Token transmission method, device, and storage medium
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- BEIJING XIAOMI MOBILE SOFTWARE CO LTD
- Filing Date
- 2024-10-28
- Publication Date
- 2026-06-30
AI Technical Summary
In Bluetooth communication, the broadcaster's token needs to change frequently, but existing technologies have failed to effectively solve the problems of token transmission security and tamper resistance, especially preventing attack packets from being forged and tampered with by intermediate devices during the broadcast process.
The modified token is generated by the first device, and a feature value is generated using preset keywords and verification information. Combined with the timestamp and counter value, the token is generated and broadcast, and then verified by the second device to ensure the security and validity of the token.
It improves the security and stability of token transmission, prevents replay attacks, and ensures smooth authentication between communication devices.
Smart Images

Figure CN122319683A_ABST
Abstract
Description
Token transmission methods, devices, and storage media Technical Field
[0001] This disclosure relates to the field of communication technology, and in particular to a token transmission method, device, and storage medium. Background Technology
[0002] In the field of mobile communications, especially in the Bluetooth field, the broadcaster needs to change the token every time it broadcasts, and the changed token needs to be sent to the receiver before communication begins.
[0003] Summary of the Invention
[0004] This disclosure provides a token transmission method, device, and storage medium.
[0005] In a first aspect, embodiments of this disclosure provide a token transmission method, the method comprising:
[0006] The first device sends a modified first token, which is used for authentication when the first device and the second device communicate.
[0007] Secondly, embodiments of this disclosure provide a token transmission method, the method comprising:
[0008] The second device obtains the first token after the first device has changed it. The first token is used for authentication when the first device and the second device communicate.
[0009] Thirdly, embodiments of this disclosure provide a communication device for executing the token transmission method provided in the first and / or second aspects of embodiments of this disclosure.
[0010] Fourthly, embodiments of this disclosure provide a communication system, including a first device and a second device;
[0011] The first device is configured to implement the token transmission method provided in the first aspect of the present disclosure, and the second device is configured to implement the token transmission method provided in the second aspect of the present disclosure.
[0012] Fifthly, embodiments of this disclosure provide a storage medium storing instructions that, when executed on a communication device, cause the communication device to perform the token transmission method provided in the first and / or second aspects of embodiments of this disclosure.
[0013] In a sixth aspect, embodiments of this disclosure provide a program product, including at least one of a program and instructions, characterized in that, when the at least one of the program and instructions is executed by a communication device, it implements the token transmission method provided in the first aspect of embodiments of this disclosure, or implements the token transmission method provided in the second aspect of embodiments of this disclosure.
[0014] In a seventh aspect, embodiments of this disclosure provide a computer program product, which includes a computer program that, when executed by a processor, implements the method described in the first aspect or the method provided in the second aspect.
[0015] Eighthly, embodiments of this disclosure provide a chip or chip system. The chip or chip system includes processing circuitry configured to perform the method provided according to the first or second aspect described above.
[0016] It is understood that the aforementioned communication devices, communication systems, storage media, program products, computer programs, chips, or chip systems are all used to perform the methods provided in the embodiments of this disclosure.
[0017] Based on the token transmission method, device, and storage medium provided in the embodiments of this disclosure, a method for transmitting modified tokens between devices can be provided, which is beneficial to communication stability and accuracy.
[0018] Additional aspects and advantages of embodiments of this disclosure will be set forth in part in the description which follows, and will become apparent from the description or may be learned by practice of this disclosure. Attached Figure Description
[0019] To more clearly illustrate the technical solutions in the embodiments of this disclosure, the accompanying drawings required for the description of the embodiments are introduced below. The following drawings are only some embodiments of this disclosure and do not impose specific limitations on the protection scope of this disclosure.
[0020] Figure 1 is a schematic diagram of the architecture of a communication system according to an embodiment of the present disclosure;
[0021] Figure 2a is one of the interactive schematic diagrams of a token transmission method according to an embodiment of the present disclosure;
[0022] Figure 2b is a second interactive schematic diagram of a token transmission method according to an embodiment of the present disclosure;
[0023] Figure 2c is a third interactive schematic diagram of a token transmission method according to an embodiment of the present disclosure;
[0024] Figure 3 is a schematic flowchart of a token transmission method according to an embodiment of the present disclosure;
[0025] Figure 4 is a second schematic flowchart illustrating a token transmission method according to an embodiment of the present disclosure;
[0026] Figure 5 is a schematic diagram of the structure of a communication device according to an embodiment of the present disclosure;
[0027] Figure 6 is a second schematic diagram of the structure of a communication device according to an embodiment of the present disclosure;
[0028] Figure 7 is a third schematic diagram of the structure of a communication device according to an embodiment of the present disclosure;
[0029] Figure 8 is a schematic diagram of the structure of a chip according to an embodiment of the present disclosure. Detailed Implementation
[0030] This disclosure provides a token transmission method, device, communication system, and storage medium.
[0031] In a first aspect, embodiments of this disclosure provide a token transmission method, including:
[0032] The first device sends a modified first token, which is used for authentication when the first device and the second device communicate.
[0033] In the above embodiments, the first device can promptly synchronize the modified first token to the second device by sending the modified first token, thereby enabling the first device and the second device to complete the authentication for communication again. This not only improves the token change process but also helps to ensure communication between the first device and the second device.
[0034] In conjunction with some embodiments of the first aspect, in some embodiments, the first device sends the first token, including one or more of the following:
[0035] The first device sends the first token to the third device so that the second device can obtain the first token from the third device;
[0036] The first device sends the first token to the second device through a communication connection established with the second device.
[0037] The first device sends a broadcast message, which includes the first token.
[0038] In the above embodiments, the first device can select multiple token sending methods according to the actual communication scenario, which helps to ensure the effective transmission of the changed first token, thereby improving communication stability and the transmission effectiveness of the changed first token.
[0039] In conjunction with some embodiments of the first aspect, in some embodiments the above method further includes:
[0040] A first feature value is generated based on the first verification information and the preset keywords;
[0041] The first token is generated based on the first feature value and the first verification information.
[0042] The aforementioned preset keyword is negotiated in advance by the aforementioned first device and the aforementioned second device, and the aforementioned first feature value and the aforementioned first verification information are used to verify the aforementioned first token.
[0043] In the above embodiments, the first device generates a first feature value using a preset keyword and first verification information, and generates a first token using the passed first feature value and first verification information, thereby improving the security and tamper resistance of the token. Simultaneously, the first verification information and first feature value can be used by the second device to verify the first token, which helps prevent replay attacks and improves the security and effectiveness of token transmission.
[0044] In conjunction with some embodiments of the first aspect, in some embodiments, the first verification information mentioned above includes one or more of the following:
[0045] First value;
[0046] The first identifier is used to identify the first algorithm that generates the first feature value;
[0047] The first value mentioned above includes one or more of the following:
[0048] First random number;
[0049] Timestamp;
[0050] The value of the counter.
[0051] In the above embodiments, the first device can generate the first token through different verification information, which is beneficial to further improve the complexity and security of token generation. Furthermore, using timestamp and / or random number and / or counter values can more effectively prevent replay attacks and improve transmission security.
[0052] Secondly, embodiments of this disclosure propose a token transmission method, including:
[0053] The second device obtains the first token modified by the first device, and the first token is used for authentication when the first device and the second device communicate.
[0054] In the above embodiments, the first device can promptly synchronize the modified first token to the second device by sending the modified first token, thereby enabling the first device and the second device to complete the authentication for communication again. This not only improves the token change process but also helps to ensure communication between the first device and the second device.
[0055] In conjunction with some embodiments of the second aspect, in some embodiments, the first device acquires the first token by one or more of the following:
[0056] The second device obtains the first token from the third device, and the first token is obtained by the third device from the first device.
[0057] The second device obtains the first token from the first device through a communication connection established with the first device.
[0058] The second device receives a broadcast message sent by the first device, the broadcast message including the first token.
[0059] In the above embodiments, the second device can receive the modified first token in the actual communication scenario, which helps to ensure the effective acquisition of the modified first token, thereby improving communication stability and the transmission effectiveness of the modified first token.
[0060] In conjunction with some embodiments of the first aspect, in some embodiments, the first algorithm described above is obtained by the first device from the fourth device.
[0061] In conjunction with some embodiments of the second aspect, in some embodiments the above method further includes:
[0062] Verify the first token mentioned above;
[0063] If the first token passes verification, authentication is performed using the first token before the first device.
[0064] In the above embodiments, the second device can effectively verify whether the first token is trustworthy by verifying the first token, which helps to prevent the token from being forged or tampered with, thereby improving communication security.
[0065] In conjunction with some embodiments of the second aspect, in some embodiments, the above-mentioned verification of the first token includes:
[0066] The first verification information and the first feature value are determined based on the first token. The first feature value is generated by the first device based on the first verification information and the preset keyword. The preset keyword is negotiated in advance by the first device and the second device.
[0067] A second feature value is generated based on the first verification information and the preset keywords mentioned above.
[0068] If the first feature value and the second feature value are the same, the first token is determined to have passed the verification; if the first feature value and the second feature value are not the same, the first token is determined to have failed the verification.
[0069] In the above embodiments, the second device can use the same feature value determination method to determine the second feature value, and then determine whether the first token passes the verification by whether the first feature value and the second feature value are consistent, thereby realizing the security and tamper-proof verification of the first token, which helps to prevent replay attacks and improve the transmission security and effectiveness of the token.
[0070] In conjunction with some embodiments of the second aspect, in some embodiments, the first verification information mentioned above includes one or more of the following:
[0071] First value;
[0072] The first identifier is used to identify the first algorithm that generates the first feature value;
[0073] The first value mentioned above includes one or more of the following:
[0074] First random number;
[0075] Timestamp;
[0076] The value of the counter.
[0077] In the above embodiments, the first device can generate the first token through different verification information, which is beneficial to further improve the complexity and security of token generation. Furthermore, using timestamp and / or random number and / or counter values can more effectively prevent replay attacks and improve transmission security.
[0078] In conjunction with some embodiments of the second aspect, in some embodiments, the second feature value is generated according to the first algorithm; the first algorithm is obtained by the second device from the first device, or by the second device from the fourth device.
[0079] Thirdly, embodiments of this disclosure provide a communication device for performing the methods described in the first aspect, the second aspect, optional embodiments of the first aspect, and optional embodiments of the second aspect.
[0080] Fourthly, embodiments of this disclosure provide a communication system, including a first device and a second device;
[0081] The first device is configured to implement the token transmission method provided by the first aspect and optional embodiments thereof, and the second device is configured to implement the token transmission method provided by the second aspect and optional embodiments thereof.
[0082] Fifthly, embodiments of this disclosure provide a storage medium storing instructions that, when executed on a communication device, cause the communication device to perform the methods described in the first aspect, the second aspect, optional embodiments of the first aspect, and optional embodiments of the second aspect.
[0083] In a sixth aspect, embodiments of this disclosure provide a program product that, when executed by a communication device, causes the communication device to perform the methods described in the first aspect, the second aspect, optional embodiments of the first aspect, and optional embodiments of the second aspect.
[0084] In a seventh aspect, embodiments of this disclosure provide a computer program that, when run on a computer, causes the computer to perform the methods described in the first aspect, the second aspect, optional embodiments of the first aspect, and optional embodiments of the second aspect.
[0085] Eighthly, embodiments of this disclosure provide a chip or chip system. The chip or chip system includes processing circuitry configured to perform the methods described in the first aspect, the second aspect, optional embodiments of the first aspect, and optional embodiments of the second aspect.
[0086] It is understood that the aforementioned first device, second device, communication system, communication equipment, storage medium, program product, computer program, chip, or chip system are all used to perform the methods proposed in the embodiments of this disclosure. Therefore, the beneficial effects that can be achieved can be referred to the beneficial effects in the corresponding methods, and will not be repeated here.
[0087] This disclosure is not exhaustive, but merely illustrative of some embodiments, and is not intended to limit the scope of protection of this disclosure. Unless otherwise specified, each step in a particular embodiment can be implemented as an independent embodiment, and the steps can be arbitrarily combined. For example, a solution after removing some steps in a particular embodiment can also be implemented as an independent embodiment, and the order of the steps in a particular embodiment can be arbitrarily interchanged. Furthermore, the optional implementation methods in a particular embodiment can be arbitrarily combined; moreover, the embodiments can be arbitrarily combined, for example, some or all steps of different embodiments can be arbitrarily combined, and a particular embodiment can be arbitrarily combined with the optional implementation methods of other embodiments. In all embodiments of this disclosure, unless otherwise specified or logically conflicting, the terminology and / or descriptions between the embodiments are consistent and can be mutually referenced. Technical features in different embodiments can be combined to form new embodiments based on their inherent logical relationships.
[0088] The terminology used in the embodiments of this disclosure is for the purpose of describing particular embodiments only and is not intended to limit the scope of this disclosure.
[0089] In this embodiment of the disclosure, unless otherwise stated, elements expressed in the singular form, such as "a," "an," "the," "the," "the," "the," "the," "the," "this," etc., can mean "one and only one," or "one or more," "at least one," etc. For example, when using articles such as "a," "an," "the," etc. in translation, the noun following the article can be understood as either a singular expression or a plural expression.
[0090] In the embodiments disclosed herein, "multiple" refers to two or more.
[0091] In some embodiments, the terms “at least one of,” “one or more,” “a plurality of,” and “multiple” can be used interchangeably.
[0092] In some embodiments, the notation "at least one of A and B", "A and / or B", "A in one case, B in another", "in response to one case A, in response to another case B", etc., may include the following technical solutions depending on the situation: in some embodiments, A (execute A regardless of B); in some embodiments, B (execute B regardless of A); in some embodiments, execution is selected from A and B (A and B are selectively executed); in some embodiments, A and B (both A and B are executed). The same applies when there are more branches such as A, B, C, etc.
[0093] In some embodiments, the notation "A or B" may include the following technical solutions, depending on the situation: in some embodiments, A (execution of A regardless of B); in some embodiments, B (execution of B regardless of A); in some embodiments, execution is selected from A and B (A and B are selectively executed). The same applies when there are more branches such as A, B, C, etc.
[0094] The prefixes "first," "second," etc., used in the embodiments of this disclosure are merely for distinguishing different descriptive objects and do not impose restrictions on the position, order, priority, quantity, or content of the descriptive objects. The description of the descriptive objects is found in the claims or the context of the embodiments, and the use of prefixes should not constitute unnecessary restrictions. For example, if the descriptive object is a "field," the ordinal numbers preceding "field" in "first field" and "second field" do not restrict the position or order of the "fields." "First" and "second" do not restrict whether the "fields" they modify are in the same message, nor do they restrict the order of "first field" and "second field." Similarly, if the descriptive object is a "level," the ordinal numbers preceding "level" in "first level" and "second level" do not restrict the priority between "levels." Furthermore, the number of descriptive objects is not limited by ordinal numbers and can be one or more. For example, in "first device," the number of "devices" can be one or more. Furthermore, the objects modified by different prefixes can be the same or different. For example, if the object being described is "device", then "first device" and "second device" can be the same device or different devices, and their types can be the same or different. Similarly, if the object being described is "information", then "first information" and "second information" can be the same information or different information, and their content can be the same or different.
[0095] In some embodiments, “including A,” “containing A,” “for indicating A,” and “carrying A” can be interpreted as directly carrying A or indirectly indicating A.
[0096] In some embodiments, terms such as "time / frequency" and "time-frequency domain" refer to the time domain and / or frequency domain.
[0097] In some embodiments, the terms “in response to…”, “in response to determining…”, “in the case of…”, “when…”, “if…”, “if…”, etc., can be used interchangeably.
[0098] In some embodiments, the terms “greater than,” “greater than or equal to,” “not less than,” “more than,” “more than or equal to,” “not less than,” “higher than,” “higher than or equal to,” “not lower than,” and “above” can be used interchangeably, as can the terms “less than,” “less than or equal to,” “not greater than,” “less than,” “less than or equal to,” “not more than,” “lower than,” “lower than or equal to,” “not higher than,” and “below”.
[0099] In some embodiments, devices, etc., can be interpreted as physical or virtual, and their names are not limited to the names recorded in the embodiments. Terms such as “device”, “equipment”, “circuit”, “network element”, “node”, “function”, “unit”, “section”, “system”, “network”, “chip”, “chip system”, “entity”, and “subject” can be used interchangeably.
[0100] In some embodiments, the acquisition of data, information, etc., may comply with the laws and regulations of the country where the location is situated.
[0101] In some embodiments, data, information, etc., may be obtained with the user's consent.
[0102] Furthermore, each element, each row, or each column in the table of this disclosure can be implemented as an independent embodiment, and any combination of any element, any row, or any column can also be implemented as an independent embodiment.
[0103] Currently, the Bluetooth standards organization is discussing and developing the broadcast packet format for waking up devices or groups of devices via Bluetooth broadcast. One key field is the definition and use of the "token." The current requirement is that the token changes with each broadcast, and the receiver must be able to identify that the token comes from a trusted wake-up requester (i.e., the broadcaster), and not from an attack packet from an intermediate device. The working group has not yet found a suitable method for this.
[0104] To address the aforementioned technical problems, the token transmission method provided in this disclosure will be further described below with reference to the accompanying drawings.
[0105] Figure 1 is a schematic diagram of the architecture of a communication system according to an embodiment of the present disclosure.
[0106] As shown in Figure 1, the communication system 100 includes a first device 101 and a second device 102.
[0107] In this embodiment of the disclosure, the first device 101 is the broadcaster, and the second device 102 is the receiver. The first device 101 can be any device that sends broadcast signals or data, and the second device 102 can be any device that receives broadcast signals or data; there are no restrictions on this.
[0108] In some embodiments, the first device 101 and the second device 102 may include at least one of the following: mobile phone, wearable device, Internet of Things device, car with communication function, smart car, tablet computer, computer with wireless transceiver function, virtual reality (VR) terminal device, augmented reality (AR) terminal device, wireless terminal device in industrial control, wireless terminal device in self-driving, wireless terminal device in remote medical surgery, wireless terminal device in smart grid, wireless terminal device in transportation safety, wireless terminal device in smart city, and wireless terminal device in smart home, but are not limited thereto.
[0109] In some embodiments, the terms "terminal", "terminal device", "user equipment (UE)", "user terminal", "mobile station (MS)", "mobile terminal (MT)", "subscriber station", "mobile unit", "subscriber unit", "wireless unit", "remote unit", "mobile device", "wireless device", "wireless communication device", "remote device", "mobile subscriber station", "access terminal", "mobile terminal", "wireless terminal", "remote terminal", "handset", "user agent", "mobile client", and "client" can be used interchangeably.
[0110] In some embodiments, the terminal may be replaced by an access network device, a core network device, or a network device. In this case, the access network device, core network device, or network device may also be configured to have all or some of the functions of the terminal.
[0111] The first device 101 and the second device 102 can support Long Term Evolution (LTE), LTE-Advanced (LTE-A), LTE-Beyond (LTE-B), SUPER 3G, IMT-Advanced, 4th generation mobile communication system (4G), 5th generation mobile communication system (5G), 5G New Radio (NR), Future Radio Access (FRA), New-Radio Access Technology (RAT), New Radio (NR), New Radio Access (NX), Future Generation Radio Access (FX), Global System for Mobile Communications (GSM), CDMA2000, Ultra Mobile Broadband (UMB), IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802.20, and Ultra-Wideband. Band (UWB), Bluetooth (registered trademark), Public Land Mobile Network (PLMN) networks, Device-to-Device (D2D) systems, Machine-to-Machine (M2M) systems, Internet of Things (IoT) systems, Vehicle-to-Everything (V2X) systems, and next-generation systems built upon them. Furthermore, multiple systems can be combined (e.g., a combination of LTE or LTE-A with 5G).
[0112] It is understood that the communication system described in this disclosure is for the purpose of more clearly illustrating the technical solutions of this disclosure, and does not constitute a limitation on the technical solutions proposed in this disclosure. As those skilled in the art will know, with the evolution of system architecture and the emergence of new business scenarios, the technical solutions proposed in this disclosure are also applicable to similar technical problems.
[0113] The following embodiments of this disclosure can be applied to the communication system 100 shown in FIG1, or to some of the main bodies, but are not limited thereto. The main bodies shown in FIG1 are illustrative. The communication system may include all or some of the main bodies in FIG1, or may include other main bodies outside of FIG1. The number and form of each main body are arbitrary. Each main body may be physical or virtual. The connection relationship between the main bodies is illustrative. The main bodies may not be connected or may be connected. The connection can be in any way, it can be a direct connection or an indirect connection, it can be a wired connection or a wireless connection.
[0114] Figure 2a is one of the interactive schematic diagrams of a token transmission method according to an embodiment of the present disclosure. As shown in Figure 2a, the present disclosure relates to a token transmission method, which includes:
[0115] Step S201: The first device determines the first token.
[0116] In this embodiment of the disclosure, when the first device determines that the token used for authentication with the second device needs to be changed, it can generate a modified first token.
[0117] Specifically, the first device can generate a first feature value based on the first verification information and a preset keyword, and then generate a first token based on the first feature value and the first verification information.
[0118] In this embodiment of the disclosure, the first verification information includes one or more of the first value or the first identifier.
[0119] The first value includes one or more of the following: a first random number (rand), a timestamp, or a counter value.
[0120] The first random number is an arbitrary random number randomly determined by the first device when determining the modified first token.
[0121] The timestamp is used for time synchronization between the first device and the second device.
[0122] The counter is used to record communication activities between the first device and the second device, such as the number of times a connection is established, the number of times data is transmitted, or the duration of the connection, without any limitation.
[0123] The first identifier is used to identify the first algorithm that generates the first feature value. This algorithm can be a default algorithm pre-negotiated between the first device and the second device, or an algorithm specified by the first device. The first identifier can be an algorithm index or an identifier that uniquely identifies different algorithms; there are no restrictions on this.
[0124] In this context, the first device may use different algorithms to generate the changed token each time it determines the changed token, or it may use the same algorithm to generate it; there is no restriction on this.
[0125] The first feature value and the first verification information are used to verify the first token.
[0126] In this embodiment of the disclosure, the first device can generate a first feature value based on the first verification information and the preset keyword.
[0127] When generating the first feature value based on the first verification information and the preset keyword, the first device can process the first verification information and the preset keyword using a default algorithm or an algorithm specified by the first device to obtain the first feature.
[0128] As an example, if the default keyword is KEY and the first verification information is A, then the first feature value Value = Algorithm(KEY, A).
[0129] Here, Algorithm is the algorithm for generating the first feature value.
[0130] The preset keyword can be a string pre-negotiated between the first device and the second device, and there are no restrictions on it.
[0131] As an example, the first verification information may include a first value.
[0132] For example, if the first verification information includes the first random number Rand, then the first feature value Value = Algorithm(KEY, Rand).
[0133] For example, if the first verification information includes a timestamp T, then the first feature value Value = Algorithm(KEY,T).
[0134] For example, if the first verification information includes the value C of the counter, then the first feature value Value = Algorithm(KEY, C).
[0135] For example, if the first verification information includes the first random number Rand and the timestamp T, then the first feature value Value = Algorithm(KEY, Rand + T).
[0136] For example, if the first verification information includes the first random number Rand and the value of the counter C, then the first feature value Value = Algorithm(KEY, Rand + C).
[0137] For example, if the first verification information includes a timestamp T and a counter value C, then the first feature value Value = Algorithm(KEY, T+C).
[0138] For example, the first verification information may include a first random number Rand, a timestamp T, and a counter value C, then the first feature value Value = Algorithm(KEY, Rand + T + C).
[0139] As an example, the first verification information can be the first identifier Index, and the first feature value Value = Algorithm(KEY, Index).
[0140] As an example, the first verification information includes a first identifier and a first value.
[0141] For example, if the first value includes the first random number Rand, then the first feature value Value = Algorithm(KEY, Rand + Index).
[0142] For example, if the first value includes the timestamp T, then the first feature value Value = Algorithm(KEY, T+Index).
[0143] For example, if the first value includes the counter value C, then the first feature value Value = Algorithm(KEY, C+Index).
[0144] For example, if the first value includes the first random number Rand and the timestamp T, then the first feature value Value = Algorithm(KEY, Rand + T + Index).
[0145] For example, if the first value includes the first random number Rand and the counter value C, then the first feature value Value = Algorithm(KEY, Rand + C + Index).
[0146] For example, if the first value includes the timestamp T and the counter value C, then the first feature value Value = Algorithm(KEY, T+C+Index).
[0147] For example, if the first value includes the first random number Rand, the timestamp T, and the counter value C, then the first feature value Value = Algorithm(KEY, Rand + T + C + Index).
[0148] In the above formulas, the plus sign "+" can represent a summation method or a concatenation method, and there is no restriction here.
[0149] In this embodiment of the disclosure, when concatenating one value with another, the order in which they are concatenated is not restricted.
[0150] In this embodiment, the algorithm for generating the first feature value can be a concatenation algorithm, which involves concatenating a preset keyword KEY with the first verification information A to obtain the first feature value. In this case, the first identifier is used to identify the concatenation algorithm used.
[0151] Optionally, the algorithm for generating the first feature value can be a serialization algorithm, which involves concatenating and serializing the preset keyword KEY and the first verification information A to obtain the first feature value. In this case, the first identifier is used to identify the serialization algorithm used.
[0152] Optionally, the algorithm for generating the first feature value can be an encoding algorithm, which involves concatenating the preset keyword KEY and the first verification information A, and then using an encoding algorithm to encode the concatenated sequence to obtain the first feature value. In this case, the first identifier is used to identify the encoding algorithm used.
[0153] Alternatively, the preset keyword KEY and the first verification information A are concatenated, and a hash algorithm is used to encode the concatenated sequence to obtain the first feature value. In this case, the first identifier is used to identify the hash algorithm used.
[0154] Optionally, the algorithm for generating the first feature value can be an encryption algorithm, which involves concatenating a preset keyword KEY and the first verification information A, and then encrypting the concatenated sequence using a key to obtain the first feature value. In this case, the first identifier is used to identify the encryption algorithm used.
[0155] The key used by the first device to generate the first feature value is negotiated in advance by the first device and the second device. It can be the MAC address of the first device, the MAC address of the second device, or other keys, without any restrictions.
[0156] In this embodiment of the disclosure, the first device can generate a first token based on a first feature value and first verification information, such as by concatenating the first feature value and the first verification information to obtain the first token, or by processing the first feature value and the first verification information according to a processing method pre-negotiated with the second device to obtain the first token.
[0157] For example, the first device can concatenate the first feature value and the first verification information to obtain the first token, where the first token = Value + A, or the concatenation process can be represented as Value||A in the program.
[0158] The first feature value and the first verification information occupy the high byte position and the low byte position of the first token, respectively, or they occupy the low byte position and the high byte position of the first token, respectively, without any restriction.
[0159] As an example, the first verification information can be the first value.
[0160] For example, the first verification information may include a first random number.
[0161] For example, the first verification information may include a timestamp.
[0162] For example, the first verification information may include the value of the counter.
[0163] For example, the first verification information may include a first random number and a timestamp, or it may include the first random number and the value of a counter, or it may include the timestamp and the value of a counter, or it may include the first random number, the timestamp, and the value of a counter, without any limitation.
[0164] As an example, the first verification information may include a first identifier.
[0165] As an example, the first verification information may include a first identifier and a first value.
[0166] For example, the first value is a first random number, and the first verification information may include a first identifier and a first value.
[0167] For example, the first value is a timestamp, and the first verification information may include a first identifier and a timestamp.
[0168] For example, the first value is the value of the counter, and the first verification information may include the first identifier and the value of the counter.
[0169] When the first verification information includes multiple items from the first random number, timestamp, first identifier, and counter value, the first verification information can be the result of concatenating multiple items, and the concatenation order is not restricted.
[0170] Optionally, when the first device generates the first token based on the first feature value and the first verification information, it may also concatenate or perform an "OR" operation on the first identifier, the first feature value, and the first verification information to obtain the first token.
[0171] In this embodiment of the disclosure, when the first device generates the first feature value using the algorithm specified by the first device, if the first verification information includes the first identifier, the first device can generate the first token based on the first feature value and the first verification information; if the first verification information does not include the first identifier, the first device can generate the first token based on the first identifier, the first feature value, and the first verification information.
[0172] When the first device uses the default algorithm to determine the first feature value, the first verification information may include the first identifier corresponding to the default algorithm, or it may not include the first identifier corresponding to the default algorithm; no restriction is imposed here.
[0173] In this embodiment of the disclosure, when the first device generates the first token based on the first feature value and the first verification information, after concatenating the first feature value and the first verification information, it can also use a serialization algorithm to serialize the concatenated sequence to obtain the first token, or it can use a key to encrypt the concatenated sequence to obtain the first token, so as to further enhance the transmission security of the first token.
[0174] The key used by the first device to generate the first token is negotiated in advance by the first device and the second device. It can be the MAC address of the first device, the MAC address of the second device, or other keys, without any restrictions.
[0175] Step S202: The first device sends a broadcast message.
[0176] In this embodiment of the disclosure, after the first device determines the first token, it can send a broadcast message that includes the first token, so that the second device can detect the broadcast message and obtain the first token.
[0177] In this embodiment of the disclosure, the broadcast message can be a Wake-up Radio frame (WuR) frame used to wake up the second device. That is, the first device can carry a modified first token when waking up the second device.
[0178] The WuR frame includes a token information field, which contains the modified first token.
[0179] Alternatively, the broadcast message may be any signaling or radio frame that the second device can hear, without any restrictions.
[0180] In step S203, the second device obtains the first token from the broadcast message.
[0181] In this embodiment of the disclosure, after the second device detects the broadcast message sent by the first device, it can obtain the first token from the broadcast message.
[0182] As an example, after the second device detects the WuR frame, it can obtain the first token from the WuR frame.
[0183] Step S204: The second device verifies the first token.
[0184] In this embodiment of the disclosure, after obtaining the first token, the second device can verify the first token to determine its validity, so as to prevent the first token from being forged by an attack packet from an intermediate device.
[0185] In this embodiment of the disclosure, when the second device verifies the first token, the second device can determine the first verification information and the first feature value.
[0186] Specifically, when the first device concatenates the first feature value and the first verification information to obtain the first token, the second device can split the first token to obtain the first feature value and the first verification information.
[0187] Optionally, if the first device concatenates the first feature value and the first verification information and uses a serialization algorithm to serialize the concatenated sequence to obtain the first token, the second device can use a corresponding deserialization algorithm to process the first token to obtain the first feature value and the first verification information.
[0188] The serialization algorithm and the corresponding deserialization algorithm used by the first device to generate the first token are negotiated in advance by the first device and the second device. That is, the deserialization algorithm used to deserialize the first token is determined before the second device obtains the first token.
[0189] Optionally, if the first device encrypts the concatenated sequence of the first feature value and the first verification information using a key to obtain the first token, the second device can decrypt the first token using a corresponding key to obtain the first verification information and the first feature value.
[0190] The key used by the first device to generate the first token is negotiated in advance by the first device and the second device. That is, the key to decrypt the first token is determined before the second device obtains the first token. This key can be the MAC address of the first device, the MAC address of the second device, or other keys, without any restrictions.
[0191] Furthermore, when the first token is determined by the first device based on the first identifier, the first verification information, and the first feature value, the first identifier can be determined simultaneously with the determination of the first verification information and the first feature value. Based on this, the second device can process the preset keyword and the first verification information according to the first algorithm corresponding to the first identifier to obtain the second feature value.
[0192] When the first token is determined by the first device based on the first verification information and the first feature value, if the first verification information includes the first identifier, the second device can process the preset keyword and the first verification information according to the first algorithm corresponding to the first identifier to generate the second feature value. If the first verification information does not include the first identifier, the second device can process the preset keyword and the first verification information according to a default algorithm pre-negotiated with the first device to obtain the second feature value.
[0193] In this scenario, the second device can compare the first feature value and the second feature value. If the first feature value and the second feature value match, the first token is determined to have passed verification and is trustworthy, meaning it was sent by the first device. If the first feature value and the second feature value do not match, the first token is determined to have failed verification, meaning it was carried in an attack packet sent by another attacking device.
[0194] In some embodiments, the process by which the second device processes the first verification information and the preset keyword according to the algorithm corresponding to the first identifier to obtain the second feature value can be found in the steps and optional implementation methods of other embodiments recorded before or after this embodiment, as well as the method of determining the first feature value involved in other related parts of the specification, which will not be repeated here.
[0195] In this embodiment of the disclosure, when the first verification information includes a timestamp, the second device determines whether the timestamp in the first verification information meets a first condition with the local time. If it is determined that the timestamp in the first verification information meets the first condition with the local time, the second device determines a second feature value and compares the first feature value with the second feature value to verify the first token. If it does not meet the first condition, it can be directly determined that the first token has failed verification.
[0196] The first condition may include the time interval between the timestamp in the first verification information and the local time being less than or equal to a preset threshold, that is, the second device determines the second feature value when it determines that the timestamp in the first verification information is close to the local time.
[0197] In this embodiment of the disclosure, if the first verification information includes the value of a counter, and the counter of the first device and the local counter of the second device are synchronized before the first device sends the first token, the second device can determine whether the value of the local counter is consistent with the value of the counter in the first verification information. If the value of the local counter is consistent with the value of the counter in the first verification information, the second device determines a second feature value and compares the first feature value with the second feature value to verify the first token. If the value of the local counter is inconsistent with the value of the counter in the first verification information, the second device can directly determine that the first token has failed verification.
[0198] In this embodiment of the disclosure, if the first verification information includes a timestamp and a counter value, and the counter of the first device and the local counter of the second device are synchronized before the first device sends the first token, the second device determines whether the timestamp in the first verification information meets a first condition with the local time, and determines whether the value of the local counter is consistent with the value of the counter in the first verification information. If the timestamp in the first verification information does not meet the first condition with the local time, and / or the value of the local counter is inconsistent with the value of the counter in the first verification information, then it can be directly determined that the first token has failed verification. If the timestamp in the first verification information meets the first condition with the local time, and the value of the local counter is consistent with the value of the counter in the first verification information, the second device determines a second feature value, and compares the first feature value with the second feature value to verify the first token.
[0199] The counters of the first and second devices can be monotonically increasing and cyclically increasing within a certain range. For example, if the counter value occupies one byte, it increases within the range of 0-255, and when it reaches 255, it restarts from 0.
[0200] The counters of the first device and the second device are synchronized, meaning that the values of the counters of the first device and the second device are consistent when the communication process before the first device sends a broadcast message ends.
[0201] Constructing a first feature value based on the timestamp and / or counter value and verifying the first token can effectively prevent replay attacks and improve communication stability.
[0202] In this embodiment of the disclosure, the first device can generate a first feature value using any algorithm and indicate it using a first identifier.
[0203] In this embodiment of the disclosure, the first algorithm used by the first device to generate the first feature value is obtained by the first device from the fourth device, that is, downloaded from the third-party device. The fourth device (third-party device) can be a server or other devices, and there is no limitation on it here.
[0204] Furthermore, the second device also uses the first algorithm when generating the second feature value, and the second device can obtain it in advance from the first device or from the fourth device.
[0205] As an example, the first device and the second device may synchronize an algorithm set during the previous communication. This algorithm set includes a default algorithm and at least one other algorithm. In this case, after obtaining the first token, the second device may determine a first identifier and use the first identifier to determine the algorithm used to generate the second feature from the algorithm set (i.e., the algorithm used by the first device to generate the first feature value), or, if the first identifier is not determined, use the default algorithm from the algorithm set as the algorithm to generate the second feature value (i.e., the algorithm used by the first device to generate the first feature value).
[0206] As an example, the first device pre-downloads an algorithm set from the fourth device, which includes a default algorithm and at least one other algorithm, and generates a first token based on any of these algorithms. The second device pre-downloads the same algorithm set from the fourth device. After obtaining the first token and determining the first identifier, it can use the algorithm corresponding to the first identifier in the algorithm set to generate a second feature value, or, if the first identifier is not determined, use the default algorithm in the algorithm set to generate the second feature value.
[0207] Each algorithm downloaded by the first and second devices can exist and be transmitted in the form of a binary executable program file, which helps to improve download security. Furthermore, the synchronization of algorithms between the first and second devices from the fourth device (third-party device) can effectively reduce the possibility of the algorithm being cracked, further enhancing the transmission security of the first token.
[0208] Step S205: If the first token passes verification, the first device and the second device communicate for authentication based on the first token.
[0209] In this embodiment of the disclosure, if the first token passes verification, the first device and the second device can authenticate each other using the modified first token before communicating, thereby improving communication stability and efficiency.
[0210] The token transmission method disclosed in this embodiment may include at least one of steps S201-S205. For example, step S201 may be implemented as a standalone embodiment, step S202 may be implemented as a standalone embodiment, step S203 may be implemented as a standalone embodiment, step S204 may be implemented as a standalone embodiment, step S205 may be implemented as a standalone embodiment, steps S201-S202 may be implemented as standalone embodiments, steps S202-S203 may be implemented as standalone embodiments, and steps S202-S204 may be implemented as standalone embodiments, but is not limited thereto.
[0211] Figure 2b is a second interactive schematic diagram of a token transmission method according to an embodiment of the present disclosure. As shown in Figure 2b, the embodiments of the present disclosure relate to a token transmission method, which includes:
[0212] Step S211: The first device determines the first token.
[0213] In this embodiment, the specific process by which the first device determines the first token can be found in the steps and optional implementations of other embodiments described before or after this embodiment, as well as other related parts of the specification, which will not be repeated here.
[0214] In step S212, the first device sends a first token to the second device through the communication connection established with the second device.
[0215] In this embodiment of the disclosure, when the first device has established a communication connection with the second device and the second device is in a wake-up state, the first device can directly send the first token to the second device through the communication connection established with the second device.
[0216] In other words, the second device can obtain the modified first token from the first device in real time through the communication connection established with the first device.
[0217] Step S213: The second device verifies the first token.
[0218] In this embodiment, the specific process by which the second device verifies the first token can be found in the steps and optional implementations of other embodiments described before or after this embodiment, as well as other related parts of the specification, and will not be repeated here.
[0219] Step S214: If the first token passes verification, the first device and the second device authenticate each other for communication based on the first token.
[0220] In this embodiment of the disclosure, if the first token passes verification, the first device and the second device can authenticate each other using the modified first token before communicating, thereby improving communication stability and efficiency.
[0221] The token transmission method disclosed in this embodiment may include at least one of steps S211-S214. For example, step S211 may be implemented as a standalone embodiment, step S212 may be implemented as a standalone embodiment, step S213 may be implemented as a standalone embodiment, step S214 may be implemented as a standalone embodiment, steps S211-S212 may be implemented as standalone embodiments, steps S212-S213 may be implemented as standalone embodiments, and steps S212-S214 may be implemented as standalone embodiments, but is not limited thereto.
[0222] Figure 2c is a third interactive schematic diagram of a token transmission method according to an embodiment of the present disclosure. As shown in Figure 2c, the embodiments of the present disclosure relate to a token transmission method, which includes:
[0223] Step S221: The first device determines the first token.
[0224] In this embodiment, the specific process by which the first device determines the first token can be found in the steps and optional implementations of other embodiments described before or after this embodiment, as well as other related parts of the specification, which will not be repeated here.
[0225] Step S222: The first device sends the first token to the third device.
[0226] In this embodiment of the disclosure, after the first device determines the modified first token, it can send the first token to the third device so that the second device can obtain the modified first token from the third device.
[0227] The third device is any other device besides the first and second devices that has the ability to communicate with the first and second devices, such as a server, terminal device, or other relay device, without any restrictions.
[0228] The third device can communicate with the first and second devices through any network, such as Wi-Fi, 5G, or Ethernet, without any restrictions.
[0229] Step S223: The second device obtains the first token from the third device.
[0230] In this embodiment of the disclosure, when the second device is in a wake-up state, it can obtain the modified first token from the third device.
[0231] Specifically, the second device can periodically obtain the modified first token from the third device.
[0232] Optionally, after receiving the change instruction information sent by the third device, the second device obtains the changed first token from the third device.
[0233] The second device can obtain the first token directly by changing the instruction information, or it can download the first token from the third device in the wake-up state after receiving the change instruction information; there is no restriction on this.
[0234] Step S224: The second device verifies the first token.
[0235] In this embodiment, the specific process by which the second device verifies the first token can be found in the steps and optional implementations of other embodiments described before or after this embodiment, as well as other related parts of the specification, and will not be repeated here.
[0236] Step S225: If the first token passes verification, the first device and the second device communicate for authentication based on the first token.
[0237] In this embodiment of the disclosure, if the first token passes verification, the first device and the second device can authenticate each other using the modified first token before communicating, thereby improving communication stability and efficiency.
[0238] The token transmission method disclosed in this embodiment may include at least one of steps S221-S225. For example, step S221 may be implemented as a standalone embodiment, step S222 may be implemented as a standalone embodiment, step S223 may be implemented as a standalone embodiment, step S224 may be implemented as a standalone embodiment, step S225 may be implemented as a standalone embodiment, steps S221-S222 may be implemented as standalone embodiments, steps S222-S223 may be implemented as standalone embodiments, and steps S222-S224 may be implemented as standalone embodiments, but is not limited thereto.
[0239] The token transmission method of this disclosure embodiment is described below with reference to specific examples. The token transmission method in this example includes the following methods:
[0240] Method 1:
[0241] The Broadcaster (first device) stores the modified token on the server. Both the Broadcaster and the Receiver can connect to the server (e.g., via networks such as WiFi, 5G, Ethernet, etc.). After changing the token, the Broadcaster will synchronize the modified token to the server, and the Receiver can also download the modified token from the server when it wakes up.
[0242] Method 2:
[0243] When the Receiver is in the wake-up state, it establishes a connection with the Broadcaster and downloads the latest token. After the token changes, the Receiver also synchronizes the updated token with the Broadcaster via the connection.
[0244] Method 3:
[0245] The Broadcaster and Receiver have established a connection beforehand. The Broadcaster synchronizes a preset key (hereinafter referred to as Key) to the Receiver, or synchronizes the Key to the Receiver through a third party.
[0246] The Broadcaster uses a common algorithm (Algorithm) to calculate a result (Value) with Key and Rand (random number) as parameters.
[0247] Value = Algorithm(Key, Rand)
[0248] The Broadcaster then concatenates the Value and Rand (using the "||" operator in the program) to generate the modified Token.
[0249] In the modified token, the Value occupies the high byte position, and the Rand occupies the low byte position. Or vice versa.
[0250] Token = Value || Rand
[0251] The Broadcaster broadcasts the Token. After the Receiver receives it, it first extracts the Value and Rand from the Token, and then uses the locally stored Key to calculate a Value using an Algorithm. If the Value matches the extracted Value, then the Broadcaster is considered trustworthy.
[0252] Based on the above method, the Broadcaster can obtain different Tokens by changing the value of Rand. Since the man-in-the-middle attacker does not know the specific generation algorithm, he cannot forge the Token and therefore cannot wake up the Receiver to interfere with the communication.
[0253] Optionally, Broadcaster can specify a different algorithm each time it generates a token, so that if one algorithm is compromised, other algorithms can be used.
[0254] At this point, the changed token format is as follows:
[0255] Wherein, Algorithm_Index represents the index number of the algorithm.
[0256] Figure 3 is a schematic flowchart of one of the token transmission methods provided in this disclosure. The token transmission method shown in Figure 3 is executed by a first device and includes:
[0257] Step S31: Send the first token.
[0258] In this embodiment of the disclosure, when the first device determines that the token used for authentication with the second device needs to be changed, it can generate a modified first token.
[0259] In this embodiment of the disclosure, the first device sends a first token, including one or more of the following:
[0260] The first device sends a first token to the third device, which is used by the second device to obtain the first token from the third device;
[0261] The first device sends a first token to the second device through a communication connection established with the second device;
[0262] The first device sends a broadcast message, which includes the first token.
[0263] In this embodiment of the disclosure, the method further includes:
[0264] A first feature value is generated based on the first verification information and the preset keywords;
[0265] A first token is generated based on the first feature value and the first verification information;
[0266] The preset keyword is negotiated in advance by the first device and the second device, and the first feature value and the first verification information are used to verify the first token.
[0267] In this embodiment of the disclosure, the first verification information includes one or more of the following:
[0268] First value;
[0269] The first identifier is used to identify the first algorithm that generates the first feature value;
[0270] The first value includes one or more of the following:
[0271] First random number;
[0272] Timestamp;
[0273] The value of the counter.
[0274] In this embodiment of the disclosure, the first algorithm is obtained by the first device from the fourth device. In this embodiment of the disclosure, if the first token passes verification, the first device and the second device can authenticate each other using the modified first token before communicating, thereby improving communication stability and efficiency.
[0275] In this embodiment, the specific process by which the first device determines the first token can be found in the steps and optional implementations of other embodiments described before or after this embodiment, as well as other related parts of the specification, and will not be repeated here.
[0276] Figure 4 is a second schematic flowchart of the token transmission method provided in this embodiment of the present disclosure. The token transmission method shown in Figure 4 is executed by a second device and includes:
[0277] Step S41: Obtain the first token.
[0278] In this embodiment of the disclosure, the second device obtains the first token modified by the first device, and the first token is used for authentication when the first device and the second device communicate.
[0279] In this embodiment of the disclosure, the first device obtains the first token, including one or more of the following:
[0280] The second device obtains the first token from the third device, and the first token is obtained by the third device from the first device.
[0281] The second device obtains the first token from the first device through a communication connection established with the first device;
[0282] The second device obtains a broadcast message sent by the first device, the broadcast message including the first token.
[0283] In this embodiment of the disclosure, it also includes:
[0284] Verify the first token;
[0285] If the first token passes verification, authentication is performed based on the first token before the first device.
[0286] In this embodiment of the disclosure, the verification of the first token includes:
[0287] The first verification information and the first feature value are determined based on the first token. The first feature value is generated by the first device based on the first verification information and the preset keyword. The preset keyword is negotiated in advance by the first device and the second device.
[0288] A second feature value is generated based on the first verification information and the preset keywords;
[0289] If the first feature value and the second feature value are the same, the first token is determined to have passed the verification; if the first feature value and the second feature value are not the same, the first token is determined to have failed the verification.
[0290] In this embodiment of the disclosure, the first verification information includes one or more of the following:
[0291] First value;
[0292] The first identifier is used to identify the first algorithm that generates the first feature value;
[0293] The first value includes one or more of the following:
[0294] First random number;
[0295] Timestamp;
[0296] The value of the counter.
[0297] In this embodiment of the disclosure, the second feature value is generated according to the first algorithm; the first algorithm is obtained by the second device from the first device, or by the second device from the fourth device.
[0298] In this embodiment, the determination and verification process of the first token can be found in the steps and optional implementations of other embodiments described before or after this embodiment, as well as other related parts of the specification, and will not be repeated here.
[0299] In this embodiment of the disclosure, if the first token passes verification, the first device and the second device can authenticate each other using the modified first token before communicating, thereby improving communication stability and efficiency.
[0300] In this embodiment of the disclosure, the transmission of the first token can be carried out through other messages, such as the first device broadcasting a first message carrying the first token, or the first device sending a first message to a third device carrying the first token, or the first device sending a first message to a second device through a communication connection established with the second device carrying the first token, etc.
[0301] The name of the message is not limited to the name recorded in the embodiment. Terms such as "information", "message", "signal", "signaling", "report", "configuration", "indication", "instruction", "command", "channel", "parameter", "domain", "field", "symbol", "symbol", "codebook", "codeord", "codepoint", "bit", "data", "program", and "chip" can be used interchangeably.
[0302] In some embodiments, “get,” “obtain,” “receive,” “transmit,” “bidirectional transmission,” and “send and / or receive” can be used interchangeably and can be interpreted as receiving from other entities, obtaining from protocols, obtaining from higher layers, obtaining through self-processing, or autonomous implementation, among other meanings.
[0303] In some embodiments, terms such as “send,” “transmit,” “report,” “distribute,” “transfer,” “bidirectional transmission,” “send and / or receive” can be used interchangeably.
[0304] In some embodiments, the second device determines whether the first feature value and the second feature value are consistent, which can be done by a value represented by 1 bit (0 or 1), by a true or false value (boolean), or by a numerical comparison (e.g., a comparison with a predetermined value), but is not limited to these methods.
[0305] Figure 5 is a schematic diagram of the structure of a communication device proposed in an embodiment of this disclosure. As shown in Figure 5, the communication device 500 may include a transceiver module 510.
[0306] In some embodiments, the transceiver module 510 is configured to send a modified first token, which is used for authentication of communication between the first device and the second device. Optionally, the transceiver module 510 is configured to perform at least one of the communication steps (e.g., steps S202, S204, S212, S222, S31, but not limited thereto) performed by the first device in any of the above methods, which will not be elaborated here.
[0307] In some embodiments, the transceiver module may include a transmitting module and / or a receiving module, which may be separate or integrated. Optionally, the transceiver module may be interchangeable with a transceiver.
[0308] In some embodiments, the processing module may be a single module or may include multiple sub-modules. Optionally, the multiple sub-modules may each perform all or part of the steps required by the processing module. Optionally, the processing module may be interchangeable with a processor.
[0309] In some embodiments, the communication device 500 further includes a transceiver module 510, which is used to perform at least one of the processing steps performed by the first device in any of the above methods (e.g., steps S201, S205, S211, S214, S221, S225, but not limited thereto), which will not be described in detail here.
[0310] Figure 6 is a second schematic diagram of the structure of the communication device proposed in this embodiment. As shown in Figure 6, the communication device 600 may include a transceiver module 610.
[0311] In some embodiments, the transceiver module 610 is configured to obtain a first token modified by the first device, the first token being used for authentication during communication between the first device and the second device. Optionally, the transceiver module 610 is configured to perform at least one of the communication steps (e.g., steps S203, S223, S41, but not limited thereto) performed by the second device in any of the above methods, which will not be elaborated further here. Optionally, the communication device 600 further includes a processing module 620, configured to perform at least one of the processing steps (e.g., steps S204, S205, S213, S214, S224, S225, but not limited thereto) performed by the second device in any of the above methods, which will not be elaborated further here.
[0312] In some embodiments, the transceiver module may include a transmitting module and / or a receiving module, which may be separate or integrated. Optionally, the transceiver module may be interchangeable with a transceiver.
[0313] In some embodiments, the processing module may be a single module or may include multiple sub-modules. Optionally, the multiple sub-modules may each perform all or part of the steps required by the processing module. Optionally, the processing module may be interchangeable with a processor.
[0314] It should be understood that the division of units or modules in the above device is only a logical functional division. In actual implementation, they can be fully or partially integrated into a single physical entity, or they can be physically separated. Furthermore, the units or modules in the device can be implemented by a processor calling software: for example, the device includes a processor connected to a memory containing instructions. The processor calls the instructions stored in the memory to implement any of the above methods or to implement the functions of the units or modules in the above device. The processor can be, for example, a general-purpose processor, such as a Central Processing Unit (CPU) or a microprocessor, and the memory can be internal or external to the device. Alternatively, the units or modules in the device can be implemented in the form of hardware circuits. The functionality of some or all of the units or modules can be achieved through the design of these hardware circuits, which can be understood as one or more processors. For example, in one implementation, the hardware circuit is an application-specific integrated circuit (ASIC). The functionality of some or all of the units or modules is achieved through the design of the logical relationships between the components within the circuit. In another implementation, the hardware circuit can be implemented using a programmable logic device (PLD). Taking a field-programmable gate array (FPGA) as an example, it can include a large number of logic gates. The connection relationships between the logic gates are configured through configuration files, thereby achieving the functionality of some or all of the units or modules. All units or modules of the above device can be implemented entirely through processor-called software, entirely through hardware circuits, or partially through processor-called software with the remaining parts implemented through hardware circuits.
[0315] In this embodiment, the processor is a circuit with signal processing capabilities. In one implementation, the processor can be a circuit with instruction read and execute capabilities, such as a Central Processing Unit (CPU), a microprocessor, a graphics processing unit (GPU) (which can be understood as a microprocessor), or a digital signal processor (DSP). In another implementation, the processor can implement certain functions through the logical relationships of hardware circuits. The logical relationships of the aforementioned hardware circuits are fixed or reconfigurable. For example, the processor is a hardware circuit implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (PLD), such as an FPGA. In a reconfigurable hardware circuit, the process of the processor loading a configuration document and configuring the hardware circuit can be understood as the process of the processor loading instructions to implement the functions of some or all of the above units or modules. Furthermore, it can also be a hardware circuit designed for artificial intelligence, which can be understood as an ASIC, such as a Neural Network Processing Unit (NPU), a Tensor Processing Unit (TPU), or a Deep Learning Processing Unit (DPU).
[0316] Figure 7 is a third schematic diagram of the structure of the communication device proposed in this embodiment. The communication device 700 can be a first device or a second device, or it can be a chip, chip system, or processor that supports the first device or the second device in implementing any of the above methods. The communication device can be used to implement the methods described in the above method embodiments, and for details, please refer to the description in the above method embodiments.
[0317] As shown in Figure 7, the communication device 700 includes one or more processors 701. The processor 701 can be a general-purpose processor or a dedicated processor, such as a baseband processor or a central processing unit (CPU). The baseband processor can be used to process communication protocols and communication data, while the CPU can be used to control communication devices (e.g., base stations, baseband chips, terminal devices, terminal device chips, DUs or CUs, etc.), execute programs, and process program data. The communication device 700 is used to execute any of the above methods.
[0318] In some embodiments, the communication device 700 further includes one or more memories 702 for storing instructions. Optionally, all or part of the memories 702 may also be located outside the communication device 700.
[0319] In some embodiments, the communication device 700 further includes one or more transceivers 703. When the communication device 700 includes one or more transceivers 703, the transceivers 703 perform at least one of the communication steps such as sending and / or receiving in the above method (e.g., steps S202, S203, S212, S222, S223, S31, S41, but not limited thereto), and the processor 701 performs at least one of other steps (e.g., steps S201, S204, S205, S211, S213, S214, S221, S224, S225, but not limited thereto).
[0320] In some embodiments, a transceiver may include a receiver and / or a transmitter, which may be separate or integrated. Optionally, the terms transceiver, transceiver unit, transceiver, transceiver circuit, etc., may be used interchangeably; the terms transmitter, transmitting unit, transmitter, transmitting circuit, etc., may be used interchangeably; and the terms receiver, receiving unit, receiver, receiving circuit, etc., may be used interchangeably.
[0321] In some embodiments, the communication device 700 may include one or more interface circuits 704. Optionally, the interface circuit 704 is connected to the memory 702, and the interface circuit 704 can be used to receive signals from the memory 702 or other devices, and can be used to send signals to the memory 702 or other devices. For example, the interface circuit 704 can read instructions stored in the memory 702 and send the instructions to the processor 701.
[0322] The communication device 700 described in the above embodiments may be a first device or a second device, but the scope of the communication device 700 described in this disclosure is not limited thereto, and the structure of the communication device 700 may not be limited by FIG. 7. The communication device may be a standalone device or a part of a larger device. For example, the communication device may be: (1) a standalone integrated circuit IC, or chip, or chip system or subsystem; (2) a collection of one or more ICs, optionally, the IC collection may also include storage components for storing data and programs; (3) an ASIC, such as a modem; (4) a module that can be embedded in other devices; (5) a receiver, terminal device, smart terminal device, cellular phone, wireless device, handheld device, mobile unit, vehicle device, network device, cloud device, artificial intelligence device, etc.; (6) others, etc.
[0323] Figure 8 is a schematic diagram of the structure of the chip 800 proposed in an embodiment of this disclosure. The chip 800 includes one or more processors 801, and the chip 800 is used to perform any of the above methods.
[0324] In some embodiments, chip 800 further includes one or more interface circuits 803. Optionally, the interface circuit 803 is connected to memory 802, and the interface circuit 803 can be used to receive signals from memory 802 or other devices, and the interface circuit 803 can be used to send signals to memory 802 or other devices. For example, the interface circuit 803 can read instructions stored in memory 802 and send the instructions to processor 801.
[0325] In some embodiments, the interface circuit 803 performs at least one of the communication steps such as sending and / or receiving in the above method (e.g., steps S202, S203, S212, S222, S223, S31, S41, but not limited thereto), and the processor 801 performs at least one of other steps (e.g., steps S201, S204, S205, S211, S213, S214, S221, S224, S225, but not limited thereto).
[0326] In some embodiments, the terms interface circuit, interface, transceiver pin, transceiver, etc., can be used interchangeably.
[0327] In some embodiments, chip 800 further includes one or more memories 802 for storing instructions. Optionally, all or part of the memories 802 may be located outside of chip 800.
[0328] This disclosure also proposes a storage medium storing instructions that, when executed on the communication device 700, cause the communication device 700 to perform any of the above methods. Optionally, the storage medium is an electronic storage medium. Optionally, the storage medium is a computer-readable storage medium, but not limited thereto; it may also be a storage medium readable by other devices. Optionally, the storage medium may be a non-transitory storage medium, but not limited thereto; it may also be a temporary storage medium.
[0329] This disclosure also provides a program product that, when executed by the communication device 700, causes the communication device 700 to perform any of the above methods. Optionally, the program product is a computer program product.
[0330] This disclosure also proposes a computer program that, when run on a computer, causes the computer to perform any of the above methods. The above description is merely a preferred embodiment of this disclosure and an explanation of the technical principles employed. Those skilled in the art should understand that the scope of this disclosure is not limited to technical solutions formed by specific combinations of the above-described technical features, but should also cover other technical solutions formed by arbitrary combinations of the above-described technical features or their equivalents without departing from the above-described concept. For example, technical solutions formed by substituting the above features with (but not limited to) technical features disclosed in this disclosure that have similar functions.
Claims
1. A token transmission method, characterized in that, The method includes: The first device sends a modified first token, which is used for authentication when the first device and the second device communicate.
2. The method according to claim 1, characterized in that, The first device sends the first token, which includes one or more of the following: The first device sends the first token to the third device so that the second device can obtain the first token from the third device; The first device sends the first token to the second device through the communication connection established with the second device; The first device sends a broadcast message, the broadcast message including the first token.
3. The method according to claim 1 or 2, characterized in that, The method further includes: A first feature value is generated based on the first verification information and the preset keywords; The first token is generated based on the first feature value and the first verification information; The preset keyword is negotiated in advance by the first device and the second device, and the first feature value and the first verification information are used to verify the first token.
4. The method according to claim 3, characterized in that, The first verification information includes one or more of the following: First value; A first identifier, wherein the first identifier is used to identify a first algorithm for generating the first feature value; The first value includes one or more of the following: First random number; Timestamp; The value of the counter.
5. The method according to claim 4, characterized in that, The first algorithm is obtained by the first device from the fourth device.
6. A token transmission method, characterized in that, The method includes: The second device obtains the first token after the first device has changed it. The first token is used for authentication when the first device and the second device communicate.
7. The method according to claim 6, characterized in that, The first device acquires the first token by one or more of the following: The second device obtains the first token from the third device, and the first token is obtained by the third device from the first device; The second device obtains the first token from the first device through a communication connection established with the first device; The second device receives a broadcast message sent by the first device, the broadcast message including the first token.
8. The method according to claim 6 or 7, characterized in that, The method further includes: Verify the first token; If the first token passes verification, authentication is performed before the first device is used based on the first token.
9. The method according to claim 8, characterized in that, The verification of the first token includes: First verification information and first feature value are determined based on the first token. The first feature value is generated by the first device based on the first verification information and a preset keyword. The preset keyword is negotiated in advance by the first device and the second device. A second feature value is generated based on the first verification information and the preset keyword; If the first feature value and the second feature value are the same, the first token is determined to have passed the verification; if the first feature value and the second feature value are not the same, the first token is determined to have failed the verification.
10. The method according to claim 9, characterized in that, The first verification information includes one or more of the following: First value; A first identifier, wherein the first identifier is used to identify a first algorithm for generating the first feature value; The first value includes one or more of the following: First random number; Timestamp; The value of the counter.
11. The method according to claim 10, characterized in that, The second feature value is generated according to the first algorithm; the first algorithm is obtained by the second device from the first device, or by the second device from the fourth device.
12. A communication device, characterized in that, The communication device is used to execute the token transmission method provided in the first and / or second aspects of the embodiments of this disclosure.
13. A communication system, characterized in that, Including the first device and the second device; Wherein, the first device is configured to implement the token transmission method of any one of claims 1 to 5, and the second device is configured to implement the token transmission method of any one of claims 6 to 11.
14. A storage medium storing instructions, characterized in that, When the instruction is executed on the communication device, the communication device performs the token transmission method as described in any one of claims 1 to 5, or performs the token transmission method as described in any one of claims 6 to 11.
15. A program product comprising at least one of a program and instructions, characterized in that, When at least one of the programs or instructions is executed by the communication device, it implements the token transmission method of any one of claims 1 to 5, or implements the token transmission method of any one of claims 6 to 11.