Security identity discovery and communication method
First Claim
Patent Images
1. A security identity discovery method, comprising:
- sending, by a first station, an identity discovery frame, wherein the identity discovery frame comprises an identity code of the first station and target station information, and the target station information comprises a first ciphertext;
receiving, by the first station, an identity authentication frame sent by a second station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext;
authenticating, by the first station, an identity of the second station based on the received identity authentication frame; and
sending, by the first station, an identity confirmation frame to the second station, wherein the identity confirmation frame comprises the identity code of the second station;
wherein the first ciphertext is calculated through a first default algorithm based on a medium access control (MAC) address of the first station and a MAC address of a target station to which the identity discovery frame is sentwherein the second ciphertext is calculated through a third default algorithm based on a MAC address of the second station and a third MAC address;
wherein the third MAC address is calculated by the second station through a second default algorithm based on the MAC address of the second station and the first ciphertext;
wherein the authenticating comprises;
calculating, by the first station, a fourth MAC address through a fourth default algorithm based on the MAC address of the first station and the second ciphertext, anddetermining whether the fourth MAC address matches the MAC address of the target station to which the identity discovery frame is sent.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a security identity discovery method, through hiding or omitting MAC addresses of the first station and a second station in a frame for identity discovery between the two stations, adopting identity codes to identify the identities of the two stations and authenticating the identities by using a ciphertext, improves the degree of privacy protection during identity discovery of the stations.
-
Citations
20 Claims
-
1. A security identity discovery method, comprising:
-
sending, by a first station, an identity discovery frame, wherein the identity discovery frame comprises an identity code of the first station and target station information, and the target station information comprises a first ciphertext; receiving, by the first station, an identity authentication frame sent by a second station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext; authenticating, by the first station, an identity of the second station based on the received identity authentication frame; and sending, by the first station, an identity confirmation frame to the second station, wherein the identity confirmation frame comprises the identity code of the second station; wherein the first ciphertext is calculated through a first default algorithm based on a medium access control (MAC) address of the first station and a MAC address of a target station to which the identity discovery frame is sent wherein the second ciphertext is calculated through a third default algorithm based on a MAC address of the second station and a third MAC address; wherein the third MAC address is calculated by the second station through a second default algorithm based on the MAC address of the second station and the first ciphertext; wherein the authenticating comprises; calculating, by the first station, a fourth MAC address through a fourth default algorithm based on the MAC address of the first station and the second ciphertext, and determining whether the fourth MAC address matches the MAC address of the target station to which the identity discovery frame is sent. - View Dependent Claims (2)
-
-
3. A security identity discovery method, comprising:
-
sending, by a first station, an identity discovery frame, wherein the identity discovery frame comprises an identity code of the first station and target station information, and the target station information comprises a first ciphertext; receiving, by the first station, an identity authentication frame sent by a second station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext; authenticating, by the first station, an identity of the second station based on the received identity authentication frame; and sending, by the first station, an identity confirmation frame to the second station, wherein the identity confirmation frame comprises the identity code of the second station; wherein the first ciphertext is calculated through a first algorithm based on a medium access control (MAC) address of the first station and a MAC address of a target station to which the identity discovery frame is sent, and wherein the target station information further comprises a first indicating bit, the first indicating bit providing an indication of the first algorithm; wherein the second ciphertext is calculated through a third algorithm based on a MAC address of the second station and a third MAC address, and wherein the identity authentication frame further comprises a second indicating bit, the second indicating bit providing an indication of the third algorithm; wherein the third MAC address is calculated by the second station through a second algorithm based on the MAC address of the second station and the first ciphertext; and wherein the authenticating comprises; determining, by the first station, a fourth algorithm based on the second indicating bit, calculating a fourth MAC address through the fourth algorithm based on the MAC address of the first station and the second ciphertext, and determining whether the fourth MAC address matches the MAC address of the target station to which the identity discovery frame is sent. - View Dependent Claims (4)
-
-
5. A security identity discovery method, comprising:
-
receiving, by a second station, an identity discovery frame from a first station, wherein the identity discovery frame comprises an identity code of the first station and target station information, the target station information comprising a first ciphertext; authenticating, by the second station, an identity of the first station based on the received identity discovery frame; sending, by the second station, an identity authentication frame to the first station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext; and receiving, by the second station, an identity confirmation frame from the first station, wherein the identity confirmation frame comprises the identity code of the second station; wherein the first ciphertext is calculated through a first default algorithm based on a medium access control (MAC) address of the first station and a MAC address of the target station to which the identity discovery frame is sent; wherein the authenticating comprises; calculating, by the second station, a third MAC address through a second default algorithm based on a MAC address of the second station and the first ciphertext, and determining whether the third MAC address matches a friend station of the second station; wherein sending the identity authentication frame to the first station is in response to determining that the third MAC address matches the friend station of the second station; and wherein the second ciphertext carried by the identity authentication frame is calculated through a third default algorithm based on the MAC address of the second station and the third MAC address. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A security identity discovery method, comprising:
-
receiving, by a second station, an identity discovery frame from a first station, wherein the identity discovery frame comprises an identity code of the first station and target station information, the target station information comprising a first ciphertext; authenticating, by the second station, an identity of the first station based on the received identity discovery frame; sending, by the second station, an identity authentication frame to the first station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext; and receiving, by the second station, an identity confirmation frame from the first station, wherein the identity confirmation frame comprises the identity code of the second station; wherein the first ciphertext is calculated through a first algorithm based on a medium access control (MAC) address of the first station and a MAC address of a target station to which the identity discovery frame is sent, the target station information further comprising a first indicating bit, the first indicating bit providing an indication of the first algorithm; wherein the authenticating comprises; determining, by the second station, a second algorithm based on the first indicating bit, calculating a third MAC address through the second algorithm based on a MAC address of the second station and the first ciphertext, and determining whether the third MAC address matches a friend station of the second station; and wherein sending the identity authentication frame is in response to determining that the third MAC address matches the friend station of the second station, wherein the identity authentication frame comprises the second ciphertext and a second indicating bit, the second ciphertext is calculated through an third algorithm based on the MAC address of the second station and the third MAC address, and the second indicating bit provides an indication of the third algorithm. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A security identity discovery method, comprising:
-
receiving, by a second station, an identity discovery frame from a first station, wherein the identity discovery frame comprises an identity code of the first station and target station information, the target station information comprising a first ciphertext; authenticating, by the second station, an identity of the first station based on the received identity discovery frame; sending, by the second station, an identity authentication frame to the first station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext; and receiving, by the second station, an identity confirmation frame from the first station, wherein the identity confirmation frame comprises the identity code of the second station; wherein the authenticating comprises; determining, by the second station, whether the first ciphertext is the same as a shared ciphertext, wherein the shared ciphertext is a ciphertext shared by the second station and a friend station of the second station; wherein the target station information further comprises partial medium access control (MAC) address information of a target station to which the identity discovery frame is sent, and the identity of the first station is authenticated by the second station based on the partial MAC address information matching the MAC address of the second station; and wherein the target station information further comprises a selection strategy indicating bit, the selection strategy indicating bit indicates an algorithm for selecting the partial MAC address information in the MAC address of the target station, the second station determines a selection algorithm of the partial MAC address information based on the selection strategy indicating bit, and the second station authenticates the identity of the first station based on the partial MAC address information matching the MAC address of the second station. - View Dependent Claims (16, 17)
-
-
18. A security identity first station, comprising a processor and a non-transitory processor-readable medium, the non-transitory processor-readable medium having processor-executable instructions stored thereon, the processor-executable instructions including a plurality of modules, the modules including:
-
a first sending module, configured to send an identity discovery frame, wherein the identity discovery frame comprises an identity code of the first station and target station information, and the target station information comprises a first ciphertext; a receiving module, configured to receive an identity authentication frame from a second station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext; an authenticating module, configured to authenticate an identity of the second station; and a second sending module, configured to send an identity confirmation frame to the second station, wherein the identity confirmation frame comprises the identity code of the second station; wherein the modules further comprise; a calculating module, configured to calculate the first ciphertext through a first default algorithm based on a medium access control (MAC) address of the first station and a MAC address of a target station to which the identity discovery frame is sent; wherein the calculating module is further configured to calculate a fourth MAC address through a fourth default algorithm based on the MAC address of the first station and the second ciphertext, wherein the second ciphertext is based on a third default algorithm, a MAC address of the second station and a third MAC address, and wherein the third MAC address is based on a second default algorithm, the MAC address of the second station and the first ciphertext; and wherein the authenticating module is configured to determine whether the fourth MAC address matches the target station to which the identity discovery frame is sent. - View Dependent Claims (19)
-
-
20. A security identity first station, comprising a processor and a non-transitory processor-readable medium, the non-transitory processor-readable medium having processor-executable instructions stored thereon, the processor-executable instructions including a plurality of modules, the modules including:
-
a first sending module, configured to send an identity discovery frame, wherein the identity discovery frame comprises an identity code of the first station and target station information, and the target station information comprises a first ciphertext; a receiving module, configured to receive an identity authentication frame from a second station, wherein the identity authentication frame comprises an identity code of the second station, the identity code of the first station and a second ciphertext; an authenticating module, configured to authenticate an identity of the second station; and a second sending module, configured to send an identity confirmation frame to the second station, wherein the identity confirmation frame comprises the identity code of the second station; wherein the modules further comprise; an encrypting module, configured to calculate the first ciphertext through a first algorithm based on a medium access control (MAC) address of the first station and a MAC address of the target station to which the identity discovery frame is sent; wherein the encrypting module is further configured to determine a fourth algorithm based on a second indicating bit of the identity authentication frame, and to calculate a fourth MAC address through the fourth algorithm based on the MAC address of the first station and the second ciphertext, wherein the second ciphertext is based on a third algorithm, a MAC adddress of the second station and a third MAC address, and wherein the third MAC address is based on a second algorithm, the MAC address of the second station and the first ciphertext; and wherein the authenticating module is configured to determine whether the fourth MAC address matches the target station to which the identity discovery frame is sent.
-
Specification