Search

CN-122028042-A - Safety protection method and device

CN122028042ACN 122028042 ACN122028042 ACN 122028042ACN-122028042-A

Abstract

The application provides a security protection method and a security protection device, wherein the method comprises the steps that a broadcasting end sends a broadcasting frame, the broadcasting frame comprises security capability information of the broadcasting end, a response end receives the broadcasting frame, a password algorithm is selected according to the security capability information and is sent to the broadcasting end through the response frame, the broadcasting end and the response end generate the same shared secret key and a deduction secret key according to the selected password algorithm, and the broadcasting end and the response end can use the shared secret key and the deduction secret key to conduct security protection on signals and data. The method solves the problem that communication and data interaction are not safely protected in a connectionless communication scene, and the privacy safety of users is protected. The application supports IEEE protocols such as IEEE 802.11be/Wi-Fi 7/EHT protocol, IEEE 802.11bn/UHR/Wi-Fi 8 protocol, IEEE INTEGRATED MMWAVE/integrated millimeter wave/IMMW protocol, IEEE 802.15/UWB protocol or IEEE 802.11bf/sensing protocol, and the application can also support star flash/SPARK LINK/nearlink/Bluetooth standard protocol.

Inventors

  • WANG YONG
  • LI DEJIAN

Assignees

  • 华为技术有限公司

Dates

Publication Date
20260512
Application Date
20241112

Claims (20)

  1. 1. A security protection method applied to a broadcasting end, the method comprising: Transmitting a broadcast frame, wherein the broadcast frame comprises first information, and the first information is used for indicating security capability supported by the broadcast end; receiving a response frame from a response end, wherein the response frame comprises second information and a second public key, the second information is used for indicating a cryptographic algorithm selected by the response end according to the first information, and the second public key is the public key of the response end; Generating a first public key according to the second information and the first private key, wherein the first private key is the private key of the broadcasting terminal; sending the first public key to the response end; generating a first shared secret key according to the second information, the first private key and the second public key; and using the first shared secret key to secure the session between the broadcasting end and the responding end.
  2. 2. The method of claim 1, wherein the session is connectionless communications, comprising at least one of: connectionless measurement and connectionless bus access; The connectionless measurement is communication of measurement between the broadcasting end and the response end under the connectionless condition; The connectionless bus access is communication of the response access bus under connectionless conditions.
  3. 3. The method according to claim 1 or 2, wherein securing the session between the broadcast end and the response end using the first shared key comprises: scrambling the signal transmitted from the broadcasting end to the responding end by using the first shared key or the deduction key of the first shared key, or And descrambling the signal received by the broadcasting end from the responding end by using the first shared key or the deduction key of the first shared key.
  4. 4. The method according to claim 1 or 2, wherein securing the session between the broadcast end and the response end using the first shared key comprises: using the first shared key or the deduction key of the first shared key to perform at least one of encryption, integrity protection, or And using the first shared key or the deduction key of the first shared key to perform at least one of decryption and integrity verification on the data received by the broadcasting end from the responding end.
  5. 5. The method according to claim 1 or 2, wherein the first information comprises at least one of: Key agreement algorithm capability, encryption algorithm capability, integrity protection algorithm capability, authentication encryption algorithm capability, key derivation function capability; the key negotiation algorithm capability is used for indicating one or more key negotiation algorithms supported by the broadcasting end; the encryption algorithm capability is used for indicating one or more encryption algorithms supported by the broadcasting end; the integrity protection algorithm capability is used for indicating one or more integrity protection algorithms supported by the broadcasting end; the authentication encryption algorithm capability is used for indicating one or more authentication encryption algorithms supported by the broadcasting end; The key derivation function capability is used to indicate one or more key derivation functions supported by the broadcasting end.
  6. 6. The method according to claim 1 or 2, wherein the second information comprises at least one of: Key agreement algorithm indication, encryption algorithm indication, integrity protection algorithm indication, authentication encryption algorithm indication, and key derivation function indication; Wherein the key negotiation algorithm indicates a key negotiation algorithm for indicating the response end selection; the encryption algorithm indication is used for indicating an encryption algorithm selected by the response end; the integrity protection algorithm indicates an integrity protection algorithm for indicating the selection of the response end; The authentication encryption algorithm indicates an authentication encryption algorithm used for indicating the selection of the response end; the key derivation function indicates a key derivation function selected by the responder.
  7. 7. The method of claim 1 or 2, wherein the broadcast frame further comprises a first random number, The first random number is used to generate a derived key of the first shared key.
  8. 8. The method of claim 1 or 2, wherein the response frame further comprises a second random number, The second random number is used to generate a derived key of the first shared key.
  9. 9. A security protection method applied to a response end, the method comprising: receiving a broadcast frame from a broadcasting end, wherein the broadcast frame comprises first information used for indicating security capability supported by the broadcasting end; generating second information according to the first information, wherein the second information is used for indicating a cryptographic algorithm selected by the response end; generating a second public key according to the second information and a second private key, wherein the second private key is the private key of the response end; transmitting a response frame to the broadcasting terminal, wherein the response frame comprises the second information and the second public key; receiving a first public key from the broadcasting end; generating a second shared key according to the second information, the second private key and the first public key; and using the second shared secret key to secure the session between the response end and the broadcasting end.
  10. 10. The method of claim 9, wherein the session is connectionless communications, the connectionless communications comprising at least one of: connectionless measurement and connectionless bus access; The connectionless measurement is communication of measurement between the broadcasting end and the response end under the connectionless condition; The connectionless bus access is communication of the response access bus under connectionless conditions.
  11. 11. The method according to claim 9 or 10, wherein securing the session between the responder and the broadcaster using the second shared key comprises: Scrambling the signal transmitted from the response end to the broadcasting end by using the second shared key or the deduction key of the second shared key, or And descrambling the signal received by the response end from the broadcasting end by using the second shared key or the deduction key of the second shared key.
  12. 12. The method according to claim 9 or 10, wherein securing the session between the responder and the broadcaster using the second shared key comprises: using the second shared key or the deduction key of the second shared key to perform at least one of encryption, integrity protection, or And using the second shared key or a deduction key of the second shared key to perform at least one of decryption and integrity verification on the data received from the broadcasting end by the response end.
  13. 13. The method according to claim 9 or 10, wherein the first information comprises at least one of: Key agreement algorithm capability, encryption algorithm capability, integrity protection algorithm capability, authentication encryption algorithm capability, key derivation function capability; the key negotiation algorithm capability is used for indicating one or more key negotiation algorithms supported by the broadcasting end; the encryption algorithm capability is used for indicating one or more encryption algorithms supported by the broadcasting end; the integrity protection algorithm capability is used for indicating one or more integrity protection algorithms supported by the broadcasting end; the authentication encryption algorithm capability is used for indicating one or more authentication encryption algorithms supported by the broadcasting end; The key derivation function capability is used to indicate one or more key derivation functions supported by the broadcasting end.
  14. 14. The method according to claim 9 or 10, wherein the second information comprises at least one of: Key agreement algorithm indication, encryption algorithm indication, integrity protection algorithm indication, authentication encryption algorithm indication, and key derivation function indication; the key negotiation algorithm indicates a key negotiation algorithm for indicating the selection of the response end; the encryption algorithm indication is used for indicating an encryption algorithm selected by the response end; the integrity protection algorithm indicates an integrity protection algorithm for indicating the selection of the response end; The authentication encryption algorithm indicates an authentication encryption algorithm used for indicating the selection of the response end; the key derivation function indicates a key derivation function selected by the responder.
  15. 15. The method of claim 9 or 10, wherein the broadcast frame further comprises a first random number, The first random number is used to generate a derived key of the second shared key.
  16. 16. The method of claim 9 or 10, wherein the response frame further comprises a second random number, The second random number is used to generate a derived key of the second shared key.
  17. 17. A communication device, characterized in that the communication device is or is applied to a broadcasting end for performing the method according to any of claims 1-8.
  18. 18. A communication device, characterized in that the communication device is a response side or is applied to a response side for performing the method according to any of claims 9-16.
  19. 19. A chip comprising at least one processor and an interface, the at least one processor being configured to read and execute instructions stored in a memory, which when executed by the processor, cause the chip to perform the method of any one of claims 1-16.
  20. 20. A computer readable storage medium storing a computer program which, when executed by a computer, causes the computer to perform the method of any one of claims 1-16.

Description

Safety protection method and device Technical Field The present application relates to the field of wireless technologies, and in particular, to a security protection method and apparatus. Background With the continuous development of wireless technology, devices such as intelligent automobiles, intelligent home furnishings, intelligent terminals and the like are gradually permeated into daily life of people. Technologies such as sensing, measurement and positioning based on wireless communication technologies are also gradually applied to aspects of life of people, such as keyless entry and starting PESP (passive entry passive start), indoor positioning, asset management and the like of intelligent automobiles. In keyless entry and PESP starting application, a user does not need to use a key, and an automobile can position an automobile key or a mobile phone carried by the user through the vehicle-mounted wireless positioning system, so that automatic locking or unlocking of an automobile door is realized. The method is a connectionless measurement technology, namely a measurement technology used when two strange devices cannot establish connection or cannot establish connection in time due to various reasons and measurement is needed. Because the connectionless measurement technology has no safety protection in the measurement process, the measurement result is also sent in the clear, so that an attacker can easily acquire various parameters and the measurement result in the measurement process, and privacy safety risk of the user is caused. Disclosure of Invention The embodiment of the application provides a safety protection method and device, solves the problem that communication and data interaction are not safely protected in a connectionless communication scene, and protects privacy safety of users. In a first aspect, an embodiment of the present application provides a security protection method, where the method applies a broadcasting end, where the broadcasting end device may include a broadcasting end device itself, or may include a chip or a functional module disposed in the broadcasting end device, for example, the broadcasting end may be a chip or a functional module in a G node after a G node in a star-flash standard, or the broadcasting end may be a T node in the star-flash standard, or a chip or a functional module in the T node, where the method includes: transmitting a broadcast frame, wherein the broadcast frame comprises first information, and the first information is used for indicating security capability information supported by the broadcast end; Receiving a response frame from a response, wherein the response frame comprises second information and a second public key, the second information is used for indicating the security capability information selected by the response terminal according to the first information, and the second public key is the public key of the response terminal; generating a first public key according to the second information and the first private key, wherein the first private key is the private key of the broadcasting terminal; sending the first public key to the response end; generating a first shared secret key according to the second information, the first private key and the second public key; and using the first shared secret key to secure the session between the broadcasting end and the responding end. In the embodiment of the application, the broadcasting terminal broadcasts the self-supported security capability information to the response terminal in a broadcasting frame mode, so that the response terminal obtains the security capability of the broadcasting terminal, thereby realizing the establishment of secure session communication with the broadcasting terminal under the condition of no connection and protecting the security of interaction data. In one possible implementation, the session is connectionless communications, including at least one of connectionless measurement, connectionless bus access; The connectionless measurement is communication of measurement between the broadcasting end and the response end under the connectionless condition; The connectionless bus access is communication of the response access bus under connectionless conditions. In one possible implementation, the securing the session between the broadcast end and the response end by the first shared key includes: scrambling the signal transmitted from the broadcasting end to the responding end by using the first shared key or the deduction key of the first shared key, or And descrambling the signal received by the broadcasting end from the responding end by using the first shared key or the deduction key of the first shared key. In the embodiment of the application, the broadcasting end can encrypt the transmitted physical signal through the first shared key or the deduction key thereof, thereby improving the security of the bottom physical signal. In one possible impl