Communication method and apparatus

By sending attack indication information to the second device in the communication system and negotiating a solution strategy, the problem of continuous communication interruption caused by the attack on the receiving end was solved, and timely response and normal communication were achieved.

WO2026092296A9PCT designated stage Publication Date: 2026-07-02HUAWEI TECH CO LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
HUAWEI TECH CO LTD
Filing Date
2025-10-23
Publication Date
2026-07-02

AI Technical Summary

Technical Problem

In a communication system, when the receiving end is attacked, the sending end cannot be notified in time, resulting in the continuous transmission of control frames. As a result, the receiving end continues to be attacked and cannot communicate normally.

Method used

The first device sends a message to the second device indicating that it is under attack, and the action frame contains a detailed description of the attack type and solution. The second device responds promptly to negotiate a solution strategy, including using a new MAC address, changing the associated identifier, switching channels, or negotiating a scrambling seed.

Benefits of technology

This effectively prevents the receiving end from being continuously attacked, ensures normal communication, and improves the security and stability of the communication system.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN2025129576_02072026_PF_FP_ABST
    Figure CN2025129576_02072026_PF_FP_ABST
Patent Text Reader

Abstract

Embodiments of the present application provide a communication method and apparatus. The method comprises: a first device sends first information to a second device, the first information being used for indicating that the first device is attacked; and the first device receives second information from the second device, the second information being used for responding to the first information. In the method, when being attacked, a first device can send first information to a second device to indicate that the first device is attacked. In this way, the second device can obtain, in time, that the first device is attacked, so that the second device can resolve the attack in time with the first device, thereby effectively preventing subsequent attacks from disabling normal communication between the first device and the second device.
Need to check novelty before this filing date? Find Prior Art

Description

A communication method and apparatus

[0001] Cross-reference to related applications

[0002] This application claims priority to Chinese Patent Application No. 202411527686.X, filed on October 29, 2024, entitled "A Communication Method and Apparatus", the entire contents of which are incorporated herein by reference. Technical Field

[0003] This application relates to the field of communication technology, and in particular to a communication method and apparatus. Background Technology

[0004] In current communication systems, to ensure the security of transmitted information, it is usually encrypted. The principle of encryption is to convert the original information (called plaintext) into another form (called ciphertext), making it unreadable. In addition to encryption mechanisms, there is also an integrity verification mechanism, such as message integrity check (MIC), which can prevent intermediate attacks and replay attacks during transmission.

[0005] However, in current technology, when a sending end (e.g., a base station) sends control frames (or data frames, or management frames, etc.) to a receiving end (e.g., a terminal), if the receiving end is attacked, it will not be able to correctly receive the control frames (or data frames, or management frames, etc.), and the sending end will be unaware that it has been attacked. Therefore, subsequently, the sending end will continue to send control frames (or data frames, or management frames, etc.), and the receiving end will continue to be attacked, resulting in a breakdown in normal communication between the sending and receiving ends. Summary of the Invention

[0006] This application proposes a communication method and apparatus for timely detection of attacks during transmission, thereby effectively preventing further attacks from affecting communication.

[0007] In a first aspect, this application provides a communication method that can be applied to a first device, or a component of the first device (e.g., a processor, chip, or chip system), or a logical node, logical module, or software capable of implementing all or part of the functions of the first device, or a device compatible with the first device. Taking the application of this method to a first device as an example, the method includes: the first device sending first information to a second device, the first information indicating that the first device is under attack; and the first device receiving second information from the second device, the second information responding to the first information.

[0008] In the embodiments of this application, the first device and the second device can communicate with each other. The first device or the second device can be an access point (e.g., an AP or an AP multi-link device (MLD)), a non-access site (e.g., a Non-AP STA or a Non-AP STA MLD), or a relay node, and is not limited thereto. A relay node can refer to a node or device that has access and / or forwarding functions.

[0009] For example, the first device is an access point, and the second device may be a non-access site in the basic service set of the access point; or, the second device is an access point, and the first device may be a non-access site in the basic service set of the access point; or, the first device and the second device are different non-access sites.

[0010] In the above method, if the first device is attacked, it can send a first message to the second device to indicate that the first device is under attack. In this way, the second device can be notified of the attack in time, and then the second device can work with the first device to resolve the attack in time. This can effectively prevent the first device and the second device from being unable to communicate normally due to subsequent attacks.

[0011] In conjunction with the first aspect, in one possible implementation, the first information is used to indicate that the first device is under attack, including: the first information is used to instruct the first device to confirm that the first device is under attack; correspondingly, the second information is used to respond to the first information, including: the second information is used to confirm that the first information has been received by the second device. Through this implementation, when the first device confirms that it is under attack, it promptly informs or instructs the second device to ensure that the second device is aware that the first device has been attacked.

[0012] In conjunction with the first aspect, in one possible implementation, the first information is used to indicate that the first device is under attack, including: the first information is used to instruct the first device to suspect that the first device is under attack; correspondingly, the second information is used to respond to the first information, including: the second information is used to confirm that the first device is under attack, or to confirm that the first device is not under attack. Through this implementation, when the first device suspects that it is under attack, it promptly informs or instructs the second device, so that the second device can promptly confirm whether the first device has been attacked and feed back the result to the first device.

[0013] In conjunction with the first aspect, in one possible implementation, the first information includes first attack type information, which indicates the type of attack the first device has been subjected to. Through this implementation, the first device informs or indicates to the second device the type of attack it has confirmed or suspected it has suffered, so that both parties can subsequently determine how to resolve the attack type.

[0014] Optionally, the first information may also include a first parameter corresponding to the type of attack the first device has been subjected to;

[0015] If the attack type on the first device is that the first device receives redundant control frames, then the first parameter may include at least one of the following: control frame type information, time information of the first device receiving control frames, or number of times the first device receives control frames; or...

[0016] If the attack type affecting the first device is that the first device receives a fake request block acknowledgment frame, then the first parameter may include the start sequence number (SSN) information of the request block acknowledgment frame; or,

[0017] If the attack type suffered by the first device is that the first device receives a fake trigger frame (such as a basic trigger frame), then the first parameter may include at least one of the following: the time information of the first device receiving the trigger frame (such as the basic trigger frame), the number of times the first device receives the trigger frame (such as the basic trigger frame), or the length information of the trigger frame (such as the basic trigger frame); or,

[0018] If the attack type on the first device is that the first device receives a fake first frame, then the first parameter may include at least one of the following: the time information of the first device receiving the first frame, the number of times the first device receives the first frame, or the SSN information of the first frame; the first frame is a trigger frame, a data frame, or a block acknowledgment frame; or...

[0019] If the attack type suffered by the first device is the loss of data to be received by the first device, then the first parameter may include the amount of data lost by the first device and / or the time information of the data loss; or,

[0020] If the attack type suffered by the first device is a denial-of-service attack, then the first parameter may include the time information of the denial-of-service attack suffered by the first device and / or the number of times the first device suffered a denial-of-service attack.

[0021] In conjunction with the first aspect, in one possible implementation, the second information includes first indication information, which is used to confirm whether the first device has been attacked or not. This implementation allows the first device to promptly and effectively determine whether it has been attacked.

[0022] In conjunction with the first aspect, in one possible implementation, the second information is used to confirm that the first device has been attacked. The second information includes second attack type information, which indicates the type of attack the first device has been subjected to. This implementation allows the first device to effectively and accurately determine the type of attack it has been subjected to.

[0023] Optionally, the second information may also include a second parameter corresponding to the type of attack suffered by the first device;

[0024] If the attack type on the first device is that the first device receives redundant control frames, then the second parameter may include at least one of the following: the type information of the control frames sent by the second device, the time information of the control frames sent by the second device, or the number of times the second device sends control frames; or,

[0025] If the attack type affecting the first device is that the first device receives a fake request block acknowledgment frame, then the second parameter may include the SSN information of the request block acknowledgment frame sent by the second device; or,

[0026] If the attack type suffered by the first device is that the first device receives a fake trigger frame (such as a basic trigger frame), then the second parameter may include at least one of the following: the time information of the second device sending the trigger frame (such as a basic trigger frame), the number of times the second device sends the trigger frame (such as a basic trigger frame), or the frame length information of the trigger frame (such as a basic trigger frame) sent by the second device; or,

[0027] If the attack type on the first device is that the first device receives a fake first frame, then the second parameter may include at least one of the following: the time information of the second device sending the first frame, the number of times the second device sends the first frame, or the SSN information of the first frame sent by the second device. The first frame is a trigger frame, a data frame, or a block acknowledgment frame; or...

[0028] If the attack type affecting the first device is data loss, then the second parameter may include the amount of data sent by the second device and / or the time information of data transmission by the second device; or,

[0029] If the attack type suffered by the first device is a denial-of-service attack, then the second parameter may include the time information of the second device sending frames to occupy the channel.

[0030] In conjunction with the first aspect, in one possible implementation, the method may further include the following steps:

[0031] The first device determines the method to resolve the attack based on the type of attack it is subjected to; or

[0032] The first device sends a third message to the second device, which suggests ways to resolve the attack on the first device; then the first device receives a fourth message from the second device, which is used in response to the third message; or

[0033] The second piece of information includes methods to resolve the attack on the first device.

[0034] Through this implementation method, the first device and the second device can effectively determine or negotiate a way to resolve the attack on the first device.

[0035] In conjunction with the first aspect, in one possible implementation, the third information includes a method for resolving the attack on the first device, and the fourth information is used to instruct the second device to accept the method for resolving the attack on the first device from the third information; or...

[0036] The third information includes multiple ways to resolve attacks on the first device, and the fourth information indicates which of these multiple methods is accepted by the second device.

[0037] Through this implementation, the first device can suggest ways to resolve the attack on the first device to the second device, so that the first device and the second device can effectively negotiate a way to resolve the attack on the first device.

[0038] In conjunction with the first aspect, in one possible implementation, the third information includes at least one method for resolving an attack on the first device, and the fourth information is used to instruct the second device not to accept the method for resolving an attack on the first device in the third information. The fourth information includes a method for resolving an attack on the first device, and the method for resolving an attack on the first device in the fourth information is different from at least one method for resolving an attack on the first device in the third information. The method may further include:

[0039] The first device sends a fifth message to the second device. The fifth message is used to instruct the first device to accept the method for resolving the attack on the first device in the fourth message, or to instruct the first device not to accept the method for resolving the attack on the first device in the fourth message.

[0040] With this implementation, if the second device does not accept or agree with the first device's proposed solution to the attack on STA1, it can provide the first device with a solution to the attack on the first device, so that the first device and the second device can effectively negotiate a solution to the attack on the first device.

[0041] In this application embodiment, the methods for resolving attacks on the first device may include, but are not limited to, at least one of the following:

[0042] The first device uses a new Media Access Control MAC address;

[0043] Change the associated identifier (AID) of the first device;

[0044] Switch communication channels or links;

[0045] Add packet number (PN) and message integrity check (MIC) fields to the control frame;

[0046] The first and second devices negotiate one or more scrambling seeds; or...

[0047] The first and second devices negotiate the padding length or the Physical Layer Protocol Data Unit (PPDU) length.

[0048] In conjunction with the first aspect, in one possible implementation, the first, second, third, or fourth information is carried within an action frame. This implementation method allows the first, second, third, or fourth information to be carried through action frames (or behavior frames), making the solution easier to implement.

[0049] In one possible implementation, the above-mentioned action frame includes a first field and a second field. The first field is used to indicate the type of the action frame, and the second field is used to carry first information, second information, third information, or fourth information.

[0050] For example, the first field is used to indicate that the type of the action frame is a protected action frame, and the second field may include the third field and the fourth field;

[0051] The third field takes the first value, and the fourth field is used to carry the first information;

[0052] The third field takes the second value, and the fourth field is used to carry the second information;

[0053] The third field takes the third value, and the fourth field is used to carry the third information;

[0054] The third field takes the fourth value, and the fourth field is used to carry the fourth piece of information.

[0055] In conjunction with the first aspect, in another possible implementation, the first or second information is carried in the first sub-control field of the HE type control field of the first frame, where the first frame is a data frame, an empty data frame, or a management frame. The first identifier field within the first sub-control field takes the value of the fifth value, which can be an integer between 10 and 14. This implementation method utilizes the first sub-control field of the HE type control field of a data frame, empty data frame, or management frame to carry the first or second information, making the implementation easier.

[0056] Secondly, this application provides a communication method that can be applied to a second device, or a component of the second device (e.g., a processor, chip, or chip system), or a logical node, logical module, or software capable of implementing all or part of the functions of the second device, or a device used in conjunction with the second device. Taking the application of this method to a second device as an example, the method includes: the second device receiving first information sent from a first device, the first information indicating that the first device is under attack; and the second device sending second information to the first device in response to the first information.

[0057] In the embodiments of this application, the first device and the second device can communicate with each other. The first device or the second device can be an access point (e.g., an AP or an AP multi-link device (MLD)), a non-access site (e.g., a Non-AP STA or a Non-AP STA MLD), or a relay node, and is not limited thereto. A relay node can refer to a node or device that has access and / or forwarding functions.

[0058] For example, the first device is an access point, and the second device may be a non-access site in the basic service set of the access point; or, the second device is an access point, and the first device may be a non-access site in the basic service set of the access point; or, the first device and the second device are different non-access sites.

[0059] In the above method, the second device receives a first message sent from the first device. The first message indicates that the first device has been attacked. In this way, the second device can be aware that the first device has been attacked in a timely manner, and then the second device can resolve the attack with the first device in a timely manner. This can effectively prevent the first device and the second device from being unable to communicate normally due to subsequent attacks.

[0060] In conjunction with the second aspect, in one possible implementation, the first information is used to indicate that the first device has been attacked, including: the first information instructing the first device to confirm that it has been attacked; correspondingly, the second information is used to respond to the first information, including: the second information confirming that the first information has been received by the second device. Through this implementation, the second device can promptly learn that the first device has been attacked.

[0061] In conjunction with the second aspect, in one possible implementation, the first information is used to indicate that the first device is under attack, including: the first information instructing the first device to suspect that the first device is under attack; correspondingly, the second information is used to respond to the first information, including: the second information confirming that the first device is under attack, or confirming that the first device is not under attack. Through this implementation, the second device can promptly report to the first device whether the first device is under attack.

[0062] In conjunction with the second aspect, in one possible implementation, the first information includes first attack type information, which indicates the type of attack the first device has been subjected to. Through this implementation, the second device can learn the type of attack confirmed or inferred by the first device, thus facilitating the subsequent determination of how to resolve that attack type.

[0063] Optionally, the first information may also include a first parameter corresponding to the type of attack the first device has been subjected to;

[0064] The attack type suffered by the first device is that the first device receives redundant control frames, and the first parameter includes at least one of the following: control frame type information, time information of the first device receiving control frames, or number of times the first device receives control frames; or...

[0065] The attack type suffered by the first device is that the first device receives a fake request block acknowledgment frame, and the first parameter includes the start sequence number (SSN) information of the request block acknowledgment frame; or,

[0066] The attack type suffered by the first device is that the first device receives a fake trigger frame (such as a base trigger frame), and the first parameter includes at least one of the following: the time information of the first device receiving the trigger frame (such as the base trigger frame), the number of times the first device receives the trigger frame (such as the base trigger frame), or the length information of the trigger frame (such as the base trigger frame); or,

[0067] The attack type suffered by the first device is that the first device receives a fake first frame. The first parameter includes at least one of the following: the time information of the first device receiving the first frame, the number of times the first device receives the first frame, or the SSN information of the first frame. The first frame is a trigger frame, a data frame, or a block acknowledgment frame; or...

[0068] The attack type suffered by the first device is the loss of data to be received by the first device, and the first parameter includes the amount of data lost by the first device and / or the time information of the data loss; or,

[0069] The attack type suffered by the first device is a denial-of-service attack, and the first parameter includes the time information of the denial-of-service attack and / or the number of times the first device suffered a denial-of-service attack.

[0070] In conjunction with the second aspect, in one possible implementation, the second information includes first indication information, which is used to confirm whether the first device has been attacked or not. This implementation allows the first device to promptly and effectively determine whether it has been attacked.

[0071] In conjunction with the second aspect, in one possible implementation, the second information is used to confirm that the first device has been attacked. The second information includes second attack type information, which indicates the type of attack the first device has been subjected to. This implementation allows the first device to effectively and accurately determine the type of attack it has been subjected to.

[0072] Optionally, the second information may also include a second parameter corresponding to the type of attack suffered by the first device;

[0073] The attack type suffered by the first device is that the first device receives redundant control frames, and the second parameter includes at least one of the following: the type information of the control frames sent by the second device, the time information of the control frames sent by the second device, or the number of times the second device sends control frames.

[0074] The attack type suffered by the first device is that the first device receives a fake request block acknowledgment frame, and the second parameter includes the SSN information of the request block acknowledgment frame sent by the second device;

[0075] The attack type suffered by the first device is that the first device receives a fake trigger frame (such as a base trigger frame), and the second parameter includes at least one of the following: the time information of the second device sending the trigger frame (such as the base trigger frame), the number of times the second device sends the trigger frame (such as the base trigger frame), or the frame length information of the trigger frame (such as the base trigger frame) sent by the second device; or

[0076] The attack type affecting the first device is that the first device receives a fake first frame, and the second parameter includes at least one of the following: the time information of the second device sending the first frame, the number of times the second device sends the first frame, or the SSN information of the first frame sent by the second device, wherein the first frame is a trigger frame, a data frame, or a block acknowledgment frame; or the attack type is that the data to be received by the first device is lost, and the second parameter includes the amount of data sent by the second device and / or the time information of the second device sending the data; or

[0077] The attack type suffered by the first device is a denial-of-service attack, and the second parameter includes the time information of the second device sending frames to occupy the channel.

[0078] In conjunction with the second aspect, in one possible implementation, the method may further include the following steps:

[0079] The second device determines how to resolve the attack on the first device based on the type of attack it suffers; or,

[0080] The second device receives a third message from the first device, which suggests ways to resolve the attack on the first device; it then sends a fourth message to the first device in response to the third message; or...

[0081] The second piece of information includes methods to resolve the attack on the first device.

[0082] Through this implementation method, the second device and the first device can effectively determine or negotiate a way to resolve the attack on the first device.

[0083] In conjunction with the second aspect, in one possible implementation, the third information includes a method for resolving the attack on the first device, and the fourth information is used to instruct the second device to accept the method for resolving the attack on the first device from the third information; or...

[0084] The third information includes multiple ways to resolve attacks on the first device, and the fourth information indicates which of these multiple methods is accepted by the second device.

[0085] Through this implementation, the first device can suggest ways to resolve the attack on the first device to the second device, so that the first device and the second device can effectively negotiate a way to resolve the attack on the first device.

[0086] In conjunction with the second aspect, in one possible implementation, the third information includes at least one method for resolving the attack on the first device, and the fourth information is used to instruct the second device not to accept the method for resolving the attack on the first device in the third information. The fourth information includes a method for resolving the attack on the first device, and the method for resolving the attack on the first device in the fourth information is different from at least one method for resolving the attack on the first device in the third information. The method may further include: the second device receiving fifth information from the first device, the fifth information being used to instruct the first device to accept the method for resolving the attack on the first device in the fourth information, or to instruct the first device not to accept the method for resolving the attack on the first device in the fourth information.

[0087] Through this implementation, if the second device does not accept or agree with the first device's proposed method for resolving the attack on STA1, the second device can provide the first device with a method for resolving the attack on the first device, so that the first device and the second device can effectively negotiate a method for resolving the attack on the first device.

[0088] In this application embodiment, the methods for resolving attacks on the first device may include, but are not limited to, at least one of the following:

[0089] The first device uses a new Media Access Control MAC address;

[0090] Change the associated identifier (AID) of the first device;

[0091] Switch communication channels or links;

[0092] Add packet number (PN) and message integrity check (MIC) fields to the control frame;

[0093] The first and second devices negotiate one or more scrambling seeds; or

[0094] The first and second devices negotiate the fill length or PPDU length.

[0095] In conjunction with the second aspect, in one possible implementation, the first, second, third, or fourth information is carried within an action frame. This implementation method allows the first, second, third, or fourth information to be carried through action frames (or behavior frames), making the solution easier to implement.

[0096] In one possible implementation, the action frame described above may include a first field and a second field. The first field is used to indicate the type of the action frame, and the second field is used to carry first information, second information, third information, or fourth information.

[0097] For example, the first field mentioned above is used to indicate that the type of the action frame is a protected action frame, and the second field includes the third field and the fourth field;

[0098] The third field takes the first value, and the fourth field is used to carry the first information;

[0099] The third field takes the second value, and the fourth field is used to carry the second information;

[0100] The third field takes the third value, and the fourth field is used to carry the third information;

[0101] The third field takes the fourth value, and the fourth field is used to carry the fourth piece of information.

[0102] In conjunction with the second aspect, in another possible implementation, the first or second information is carried in the first sub-control field of the HE type control field in the first frame, where the first frame is a data frame, an empty data frame, or a management frame. The first identifier field within the first sub-control field takes the value of the fifth value, which can be an integer between 10 and 14. This implementation method utilizes the first sub-control field of the HE type control field in a data frame, empty data frame, or management frame to carry the first or second information, making the implementation easier.

[0103] Thirdly, this application also provides a communication device, which is a first device or a chip corresponding to the first device. The communication device has the functions of implementing the first aspect and any of the possible embodiments described above. The communication device can be implemented in hardware or by hardware executing corresponding software. The hardware or software includes one or more units or modules corresponding to the above functions.

[0104] In one possible design, the communication device includes a processor configured to support the communication device in performing corresponding functions of the first device in the method described above. The communication device may also include a memory coupled to the processor, which stores necessary program instructions and data for the communication device. Optionally, the communication device further includes a communication interface for supporting communication between the communication device and other communication devices, such as the transmission and reception of data or signals. Exemplarily, the communication interface may be a transceiver, circuit, bus, module, or other type of communication interface.

[0105] In one possible design, the communication device includes corresponding functional modules, each used to implement the steps in the above method. The functions can be implemented in hardware or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

[0106] In one possible design, the communication device includes a processing unit and a communication unit, which can perform the corresponding functions in the above method examples, as described in the method provided in the first aspect, and will not be repeated here.

[0107] Fourthly, this application also provides a communication device, which is a second device or a chip corresponding to a second device. The communication device has the functions to implement the second aspect described above and any of the possible embodiments therein. The communication device can be implemented in hardware or by hardware executing corresponding software. The hardware or software includes one or more units or modules corresponding to the above functions.

[0108] In one possible design, the communication device includes a processor configured to support the communication device in performing corresponding functions of the second device in the method described above. The communication device may also include a memory coupled to the processor, which stores necessary program instructions and data for the communication device. Optionally, the communication device further includes a communication interface for supporting communication between the communication device and other communication devices, such as the transmission and reception of data or signals. Exemplarily, the communication interface may be a transceiver, circuit, bus, module, or other type of communication interface.

[0109] In one possible design, the communication device includes corresponding functional modules, each used to implement the steps in the above method. The functions can be implemented in hardware or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

[0110] In one possible design, the communication device includes a processing unit and a communication unit, which can perform the corresponding functions in the above method examples, as described in the method provided in the second aspect, and will not be repeated here.

[0111] Fifthly, a communication device is provided, including a processor and an interface circuit. The interface circuit is configured to receive signals from other communication devices outside the communication device and transmit them to the processor, or to send signals from the processor to other communication devices outside the communication device. The processor is configured to implement the methods of the first aspect and any of the possible implementations thereof through logic circuits or execution code instructions.

[0112] In a sixth aspect, a communication device is provided, including a processor and an interface circuit. The interface circuit is configured to receive signals from other communication devices outside the communication device and transmit them to the processor, or to send signals from the processor to other communication devices outside the communication device. The processor is configured to implement the methods of the second aspect and any of the possible implementations thereof through logic circuits or execution code instructions.

[0113] In a seventh aspect, a computer-readable storage medium is provided that stores a computer program or instructions which, when executed by a processor, implement the methods of any one of the first and second aspects and any possible implementation thereof.

[0114] Eighthly, a computer program product storing instructions is provided, which, when executed by a processor, implement the methods of the first and second aspects and any possible implementation thereof.

[0115] A ninth aspect provides a chip system including a processor and potentially a memory for implementing the methods of the first and second aspects and any possible embodiments thereof. The chip system may be composed of chips or may include chips and other discrete devices.

[0116] In a tenth aspect, a communication system is provided, the communication system comprising the first device described in the first aspect and the second device described in the second aspect.

[0117] It should be noted that the technical effects that can be achieved by any of the third to tenth aspects or any of the third to tenth aspects can be referred to the description of the technical effects that can be achieved by any of the first and second aspects or any of the first and second aspects, which will not be repeated here. Attached Figure Description

[0118] Figure 1 shows a schematic diagram of communication between two MLD devices;

[0119] Figure 2A shows a schematic diagram of the frame structure of a PPDU;

[0120] Figure 2B shows a schematic diagram of the frame structure of an MPDU;

[0121] Figure 3 is a diagram of a WLAN communication system architecture to which the method of the embodiments of this application can be applied;

[0122] Figure 4 is a flowchart illustrating a communication method provided in an embodiment of this application;

[0123] Figure 5 is a schematic diagram of the method flow of Embodiment 1 of this application;

[0124] Figure 6 is a schematic diagram of the structure of an action frame that can be applied to the embodiments of this application;

[0125] Figure 7 is a schematic diagram of the structure of a protected ultra-high reliability action frame that can be applied to the embodiments of this application;

[0126] Figure 8 is a schematic diagram of the structure of a data frame applicable to the embodiments of this application;

[0127] Figure 9A is a schematic diagram of the format or structure of the HE control field that can be applied to the embodiments of this application;

[0128] Figure 9B is a schematic diagram of the structure of the A-control subfield in the HE type HT control field to which the embodiments of this application can be applied;

[0129] Figure 9C is a schematic diagram of the structure of the control subfield that can be applied to the embodiments of this application;

[0130] Figure 10 is a schematic flowchart of the method according to Embodiment 2 of this application;

[0131] Figure 11 is a schematic diagram of the structure of a communication device according to an embodiment of this application;

[0132] Figure 12 is a schematic diagram of another communication device according to an embodiment of this application;

[0133] Figure 13 is a schematic diagram of a chip device structure according to an embodiment of this application. Detailed Implementation

[0134] The scenarios described in the embodiments of this application are for the purpose of more clearly illustrating the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided in the embodiments of this application. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of this application.

[0135] To better understand the solutions provided in the embodiments of this application, some terms, concepts, or processes involved in the embodiments of this application will be explained below. It should be noted that these explanations are intended to make the embodiments of this application easier to understand and should not be regarded as limiting the scope of protection claimed by this application.

[0136] 1) Multi-link operation (MLO):

[0137] The core idea of ​​MLO is that WLAN devices that support the IEEE 802.11 standard have the ability to transmit and receive in multiple frequency bands, thereby using a larger bandwidth for data transmission and significantly improving throughput.

[0138] For example, multiple frequency bands include, but are not limited to, the 2.4GHz WiFi band, the 5GHz WiFi band, and the 6GHz WiFi band. Access and transmission on each frequency band are referred to as a link, or access and transmission within a frequency range of the same frequency band are referred to as a link. Therefore, access and transmission consisting of multiple links is referred to as MLO (Multi-Link Optimization).

[0139] Next-generation IEEE 802.11 standard station equipment that simultaneously supports multiple links is called a multi-link device (MLD), and the internal entity responsible for any one link is called a station (STA). If all STAs within an MLD are access points (APs), then the MLD can be further called an access point multi-link device (AP MLD); if all STAs within an MLD are non-AP stations (non-AP STAs), then the MLD can be further called a non-AP MLD. The example shown in Figure 1 contains two MLDs: MLD A and MLD B. Each MLD has N links, where N is a positive integer.

[0140] 2) Physical Layer Protocol Data Unit (PPDU):

[0141] As shown in Figure 2A, a PPDU contains a preamble and a payload. The payload is an A-MPDU. An A-MPDU consists of one or more MPDUs and a delimiter preceding each MPDU. Each MPDU consists of a MAC header and a MAC service data unit (MSDU), or each MPDU consists of a MAC header and an aggregated MAC service data unit (A-MSDU). Each MPDU also corresponds to a sequence number (SN).

[0142] The MAC header consists of frame control, duration, address 1, address 2, address 3, sequence number control, address 4, quality of service control, and high throughput control, as shown in Figure 2B. The MSDU or A-MSDU is located in the frame body.

[0143] In the embodiments of this application, each data frame may include one or more data units. The data frame may be a PPDU, or an A-MPDU within a PPDU. The data units within the data frame may be an MPDU, or an MSDU within an MPDU, or an A-MSDU within an MPDU.

[0144] 3) Basic service set (BSS) usually refers to the area covered by an access point (AP) where stations (STAs) under that AP can communicate with each other.

[0145] 4) Overlapping Basic Service Set (OBSS) refers to other BSSs that overlap with the current BSS channel. OBSS may be the same channel or different channels.

[0146] It should be noted that in the embodiments of this application, "at least one" refers to one or more, and "more than one" refers to two or more. "And / or" describes the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent: A alone, A and B simultaneously, or B alone, where A and B can be singular or plural. The character " / " generally indicates that the preceding and following related objects are in an "or" relationship. "At least one of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one of a, b, or c can represent: a, b, c, a and b, a and c, b and c, or a and b and c, where a, b, and c can be single or multiple.

[0147] Furthermore, unless otherwise stated, the ordinal numbers such as "first," "second," or "1," "2," etc. (except in special cases indicating numerical values) mentioned in the embodiments of this application are used to distinguish multiple objects and are not used to limit the size, content, order, timing, priority, or importance of multiple objects. For example, first phase information and second phase information are only used to distinguish different phase information, and do not indicate that the size, priority, or importance of these two phase information are different.

[0148] It should be noted that, in this application, the terms "exemplary" or "for example" are used to indicate that something is being described as an example, illustration, or illustration. Any embodiment or design described as "exemplary" or "for example" in this application should not be construed as being more preferred or advantageous than other embodiments or design solutions. Specifically, the use of terms such as "exemplary" or "for example" is intended to present the relevant concepts in a concrete manner.

[0149] The terms "comprising" and "having," and any variations thereof, used in the following description of embodiments of this application are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or device that includes a series of steps or units is not limited to the listed steps or units, but may optionally include other steps or units not listed, or may optionally include other steps or units inherent to these processes, methods, products, or devices. Furthermore, the term "for indicating" used in the description of embodiments of this application can include both direct and indirect indication. When describing an indication message for indicating A, it may include whether the indication message directly indicates A or indirectly indicates A, but does not necessarily mean that the indication message carries A.

[0150] The preceding text introduced some of the terms / terms used in the embodiments of this application. The following text introduces the technical background, methods, and apparatus involved in the embodiments of this application.

[0151] In current communication systems, to ensure the security of transmitted information, it is usually encrypted. The principle of encryption is to convert the original information (plaintext) into another form (ciphertext), making it unreadable. Besides encryption mechanisms, there is also an integrity verification mechanism, such as message integrity check (MIC), which can prevent man-in-the-middle attacks and replay attacks during transmission. (A man-in-the-middle attack occurs when an attacker establishes independent connections with both ends of a communication and exchanges the data they receive, making both ends believe they are communicating directly through a private connection, but in reality, the entire session is completely controlled by the attacker. A man-in-the-middle attack requires both parties to be online simultaneously, and the attacker can intercept data from both sides and even insert new content. A replay attack occurs when an attacker obtains packets sent from a client to a server and sends them back to the server verbatim to achieve certain functions. This type of attack is often used in authentication processes to compromise the correctness of authentication. A replay attack does not require understanding the replayed content; the attacker only needs to repeatedly send the previously captured data packets.)

[0152] However, in current technology, when a sending end (e.g., a base station) sends control frames (or data frames, or management frames, etc.) to a receiving end (e.g., a terminal), if the receiving end is attacked, it will not be able to correctly receive the control frames (or data frames, or management frames, etc.), and the sending end will be unaware that it has been attacked. Therefore, subsequently, the sending end will continue to send control frames (or data frames, or management frames, etc.), and the receiving end will continue to be attacked, resulting in a breakdown in normal communication between the sending and receiving ends.

[0153] To address the aforementioned problems, this application proposes a communication method and apparatus for timely detection of attacks during transmission, effectively preventing further attacks from affecting communication. The method and apparatus are based on the same inventive concept. Since the principles underlying the problems solved by the method and apparatus are similar, their implementations can be mutually referenced, and repeated details will not be elaborated further.

[0154] The embodiments of this application can be applied to WLAN scenarios, for example, to the Institute of Electrical and Electronics Engineers (IEEE) 802.11 system standards, such as 802.11bn, Wi-Fi 7 or Extremely High Throughput (EHT), 802.11bf, and next-generation standards of 802.11bn, such as Wi-Fi 9 or even later. Alternatively, the embodiments of this application can also be applied to wireless local area network systems such as Internet of Things (IoT) networks or Vehicle-to-X (V2X) networks. Of course, the embodiments of this application can also be applied to other possible communication systems, such as worldwide interoperability for microwave access (WiMAX) communication systems, 5th generation (5G) communication systems, and future communication systems.

[0155] The following examples illustrate how the embodiments of this application can be applied to WLAN scenarios. It should be understood that WLAN standards, starting with 802.11a / g, have evolved through 802.11n, 802.11ac, 802.11ax, 802.11be, and the currently discussed 802.11bn. 802.11n can also be referred to as high throughput (HT); 802.11ac as very high throughput (VHT); 802.11ax as high efficiency (HE) or Wi-Fi 6; 802.11be as EHT or Wi-Fi 7; and 802.11bn as UHR or Wi-Fi 8. Standards prior to HT, such as 802.11a / b / g, can be collectively referred to as non-high throughput (Non-HT).

[0156] Figure 3 illustrates a network architecture diagram of a WLAN to which this application embodiment can be applied. Referring to Figure 3, the WLAN includes one wireless access point (AP) 1 and several stations (STAs) associated with AP 1. AP 1 and its associated STAs can constitute a Basic Service Set (BSS). In this BSS, the STAs associated with AP 1 (e.g., STA1, STA2, etc.) can receive radio frames sent by AP 1 and can also send radio frames to AP 1. STAs can also communicate with each other. The method of this application embodiment can be applied to communication between APs and STAs, and also to communication between APs. For example, APs can communicate with each other through a distributed system (DS). This application embodiment can also be applied to communication between STAs. It should be understood that the network architecture shown in Figure 3 is only an example. The actual network architecture shown in Figure 3 may include other devices, and the number of APs and / or STAs shown in Figure 3 is only an example; the actual number of APs and / or STAs may be more or less.

[0157] The embodiments of this application can be applied to the communication system / scenario within the same BSS shown in Figure 3, and may also be applicable to the communication system / scenario of OBSS.

[0158] It should be noted that the network architecture shown in Figure 3 (also referred to as the communication system architecture) does not constitute a limitation on the network architecture to which the embodiments of this application can be applied. The method provided in the embodiments of this application can also be applied to various wireless communication systems, such as Wi-Fi systems, 6G communication systems, or various future mobile communication systems, and this application is not limited thereto.

[0159] Access points, which are the points through which terminal devices (such as mobile phones) access wired (or wireless) networks, are primarily deployed in homes, buildings, and campuses, with a typical coverage radius of tens to hundreds of meters. They can also be deployed outdoors. An access point acts as a bridge connecting wired and wireless networks, its main function being to connect various wireless network clients together and then connect the wireless network to the Ethernet. Specifically, access points can be terminal devices (such as mobile phones) or network devices (such as routers) with Wi-Fi chips, or wireless communication chips, wireless sensors, or wireless communication terminals with access point functionality. Access points can be devices that support the 802.11bn standard. Access points can also be devices that support various wireless local area networks (WLAN) standards of the 802.11 family, including 802.11be, 802.11ax, 802.11ac, 802.11ad, 802.11ay, 802.11n, 802.11g, 802.11b, 802.11a, and 802.11bn next generation.

[0160] A site can be a wireless communication chip, wireless sensor, or wireless communication terminal, and can also be referred to as a user. For example, a site can be a mobile phone supporting Wi-Fi communication, a tablet computer supporting Wi-Fi communication, a set-top box supporting Wi-Fi communication, a smart TV supporting Wi-Fi communication, a smart wearable device supporting Wi-Fi communication, an in-vehicle communication device supporting Wi-Fi communication, and a computer supporting Wi-Fi communication, etc. Optionally, the site can support the 802.11bn standard. The site can also support various wireless local area network (WLAN) standards of the 802.11 family, such as 802.11be, 802.11ax, 802.11ac, 802.11n, 802.11g, 802.11b, 802.11a, and 802.11bn next-generation.

[0161] For example, access points and sites can be devices used in the Internet of Vehicles (IoV), IoT nodes and sensors in the Internet of Things (IoT), smart cameras, smart remote controls, smart water and electricity meters in smart homes, and sensors in smart cities.

[0162] The AP and STA involved in the embodiments of this application can be APs and STAs that comply with the IEEE 802.11 system standard. An AP is a device deployed in a wireless communication network to provide wireless communication functions for its associated STAs. The AP can serve as the hub of the communication system and is typically a network-side product that supports the MAC and PHY of the 802.11 system standard. Examples include base stations, routers, gateways, repeaters, communication servers, switches, or bridges. The base station can include various forms of macro base stations, micro base stations, repeater stations, etc. For ease of description, the devices mentioned above are collectively referred to as APs. STAs are typically terminal products that support the media access control (MAC) and physical layer (PHY) of the 802.11 system standard, such as mobile phones and laptops.

[0163] The communication system architecture or network architecture and business scenarios described in the embodiments of this application are for the purpose of more clearly illustrating the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided in the embodiments of this application. As those skilled in the art will know, with the evolution of communication system or network architecture and the emergence of new business scenarios, the technical solutions provided in the embodiments of this application can also be applied to similar technical problems.

[0164] Unless otherwise specified in this document, the terms "first device" and "second device" are used to describe the implementing entities.

[0165] The "first device" (or "second device") can be a network device, a device with network device functions, or a device that implements network device functions. For example, the "first device" (or "second device") is an access network device (such as an AP or AP multi-link device MLD), or the "first device" (or "second device") can be a module (e.g., a chip or circuit) in an access network device (such as an AP or AP MLD), or it can be a module or unit (e.g., a CU, DU, or RU), logic module, or software that fully or partially implements an access network device (such as an AP or AP MLD).

[0166] Alternatively, the "first device" (or "second device") can be a terminal, a device with terminal functions, or a device that implements terminal functions. For example, the "first device" (or "second device") can be a terminal (such as a Non-AP STA or Non-AP MLD), a module (e.g., a chip or circuit) within a terminal (such as a Non-AP STA or Non-AP MLD), or a module or unit, logic module, or software that fully or partially implements a terminal (such as a Non-AP STA or Non-AP MLD). Alternatively, the "first device" (or "second device") can be a core network device. Or, the "first device" (or "second device") can be a server, such as a cloud server. Or, the "first device" (or "second device") can also be a device or apparatus with sensing and / or positioning capabilities, or a device or apparatus capable of performing artificial intelligence tasks. Among these, a device capable of performing artificial intelligence tasks can be called an artificial intelligence task execution device.

[0167] In the following text, the embodiments of this application are described using "first device" as the sending end and "second device" as the receiving end as examples. In addition, "first device" can be replaced by "first node" or "first communication device" or "sending device", etc., and "second device" can be replaced by "second node" or "second communication device" or "receiving device", etc.

[0168] In this application, "send" and "receive" refer to the direction of information / data / signal transmission. For example, "send information to XX" can be understood as the destination of the information being XX, and "send information" can include direct transmission or indirect transmission through other units or modules. "Receive information from YY" can be understood as the source of the information being YY, and "receive information" can include direct reception from YY or indirect reception from YY through other units or modules. Furthermore, "send" can also be understood as the "output" of a chip interface, and "receive" can be understood as the "input" of a chip interface. In other words, "send" or "receive" can occur between nodes / devices, such as a base station and a terminal transmitting or receiving data via an air interface. "Send" or "receive" can also occur within a device, such as between components, modules, chips, software modules, or hardware modules within the device via a bus, wiring, or interface.

[0169] It should be understood that the names of the messages (or information) in the following processes in this application are merely examples. As communication technology evolves, the names of the messages (or information, etc.) in the following processes may change. However, regardless of how the names change, as long as their meaning is the same as the function or meaning of the messages (or information, etc.) in this application, they all fall within the protection scope of this application. For example, some names involving "information" in this application can be replaced with "frame" or "field". For example, "first information" can be replaced with "first wireless frame" or "first field", etc., and "second information" can be replaced with "second wireless frame" or "second field", etc. Similar information involved in this application can be replaced with the aforementioned replacement forms, and will not be listed one by one here.

[0170] The solutions of the embodiments of this application will be described below.

[0171] This application provides a communication method, which can be applied to, but is not limited to, the communication system architecture shown in Figure 3. The method can be executed by a first device (or a second device), by a module of the first device (or the second device) (e.g., a processor, chip, or chip system), or by a logical node, logical module, or software capable of implementing all or part of the functions of the first device (or the second device). Furthermore, this application does not impose specific limitations on the specific structure of the execution entities (first device, second device) or the number of each execution entity (first device, second device) provided in this application's embodiments, as long as communication can be performed by running a program that records the code of the method provided in this application's embodiments. For ease of description, the interaction between the first device and the second device is used as an example in the following description. The order of steps in the following processes is merely an example; in actual applications, the execution order of steps in each process can be adjusted, and all or part of the following steps can be adaptively executed.

[0172] Referring to Figure 4, the method provided in this application embodiment may include the following steps:

[0173] S401: The first device sends a first message to the second device, and the second device receives the first message accordingly; the first message is used to indicate that the first device is under attack.

[0174] In the embodiments of this application, the first device and the second device can communicate with each other. The first device or the second device can be an access point (e.g., an AP or an AP multi-link device (MLD)), a non-access site (e.g., a Non-AP STA or a Non-AP STA MLD), or a relay node, and is not limited thereto. A relay node can refer to a node or device that has access and / or forwarding functions.

[0175] For example, the first device is an access point, and the second device may be a non-access site in the basic service set of the access point; or, the second device is an access point, and the first device may be a non-access site in the basic service set of the access point; or, the first device and the second device are different non-access sites.

[0176] In the above method, if the first device is attacked, it can send a first message to the second device to indicate that the first device is under attack. In this way, the second device can be notified of the attack in time, and then the second device can work with the first device to resolve the attack in time. This can effectively prevent the first device and the second device from being unable to communicate normally due to subsequent attacks.

[0177] In this application embodiment, the first device may be attacked in the following ways, including but not limited to:

[0178] Scenario 1, where the first device suspects or assumes it is under attack:

[0179] Regarding scenario 1, in one possible implementation, the first information is used to instruct the first device to suspect that it has been attacked. After receiving the first information, the second device can then use it to further confirm whether the first device has been attacked.

[0180] Scenario 2, where the first device confirms that it is under attack:

[0181] Regarding scenario 2, in one possible implementation, the first information is used to instruct the first device to confirm that it has been attacked. Then, after receiving the first information, the second device can determine that the first device has been attacked based on that information.

[0182] In one possible implementation, the first information includes first attack type information, which is used to indicate the type of attack suffered by the first device.

[0183] Optionally, the first information may also include a first parameter corresponding to the attack type.

[0184] The following is an example of the types of attacks the first device was subjected to and the corresponding first parameters:

[0185] If the attack type suffered by the first device is that the first device receives redundant control frames, the first parameter may include at least one of the following: control frame type information, time information of the first device receiving control frames, or number of times the first device receives control frames.

[0186] If the attack type suffered by the first device is that the first device receives a fake request block acknowledgment frame, then the first parameter may include the start sequence number (SSN) information of the request block acknowledgment frame.

[0187] If the attack type suffered by the first device is that the first device receives a fake trigger frame (such as a basic trigger frame), then the first parameter may include at least one of the following: the time information of the first device receiving the trigger frame (such as the basic trigger frame), the number of times the first device receives the trigger frame (such as the basic trigger frame), or the length information of the trigger frame (such as the basic trigger frame).

[0188] If the attack type suffered by the first device is that the first device receives a fake first frame, the first parameter may include at least one of the following: the time information of the first device receiving the first frame, the number of times the first device receives the first frame, or the SSN information of the first frame. The first frame may be, but is not limited to, a trigger frame, a data frame, or a block acknowledgment frame.

[0189] If the attack type suffered by the first device is the loss of data to be received by the first device, the first parameter may include the amount of data lost by the first device and / or the time information of the data loss.

[0190] If the attack type suffered by the first device is a denial-of-service attack, the first parameter may include the time information of the denial-of-service attack and / or the number of times the first device has been subjected to a denial-of-service attack.

[0191] S402: The second device sends a second message to the first device, and the first device receives the second message accordingly; the second message is used to respond to the first message.

[0192] Corresponding to the several situations shown in S401 above, the second information sent by the second device can be used for the response, including but not limited to the following:

[0193] Corresponding to S401 above, situation 1 (i.e., the first information indicates that the first device suspects that the first device has been attacked):

[0194] In one possible implementation, the second information is used to confirm that the first device has been attacked, or to confirm that the first device has not been attacked.

[0195] For example, the second information includes first indication information, which is used to confirm that the first device has been attacked or to confirm that the first device has not been attacked.

[0196] In one possible implementation, the second information is used to confirm that the first device has been attacked. In this case, the second information may include second attack type information, which is used to indicate the type of attack that the first device has been attacked.

[0197] In the embodiments of this application, the attack type indicated by the second attack type information on the first device may be the same as or different from the attack type indicated by the first attack type information on the first device, and no specific limitation is made in this regard.

[0198] Optionally, if the first device is attacked, the second information may also include a second parameter corresponding to the type of attack the first device was attacked.

[0199] The following is an example of the types of attacks the first device was subjected to and the corresponding second parameters:

[0200] If the attack type suffered by the first device is that the first device receives redundant control frames, the second parameter may include at least one of the following: the type information of the control frames sent by the second device, the time information of the control frames sent by the second device, or the number of times the second device sends control frames.

[0201] If the attack type suffered by the first device is that the first device receives a fake request block acknowledgment frame, then the second parameter may include the SSN information of the request block acknowledgment frame sent by the second device.

[0202] If the attack type suffered by the first device is that the first device receives a fake trigger frame (such as a basic trigger frame), then the second parameter may include at least one of the following: the time information of the second device sending the trigger frame (such as a basic trigger frame), the number of times the second device sends the trigger frame (such as a basic trigger frame), or the frame length information of the trigger frame (such as a basic trigger frame) sent by the second device.

[0203] If the attack type suffered by the first device is that the first device receives a fake first frame, the second parameter may include at least one of the following: the time information of the second device sending the first frame, the number of times the second device sends the first frame, or the SSN information of the first frame sent by the second device. The first frame may be, but is not limited to, a trigger frame, a data frame, or a block acknowledgment frame.

[0204] If the attack type suffered by the first device is the loss of data to be received by the first device, the second parameter may include the amount of data sent by the second device and / or the time information of the second device sending the data.

[0205] If the attack type suffered by the first device is a denial-of-service attack, the second parameter may include the time information of the second device sending frames to occupy the channel.

[0206] Corresponding to situation 2 in S401 above (i.e., the first information instructs the first device to confirm that the first device has been attacked):

[0207] In one possible implementation, the second information is used to confirm that the first information has been received by the second device.

[0208] In one possible implementation, the second information may include second attack type information, which is used to indicate the type of attack the first device has been subjected to (i.e., the type of attack the first device has confirmed to have been subjected to).

[0209] Optionally, corresponding to case 2 in S401 above (i.e., the first information indicates that the first device has been attacked), the second information may also include a second parameter corresponding to the type of attack the first device has been attacked (i.e., the type of attack the first device has been confirmed to have been attacked).

[0210] The second parameter can be referred to in the content of the second parameter above, and will not be repeated here.

[0211] In one possible implementation, the method of this application embodiment further includes the following steps:

[0212] The first device and the second device determine the method to resolve an attack on the first device.

[0213] The following describes how the first and second devices determine how to resolve an attack on the first device.

[0214] In this application embodiment, the first device and the second device may determine the method for resolving the attack on the first device in the following ways, but are not limited to:

[0215] Method 1: The first device and the second device determine the method to resolve the attack on the first device based on the type of attack it is subjected to.

[0216] Regarding Method 1, in this embodiment of the application, corresponding solutions can be preset for different attack types. The attack type and the corresponding solution can be one-to-one (i.e., one attack type corresponds to one solution), one-to-many (i.e., one attack type corresponds to multiple solutions), or many-to-one (i.e., multiple attack types correspond to one solution). There is no specific limitation on this. Different attack types and corresponding solutions can be publicly known or known to the first device and the second device.

[0217] In this way, the first device and the second device can determine one or more preset methods to resolve the attack type based on the type of attack the first device is subjected to.

[0218] Method 2: The first device sends a third message to the second device, and the second device receives the third message, which is used to suggest a way to resolve the attack on the first device; the first device also receives a fourth message from the second device, which is used to respond to the third message.

[0219] In one possible implementation, the third information may include a method for resolving the attack on the first device (i.e., a method suggested by the first device), and the fourth information is used to instruct the second device to accept the method for resolving the attack on the first device in the third information; or, the third information may include multiple methods for resolving the attack on the first device (i.e., multiple methods suggested by the first device), and the fourth information is used to indicate the method accepted by the second device among the multiple methods.

[0220] In another possible implementation, the third information includes at least one method for resolving the attack on the first device, and the fourth information is used to instruct the second device not to accept the method for resolving the attack on the first device in the third information. In this case, the fourth information may include the method for resolving the attack on the first device (i.e., it may be the method suggested by the second device), and the method for resolving the attack on the first device in the fourth information is different from at least one method for resolving the attack on the first device in the third information.

[0221] Optionally, the method in this application embodiment may further include: the first device sending fifth information to the second device, and correspondingly, the second device receiving the fifth information, the fifth information being used to instruct the first device to accept the method for resolving the attack on the first device in the fourth information, or to instruct the first device not to accept the method for resolving the attack on the first device in the fourth information.

[0222] Method 3: The second information sent by the second device to the first device includes a method for resolving the attack on the first device, that is, the second device can suggest or specify a method for resolving the attack on the first device.

[0223] For example, in embodiments of this application, the method of resolving an attack on the first device may include at least one of the following:

[0224] (1) The first device uses a new medium access control (MAC) address; (2) Change the association identifier (AID) of the first device; (3) Switch the communication channel; (4) Switch the communication link; (5) Add packet number (PN) and message integrity check (MIC) fields to the control frame; (6) Negotiate one or more scrambling seeds between the first device and the second device; (7) Negotiate the padding length or physical layer protocol data unit (PPDU) length between the first device and the second device.

[0225] In one possible implementation, the first, second, third, or fourth information mentioned above can be carried in the action frame.

[0226] For example, one of the first, second, third, and fourth information may be carried in an action frame; or, the first, second, third, and fourth information may each be carried in different action frames; or, individual information of the first, second, third, and fourth information may be carried in different action frames. This application does not impose specific restrictions on this.

[0227] In one possible implementation, the action frame may include a first field and a second field, wherein the first field is used to indicate the type of the action frame, and the second field is used to carry first information, second information, third information, or fourth information.

[0228] In one possible implementation, the first field mentioned above is used to indicate that the type of the action frame is a protected action frame, and the second field mentioned above includes the third field and the fourth field.

[0229] The third field takes the first value, and the fourth field is used to carry the first information (that is, the first information is carried in the protected action frame);

[0230] The third field takes the second value, and the fourth field is used to carry the second information (that is, the second information is carried in the protected action frame);

[0231] The third field takes the third value, and the fourth field is used to carry the third information (that is, the third information is carried in the protected action frame);

[0232] The third field takes the fourth value, and the fourth field is used to carry the fourth information (that is, the fourth information is carried in the protected action frame).

[0233] In another possible implementation, the aforementioned first or second information can be carried in the first sub-control field of the HE type control field in the second frame; wherein the second frame can be, but is not limited to, a data frame, an empty data frame, or a management frame, and the first identifier field within the first sub-control field takes the value of a fifth value. The fifth value can be an integer from 10 to 14 (inclusive).

[0234] Based on the above scheme, it can be seen that when the first device is attacked, it can send a first message to the second device to indicate that the first device is under attack. In this way, the second device can be notified of the attack in time, and then the second device can work with the first device to resolve the attack in a timely manner. This can effectively prevent the first device and the second device from being unable to communicate normally due to subsequent attacks.

[0235] The following section uses the scheme shown in Figure 4 applied to the WLAN network architecture shown in Figure 3 as an example, and provides a detailed introduction to the scheme shown in Figure 4 through several specific implementation methods.

[0236] Implementation Method 1:

[0237] In Embodiment 1, based on the scheme shown in FIG4 above, taking STA1 in the architecture shown in FIG3 as the first device and AP1 in the architecture shown in FIG3 as the second device as an example, the embodiment of this application will be described in detail. Referring to FIG5, the method flow of Embodiment 1 includes the following steps:

[0238] S501: STA1 sends a first request message to AP1 (an example of the first message in the scheme shown in Figure 4 above); correspondingly, AP1 receives the first request message; wherein, the first request message is used to instruct STA1 to guess / speculate the attack it has been subjected to.

[0239] In S501, if STA1 suspects or suspects that it is under attack, it sends a first request message to AP1 to request AP1 to confirm whether STA1 is under attack.

[0240] In one possible implementation, the first request information includes first attack type information, which is used to instruct STA1 to infer the type of attack it is facing. The attack type that STA1 infers may include, but is not limited to, one or more of the following:

[0241] (1) STA1 receives redundant control frames;

[0242] (2) STA1 receives a fake block ACK request (BAR);

[0243] (3) STA1 receives a fake basic trigger frame;

[0244] (4) STA1 interaction fake trigger frame (TF) or data frame or block ACK (BA) frame;

[0245] (5) Data to be received by STA1 is lost;

[0246] (6) STA1 is under denial of service (DoS) attack.

[0247] Optionally, the first request information may also include parameters corresponding to the type of attack that STA1 has inferred it to be under (example of the first parameter in the scheme shown in Figure 4 above).

[0248] For example, STA1 is the receiver of frames / data. Table 1 shows several types of attacks that STA1 can be subjected to and the parameters corresponding to the attack types that can be carried in the first request information, and introduces the parameters.

[0249] 1) If the attack type suffered by STA1 is receiving redundant control frames, then the parameters that can be carried in the first request information (examples of the first parameters in the scheme shown in Figure 4 above) can include, but are not limited to, at least one of the following:

[0250] The type of control frame received by STA1, the time when STA1 received the control frame, or the number of times STA1 received the control frame.

[0251] For example, the time when STA1 receives the control frame could be the time when STA1 receives the last one or more of the control frames; STA1 could use the low-order field of the timing synchronization function (TSF) to represent it, or STA1 could use the time of the previous target beacon transmission time (TBTT). This application does not limit how it is specifically represented, and the foregoing is merely an example.

[0252] The number of times STA1 receives the control frame can be the number of times STA1 receives the control frame within a cycle; for example, the number of times STA1 receives the control frame within a beacon cycle.

[0253] 2) If the attack type suffered by STA1 is receiving a fake BAR, then the parameters that can be carried in the first request information (example of the first parameter in the scheme shown in Figure 4 above) may include, but are not limited to: the start sequence number (SSN) information of the fake BAR received by STA1.

[0254] For example, the SSN information of the fake BAR can be the value of the SSN field of the fake BAR, or the value of WinStartR of the current BA scoreboard of STA1. The value of WinStartR of the current BA scoreboard of STA1 can be obtained based on the SSN field of the fake BAR.

[0255] 3) If the attack type suffered by STA1 is receiving a fake base trigger frame (example of a trigger frame), then the parameters that can be carried in the first request information (example of the first parameter in the scheme shown in Figure 4 above) can include, but are not limited to, at least one of the following:

[0256] The time when STA1 receives the fake base trigger frame, the number of times STA1 receives the fake base trigger frame, or the uplink (UL) length of the fake base trigger frame (i.e., an example of the frame length information of the fake base trigger frame).

[0257] For example, the time when STA1 receives the fake base trigger frame could be the moment when STA1 receives the last one or more fake base trigger frames, where the fake base trigger frame is the base trigger frame for the TA to set the MAC address of the associated AP; STA1 can use the low-order field of the partial time synchronization function TSF to represent it, or use the time relative to the previous target beacon transmission time TBTT to represent it, which is not limited.

[0258] For example, the number of times STA1 receives the fake base trigger frame can be the number of times STA1 receives the fake base trigger frame in one cycle (such as the beacon cycle). The fake base trigger frame refers to the base trigger frame that TA sets to the MAC address of the associated AP.

[0259] For example, the UL length of the fake base trigger frame can be the value of the uplink length (UL length) field of the fake base trigger frame received by STA1.

[0260] 4) If the attack type suffered by STA1 is an interactive fake TF (or data frame or block acknowledgment frame), then the parameters that can be carried in the first request information (examples of the first parameters in the scheme shown in Figure 4 above) can include, but are not limited to, at least one of the following:

[0261] The time when STA1 receives a fake TF (or data frame or block acknowledgment frame), the number of times STA1 receives a fake TF (or data frame or block acknowledgment frame), or the SSN information of the fake TF frame (or data frame or block acknowledgment frame).

[0262] For example, the time when STA1 receives a fake TF (or data frame or block acknowledgment frame) can be the time when STA1 receives the last one or more TFs (or data frames or block acknowledgment frames) while exchanging fake TF frames (or data frames or block acknowledgment frames); STA1 can use the low-order field of the partial time synchronization function TSF to represent it, or STA1 can use the time of the previous target beacon transmission time TBTT to represent it, and this application does not limit it in this way.

[0263] For example, the number of times STA1 receives a fake TF (or data frame or block acknowledgment frame) can be the number of times STA1 receives the fake TF (or data frame or block acknowledgment frame) when exchanging fake TFs (or data frames or block acknowledgment frames) within a cycle (such as a beacon cycle).

[0264] For example, the SSN information of the fake TF (or data frame or block acknowledgment frame) can be the value of the start sequence number SSN field in the fake TF (or data frame or block acknowledgment frame) received by STA1, or the value of WinStartR of STA1's current BA scoreboard.

[0265] 5) If the attack type suffered by STA1 is data loss to be received by STA1, then the parameters that can be carried in the first request message (examples of the first parameters in the scheme shown in Figure 4 above) can include, but are not limited to, at least one:

[0266] The amount of data lost by STA1 and the time information of the data loss by STA1.

[0267] For example, if the data lost by STA1 is an MSDU, then the amount of data lost by STA1 can be the number of MSDUs lost in the upper layer of STA1. The time information of the data loss by STA1 can be the approximate time when the MSDU was lost, or one or more beacon cycles in which the lost MSDU was located.

[0268] 6) If the attack type suffered by STA1 is a Denial-of-Service (DoS) attack, then the parameters that can be carried in the first request information (examples of the first parameters in the scheme shown in Figure 4 above) can include, but are not limited to, at least one of the following:

[0269] Information on the time when STA1 was subjected to a Denial-of-Service (DoS) attack and the number of times STA1 was subjected to a Denial-of-Service (DoS) attack.

[0270] For example, the time information of a denial-of-service (DoS) attack on STA1 can include the start time and duration of the DoS attack. The number of times STA1 is subjected to a DoS attack can be the number of times a third party (such as an attacker) uses request-to-send (RTS) frames or other frames to occupy the channel within a period.

[0271] Table 1

[0272] In the embodiments of this application, "receiving fake control frames or data frames, etc." in Table 1 above can be understood as: the control frames or data frames received by the receiver are not from the real sender, and therefore the control frames or data frames are fake. For example, STA1 receiving a fake BAR can mean that although the BAR received by STA1 shows the sending station field as AP1 (STA1's associated AP) in the frame format, its real sending station is not AP1, but a third party (i.e., an attacker).

[0273] Table 1 above is only one example. In actual applications, the attack types and corresponding parameters carried in the first request information may not be limited to those shown in Table 1. Compared with the attack types, corresponding parameters, and parameter descriptions shown in Table 1, actual applications may contain more or fewer attack types, corresponding parameters, and parameter descriptions, which will not be listed in detail in this application.

[0274] In one possible implementation, the first request information (an example of the first information in the scheme shown in Figure 4 above) can be carried in, but is not limited to, an action frame or an A-control field.

[0275] The following are specific examples of how the first request information is carried in the action frame and the A-control field.

[0276] Example 1: The first request information is carried in an action frame.

[0277] For example, Figure 6 shows a schematic diagram of the structure of an action frame, which includes fields for category and action details. The category field is used to indicate / represent the type of action frame.

[0278] For example, referring to Table 2 below, if the code or value of the category field in the action frame is 38, it indicates that the type of the action frame is an ultra-high reliability (UHR) action frame. If the code or value of the category field in the action frame is 39, it indicates that the type of the action frame is a protected ultra-high reliability (UHR) action frame.

[0279] For example, the first request information is carried in a protected UHR action frame as an example. Figure 7 shows the structure of the protected UHR action frame. The protected UHR action frame includes a category field (an example of the first field in the scheme shown in Figure 4 above) and a protected ultra-high reliability behavior (protected UHR action) field (an example of the second field in the scheme shown in Figure 4 above).

[0280] Table 2

[0281] Example 2: The first request information is carried in the A-control field.

[0282] In one possible implementation, the A-control field is located within the HT control field of the high-throughput (HE) type.

[0283] The following section describes the frames and fields used to carry the first request information.

[0284] For example, the HT Control field can be located in a data frame (e.g., a Quality of Service Stream Data (QoSData) frame), an empty data frame (e.g., a QoS Null) or a management frame.

[0285] The following example uses the HT Control field in a data frame, as shown in Figure 8. A data frame includes a frame control field as well as other fields, such as duration, addresses 1 to 4, sequence control, quality of service (QoS) control, frame body, and frame check sequence (FCS). The frame control field indicates whether an HT control field is present in the data frame. If the frame control field indicates the presence of an HT control field, then the data frame shown in Figure 8 will also include an HT control field.

[0286] For example, the length of an HT control field is 4 bytes, and there are three types of HT control fields, indicated or represented by bits B0 and B1. As shown in Figure 9A, which illustrates the structure of an HT control field, when B0 = 0, it indicates that the HT control field is of type HT; when B0 = 1 and B1 = 0, it indicates that the HT control field is of type VHT; and when B0 = 1 and B1 = 1, it indicates that the HT control field is of type HE.

[0287] For the HT control field of type HE, the B2-B31 part is called the A-control subfield.

[0288] As shown in Figure 9B, the A-control subfield includes a control list (i.e., one or more control subfields) and a padding field.

[0289] Figure 9C shows a schematic diagram of the structure of each control subfield. As shown in Figure 9C, the control subfield includes a control identifier (control ID) (occupying 4 bits) and a control information field. The values ​​of the control identifier (occupying 4 bits) are shown in Table 3 below.

[0290] In one possible implementation, in the control subfield shown in Figure 9C, the control information field is used to carry the first request information, and the control ID value can be an integer from 10 to 14 (inclusive) in Table 3.

[0291] Table 3

[0292] In this embodiment of the application, before STA1 sends the first request information, STA1 encrypts the first request information or the frame containing the first request information to prevent a third party (i.e., an attacker) from obtaining the first request information and the information carried therein by receiving the first request information or the frame containing the first request information.

[0293] S502: AP1 sends a first response message to STA1 (an example of the second message in the scheme shown in Figure 4 above); accordingly, STA1 receives the first response message; wherein, the first response message is used to indicate / confirm whether an attack has occurred to STA1 (or whether STA1 has been attacked).

[0294] In one possible implementation, the first response information (an example of the second information in the scheme shown in Figure 4 above) can also be carried in, but is not limited to, an action frame or an A-control field.

[0295] In one possible implementation, the first response information includes first indication information, which indicates whether an attack has occurred on STA1. In another possible implementation, the first response information includes first indication information, which indicates whether STA1 has been attacked.

[0296] In this application embodiment, AP1 confirms whether an attack has occurred to STA1, which may include the following situations:

[0297] Scenario 1, AP1 confirms that the attack that STA1 is suspected to be under does not exist: The first response information is used to indicate that the attack on STA1 does not exist (or to indicate that STA1 has not been attacked).

[0298] Regarding scenario 1, in one possible implementation, the first response information includes attack type information (i.e., an example of the first indication information mentioned above), which is used to indicate that STA1 suspects that the attack it is under does not exist.

[0299] Scenario 2, AP1 confirms that STA1 is suspected of being under attack: The first response information is used to indicate that STA1 is under attack (or to indicate that STA1 is under attack).

[0300] Regarding scenario 2, in one possible implementation, the first response information includes attack type information, which indicates the type of attack STA1 is subjected to, i.e., indicates that an attack exists on STA1. The attack type subjected to STA1 may include, but is not limited to, one or more of the following:

[0301] (1) STA1 receives redundant control frames;

[0302] (2) STA1 received a fake BAR;

[0303] (3) STA1 receives a fake basic trigger frame;

[0304] (4) STA1 receives a fake TF frame, data frame, or BA frame.

[0305] (5) Data to be received by STA1 is lost;

[0306] (6) STA1 is under a denial-of-service (DoS) attack.

[0307] Optionally, the first response information may also include parameters corresponding to the attack type suffered by STA1 (example of the second parameter information in the scheme shown in Figure 4 above).

[0308] For example, AP1 is the sender of frames / data. Table 4 shows the types of attacks that STA1 can be subjected to and the parameters corresponding to the attack types that can be carried in the first response information, and provides a description of the parameters.

[0309] As shown in Table 4 below, if the attack type received by STA1 is "not attacked" (or STA1 suspects that the attack it is receiving does not exist), then the second information carries the attack type information, which is used to indicate that STA1 has not been attacked.

[0310] If STA1 is attacked, the parameters corresponding to the attack type and their descriptions are as follows:

[0311] 1) If the attack type suffered by STA1 is that STA1 receives redundant control frames, then the parameters that can be carried in the first response information (examples of the second parameters in the scheme shown in Figure 4 above) include, but are not limited to, at least one of the following:

[0312] Information about the type of control frames sent by AP1, the time when AP1 sent control frames, or the number of times AP1 sent control frames.

[0313] In the above, the control frame sent by AP1 may be the same as or different from the redundant control frame received by STA1.

[0314] For example, the time when AP1 sends a control frame can be the time when AP1 sends the last one or more control frames; AP1 can use part of the low-order TSF field to represent it, or it can use the time relative to the previous TBTT, without restriction.

[0315] The number of control frames sent by AP1 can be the number of times AP1 sends control frames within a cycle. For example, the number of times AP1 sends control frames within a beacon cycle.

[0316] 2) If the attack type suffered by STA1 is that STA1 receives a fake BAR, then the parameters that can be carried in the first response information (example of the second parameter in the scheme shown in Figure 4 above) include, but are not limited to, the SSN information of the BAR sent by AP1.

[0317] For example, the SSN information of the BAR sent by AP1 can be the value of the SSN field in the last BAR sent by AP1; or the value of WinStart of the current BA scoreboard of AP1.

[0318] 3) If the attack type suffered by STA1 is receiving a fake base trigger frame (example of a trigger frame), then the parameters that can be carried in the first response information (example of the second parameter in the scheme shown in Figure 4 above) include, but are not limited to, at least one of the following:

[0319] The time when AP1 sends the basic trigger frame, the number of times AP1 sends the basic trigger frame, or the UL length of the basic trigger frame sent by AP1 (i.e., an example of the frame length information of the basic trigger frame sent by AP1).

[0320] For example, the time when AP1 sends the basic trigger frame can be the time when AP1 sends one or more basic trigger frames to STA1; for example, AP1 can use part of the TSF low-order field to represent it, or use the time relative to the previous TBTT, without limitation.

[0321] The number of times AP1 sends a basic trigger frame can be the number of times AP1 sends a basic trigger frame to STA1 within one beacon cycle. For example, the number of times AP1 sends a basic trigger frame to STA1 within one beacon cycle.

[0322] 4) If the attack type received by STA1 is a fake TF (or data frame or BA frame) of STA1 interaction, then the parameters that can be carried in the first response information (examples of the second parameters in the scheme shown in Figure 4 above) include, but are not limited to, at least one of the following:

[0323] The time when AP1 receives a fake TF (or data frame or BA frame), the number of times AP1 receives a fake TF frame (or data frame or BA frame), or the SSN information of the fake TF (or data frame or BA frame).

[0324] The time when AP1 receives a fake TF (or data frame or BA frame) can be the start or end time when AP1 receives the last one or more of that frame interactions; for example, AP1 can use part of the low-order TSF field to represent it, or use the time relative to the previous TBTT, which is not limited.

[0325] The number of times AP1 receives a fake TF (or data frame or BA frame) can be the number of times AP1 receives a fake TF (or data frame or BA frame) within one cycle.

[0326] For example, the SSN information of the fake TF (or data frame or BA frame) can be the value of the start sequence number SSN field in the BA sent by AP1; or the value of WinStartR of the current BA scoreboard of AP1.

[0327] 5) If STA1 is subjected to an attack of data loss, the parameters that can be carried in the first response message (examples of the second parameters in the scheme shown in Figure 4 above) include, but are not limited to, at least one of the following:

[0328] The amount of data lost by STA1 and the time information of the data loss by STA1.

[0329] For example, if the data lost by STA1 is an MSDU, then the amount of data lost by STA1 can be the number of MSDUs sent by AP1 in the previous cycle or multiple cycles (beacon cycle). The time information of the data lost by STA1 can be the estimated time of the MSDU loss by STA1, the time when AP1 sent the MSDU, or the beacon cycle in which AP1 sent one or more MSDUs.

[0330] 6) If the attack type suffered by STA1 is a denial-of-service (DoS) attack, then the parameters that can be carried in the first response message (example of the second parameter in the scheme shown in Figure 4 above) include, but are not limited to, the number of times AP1 sends.

[0331] For example, the number of times AP1 transmits can be the number of times AP1 occupies the channel using request-to-send (RTS) frames or other frames within one or more periods (e.g., beacon periods).

[0332] Table 4

[0333] In the embodiments of this application, "receiving fake control frames or data frames, etc." in Table 4 above can be understood as follows: if the control frames or data frames received by the receiver are not from the real sender, then the control frames or data frames are said to be fake. For example, STA1 receiving a fake BAR can mean that although the BAR received by STA1 shows the sending station field as AP1 (STA1's associated AP) in the frame format, its real sending station is not AP1, but a third party (i.e., an attacker).

[0334] Table 4 above is only one example. In actual applications, the attack types and corresponding parameters carried in the first request information may not be limited to the attack types and corresponding parameters shown in Table 1 above. Compared with the attack types, corresponding parameters, and parameter descriptions shown in Table 4, actual applications may contain more or fewer attack types, corresponding parameters, and parameter descriptions, which will not be listed in detail in this application.

[0335] S503: STA1 and AP1 determine how to resolve attacks on STA1.

[0336] In this application embodiment, STA1 and AP1 determine the method to resolve the attack on STA1, which may be one of the following methods, but is not limited to:

[0337] Method 1 (Pre-agreed method for resolving attack types):

[0338] In one possible implementation, one or more methods for resolving different attack types can be pre-set. In the embodiments of this application, the attack type and the corresponding method can be in a one-to-one correspondence (i.e., one attack type corresponds to one method), one-to-many (i.e., one attack type corresponds to multiple methods), or many-to-one (i.e., multiple attack types correspond to one method), and there is no limitation thereto.

[0339] For example, for each of the above attack types, AP1 and STA1 pre-set / agree on at least one corresponding attack resolution method. Then, in S503, STA1 and AP1 can determine at least one corresponding attack resolution method according to the attack type currently received by STA1.

[0340] Using method one, there is no need for additional signaling interaction between STA1 and AP1 to negotiate a solution to the attack on STA1, thereby reducing system overhead.

[0341] Method Two (Negotiation to determine the method to resolve the attack on STA1):

[0342] In one possible implementation, STA1 sends an attack avoidance negotiation frame to AP1 (an example of the third information in the scheme shown in Figure 4 above), which may include STA1's proposed solution to the attack on STA1.

[0343] After receiving the attack avoidance negotiation frame sent by STA1, if AP1 agrees with or accepts the method suggested by STA1 to resolve the attack on STA1, then AP1 replies to STA1 with an attack avoidance response frame (an example of the fourth information in the scheme shown in Figure 4 above). The attack avoidance response frame is used to indicate that AP1 agrees with / accepts the method carried in the attack avoidance negotiation frame.

[0344] If AP1 disagrees with or does not accept STA1's proposed method for resolving STA1's vulnerability to attack, AP1 replies to STA1 with an attack avoidance response frame. This response frame indicates AP1's disagreement with / disapproval of the method carried in the attack avoidance negotiation frame, and may include AP1's proposed method for resolving STA1's vulnerability to attack. In this case, the method for resolving STA1's vulnerability to attack carried in AP1's reply attack avoidance response frame generally prevails.

[0345] Optionally, after receiving the attack avoidance response frame sent by AP1, STA1 may also send an attack avoidance confirmation frame back to AP1. The attack avoidance confirmation frame is used to indicate whether STA1 agrees to / accepts the method proposed by AP1 to resolve the attack on STA1.

[0346] Method 3 (AP1 specifies the method to resolve attacks on STA1):

[0347] In one possible implementation, the first response message carries the solution provided by AP1 to resolve the attack on STA1.

[0348] For example, the following methods can be used to resolve attacks on STA1:

[0349] Method 1: STA1 uses one (or more) new MAC addresses.

[0350] In one possible implementation, STA1 encrypts its new MAC address and sends it to AP1. AP1 then decrypts the encrypted MAC address to obtain STA1's new MAC address. Afterward, STA1 and AP1 use this new MAC address to communicate.

[0351] Method 2: Change the associated identifier AID of STA1.

[0352] In one possible implementation, STA1 sends an AID request to AP1, which requests AP1 to reassign an AID to STA1.

[0353] Since the attacking site cannot know that AP1 reassigned the AID to STA1, the probability of being attacked again is reduced.

[0354] Method 3: STA1 and AP1 switch to different communication channels.

[0355] In one possible implementation, STA1 and AP1 can negotiate to simultaneously switch to a different channel for communication.

[0356] For example, STA1 and AP1 communicate on channel 1. After confirming that STA1 has been attacked, STA1 and AP1 switch to channel 2 to communicate.

[0357] In other words, STA1 and AP1 can communicate by performing one or more channel switches, thereby reducing or lowering the probability of being attacked.

[0358] Method 4: STA1 and AP1 switch to a different communication link.

[0359] In one possible implementation, STA1 and AP1 negotiate to switch the service to another link for communication.

[0360] For example, STA1 and AP1 communicate on channel 1 for the first service. After confirming that STA1 has been attacked, STA1 and AP1 switch to channel 2 to continue communicating on the first service.

[0361] In other words, STA1 and AP1 can perform one or more channel switching to conduct business communication, thereby reducing or decreasing the probability of being attacked.

[0362] Method 5: Add PN and MCS fields to the corresponding control frames for STA1 and AP1.

[0363] For example, AP1 adds PN and MCS fields to the control frame, and then sends the control frame with the added PN and MCS fields to STA1. This can be implemented by referring to the existing method of adding PN and MCS fields to control frames, which will not be detailed here.

[0364] Method 6: STA1 and AP1 negotiate one or more scrambling seeds.

[0365] In one possible implementation, STA1 and AP1 can negotiate a scrambling seed. STA1 then only receives control frames scrambled by AP1 using that scrambling seed. Otherwise, even if STA1 correctly receives AP1's control frames, it does not respond but discards them directly.

[0366] If STA1 and AP1 negotiate only one scrambling seed, then after AP1 uses the scrambling seed to send a message, a third party (or attacker) can obtain the scrambling seed by eavesdropping. In this case, subsequent transmissions of frames with the scrambling seed will no longer be secure. Therefore, STA1 and AP1 can implement one-time pad, that is, each negotiated scrambling seed can only be used once.

[0367] In another possible implementation, STA1 and AP1 can negotiate multiple scrambling seeds, each of which is used once.

[0368] For example, STA1 and AP1 can exchange an encrypted frame carrying 100 scrambling seeds. Subsequently, these 100 scrambling seeds can be applied one-to-one to process 100 control frames (or 100 types of control frames).

[0369] If AP1 fails to send a specific control frame (i.e., STA1 does not receive the specific control frame due to collision or channel fading), then AP1 will not be able to use the scrambling seed used in the failed frame again. At this time, STA1 will not be able to determine which negotiated scrambling seed will be used in the next received specific control frame.

[0370] In another possible implementation, a sliding window can be set up, and STA1 can treat all scrambling seeds belonging to the same sliding window as valid scrambling seeds.

[0371] For example, if STA1 and AP1 negotiate 100 scrambling seeds at once, and the sliding window size is set to 10, then when STA1 first receives a specific control frame, scrambling seeds 1 to 10 are all valid. After STA1 successfully receives a control frame scrambled with the nth scrambling seed, scrambling seeds n+1 to n+10 are all valid; n is a positive integer.

[0372] Alternatively, STA1 and AP1 can continuously generate scrambling seeds for information using preset encryption techniques, with each scrambling seed being used only once. That is, STA1 and AP generate a new scrambling seed for each control frame to be transmitted and perform scrambling processing accordingly.

[0373] Method 7: STA1 and AP1 negotiate one or more padding lengths (or PPDU lengths).

[0374] Similar to the method described above where STA1 and AP1 negotiate the scrambling seed, the main difference in this approach is that STA1 and AP1 negotiate one or more specific padding lengths (or PPDU lengths). After this, STA1 only processes control frames whose padding lengths (or PPDU lengths) conform to the negotiated lengths; control frames that do not conform to the negotiated lengths are discarded.

[0375] STA1 and AP1 can negotiate one or more padding lengths (or PPDU lengths), each padding length (or PPDU length) is used once.

[0376] If STA1 and AP1 have negotiated multiple padding lengths (or PPDU lengths), and AP1 fails to send a specific control frame (i.e., STA1 does not receive the specific control frame due to collision or channel fading), this specific control frame refers to a control frame processed using one of the previously negotiated padding lengths (or PPDU lengths). In this case, AP1 will not be able to reuse the padding length (or PPDU length) used in this specific control frame. However, STA1 may not be able to confirm which negotiated padding length (or PPDU length) AP1 will use for the next control frame to be received.

[0377] To address the aforementioned issues, similar to the scrambling seed processing method described above, a sliding window can be pre-set. For padding lengths (or PPDU lengths) within the same sliding window, STA1 will treat them as valid padding lengths (or PPDU lengths). For details, please refer to the scrambling seed method described above, which will not be elaborated here.

[0378] The methods described above for resolving interference with STA1 are merely examples. In practical applications, there may be more or fewer methods to resolve or avoid the problem, and no specific limitations are imposed.

[0379] In the embodiments of this application, the first response information (an example of the second information in the scheme shown in Figure 4), the attack avoidance negotiation frame (an example of the third information in the scheme shown in Figure 4), the attack avoidance response frame (an example of the fourth information in the scheme shown in Figure 4), and the attack avoidance confirmation frame (an example of the fifth information in the scheme shown in Figure 4) are all encrypted before being transmitted, so as to prevent a third party (or attacker) from obtaining the information negotiated between STA1 and AP1 or the method of resolving the attack on STA1 by receiving these frames.

[0380] In one possible implementation, either the attack avoidance negotiation frame (an example of the third information in the scheme shown in Figure 4 above) or the attack avoidance response frame (an example of the fourth information in the scheme shown in Figure 4 above) can be carried in the protected UHR action field of the action frame; or, the attack avoidance negotiation frame (an example of the third information in the scheme shown in Figure 4 above) and the attack avoidance response frame (an example of the fourth information in the scheme shown in Figure 4 above) can be carried in the protected UHR action field of different action frames respectively.

[0381] For example, in the embodiments of this application, the first request information, the first response information, the attack avoidance negotiation frame, or the attack avoidance response frame can be carried in the action frame (such as the protected UHR action field in the protected UHR action frame).

[0382] The following example illustrates how the first request information, first response information, attack avoidance negotiation frame, or attack avoidance response frame can carry the protected UHR action field in the protected UHR action frame.

[0383] For example, the protected UHR action field may include a type ID field (an example of the third field in the scheme shown in Figure 4 above) and a behavior description information field (an example of the fourth field in the scheme shown in Figure 4 above).

[0384] As shown in Table 5 below, if the value of the Type ID field in the protected UHR action field is 0 (an example of the first value in the scheme shown in Figure 4 above), then the behavior description information field in the protected UHR action field is used to carry the first request information.

[0385] If the value of the type ID field in the protected UHR action field is 1 (an example of the second value in the scheme shown in Figure 4 above), then the behavior description information field in the protected UHR action field is used to carry the first response information.

[0386] If the value of the type ID field in the protected UHR action field is 2 (an example of the third value in the scheme shown in Figure 4 above), then the behavior description information field in the protected UHR action field is used to carry the attack avoidance negotiation frame.

[0387] If the value of the type ID field in the protected UHR action field is 3 (an example of the fourth value in the scheme shown in Figure 4 above), then the behavior description information field in the protected UHR action field is used to carry the attack avoidance response frame.

[0388] Table 5

[0389] Table 5 above is only an example. In practice, the values ​​corresponding to the above information / frames can also take other values, which is not limited in this application.

[0390] S504: STA1 and AP1 implement methods to resolve attacks on STA1.

[0391] That is, STA1 and AP1 perform the method of STA1 and AP1 determining / negotiating a solution to the attack on STA1 as described in S503 above.

[0392] The steps S501 to S504 described above, and their contents, are illustrated using AP1 and STA1 in Figure 3 as examples. For other STAs, the steps corresponding to STA1 can be followed accordingly. Similarly, for other AP1s, the steps corresponding to AP1 can be followed accordingly; these will not be detailed here.

[0393] In Implementation Method 1, if a non-site STA suspects / guesses that it is under attack, it can send a request message to the associated AP to request the AP to confirm whether the STA is under attack (or whether STA1 is under attack). Then, the two can promptly determine or negotiate a solution to the STA being attacked and implement it, so as to effectively avoid or reduce the attack suffered by the STA during transmission. In addition, this method does not require modification of the format of each frame / information to be transmitted, so it is easier to implement and incurs lower overhead.

[0394] Implementation Method Two:

[0395] Compared to Implementation Method 1, Implementation Method 2 differs in that: when STA1 (an example of the first device in the scheme shown in Figure 4) confirms that it has been attacked, it sends a notification message to AP1 (an example of the second device in the scheme shown in Figure 4) to notify the second device that STA1 has been attacked. Referring to Figure 10, the method flow of Implementation Method 2 includes the following steps:

[0396] S1001: STA1 sends a first notification message to AP1 (an example of the first message in the scheme shown in Figure 4 above); correspondingly, AP1 receives the first notification message; wherein, the first notification message is used to indicate that STA1 is under attack.

[0397] In S1001, if STA1 confirms that it has been attacked, it sends a first notification message to AP1. The first notification message is used to indicate or notify AP1 that STA1 has been attacked.

[0398] In one possible implementation, the first notification information includes attack type information, which indicates the type of attack that STA1 is subjected to.

[0399] Optionally, the first notification information may also include parameters corresponding to the type of attack STA1 was subjected to (example of the first parameter in the scheme shown in Figure 4 above).

[0400] In S1001, the attack types and corresponding parameters that STA1 receives can be specifically referred to in the description of the attack types and corresponding parameters that STA1 receives in S501 above, and will not be repeated here. The main difference between S501 and S1001 is that in S501, the attack types that STA1 receives are inferred or guessed by STA1 itself, while in S1001, the attack types that STA1 receives are confirmed by STA1.

[0401] In one possible implementation, the first communication information (an example of the first information in the scheme shown in Figure 4 above) can be carried in, but is not limited to, an action frame or an A-control field. For details, please refer to the method and content carried by the first request information described in S501 above; further details will not be repeated here.

[0402] S1002: AP1 sends a first confirmation message to STA1 (an example of the second message in the scheme shown in Figure 4 above); accordingly, STA1 receives the first confirmation message; wherein, the first confirmation message is used to indicate that AP1 has received the first notification message.

[0403] In one possible implementation, the first confirmation information (an example of the second information in the scheme shown in Figure 4 above) can also be carried in, but is not limited to, an action frame or an A-control field.

[0404] In one possible implementation, the first confirmation information may include attack type information, which indicates the type of attack that STA1 is subjected to.

[0405] Optionally, the first notification information may also include parameters corresponding to the type of attack STA1 was subjected to (example of the second parameter in the scheme shown in Figure 4 above).

[0406] In S1002, the attack type and corresponding parameters (optionally) carried in the first notification information for STA1 can be specifically referred to in the description of the attack type and corresponding parameters (optionally) carried in the first response information for STA1 in S502 above, which will not be repeated here. The main difference between S502 and S1002 is that in S502, the attack type for STA1 is inferred or guessed by STA1 itself, while in S1002, the attack type for STA1 is confirmed by STA1.

[0407] S1003: STA1 and AP1 determine the method to resolve attacks on STA1.

[0408] S1003 can be implemented by referring to the content described in S503 above, and will not be repeated here.

[0409] S1004: STA1 and AP1 execute methods to resolve attacks on STA1.

[0410] S1004 can be implemented by referring to the content described in S504 above, and will not be repeated here.

[0411] The steps S1001 to S1004 described above, and their contents, are illustrated using AP1 and STA1 in Figure 3 as examples. For other STAs, the steps corresponding to STA1 can be followed similarly. Similarly, for other AP1s, the steps corresponding to AP1 can be followed similarly; they will not be detailed here.

[0412] In the second implementation method, if a non-site STA confirms that it has been attacked, it can send a notification message to the associated AP to notify or indicate that the STA has been attacked. In this way, the two can promptly determine or negotiate a solution to the attack on the STA and implement it, so as to effectively avoid or reduce the attack suffered by the STA during transmission. In addition, this method does not require modification of the format of each frame / information to be transmitted, so it is easier to implement and generates lower overhead.

[0413] Regarding the above-described implementation methods one and two, it should be noted that:

[0414] (1) The above-mentioned implementation method one and implementation method two can be implemented separately or in combination, and no specific limitation is made in this regard.

[0415] (2) The above focuses on describing the differences between Implementation Method 1 and Implementation Method 2. Apart from the differences, Implementation Method 1 and Implementation Method 2 can be referred to each other.

[0416] (3) The step numbers of the flowcharts described in Embodiment 1 and Embodiment 2 above are merely examples of the execution flow and do not constitute a restriction on the order of execution of the steps. There are no temporal dependencies between the steps in the various implementations of this application, and there is no strict execution order between them. In addition, not all the steps shown in the flowcharts are mandatory steps, and some steps can be added or deleted based on the actual needs of each flowchart.

[0417] In the embodiments provided above, the methods provided by the embodiments of this application are described from the perspective of interaction between various devices. To implement the functions of the methods provided in the embodiments or implementations of this application above, the first device or the second device may include hardware structures and / or software modules, implementing the above functions in the form of hardware structures, software modules, or a combination of hardware structures and software modules. Whether a particular function is executed in the form of hardware structures, software modules, or a combination of hardware structures and software modules depends on the specific application and design constraints of the technical solution.

[0418] The module division in this embodiment is illustrative and represents only one logical functional division; in actual implementation, other division methods may be used. Furthermore, the functional modules in the various embodiments or implementations of this application can be integrated into a single processor, exist as separate physical entities, or be integrated into a single module. The integrated modules described above can be implemented in hardware or as software functional modules.

[0419] Similar to the above concept, as shown in FIG11, this application embodiment also provides a communication device 1100 for implementing the functions of the first device or the second device in the above method. For example, the communication device 1100 can be a software module or a chip system. In this application embodiment, the chip system can be composed of chips or can include chips and other discrete devices. The communication device 1100 may include: a communication unit 1101 and a processing unit 1102.

[0420] In this embodiment, the communication unit 1101, also known as the transceiver unit, may include a sending unit and / or a receiving unit, respectively used to perform the sending and receiving steps of the first device or the second device in the above method embodiments. The processing unit 1102 may be used to read instructions and / or data from the storage module so that the communication device 1100 implements the aforementioned method embodiments.

[0421] Optionally, the communication device 1100 may further include a storage unit 1103, which is equivalent to a storage module and can be used to store instructions and / or data.

[0422] The communication device provided in the embodiments of this application will be described in detail below with reference to Figures 11 and 12. It should be understood that the description of the device embodiments corresponds to the description of the method embodiments. Therefore, the contents not described in detail can be implemented by referring to the manner shown in Figures 4 and 5 above and Figure 10. For the sake of brevity, they will not be repeated here.

[0423] The communication unit 1101 can also be referred to as a transceiver, transceiver, or transceiver device. The processing unit can also be referred to as a processor, processing board, processing module, or processing device. Optionally, the device in the communication unit 1101 used to implement the receiving function can be considered as a receiving unit, and the device in the communication unit 1101 used to implement the transmitting function can be considered as a transmitting unit; that is, the communication unit 1101 includes both a receiving unit and a transmitting unit. The communication unit can sometimes also be referred to as a transceiver, transceiver circuit, or transceiver unit. The receiving unit can sometimes be referred to as a receiver, receiver, or receiving circuit. The transmitting unit can sometimes be referred to as a transmitter, transmitter, or transmitting circuit.

[0424] When the communication device 1100 is applied to the first device in the process shown in Figure 4 of the above embodiment:

[0425] The communication unit 1101 is used to send first information to the second device, the first information being used to indicate that the first device is under attack;

[0426] The communication unit 1101 is also used to receive second information from the second device, the second information being used to respond to the first information.

[0427] The processing unit 1102 is used to process data and / or information, etc.

[0428] When the communication device 1100 is applied to the second device in the process shown in Figure 4 of the above embodiment:

[0429] The communication unit 1101 is used to receive first information sent from the first device, the first information being used to indicate that the first device is under attack;

[0430] The communication unit 1101 is also used to send second information to the first device, the second information being used to respond to the first information.

[0431] The processing unit 1102 is used to process data and / or information, etc.

[0432] The above are just examples. Processing unit 1102 and communication unit 1101 can also perform other functions. For a more detailed description, please refer to the relevant descriptions in the method embodiments shown in Figures 4 and 5 and Figure 10. They will not be repeated here.

[0433] Figure 12 shows a communication device 1200 provided in an embodiment of this application. The communication device shown in Figure 12 can be a hardware circuit implementation of the communication device shown in Figure 11. This communication device 1200 can be applied to the flowcharts shown above to perform the functions of the first device or the second device in the above method embodiments. For ease of explanation, Figure 12 only shows the main components of the communication device.

[0434] As shown in Figure 12, the communication device 1200 includes a communication interface 1201 and a processor 1202. The communication interface 1201 and the processor 1202 are coupled to each other. It is understood that the communication interface 1201 can be a transceiver or an input / output interface, or an interface circuit such as a transceiver circuit. Optionally, the communication device 1200 may further include a memory 1203 for storing instructions executed by the processor 1202, or storing input data required by the processor 1202 to execute instructions, or storing data generated after the processor 1202 executes instructions.

[0435] When the communication device 1200 is used to implement the methods shown in FIG4, FIG5 and FIG10, the communication interface 1201 is used to implement the functions of the communication unit 1101, and the processor 1202 is used to implement the functions of the processing unit 1102.

[0436] This embodiment does not limit the specific connection medium between the communication interface 1201, processor 1202, and memory 1203. In Figure 12, the memory 1203, processor 1202, and communication interface 1201 are connected via a communication bus 1204, which is represented by a thick line. The connection methods between other components are merely illustrative and not intended to be limiting. The communication bus 1204 can be divided into an address bus, data bus, control bus, etc. For ease of illustration, only one thick line is used in Figure 12, but this does not indicate that there is only one bus or one type of bus.

[0437] When the aforementioned communication device is a chip, Figure 13 shows a simplified schematic diagram of the chip's device structure. The chip 1300 includes an interface circuit 1301 and one or more processors 1302. Optionally, the chip 1300 may also include a bus. Wherein:

[0438] Processor 1302 may be an integrated circuit chip with signal processing capabilities. In implementation, each step of the method for determining the service node information described above can be completed by the integrated logic circuitry in the hardware of processor 1302 or by instructions in software form. Processor 1302 may be a general-purpose processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components. It can implement or execute the methods and steps disclosed in the embodiments of this application. The general-purpose processor may be a microprocessor or any conventional processor.

[0439] The interface circuit 1301 can be used to send or receive data, instructions or information. The processor 1302 can use the data, instructions or other information received by the interface circuit 1301 to process the data, instructions or other information, and can send the processed information out through the interface circuit 1301.

[0440] Optionally, chip 1300 also includes memory 1303, which may include read-only memory and random access memory, and provides operation instructions and data to the processor. A portion of memory 1303 may also include non-volatile random access memory (NVRAM).

[0441] Optionally, the memory stores executable software modules or data structures, and the processor can execute corresponding operations by calling the operation instructions stored in the memory (which may be stored in the operating system).

[0442] Optionally, the chip can be used in the first or second device involved in the embodiments of this application. Optionally, the interface circuit 1301 can be used to output the execution result of the processor 1302. For the communication methods provided by one or more embodiments of this application, please refer to the foregoing embodiments, which will not be repeated here.

[0443] It should be noted that the functions of the interface circuit 1301 and the processor 1302 can be implemented through hardware design, software design, or a combination of hardware and software; no restrictions are imposed here.

[0444] This application also provides a computer-readable storage medium storing computer instructions for implementing the methods executed by the first device or the second device in the above method embodiments.

[0445] For example, when the computer program is executed by a computer, it enables the computer to implement the method performed by the first device or the second device in the above method embodiments.

[0446] This application also provides a computer program product containing instructions that, when executed by a computer, cause the computer to perform the method described in the above method embodiments, executed by the first device or the second device.

[0447] This application also provides a chip, including a processor, for calling computer programs or computer instructions stored in the memory, so that the processor executes the communication method of the implementation shown in FIG4, FIG5 and FIG10.

[0448] In one possible implementation, the input of the chip corresponds to the receiving operation in the implementations shown in Figures 4, 5 and 10 above, and the output of the chip corresponds to the transmitting operation in the implementations shown in Figures 4, 5 and 10 above.

[0449] Optionally, the processor is coupled to the memory via an interface.

[0450] Optionally, the chip also includes a memory that stores computer programs or computer instructions.

[0451] The processor mentioned above can be a general-purpose central processing unit, a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits used to control the execution of a program for a communication method that controls the implementation shown in Figures 4, 5, and 10. The memory mentioned above can be read-only memory (ROM) or other types of static storage devices capable of storing static information and instructions, such as random access memory (RAM).

[0452] It should be noted that, for the sake of convenience and brevity, the explanations and beneficial effects of the relevant content in any of the communication devices provided above can be referred to the corresponding service node information determination method embodiments provided above, and will not be repeated here.

[0453] In this application, the communication devices may further include a hardware layer, an operating system layer running on top of the hardware layer, and an application layer running on the operating system layer. The hardware layer may include hardware such as a central processing unit (CPU), a memory management unit (MMU), and memory (also known as main memory). The operating system layer may be any one or more computer operating systems that implement business processing through processes, such as Linux, Unix, Android, iOS, or Windows. The application layer may include applications such as browsers, address books, word processing software, and instant messaging software.

[0454] The module division in this embodiment is illustrative and represents only one logical functional division. In actual implementation, other division methods may be used. Furthermore, the functional modules in each embodiment of this application can be integrated into a single processor, exist as separate physical entities, or be integrated into a single module. The integrated modules described above can be implemented in hardware or as software functional modules.

[0455] Through the above description of the embodiments, those skilled in the art will clearly understand that the embodiments of this application can be implemented in hardware, firmware, or a combination thereof. When implemented in software, the above functions can be stored in a computer-readable medium or transmitted as one or more instructions or code on a computer-readable medium. Computer-readable media include computer storage media and communication media, wherein communication media include any medium that facilitates the transfer of a computer program from one place to another. Storage media can be any available medium accessible to a computer. For example, but not limited to, computer-readable media can include RAM, ROM, electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, magnetic disk storage media, or other magnetic storage devices, or any other medium capable of carrying or storing desired program code in the form of instructions or data structures and accessible to a computer. Furthermore, any connection can suitably be a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of the medium. As used in embodiments of this application, disks and discs include compact discs (CDs), laser discs, optical discs, digital video discs (DVDs), floppy disks, and Blu-ray discs, wherein disks typically magnetically copy data, while discs optically copy data using lasers. The combinations above should also be included within the scope of protection for computer-readable media.

[0456] In summary, the above descriptions are merely embodiments of this application and are not intended to limit the scope of protection of this application. Any modifications, equivalent substitutions, improvements, etc., made based on the disclosure of this application should be included within the scope of protection of this application.

Claims

1. A communication method, characterized in that, The method includes: Send a first message, the first message being used to indicate that the first device is under attack; Receive a second message, which is used in response to the first message.

2. The method according to claim 1, characterized in that, The first information is used to indicate that the first device has been attacked, including: the first information is used to indicate that the first device has confirmed that the first device has been attacked; The second information is used in response to the first information, including: the second information is used to confirm that the first information has been successfully received.

3. The method according to claim 1, characterized in that, The first information is used to indicate that the first device is under attack, including: the first information is used to indicate that the first device suspects that the first device is under attack; The second information is used in response to the first information, including: the second information is used to confirm that the first device has been attacked, or to confirm that the first device has not been attacked.

4. The method according to any one of claims 1-3, characterized in that, The first information includes first attack type information, which is used to indicate the type of attack the first device is subjected to.

5. The method according to any one of claims 1-4, characterized in that, The first information also includes a first parameter corresponding to the attack type; The attack type is that the first device receives redundant control frames, and the first parameter includes at least one of the following: control frame type information, time information of the first device receiving the control frame, or number of times the first device receives the control frame; or... The attack type is that the first device receives a fake request block acknowledgment frame, and the first parameter includes the start sequence number (SSN) information of the request block acknowledgment frame; or, The attack type is that the first device receives a fake trigger frame, and the first parameter includes at least one of the following: the time information of the first device receiving the trigger frame, the number of times the first device receives the trigger frame, or the length information of the trigger frame; or... The attack type is that the first device receives a fake first frame. The first parameter includes at least one of the following: the time information of the first device receiving the first frame, the number of times the first device receives the first frame, or the SSN information of the first frame. The first frame is a trigger frame, a data frame, or a block acknowledgment frame. or, The attack type is the loss of data to be received by the first device, and the first parameter includes the amount of data lost by the first device and / or the time information of the data loss by the first device. or, The attack type is a denial-of-service attack on the first device, and the first parameter includes the time information of the denial-of-service attack on the first device and / or the number of times the first device has been subjected to a denial-of-service attack.

6. The method according to claim 3, characterized in that, The second information includes first indication information, which is used to confirm that the first device has been attacked, or to confirm that the first device has not been attacked.

7. The method according to claim 3 or 6, characterized in that, The second information is used to confirm that the first device has been attacked. The second information includes second attack type information, which is used to indicate the type of attack that the first device has been attacked.

8. The method according to claim 7, characterized in that, The second information also includes a second parameter corresponding to the attack type; The attack type is that the first device receives redundant control frames, and the second parameter includes at least one of the following: the type information of the control frames sent by the second device, the time information of the control frames sent by the second device, or the number of times the second device sends control frames; or... The attack type is that the first device receives a fake request block acknowledgment frame, and the second parameter includes the SSN information of the request block acknowledgment frame sent by the second device; or, The attack type is that the first device receives a fake trigger frame, and the second parameter includes at least one of the following: the time information of the second device sending the trigger frame, the number of times the second device sends the trigger frame, or the frame length information of the trigger frame sent by the second device; or, The attack type is that the first device receives a fake first frame, and the second parameter includes at least one of the following: the time information of the second device sending the first frame, the number of times the second device sends the first frame, or the SSN information of the first frame sent by the second device. The first frame is a trigger frame, a data frame, or a block acknowledgment frame; or... The attack type is the loss of data to be received by the first device, and the second parameter includes the amount of data sent by the second device and / or the time information of the second device sending the data; or... The attack type is a denial-of-service attack on the first device, and the second parameter includes the time information of the second device sending frames to occupy the channel.

9. The method according to any one of claims 1-8, characterized in that, The method further includes: Based on the type of attack the first device suffers, determine the method to resolve the attack on the first device; or, Send a third message, which suggests a negotiated solution to the attack on the first device; receive a fourth message, which is a response to the third message; or... The second information includes methods for resolving attacks on the first device.

10. The method according to claim 9, characterized in that, The third information includes a method for resolving the attack on the first device, and the fourth information is used to instruct the second device to accept the method for resolving the attack on the first device indicated by the third information; or... The third information includes multiple ways to resolve attacks on the first device, and the fourth information is used to indicate the method accepted by the second device among the multiple methods.

11. The method according to claim 9 or 10, characterized in that, The first information, the second information, the third information, or the fourth information are carried in the action frame.

12. The method according to any one of claims 1-10, characterized in that, The first information or the second information is carried in the first sub-control field of the HE type control field of the first frame, where the first frame is a data frame, an empty data frame, or a management frame, and the first identifier field in the first sub-control field takes the fifth value.

13. A communication method, characterized in that, The method includes: Receive first information, the first information being used to indicate that the first device is under attack; Send a second message, which is used in response to the first message.

14. The method according to claim 13, characterized in that, The first information is used to indicate that the first device has been attacked, including: the first information is used to indicate that the first device has confirmed that the first device has been attacked; The second information is used in response to the first information, including: the second information is used to confirm that the first information has been successfully received.

15. The method according to claim 13, characterized in that, The first information is used to indicate that the first device is under attack, including: the first information is used to indicate that the first device suspects that the first device is under attack; The second information is used in response to the first information, including: the second information is used to confirm that the first device has been attacked, or to confirm that the first device has not been attacked.

16. The method according to any one of claims 13-15, characterized in that, The first information includes first attack type information, which is used to indicate the type of attack the first device is subjected to.

17. The method according to any one of claims 13-16, characterized in that, The first information also includes a first parameter corresponding to the attack type; The attack type is that the first device receives redundant control frames, and the first parameter includes at least one of the following: control frame type information, time information of the first device receiving the control frame, or number of times the first device receives the control frame; or... The attack type is that the first device receives a fake request block acknowledgment frame, and the first parameter includes the start sequence number (SSN) information of the request block acknowledgment frame; or, The attack type is that the first device receives a fake trigger frame, and the first parameter includes at least one of the following: the time information of the first device receiving the trigger frame, the number of times the first device receives the trigger frame, or the length information of the trigger frame; or... The attack type is that the first device receives a fake first frame. The first parameter includes at least one of the following: the time information of the first device receiving the first frame, the number of times the first device receives the first frame, or the SSN information of the first frame. The first frame is a trigger frame, a data frame, or a block acknowledgment frame. or, The attack type is the loss of data to be received by the first device, and the first parameter includes the amount of data lost by the first device and / or the time information of the data loss by the first device. or, The attack type is a denial-of-service attack on the first device, and the first parameter includes the time information of the denial-of-service attack on the first device and / or the number of times the first device has been subjected to a denial-of-service attack.

18. The method according to claim 15, characterized in that, The second information includes first indication information, which is used to confirm that the first device has been attacked, or to confirm that the first device has not been attacked.

19. The method according to claim 15 or 18, characterized in that, The second information is used to confirm that the first device has been attacked. The second information includes second attack type information, which is used to indicate the type of attack that the first device has been attacked.

20. The method according to claim 19, characterized in that, The second information also includes a second parameter corresponding to the attack type; The attack type is that the first device receives redundant control frames, and the second parameter includes at least one of the following: the type information of the control frames sent by the second device, the time information of the control frames sent by the second device, or the number of times the second device sends control frames; or... The attack type is that the first device receives a fake request block acknowledgment frame, and the second parameter includes the SSN information of the request block acknowledgment frame sent by the second device; or, The attack type is that the first device receives a fake trigger frame, and the second parameter includes at least one of the following: the time information of the second device sending the trigger frame, the number of times the second device sends the trigger frame, or the frame length information of the trigger frame sent by the second device; or, The attack type is that the first device receives a fake first frame, and the second parameter includes at least one of the following: the time information of the second device sending the first frame, the number of times the second device sends the first frame, or the SSN information of the first frame sent by the second device. The first frame is a trigger frame, a data frame, or a block acknowledgment frame; or... The attack type is the loss of data to be received by the first device, and the second parameter includes the amount of data sent by the second device and / or the time information of the second device sending the data; or... The attack type is a denial-of-service attack on the first device, and the second parameter includes the time information of the second device sending frames to occupy the channel.

21. The method according to any one of claims 13-20, characterized in that, The method further includes: Based on the type of attack the first device suffers, determine the method to resolve the attack on the first device; or Receive third information, which is used to suggest a negotiated solution to the attack on the first device; send fourth information, which is used to respond to the third information; or The second information includes methods for resolving attacks on the first device.

22. The method according to claim 21, characterized in that, The third information includes a method for resolving the attack on the first device, and the fourth information is used to instruct the second device to accept the method for resolving the attack on the first device indicated by the third information; or... The third information includes multiple ways to resolve attacks on the first device, and the fourth information is used to indicate the method accepted by the second device among the multiple methods.

23. The method according to claim 21 or 22, characterized in that, The first information, the second information, the third information, or the fourth information are carried in the action frame.

24. The method according to any one of claims 13-22, characterized in that, The first information or the second information is carried in the first sub-control field of the HE type control field of the first frame, where the first frame is a data frame, an empty data frame, or a management frame, and the first identifier field in the first sub-control field takes the fifth value.

25. A communication device, characterized in that, It includes units or modules for performing the method as described in any one of claims 1 to 12, or units or modules for performing the method as described in any one of claims 13 to 24.

26. A communication device, characterized in that, It includes a processor and a memory, the memory being used to store program instructions, the processor, when executing the program instructions, causing the method as described in any one of claims 1 to 12 to be performed, or the processor, when executing the program instructions, causing the method as described in any one of claims 13 to 24 to be performed.

27. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer-readable program or instructions that, when executed on a communication device, cause the method as described in any one of claims 1 to 12 to be performed, or cause the method as described in any one of claims 13 to 24 to be performed.

28. A computer program product, characterized in that, The computer program product includes a computer program or instructions that, when executed on a computer, cause the computer to perform the method as claimed in any one of claims 1 to 12, or cause the computer to perform the method as claimed in any one of claims 13 to 24.

29. A chip, characterized in that, The chip is used to read and execute computer programs or instructions in a memory to implement the method as described in any one of claims 1 to 24.