for wireless local area network (wlan)-based peer to peer (p2p) communication and apparatus for same |
CN105247835A (zh) * | 2013-05-23 | 2016-01-13 | 三星电子株式会社 | 用于在无线对接网络中将对接方设备直接连接到外围设备的方法和装置 |
CN105264815A (zh) * | 2013-06-04 | 2016-01-20 | 三星电子株式会社 | 使用组密钥的基于无线对接的服务的方法和设备 |
CN106576042A (zh) * | 2014-07-14 | 2017-04-19 | 三菱电机株式会社 | 无线通信系统以及无线通信方法 |
CN114390491A (zh) * | 2020-10-20 | 2022-04-22 | 华为技术有限公司 | 一种组网方法、装置和系统 |
Also Published As
Publication number | Publication date |
---|---|
CN117979285A (zh) | 2024-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3836577A1 (en) | Session management method and device for user groups | |
US20060126847A1 (en) | System and method for establishing secure communications between devices in distributed wireless networks | |
US20150135240A1 (en) | Video display terminal, video transmission terminal, video communication system, video display method, video transmission method, and computer-readable recording medium recording program | |
WO2022082754A1 (zh) | 一种通信方法及装置 | |
US20090052363A1 (en) | Wireless communication system and wireless communication apparatus | |
EP2792195A1 (en) | Shared network access via a peer-to-peer link | |
US20200329052A1 (en) | System and method for aligning a packet counter in short-range wireless communications systems | |
US20040141489A1 (en) | Efficient polled frame exchange on a shared-communications channel | |
US9370031B2 (en) | Wireless network setup and configuration distribution system | |
CN113728577B (zh) | 用于使用选择性中继来构造协议数据单元的系统和方法 | |
JP2014529255A (ja) | 複数macアドレス解決仮想行程 | |
WO2021204083A1 (zh) | 一种电子设备的蓝牙组网方法及相关设备 | |
US20150043421A1 (en) | Wireless relay apparatus, communication system, and communication method | |
WO2021249474A1 (zh) | 承载配置方法、装置及终端 | |
WO2021204277A1 (zh) | 通信方法、装置及系统 | |
CN115396856A (zh) | 建立蓝牙链路的方法、装置、设备及存储介质 | |
WO2024088140A1 (zh) | 一种数据传输方法及装置 | |
US20220338288A1 (en) | Communication method and apparatus | |
WO2023093285A1 (zh) | 一种通信方法及终端 | |
WO2022242749A1 (zh) | 数据传输方法、通信装置、计算机可读存储介质和芯片 | |
WO2023024119A1 (zh) | 一种应用于短距无线通信的数据传输方法及通信装置 | |
WO2022198391A1 (zh) | 一种通信方法、通信装置及终端 | |
WO2021237753A1 (zh) | 通信方法及装置 | |
US10349456B2 (en) | Video communication system, video transmission terminal, video reception terminal, communication method, and recording medium | |
WO2023098209A1 (zh) | 一种数据传输保护方法、设备及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 23881718 Country of ref document: EP Kind code of ref document: A1 |