Search

CN-122002277-A - Communication method and device

CN122002277ACN 122002277 ACN122002277 ACN 122002277ACN-122002277-A

Abstract

A communication method and a device relate to the technical field of communication, and can reduce the complexity of an access process, shorten the access time and improve the communication performance when a terminal device roams from a first device to a second device. The method comprises the steps that under the condition that an uplink and downlink encryption function of the whole network is started, first equipment sends first information to main access equipment, the first information comprises encrypted paired temporary secret keys PTK, the PTK is obtained by interaction between the first equipment and terminal equipment, the main access equipment sends second information to one or more second equipment associated with the main access equipment according to the first information, the second information comprises the encrypted PTK, and the second equipment is optical fibers associated with the main access equipment and other FTTR equipment except the first equipment in a room FTTR.

Inventors

  • SUN YANBIN
  • Chen Yunman
  • NIE HAI

Assignees

  • 华为技术有限公司

Dates

Publication Date
20260508
Application Date
20250109
Priority Date
20241104

Claims (20)

  1. 1. A method of communication, comprising: Receiving first information from first equipment under the condition that an uplink and downlink encryption function of the whole network is started, wherein the first information comprises encrypted paired temporary secret keys PTKs, and the PTKs are obtained by interaction between the first equipment and terminal equipment; And respectively sending second information to one or more second devices associated with the main access device according to the first information, wherein the second information comprises the encrypted PTK, and the second devices are other FTTR devices except the first device in the optical fiber-to-room FTTR device associated with the main access device.
  2. 2. The method of claim 1, wherein the step of determining the position of the substrate comprises, The first information further comprises one or more of a virtual access point, AP, identity in the first device, a media access control, MAC, address, frame type, frame content, frame length, or key length of the terminal device.
  3. 3. A method according to claim 1 or 2, characterized in that, Decrypting the first information to obtain the PTK; And encrypting the PTK based on an encryption mechanism to obtain the second information.
  4. 4. A method according to any one of claim 1 to 3, wherein, The second information may further include one or more of a virtual AP identification in the second device, a MAC address of the terminal device, a frame type, identification information of the terminal device, a frame content, a frame length, or a key length.
  5. 5. The method according to any one of claims 1-4, further comprising: And receiving third information from the one or more second devices, wherein the third information is used for indicating that the PTK is received.
  6. 6. The method according to any one of claims 1 to 5, wherein, And retransmitting the second information if third information from one or more second devices is not received, wherein the third information is used for indicating that the PTK is received.
  7. 7. The method of any of claims 1-6, wherein prior to the receiving the first information from the first device, the method further comprises: determining a first state of an uplink and downlink encryption function of the whole network, wherein the first state is an open state or an unopened state; And under the condition that the first state is an unopened state, starting the whole network uplink and downlink encryption function.
  8. 8. The method of claim 7, wherein in the event that the first state is an unopened state, the method further comprises: And closing the whole network uplink and downlink encryption function under the condition that third information from the one or more second devices is received.
  9. 9. The method according to any one of claims 1-8, further comprising: And sending fourth information to the first equipment, wherein the fourth information is used for indicating that the first information is received.
  10. 10. A method of communication, comprising: Obtaining a pair of temporary secret keys PTK, wherein the PTK is obtained by interaction between the first equipment and the terminal equipment; and sending first information to the main access equipment, wherein the first information comprises the encrypted PTK.
  11. 11. The method of claim 10, wherein the sending the first information to the master access device comprises: encrypting the PTK based on an encryption mechanism to obtain the first information; and sending the first information to the main access equipment.
  12. 12. The method according to claim 10 or 11, characterized in that the method further comprises: and receiving fourth information from the main access equipment, wherein the fourth information is used for indicating that the first information is received.
  13. 13. A method of communication, comprising: Receiving second information from a main access device, wherein the second information comprises encrypted paired temporary secret keys PTKs, and the PTKs are obtained by interaction between a first device and a terminal device; And decrypting the second information to obtain the PTK.
  14. 14. The method of claim 13, wherein the method further comprises: and sending third information to the main access equipment, wherein the third information is used for indicating that the PTK is received.
  15. 15. The method according to claim 13 or 14, wherein said decrypting the second information results in the PTK comprising: and decrypting the second information based on an encryption mechanism to obtain the PTK.
  16. 16. The method according to any one of claims 13-15, further comprising: receiving first association request information from the terminal equipment, wherein the first association request information is used for requesting to access a second equipment; Transmitting first association response information to the terminal equipment under the condition that the terminal equipment is determined to be accessed to a network corresponding to the second equipment, wherein the first association response information is used for indicating the terminal equipment to be accessed to the second equipment; And communicating with the terminal equipment according to the PTK.
  17. 17. A method of communication, comprising: Receiving first information from first equipment under the condition that an uplink and downlink encryption function of the whole network is started, wherein the first information comprises encrypted paired temporary secret keys PTKs, and the PTKs are obtained by interaction between the first equipment and terminal equipment; And communicating with the terminal equipment according to the first information.
  18. 18. The method of claim 17, wherein said communicating with said terminal device based on said first information comprises: receiving second association request information from the terminal equipment, wherein the second association request information is used for requesting to access the main access equipment; Transmitting second association response information to the terminal equipment under the condition that the terminal equipment is determined to be accessed to the network corresponding to the main access equipment, wherein the second association response information is used for indicating the terminal equipment to be accessed to the main access equipment; And communicating with the terminal equipment according to the PTK.
  19. 19. A method of communication, comprising: when terminal equipment roams from associated first equipment to target equipment, sending association request information to the target equipment, wherein the association request information is used for requesting to access the target equipment; Receiving association response information from the target equipment, wherein the association response information is used for indicating the terminal equipment to access the target equipment; and communicating with the target equipment according to the pair temporary secret key PTK, wherein the PTK is obtained by interaction between the first equipment and the terminal equipment.
  20. 20. The method of claim 19, wherein the step of determining the position of the probe comprises, The target equipment is the main access equipment, or The target device is a second device that is another FTTR device of the fiber-to-room FTTR devices associated with the primary access device, in addition to the first device.

Description

Communication method and device The present application claims priority from the national intellectual property agency, application number 202411569887.6, chinese patent application entitled "communication method and apparatus" filed 11/04 of 2024, the entire contents of which are incorporated herein by reference. Technical Field The present application relates to the field of communications technologies, and in particular, to a communications method and apparatus. Background In a communication system, an optical fiber-to-room (fiber to the room, FTTR) device and a terminal device need to undergo three stages of scanning (scan), authentication (authentication), association (association) to perform data transmission. When the network is in an encrypted mode, an extended authentication protocol (extensible authentication protocol over LAN, EAPoL) four-way handshake based on a local area network (local area network, LAN) is also required to perform access authentication through the EAPoL four-way handshake. The pairwise temporary key (PAIRWISE TRANSIENT KEY, PTK) may be securely negotiated and exchanged through a four-way handshake procedure between FTTR devices and terminal devices. After the four-way handshake is completed, the subsequent frame propagation may proceed in an encrypted manner. As shown above, the access process between FTTR devices and terminal devices has more steps and takes longer time, and the long access time can be obviously perceived under the condition of packet loss retransmission. When the terminal device roams from one FTTR device to another FTTR device in the same network, the access process needs to be re-executed, which results in complicated access process, long time consumption and influence on communication performance. Disclosure of Invention The application provides a communication method and a communication device, which can reduce the complexity of an access process, shorten the access time and improve the communication performance when terminal equipment roams from first equipment to second equipment or main access equipment of the same network. In a first aspect, the present application provides a communication method, which may be performed by a master access device, where the "master access device" in the present application may refer to the master access device itself, a component (e.g., a processor, a chip, or a system-on-chip) in the master access device, or a logic module or software that can implement all or part of the functions of the master access device, unless otherwise specified. The method comprises the steps of receiving first information from first equipment under the condition that an uplink and downlink encryption function of the whole network is started, wherein the first information comprises encrypted paired temporary secret keys PTK, the PTK is obtained by interaction between the first equipment and terminal equipment, sending second information to one or more second equipment associated with main access equipment according to the first information, the second information comprises the encrypted PTK, and the second equipment is optical fibers associated with the main access equipment to other FTTR equipment except the first equipment in room FTTR equipment. Based on the first aspect, the main access device can acquire the PTK interacted by the first device and the terminal device, and synchronize the PTK with other FTTR devices (namely the second device) except the first device in FTTR devices associated with the main access device, so that full network synchronization of the PTK is realized, when the terminal device roams from the first device to the second device, as the second device acquires the PTK corresponding to the terminal device in the synchronization process, scanning, authentication, association and four-way handshake are not needed again, the complexity of the access process can be reduced, the access duration is shortened, and the communication performance is improved. In addition, the PTK synchronization process is performed under the condition that the uplink and downlink encryption function of the whole network is started, and the communication security performance can be improved through an encryption mechanism. In a possible design, the first information further comprises one or more of a virtual Access Point (AP) identification in the first device, a Media Access Control (MAC) address of the terminal device, a frame type, a frame content, a frame length, or a key length. Based on the possible design, the first information can also carry one or more parameters, so as to improve communication performance. In one possible design, the first information is decrypted to obtain the PTK, and the PTK is encrypted based on an encryption mechanism to obtain the second information. The encryption mechanism may be a link layer encryption mechanism, that is, the PTK is encrypted based on the link layer encryption mechanism to obtain the secon