SECURITY IDENTITY DISCOVERY AND COMMUNICATION METHOD

US 20150012749A1
Filed: 09/25/2014
Published: 01/08/2015
Est. Priority Date: 04/11/2012
Status: Active Grant

First Claim

Patent Images

1. A security identity discovery method, comprising:

sending, by a first station, an identity discovery frame, wherein the identity discovery frame comprises an identity code of the first station and target station information, and the target station information comprises a first ciphertext;

receiving, by the first station, an identity authentication frame sent by a second station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext;

authenticating, by the first station, an identity of the second station based on the received identity authentication frame; and

sending, by the first station, an identity confirmation frame to the second station, wherein the identity confirmation frame comprises the identity code of the second station.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a security identity discovery method, through hiding or omitting MAC addresses of the first station and a second station in a frame for identity discovery between the two stations, adopting identity codes to identify the identities of the two stations and authenticating the identities by using a ciphertext, improves the degree of privacy protection during identity discovery of the stations.

25 Citations

View as Search Results

20 Claims

1. A security identity discovery method, comprising:
- sending, by a first station, an identity discovery frame, wherein the identity discovery frame comprises an identity code of the first station and target station information, and the target station information comprises a first ciphertext;
  
  receiving, by the first station, an identity authentication frame sent by a second station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext;
  
  authenticating, by the first station, an identity of the second station based on the received identity authentication frame; and
  
  sending, by the first station, an identity confirmation frame to the second station, wherein the identity confirmation frame comprises the identity code of the second station.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the first ciphertext is a ciphertext shared by the first station and the second station, and/or the second ciphertext is a ciphertext shared by the first station and the second station.
  - 3. The method of claim 1, wherein the authenticating comprises:
    - determining, by the first station, whether the second ciphertext is the same as a shared ciphertext, wherein the shared ciphertext is a ciphertext shared by the first station and a target station to which the identity discovery frame is sent.
  - 4. The method of claim 1, wherein the first ciphertext is calculated through a first default algorithm based on a medium access control (MAC) address of the first station and a MAC address of a target station to which the identity discovery frame is sent;
    - wherein the second ciphertext is calculated through a third default algorithm based on a MAC address of the second station and a third MAC address;
      
      wherein the third MAC address is calculated by the second station through a second default algorithm based on the MAC address of the second station and the first ciphertext; and
      
      wherein the authenticating comprises;
      
      calculating, by the first station, a fourth MAC address through a fourth default algorithm based on the MAC address of the first station and the second ciphertext, anddetermining whether the fourth MAC address matches the MAC address of the target station to which the identity discovery frame is sent.
  - 5. The method of claim 1, wherein the first ciphertext is calculated through a first algorithm based on a medium access control (MAC) address of the first station and a MAC address of a target station to which the identity discovery frame is sent, and wherein the target station information further comprises a first indicating bit, the first indicating bit providing an indication of the first algorithm;
    - wherein the second ciphertext is calculated through a third algorithm based on a MAC address of the second station and a third MAC address, and wherein the identity authentication frame further comprises a second indicating bit, the second indicating bit providing an indication of the third algorithm;
      
      wherein the third MAC address is calculated by the second station through a second algorithm based on the MAC address of the second station and the first ciphertext; and
      
      wherein the authenticating comprises;
      
      determining, by the first station, a fourth algorithm based on the second indicating bit,calculating a fourth MAC address through the fourth algorithm based on the MAC address of the first station and the second ciphertext, anddetermining whether the fourth MAC address matches the MAC address of the target station to which the identity discovery frame is sent.
  - 6. The method of claim 1, wherein the identity confirmation frame further comprises denial information, and the denial information indicates that the second station does not pass an identity authentication.

7. A security identity discovery method, comprising:
- receiving, by a second station, an identity discovery frame from a first station, wherein the identity discovery frame comprises an identity code of the first station and target station information, the target station information comprising a first ciphertext;
  
  authenticating, by the second station, an identity of the first station based on the received identity discovery frame;
  
  sending, by the second station, an identity authentication frame to the first station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext; and
  
  receiving, by the second station, an identity confirmation frame from the first station, wherein the identity confirmation frame comprises the identity code of the second station.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 8. The method of claim 7, wherein the first ciphertext is a ciphertext shared by the first station and the second station, and/or the second ciphertext is a ciphertext shared by the first station and the second station.
  - 9. The method of claim 7, wherein the authenticating comprises:
    - determining, by the second station, whether the first ciphertext is the same as a shared ciphertext, wherein the shared ciphertext is a ciphertext shared by the second station and a friend station of the second station.
  - 10. The method of claim 7, wherein the first ciphertext is calculated through a first default algorithm based on a medium access control (MAC) address of the first station and a MAC address of the target station to which the identity discovery frame is sent;
    - wherein the authenticating comprises;
      
      calculating, by the second station, a third MAC address through a second default algorithm based on a MAC address of the second station and the first ciphertext, and determining whether the third MAC address matches a friend station of the second station; and
      
      wherein sending the identity authentication frame to the first station is in response to determining that the third MAC address matches the friend station of the second station, wherein the second ciphertext carried by the identity authentication frame is calculated through a third default algorithm based on the MAC address of the second station and the third MAC address.
  - 11. The method of claim 7, wherein the first ciphertext is calculated through a first algorithm based on a medium access control (MAC) address of the first station and a MAC address of a target station to which the identity discovery frame is sent, the target station information further comprising a first indicating bit, the first indicating bit providing an indication of the first algorithm;
    - wherein the authenticating comprises;
      
      determining, by the second station, a second algorithm based on the first indicating bit,calculating a third MAC address through the second algorithm based on a MAC address of the second station and the first ciphertext, anddetermining whether the third MAC address matches a friend station of the second station; and
      
      wherein sending, the identity authentication frame is in response to determining that the third MAC address matches the friend station of the second station, wherein the identity authentication frame comprises the second ciphertext and a second indicating bit, the second ciphertext is calculated through an third algorithm based on the MAC address of the second station and the third MAC address, and the second indicating bit provides an indication of the third algorithm.
  - 12. The method of claim 9, wherein the target station information further comprises partial medium access control (MAC) address information of a target station to which the identity discovery frame is sent, and the identity of the first station is authenticated by the second station based on the partial MAC address information matching the MAC address of the second station.
  - 13. The method of claim 12, wherein the target station information further comprises a selection strategy indicating bit, the selection strategy indicating bit indicates an algorithm for selecting the partial MAC address information in the MAC address of the target station, the second station determines a selection algorithm of the partial MAC address information based on the selection strategy indicating bit, and the second station authenticates, the identity of the first station based on the partial MAC address information matching the MAC address of the second station.
  - 14. The method of claim 7, wherein the identity confirmation frame further comprises denial information, and the denial information indicates that the second station does not pass an identity authentication.
  - 15. The method of claim 14, further comprising:
    - recording, by the second station, the identity code of the first station in a stranger list; and
      
      discarding any data packet comprising the identity code of the first station for a period of time based on the identity code of the first station being in the stranger list.
  - 16. The method of claim 7, further comprising:
    - sending, by the second station, a data packet to the first station, wherein the data packet comprises sender address information and receiver address information, wherein the sender address information is the identity code of the second station, and wherein the receiver address information is the identity code of the first station; and
      
      extracting, based on digit numbers of the identity code exceeding digit numbers of a normal medium access control (MAC) address, a shortened identity code from the identity code, and adding the shortened identity code in address information corresponding to the data packet.

17. A security identity first station, comprising processor and a non-transitory processor-readable medium, the non-transitory processor-readable medium having processor-executable instructions stored thereon, the processor-executable instructions including a plurality of modules, the modules including:
- a first sending module, configured to send an identity discovery frame, wherein the identity discovery frame comprises an identity code of the first station and target station information, and the target station information comprises a first ciphertext;
  
  a receiving module, configured to receive an identity authentication frame from a second station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext;
  
  an authenticating module, configured to authenticate an identity of the second station; and
  
  a second sending module, configured to send an identity confirmation frame to the second station, wherein the identity confirmation frame comprises the identity code of the second station.
- View Dependent Claims (18, 19, 20)
- - 18. The first station of claim 17, wherein the modules further comprise:
    - a calculating module, configured to calculate the first ciphertext through a first default algorithm based on a medium access control (MAC) address of the first station and a MAC address of a target station to which the identity discovery frame is sent;
      
      wherein the calculating module is further configured to calculate a fourth MAC address through a fourth default algorithm based on the MAC address of the first station and the second ciphertext, wherein the second ciphertext is based on a third default algorithm, a MAC address of the second station and a third MAC address, and wherein the third MAC address is based on a second default algorithm, the MAC address of the second station and the first ciphertext; and
      
      wherein the authenticating module is configured to determine whether the fourth MAC address matches the target station to which the identity discovery frame is sent.
  - 19. The first station of claim 17, wherein the modules further comprise:
    - an encrypting module, configured to calculate the first ciphertext through a first algorithm based on a medium access control (MAC) address of the first station and a MAC address of the target station to which the identity discovery frame is sent;
      
      the encrypting module is further configured to determine a fourth algorithm based on a second indicating bit of the identity authentication frame, and to calculate a fourth MAC address through the fourth algorithm based on the MAC address of the first station and the second ciphertext, wherein the second ciphertext is based on a third algorithm, a MAC address of the second station and a third MAC address, and wherein the third MAC address is based on a second algorithm, the MAC address of the second station and the first ciphertext;
      
      wherein the authenticating module is configured to determine whether the fourth MAC address matches the target station to which the identity discovery frame is sent.
  - 20. The first station of claim 17, wherein the modules further comprise:
    - a third sending module, configured to send a data packet to the second station, wherein the data packet comprises sender address information and receiver address information, wherein the sender address information is the identity code of the first station, and the receiver address information is the identity code of the second station.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
YANG, Guorui, HUANG, Kaidi, XIA, Linfeng

Granted Patent

US 9,357,389 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 9/14   using a plurality of keys o...

H04L 9/32   including means for verifyi...

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

SECURITY IDENTITY DISCOVERY AND COMMUNICATION METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY IDENTITY DISCOVERY AND COMMUNICATION METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links