Patent Application
20200145392
This disclosure relates generally to wireless transmissions, and more specifically, but not exclusively, to Bluetooth transmissions.
Wireless transmission methods generally provide for protocols to transmit data and re-transmit the data if the original transmission was not received or received with errors. For example, the Bluetooth (BT) specification 5.0 provides for a method to transmit, and retransmit, a message until the receiving device can decode the message error free. Messages are usually encrypted and protected with a Message Integrity Check (MIC). In some cases, the initial transmission and each subsequent retransmission is encrypted with a unique nonce. For instance, for BT audio links, extended synchronous connection-oriented (eSCO) packets use a clock-based nonce that increments for every transmission and retransmission. Using a unique nonce for each message results in a unique encryption key stream and unique MIC. This means that the received encrypted data stream for each transmission and retransmission of the same message will be completely different from each other. In other words, each message will have a different cyclic redundancy check (CRC) value.
Real-time soft combining of BT transmissions and retransmissions must generate an encrypted data stream in order to validate the received CRC. Real-time soft combining buffers each previously received message and then attempts to correct the currently received message on the fly with combined data to validate the CRC. In accordance with the BT specification, the CRC is calculated and verified using encrypted data. Therefore, the real-time soft combining must generate an encrypted data stream of the combined data in order to validate the CRC. However, performing real-time soft combining on encrypted data is not possible for Bluetooth transmissions and retransmissions when using a unique nonce for each message. A unique nonce essentially scrambles each encrypted message which makes it impossible to combine encrypted data as required for the CRC validation. Simply performing real-time soft combining on decrypted data is also not viable since the encrypted CRC is based on the encrypted data and not the decrypted data so the encrypted CRC cannot be validated with the decrypted data.
Accordingly, there is a need for systems, apparatus, and methods that overcome the deficiencies of conventional approaches including the methods, system and apparatus provided hereby.
The following presents a simplified summary relating to one or more aspects and/or examples associated with the apparatus and methods disclosed herein. As such, the following summary should not be considered an extensive overview relating to all contemplated aspects and/or examples, nor should the following summary be regarded to identify key or critical elements relating to all contemplated aspects and/or examples or to delineate the scope associated with any particular aspect and/or example. Accordingly, the following summary has the sole purpose to present certain concepts relating to one or more aspects and/or examples relating to the apparatus and methods disclosed herein in a simplified form to precede the detailed description presented below.
In one aspect, a method for soft combining of decrypted data includes: receiving a first encrypted packet comprising a first packet header and a first encrypted payload; fetching a first encryption key stream based on a portion of a first packet header and a first nonce; decrypting the first encrypted packet to generate a first decrypted packet using the first encryption key stream; storing the first decrypted packet; receiving a second encrypted packet; fetching a second encryption key stream based on a portion of a second packet header and a second nonce; decrypting the second encrypted packet to generate a second decrypted packet using the second encryption key stream; combining the first stored decrypted packet and the second decrypted packet to generate a first corrected packet; storing the first corrected packet; encrypting the first corrected packet using the second encryption key stream; and performing a second cyclic redundancy check (CRC) on the first corrected packet after encrypting the first corrected packet.
In another aspect, a non-transitory computer-readable medium comprises instructions that when executed by a processor cause the processor to perform a method comprising: receiving a first encrypted packet comprising a first packet header and a first encrypted payload; fetching a first encryption key stream based on a portion of a first packet header and a first nonce; decrypting the first encrypted packet to generate a first decrypted packet using the first encryption key stream; storing the first decrypted packet; receiving a second encrypted packet; fetching a second encryption key stream based on a portion of a second packet header and a second nonce; decrypting the second encrypted packet to generate a second decrypted packet using the second encryption key stream; combining the first stored decrypted packet and the second decrypted packet to generate a first corrected packet; storing the first corrected packet; encrypting the first corrected packet using the second encryption key stream; and performing a second cyclic redundancy check (CRC) on the first corrected packet after encrypting the first corrected packet.
In still another aspect, an apparatus includes: a memory; an antenna; a processor coupled to the antenna and the memory, the processor configured to: receive a first encrypted packet from the antenna, the first encrypted packet comprising a first packet header and a first encrypted payload; fetch a first encryption key stream from the memory based on a portion of a first packet header and a first nonce; decrypt the first encrypted packet to generate a first decrypted packet using the first encryption key stream; storing the first decrypted packet in the memory; receive a second encrypted packet from the antenna; fetch a second encryption key stream from the memory based on a portion of a second packet header and a second nonce; decrypt the second encrypted packet to generate a second decrypted packet using the second encryption key stream; combine the first stored decrypted packet and the second decrypted packet to generate a first corrected packet; store the first corrected packet in the memory; encrypt the first corrected packet using the second encryption key stream; and perform a second cyclic redundancy check (CRC) on the first corrected packet after encrypting the first corrected packet.
Other features and advantages associated with the apparatus and methods disclosed herein will be apparent to those skilled in the art based on the accompanying drawings and detailed description.
A more complete appreciation of aspects of the disclosure and many of the attendant advantages thereof will be readily obtained as the same becomes better understood by reference to the following detailed description when considered in connection with the accompanying drawings which are presented solely for illustration and not limitation of the disclosure, and in which:
In accordance with common practice, the features depicted by the drawings may not be drawn to scale. Accordingly, the dimensions of the depicted features may be arbitrarily expanded or reduced for clarity. In accordance with common practice, some of the drawings are simplified for clarity. Thus, the drawings may not depict all components of a particular apparatus or method. Further, like reference numerals denote like features throughout the specification and figures.
The exemplary methods, apparatus, and systems disclosed herein mitigate shortcomings of the conventional methods, apparatus, and systems, as well as other previously unidentified needs. For example, one aspect of the disclosure allows for continuously combining the contents of each transmitted message and subsequent retransmitted message even when a unique nonce is used for each encrypted message. The received data stream is decrypted and re-encrypted on the fly to meet all the requirements of real-time soft combining of the decrypted payload and the validation of the encrypted CRC.
In this example, the currently received message payload is decrypted on the fly so that it can be soft-combined in real time with previously decrypted messages. The corrected message payload is re-encrypted on the fly so that the CRC verification can be performed on combined encrypted data. A unique nonce will also generate a unique decrypted MIC for each message. Therefore, real-time soft combining cannot be performed on the decrypted MIC of BT transmissions and retransmissions.
One example disclosed herein allows additional real time control of the Advanced Encryption Standard Counter Code Mode (AES-CCM) encryption/decryption hardware. The encryption nonce may be dynamically selected based on the logical link. Logical link can be communicated in various ways (e.g., a logical transport address (LT_ADDR) field in the packet header). Once the LT_ADDR is decoded, the correct nonce must be selected and the encryption key stream must be calculated immediately and pre-fetched from the crypto block. The pre-fetch of the encryption key stream is beneficial since normally such a key stream is not available until much later in time. In one example, the encryption key stream may be continuously pre-fetched and fed to the real-time soft combining logic. In conventional approaches, the crypto block is initialized much later in time since the AES-CCM B0, B1 inputs require contents from the entire packet/payload header (such as the payload length field). Also in conventional approaches, the crypto block processing lags far behind the actual received serial data because AES-CCM operates on 128-bit blocks of data.
This flow 100 will continue until a soft combining of receive packets results in a corrected packet with the transmission errors replaced by correct data received in other encrypted packets. Soft combining allows the transmission errors of a received packet to be replaced with correct data from subsequent packets even if those subsequent packets also have other errors. This allows a corrected packet to be assembled without the need for continuous retransmission until a packet is received without any errors. For example, after a NACK is received by the transmitting device, the flow 100 may include transmission (e.g., a BT transmission) of a third encrypted packet 116 (e.g., retransmission of the first encrypted packet 110 payload), reception of the third encrypted packet 126 where the third encrypted packet 126 has one or more errors 136, storing or buffering 146 the third encrypted packet 126 along with the previous encrypted packets, real time decoding 156 of the stored second corrected packet 126 that includes portions of the first encrypted packet 120, the second encrypted packet 124, the third encrypted packet 126 etc. after soft combining, performing a CRC 166 on the second corrected packet 123, and performing a MIC 176 on the second corrected packet 123. As shown in
Processor 601 may be communicatively coupled to memory 632 over a link, which may be a die-to-die or chip-to-chip link. Mobile device 600 also include display 628 and display controller 626, with display controller 626 coupled to processor 601 and to display 628.
In some aspects,
In a particular aspect, where one or more of the above-mentioned blocks are present, processor 601, display controller 626, memory 632, CODEC 634, and wireless controller 640 can be included in a system-in-package or system-on-chip device 622. Input device 630 (e.g., physical or virtual keyboard), power supply 644 (e.g., battery), display 628, input device 630, speaker 636, microphone 638, wireless antenna 642, and power supply 644 may be external to system-on-chip device 622 and may be coupled to a component of system-on-chip device 622, such as an interface or a controller.
It should be noted that although
It will be appreciated that various aspects disclosed herein can be described as functional equivalents to the structures, materials and/or devices described and/or recognized by those skilled in the art. For example, in one aspect, an apparatus may comprise a means for performing a function or action described above, such as decryption, that may be a processor, cryptographic component, or the equivalent of those features described herein. It will be appreciated that the aforementioned aspects are merely provided as examples and the various aspects claimed are not limited to the specific references and/or illustrations cited as examples.
One or more of the components, processes, features, and/or functions illustrated in
In this description, certain terminology is used to describe certain features. The term “mobile device” can describe, and is not limited to, a music player, a video player, an entertainment unit, a navigation device, a communications device, a mobile device, a mobile phone, a smartphone, a personal digital assistant, a fixed location terminal, a tablet computer, a computer, a wearable device, a laptop computer, a server, an automotive device in an automotive vehicle, and/or other types of portable electronic devices typically carried by a person and/or having communication capabilities (e.g., wireless, cellular, infrared, short-range radio, etc.). Further, the terms “user equipment” (UE), “mobile terminal,” “mobile device,” and “wireless device,” can be interchangeable.
The wireless communication between electronic devices can be based on different technologies, such as code division multiple access (CDMA), W-CDMA, time division multiple access (TDMA), frequency division multiple access (FDMA), Orthogonal Frequency Division Multiplexing (OFDM), Global System for Mobile Communications (GSM), 3GPP Long Term Evolution (LTE), Bluetooth (BT), Bluetooth Low Energy (BLE), IEEE 802.11 (WiFi), and IEEE 802.15.4 (Zigbee/Thread) or other protocols that may be used in a wireless communications network or a data communications network. Bluetooth Low Energy (also known as Bluetooth LE, BLE, and Bluetooth Smart) is a wireless personal area network technology designed and marketed by the Bluetooth Special Interest Group intended to provide considerably reduced power consumption and cost while maintaining a similar communication range. BLE was merged into the main Bluetooth standard in 2010 with the adoption of the Bluetooth Core Specification Version 4.0 and updated in Bluetooth 5 (both expressly incorporated herein in their entirety).
The word “exemplary” is used herein to mean “serving as an example, instance, or illustration.” Any details described herein as “exemplary” is not to be construed as advantageous over other examples. Likewise, the term “examples” does not mean that all examples include the discussed feature, advantage or mode of operation. Furthermore, a particular feature and/or structure can be combined with one or more other features and/or structures. Moreover, at least a portion of the apparatus described hereby can be configured to perform at least a portion of a method described hereby.
The terminology used herein is for the purpose of describing particular examples and is not intended to be limiting of examples of the disclosure. As used herein, the singular forms “a,” “an,” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises,” “comprising,” “includes,” and/or “including,” when used herein, specify the presence of stated features, integers, actions, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, actions, operations, elements, components, and/or groups thereof.
It should be noted that the terms “connected,” “coupled,” or any variant thereof, mean any connection or coupling, either direct or indirect, between elements, and can encompass a presence of an intermediate element between two elements that are “connected” or “coupled” together via the intermediate element.
Any reference herein to an element using a designation such as “first,” “second,” and so forth does not limit the quantity and/or order of those elements. Rather, these designations are used as a convenient method of distinguishing between two or more elements and/or instances of an element. Also, unless stated otherwise, a set of elements can comprise one or more elements.
Further, many examples are described in terms of sequences of actions to be performed by, for example, elements of a computing device. It will be recognized that various actions described herein can be performed by specific circuits (e.g., application specific integrated circuits (ASICs)), by program instructions being executed by one or more processors, or by a combination of both. Additionally, these sequence of actions described herein can be considered to be incorporated entirely within any form of computer-readable storage medium having stored therein a corresponding set of computer instructions that upon execution would cause an associated processor to perform the functionality described herein. Thus, the various aspects of the disclosure may be incorporated in a number of different forms, all of which have been contemplated to be within the scope of the claimed subject matter. In addition, for each of the examples described herein, the corresponding form of any such examples may be described herein as, for example, “logic configured to” perform the described action.
Nothing stated or illustrated depicted in this application is intended to dedicate any component, action, feature, benefit, advantage, or equivalent to the public, regardless of whether the component, action, feature, benefit, advantage, or the equivalent is recited in the claims.
Further, those of skill in the art will appreciate that the various illustrative logical blocks, modules, circuits, and algorithm actions described in connection with the examples disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and actions have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
The methods, sequences and/or algorithms described in connection with the examples disclosed herein may be incorporated directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art including non-transitory types of memory or storage mediums. An exemplary storage medium is coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor.
The various illustrative logical blocks, modules, and circuits described in connection with the aspects disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices (e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration).
Although some aspects have been described in connection with a device, it goes without saying that these aspects also constitute a description of the corresponding method, and so a block or a component of a device should also be understood as a corresponding method action or as a feature of a method action. Analogously thereto, aspects described in connection with or as a method action also constitute a description of a corresponding block or detail or feature of a corresponding device. Some or all of the method actions can be performed by a hardware apparatus (or using a hardware apparatus), such as, for example, a microprocessor, a programmable computer or an electronic circuit. In some examples, some or a plurality of the most important method actions can be performed by such an apparatus.
In the detailed description above it can be seen that different features are grouped together in examples. This manner of disclosure should not be understood as an intention that the claimed examples have more features than are explicitly mentioned in the respective claim. Rather, the disclosure may include fewer than all features of an individual example disclosed. Therefore, the following claims should hereby be deemed to be incorporated in the description, wherein each claim by itself can stand as a separate example. Although each claim by itself can stand as a separate example, it should be noted that—although a dependent claim can refer in the claims to a specific combination with one or a plurality of claims—other examples can also encompass or include a combination of said dependent claim with the subject matter of any other dependent claim or a combination of any feature with other dependent and independent claims. Such combinations are proposed herein, unless it is explicitly expressed that a specific combination is not intended. Furthermore, it is also intended that features of a claim can be included in any other independent claim, even if said claim is not directly dependent on the independent claim.
It should furthermore be noted that methods, systems, and apparatus disclosed in the description or in the claims can be implemented by a device comprising means for performing the respective actions of this method.
Furthermore, in some examples, an individual action can be subdivided into a plurality of sub-actions or contain a plurality of sub-actions. Such sub-actions can be contained in the disclosure of the individual action and be part of the disclosure of the individual action.
While the foregoing disclosure shows illustrative examples of the disclosure, it should be noted that various changes and modifications could be made herein without departing from the scope of the disclosure as defined by the appended claims. The functions and/or actions of the method claims in accordance with the examples of the disclosure described herein need not be performed in any particular order. Additionally, well-known elements will not be described in detail or may be omitted so as to not obscure the relevant details of the aspects and examples disclosed herein. Furthermore, although elements of the disclosure may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
