The present invention relates to a method and apparatus utilized in a wireless communications system, and more particularly, to a method and apparatus of setting a secure connection in a wireless communication system.
Wireless Fidelity (Wi-Fi) Display specification is a standard for a Wi-Fi technology and used in a latency-aware application for streaming in a short distance, such as a wireless local area network (WLAN). In the Wi-Fi Display application, a connection is established between a source device and a sink device. The source device encodes video contents into encoded video bit streams and sends the encoded video bit streams to the sink device. The sink device further decodes the received video bit streams and recovers to the video contents. Therefore, a user can watch the video contents on a suitable display of the sink device for the user's purpose than a display of the source device. For example, a user shares a video from a notebook computer to a large screen television so that more people can comfortably watch the video on the television together. In this example, the notebook computer is the source device and the television is the sink device (assuming the television supports Wi-Fi Display specifications), and the source device transmits video contents to the sink device for playback on a display of the sink device.
Since malwares may attack through the connection, security of the connection is important. However, a standard firewall is not useful for an embedded system with restricted computing resources including memory and processor, so that the standard firewall cannot avoid the attack. Therefore, how to set up a secure connection becomes a goal.
The present invention therefore provides a method and an apparatus for setting a secure connection in a wireless communications system, to resist the attack from the malwares and keep secure.
A method of setting a secure connection in a wireless communications system is disclosed. The method comprises setting a protocol information to a terminal in the wireless communication system; and checking a packet received in the terminal according to the protocol information; wherein the packet comprises a protocol type, a source port, and a destination port.
A communication apparatus for a wireless communications system is disclosed. The communication apparatus comprises a processing means; a storage unit; a program code, stored in the storage unit, wherein the program code instructs the processing means to execute the following steps: setting a protocol information to a terminal in the wireless communication system; and checking a packet received in the terminal according to the protocol information; wherein the packet comprises a protocol type, a source port, and a destination port.
These and other objectives of the present invention will no doubt become obvious to those of ordinary skill in the art after reading the following detailed description of the preferred embodiment that is illustrated in the various figures and drawings.
Please refer to
Please refer to
Step 200: Start.
Step 202: Set a protocol information according to an application.
Step 204: Check if a protocol type of a received packet is user datagram protocol (UDP)? If yes, go to step 206; if not, go to step 208.
Step 206: Drop the received packet and go to step 220.
Step 208: Check if the protocol type of the received packet is transmission control protocol (TCP)? If yes, go to step 212; if not, go to step 210.
Step 210: Forward the received packet to a host and go to step 220.
Step 212: Check if the destination port of the received packet is a control port? If yes, go to step 210; if not, go to step 214.
Step 214: Check if the destination port of the received packet is a user input back channel (UIBC) port? If yes, go to step 210; if not, go to step 216.
Step 216: Check if the source port of the received packet is an Inter-Integrated Circuit (I2C) port? If yes, go to step 210; if not, go to step 218.
Step 218: Check if the source port of the received packet is a high-bandwidth digital content protection (HDCP) port? If yes, go to step 210; if not, go to step 206.
Step 220: End.
According to the process 20, the first communication apparatus 100 sets the protocol information according to the application and checks the received packet according to the protocol information. If the information of the received packet does not match to the protocol information, drop the received packet; otherwise, forward the received packet to the host. Since malwares is not able to know the legal protocol information of the application in the first communication apparatus 100, the first communication apparatus 100 can resist the attack from the malwares and keep secure.
In the process 20, in the step 202, the protocol information includes the control port and combinations of the UIBC port, the I2C port or the HDCP port. Besides, in the steps 214, 216 and 218, the UIBC port, the I2C port and the HDCP port are determined via the control port.
Note that, the process 20 is an example of the present invention, and those skilled in the art should readily make combinations, modifications and/or alterations on the abovementioned description and examples. For example, the information about the control port in the protocol information is broadcast from the second communication apparatus 102 connected to the first communication apparatus 100 and scanned by the first communication apparatus 100 in the air. Besides, ports other than the UIBC port, the I2C port and the HDCP port in the protocol information can also be determined and negotiated via the control port. Moreover, the connection is built for the point-to-point transmissions, but not limited herein.
Please refer to
Step 300: Start.
Step 302: Set a protocol information according to an application.
Step 304: Check if a protocol type of a received packet is UDP? If yes, go to step 306; if not, go to step 310.
Step 306: Check if the destination port of the received packet is a video or audio port? If yes, go to step 312; if not, go to step 308.
Step 308: Drop the received packet and go to step 322.
Step 310: Check if the protocol type of the received packet is TCP? If yes, go to step 314; if not, go to step 312.
Step 312: Forward the received packet to a host and go to step 322.
Step 314: Check if the source port of the received packet is a control port? If yes, go to step 312; if not, go to step 316.
Step 316: Check if the source port of the received packet is a UIBC port? If yes, go to step 312; if not, go to step 318.
Step 318: Check if the destination port of the received packet is an I2C port? If yes, go to step 312; if not, go to step 320.
Step 320: Check if the destination port of the received packet is a HDCP port? If yes, go to step 312; if not, go to step 308.
Step 322: End.
According to the process 30, the second communication apparatus 102 sets the protocol information according to the application and checks the received packet according to the protocol information. If the information of the received packet does not match to the protocol information, drop the received packet; otherwise, forward the received packet to the host. Since malwares is not able to know the legal protocol information of the application in the source device (i.e. the first communication apparatus 100), the source device can resist the attack from the malwares and keep secure.
Note that, the steps of the process 30 are similar with those of the process 20. The difference between the process 20 and the process 30 is that the second communication apparatus 102 further checks if the destination port is a video or audio port when the protocol type of the received frame is UDP. In other words, if the destination port is a video or audio port, the second communication apparatus 102 forwards the received packet to a host. If the destination port is not a video or audio port, the second communication apparatus 102 drops the received packet. Besides, the detail explanation is similar as that in the process 20, so that no more explanation is described herein.
In the present invention, the first communication apparatus 100 or the second communication apparatus 102 sets the protocol information according to the application and checks the received packet according to the protocol information. Further, the first communication apparatus 100 or the second communication apparatus 102 drops or forwards the received packet according to the checking result. Since malwares is not able to know the legal protocol information of the application in the first communication apparatus 100 or the second communication apparatus 102, the first communication apparatus 100 or the second communication apparatus 102 can resist the attack from the malwares and keep secure.
To sum up, the present invention provides a method and an apparatus for setting a secure connection, to resist the attack from the malwares and keep secure.
Those skilled in the art will readily observe that numerous modifications and alterations of the device and method may be made while retaining the teachings of the invention. Accordingly, the above disclosure should be construed as limited only by the metes and bounds of the appended claims.
This application claims the benefit of U.S. Provisional Application No. 61/722,787, filed on Nov. 6, 2012, entitled “Method for protecting a communications device from receiving unsolicited data”, the contents of which are incorporated herein in their entirety.
Number | Name | Date | Kind |
---|---|---|---|
8649297 | Ahlers et al. | Feb 2014 | B2 |
20050022017 | Maufer et al. | Jan 2005 | A1 |
20050188194 | Fascenda | Aug 2005 | A1 |
20080117958 | Pattenden et al. | May 2008 | A1 |
20080201751 | Ahmed et al. | Aug 2008 | A1 |
20110110375 | Boucadair et al. | May 2011 | A1 |
20110231654 | Somadder | Sep 2011 | A1 |
20120127881 | Wiley | May 2012 | A1 |
20120173877 | Pendakur et al. | Jul 2012 | A1 |
20120230235 | Perras | Sep 2012 | A1 |
20120257680 | Dickens | Oct 2012 | A1 |
20130002949 | Raveendran et al. | Jan 2013 | A1 |
20130179605 | Huang et al. | Jul 2013 | A1 |
20130246565 | Froelicher et al. | Sep 2013 | A1 |
20140019590 | Piernot et al. | Jan 2014 | A1 |
Number | Date | Country | |
---|---|---|---|
20140130163 A1 | May 2014 | US |
Number | Date | Country | |
---|---|---|---|
61722787 | Nov 2012 | US |