CN106304050B - Wireless roaming method and device - Google Patents
Wireless roaming method and device Download PDFInfo
- Publication number
- CN106304050B CN106304050B CN201610692208.3A CN201610692208A CN106304050B CN 106304050 B CN106304050 B CN 106304050B CN 201610692208 A CN201610692208 A CN 201610692208A CN 106304050 B CN106304050 B CN 106304050B
- Authority
- CN
- China
- Prior art keywords
- sta
- matching
- association
- key
- key identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/08—Reselecting an access point
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention provides a wireless roaming method and a device, wherein the method comprises the following steps: receiving an association request sent by an STA; if the association request carries an association key identifier, determining that the STA is a roaming STA, matching the association key identifier with an association key stored locally, wherein the association key identifier is generated by the STA at least according to the association key distributed when the STA associates with an associated AP; if the matching is successful, allowing the STA to perform fast roaming; if the matching fails, sending a matching request carrying the associated key identifier to other APs managed by the AC to which the AP belongs so that the other APs match the associated key identifier with associated keys locally stored by the other APs; and if the matching success response sent by other APs is received within the preset time, allowing the STA to perform fast roaming. The invention can effectively improve the success rate of the quick roaming and the user experience.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a wireless roaming method and apparatus.
Background
When a terminal (Station, STA) roams from an Access Point (AP) to another AP, in order to ensure network security, another AP needs to authenticate the STA again, for example, 802.1X authentication, and since the time required for authentication is long, the service roaming delay time is too long, which affects user experience.
In order to implement service roaming without delay, the prior art proposes an inter-AP fast roaming method, specifically, an Access Controller (AC) stores association keys between all APs and an STA managed by the AC (e.g., a dual Master Key (PMK), when the STA roams between APs, the AC matches a PMKID (PMK Identifier), which is obtained by performing hash operation on parameters such as a PMK, an MAC address of the STA, and a Basic Service Set Identifier (BSSID), which are carried in an association request sent by the STA, with a locally stored PMK, and if the matching is successful, the STA is allowed to fast roam, and if the matching is failed, the STA needs to re-perform wireless authentication.
However, in the above fast roaming method, when different STAs authenticate and obtain PMKs on different APs, a large number of PMKs are stored on the AC, but due to the limited memory size of the AC, when the stored PMKs exceed the memory range of the AC, the AC discards the PMK stored first. Therefore, when the STA corresponding to the PMK roams to the AP associated with the PMK again, since the PMK does not exist in the memory of the AC, the fast roaming fails, and the STA needs to re-authenticate with the AP. Therefore, the fast roaming method has the disadvantages of low success rate of fast roaming and poor user experience due to the limitation of the AC storage space.
Disclosure of Invention
The technical problem to be solved by the embodiments of the present invention is to provide a wireless roaming method and apparatus, so as to improve the success rate of fast roaming and user experience.
The embodiment of the invention discloses a wireless roaming method, which is applied to an AP (access point), and comprises the following steps:
receiving an association request sent by a terminal STA;
if the association request carries an association key identifier, determining that the STA is a roaming STA, matching the association key identifier with an association key stored locally, wherein the association key identifier is generated by the STA at least according to the association key distributed when the STA associates with an associated AP;
if the matching is successful, allowing the STA to perform fast roaming;
if the matching fails, sending a matching request carrying the associated key identifier to other APs managed by the access controller AC to which the AP belongs so that the other APs match the associated key identifier with associated keys locally stored by the other APs;
and if the matching success response sent by other APs is received within the preset time, allowing the STA to perform fast roaming.
The embodiment of the invention also provides a wireless roaming device, which is applied to the AP, and comprises:
the receiving module is used for receiving an association request sent by a terminal STA;
the matching module is used for determining the STA as a roaming STA when the association request carries an association key identifier, and matching the association key identifier with an association key stored locally, wherein the association key identifier is generated by the STA at least according to the association key distributed when the STA associates with an associated AP;
the first permission module is used for allowing the STA to perform fast roaming when the matching result of the matching module is that the matching is successful;
a sending module, configured to send a matching request carrying an associated key identifier to another AP managed by an access controller AC to which the AP belongs when a matching result of the matching module is a matching failure, so that the other AP matches the associated key identifier with an associated key locally stored by the other AP;
and the second permission module is used for allowing the STA to perform fast roaming when receiving matching success responses sent by other APs within the preset time.
In summary, in the embodiment of the present invention, an association request sent by an STA is received; if the association request carries an association key identifier, determining that the STA is a roaming STA, and matching the association key identifier with an association key stored locally, wherein the association key identifier is generated by the STA at least according to the association key distributed when the STA associates with an associated AP; if the matching is successful, allowing the STA to perform fast roaming; if the matching fails, sending a matching request carrying the associated key identifier to other APs managed by the AC to which the AP belongs so that the other APs match the associated key identifier with associated keys locally stored by the other APs; and if the matching success response sent by other APs is received within the preset time, allowing the STA to perform fast roaming. Therefore, the association key is stored at the AP end, the pressure of the AC end is effectively relieved, and the success rate of quick roaming and the user experience are improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
Fig. 1 is a flow chart of a wireless roaming method of the present invention;
FIG. 2 is a schematic diagram of a network architecture between an AC and an AP according to an embodiment of the present invention;
fig. 3 is a block diagram of a wireless roaming device according to the present invention;
fig. 4 is a second block diagram of a wireless roaming device according to the present invention;
fig. 5 is a third block diagram of a wireless roaming device according to the present invention;
FIG. 6 is a block diagram of a wireless roaming device according to the present invention;
FIG. 7 is a block diagram of a wireless roaming device according to the present invention;
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
One of the core concepts of the embodiments of the present invention is to provide a wireless roaming method and apparatus, so as to improve a fast roaming success rate and user experience.
Referring to fig. 1, a flowchart of an embodiment of a wireless roaming method according to the present invention is shown, where the method is applied to an AP, and specifically includes the following steps:
In this step, the association request may be sent when the STA roams to the AP from another AP (i.e., an AP belonging to the same AC as the AP), when the STA goes online after going offline, or when the STA first accesses the AP (without associating any AP before).
Specifically, after receiving an association request from the STA, the AP detects the association request. If the association request is detected to carry an association key identifier (PMKID), the STA may be determined to be a roaming STA. Then, the AP matches the association key identifier carried in the association request with the locally stored association key. Here, the association key locally stored by the AP is an association key (PMK) distributed when a terminal accessing the AP successfully completes wireless authentication on the AP side.
The association key identifier is generated by an association key distributed when the STA associates with any AP under the AC management of the AP before accessing the AP. That is, if the association request carries the association key identifier, the STA has associated with the AP under AC management to which the AP belongs. If the association request does not carry the association key identifier, the STA does not associate with the AP under the AC management to which the AP belongs, that is, the above-mentioned case that the STA accesses the AP for the first time is described.
Specifically, if the association key identifier carried in the association request is successfully matched with at least one association key stored in the AP, the AP allows the STA to perform fast roaming, that is, the AP performs four handshaking processes in the fast roaming process with the STA by using the association key successfully matched, so that the STA completes the fast roaming.
And 104, if the matching fails, sending a matching request carrying the associated key identifier to other APs managed by the AC to which the AP belongs so that the other APs match the associated key identifier with the associated key locally stored by the other APs.
Specifically, if the association key Identifier carried in the association request fails to match the association key stored in the AP, the AP sends a matching request to another AP managed by the AC to which the AP belongs, where the matching request may include the association key Identifier, address information (for example, MAC address) of the STA, and Basic Service Set Identifier (BSSID). Wherein, the BSSID refers to the BSSID of the AP accessed when the association key identification is generated by the STA.
After receiving the matching request, the other APs extract the associated key identifier therein, match the associated key identifier with the associated key identifier stored locally, and subsequently feed back the matching result according to the indication of the matching request. For example, the matching request may indicate that all APs receiving the matching request need to feed back the matching result (regardless of whether the matching result is successful or failed), or may indicate that only APs whose matching result is successful feed back, in which case, the AP receiving the matching request and whose matching result is failed does not need to feed back the matching result.
And step 105, if the matching success response sent by other APs is received within the preset time, allowing the STA to perform fast roaming.
Specifically, the matching success response may carry an association key that is successfully matched with the association key identifier in the association request. In this way, the AP may perform four handshaking procedures in fast roaming with the STA by using the association key successfully matched, so that the STA completes the fast roaming.
Further, in the embodiment of the present invention, the wireless roaming method may further include:
if the AP does not receive a matching success response sent by another AP within a preset time, it is determined that the STA has not performed association with any AP under AC management to which the AP belongs, and the STA is notified to perform wireless authentication again.
In a preferred embodiment of the present invention, the process of the AP matching the association key identifier with the locally stored association key identifier in step 102 may include:
and the AP generates a corresponding association key identification based on each locally stored association key. The generation mode of generating each association key identifier by the AP is the same as the generation mode of generating the association key identifier by the STA.
Then, the AP determines whether an associated key identifier identical to the associated key identifier carried in the association request exists in the generated associated key identifier.
If so, determining that the matching is successful, otherwise, determining that the matching is failed.
In another preferred embodiment of the present invention, the association request further carries address information (e.g., a MAC address) of the STA and a BSSID, in which case, the association key identifier is generated by the STA according to an association key distributed when the STA associates with an associated AP, the address information of the STA, and the BSSID, for example, the STA generates the association key by using a hash algorithm. Accordingly, the process of matching the association key identifier with the locally stored association key identifier by the AP may include:
and the AP generates corresponding association key identification based on each locally stored association key and the address information and BSSID carried in the association request. The generation mode of generating each association key identifier by the AP is the same as the generation mode of generating the association key identifier by the STA.
Then, the AP determines whether an associated key identifier identical to the associated key identifier carried in the association request exists in the generated associated key identifier.
If so, determining that the matching is successful, otherwise, determining that the matching is failed.
In another preferred embodiment of the present invention, the association request also carries address information (for example, a MAC address) of the STA and the BSSID, and the association key identifier is generated by the STA according to an association key distributed when the STA associates with an associated AP, the address information of the STA, and the BSSID. The difference from the above embodiment is: the AP locally stores address information and BSSID corresponding to each association key. And in the process of matching the association keys, the AP generates corresponding association key identifications from each locally stored association key and the address information and BSSID corresponding to each association key. The generation mode of the AP for generating the association key identifier is the same as the generation mode of the STA for generating the association key identifier. And then, the AP compares the generated associated key identification with the associated key identification carried in the associated request one by one, and if the generated associated key identification does not have the associated key identification which is the same as the associated key identification carried in the associated request, the matching failure is directly judged.
If the generated association key identifier has the association key identifier which is the same as the association key identifier corresponding to the STA, the AP further compares the locally stored address information corresponding to the association key identifier and the BSSID with the address information and the BSSID carried in the association request, if the address information and the BSSID are the same, the matching is determined to be successful, and if any one of the address information and the BSSID is not the same, the matching is determined to be failed.
It should be noted that, in the embodiment of the present invention, after receiving the matching request, the other AP performs a specific matching process of matching the association key identifier with the association key locally stored in the other AP, which is the same as the matching process performed by the AP.
In addition, in step 104, the AP may directly send a matching request carrying the association key identifier to another AP through a communication channel pre-established with another AP; the matching request carrying the associated key identifier may also be sent to other APs by the AC, that is, the AP first sends the matching request carrying the associated key identifier to the AC to which the AP belongs, and then the AC forwards the matching request to other APs.
The wireless roaming method of the invention can be applied to the scene that the STA roams from one AP to another AP and can also be applied to the scene that the STA accesses the AP again. In order to better understand the wireless roaming method of the present invention, the following is a detailed description of an embodiment in which a STA roams from one AP to another AP. It should be noted that the steps in the embodiment where the STA and the AP are disconnected and the AP is re-accessed are the same as those in the present embodiment, and are not described herein again.
Referring to fig. 2, a network connection diagram of an embodiment of the present invention is shown. In fig. 2:
the AC is communicatively coupled to the APs 1-4, and the AC manages the APs 1-4.
In one embodiment of the invention, a communication channel is established between each of the APs 1-4 to communicate messages. Specifically, the channel establishment process between the APs needs to perform mutual identity authentication, and only under the condition that the identity authentication is successful, the communication channel can be successfully established between the APs. The communication channel establishment process specifically comprises the following steps: taking the channel establishment process between the AP1 and the AP2 as an example, the AP1 sends an identity authentication request to the AP2, the AP2 responds to the identity authentication request and returns an identity authentication response to the AP1, the AP1 receives the authentication response, determines that the identity authentication with the AP2 is successful, and the AP1 establishes a communication channel with the AP 2.
In another embodiment of the present invention, the AP1-AP4 may also communicate messages through the AC, such as: when the AP1 needs to send a message to other APs, the message to be sent may be sent to the AC and then forwarded to other APs through the AC.
In addition, in the invention, passwords can be negotiated among the APs 1-4 to be used for encrypting and decrypting information transmitted among the APs 1-4. The AP1-AP4 may negotiate a password using a channel established with each other, or may transit the negotiation password through the AC.
Assume that the STA performs wireless authentication (e.g., 802.1X authentication) on the AP1 side for the first time and obtains an association key (PMK1) distributed by the authentication server after authentication is successful, and associates with the AP1 using the PMK.
In the present invention, both the STA and AP1 sides store PMK 1.
The STA may calculate an association key identification (PMK1ID) by a hashing algorithm based on PMK1 or based on PMK1, the MAC address of the STA, and the BSSID of AP1, and store the PMK1ID locally for subsequent use in roaming. The AP1 may store only PMK1, or may store PMK1ID (calculated by AP1 based on PMK1, MAC address of STA and BSSID of AP1, the algorithm is on the same STA side), MAC address of STA and BSSID of AP1 in addition to PMK1, the latter stored contents may be embodied in a list form so that AP1 subsequently assists STA in fast roaming.
Assuming that the STA moves due to some reason, the wireless signal coverage of the AP1 moves to the wireless signal coverage of the AP2, and the STA wants to implement fast roaming from the AP1 to the AP2, the STA sends an association request carrying PMK1ID to the AP 2.
After receiving the association request, the AP2 detects the association request, finds that the association request carries PMK1ID, that is, carries an association key identifier, and determines that the STA is a roaming STA, in which case the AP2 matches the PMK1ID with an association key stored locally.
In a matching mode, the association request only carries the PMK1ID, and after detecting that the association request carries the association key identifier, the AP2 may generate a corresponding association key identifier through a hash algorithm based on all locally stored association keys; then, it is determined whether PMK1ID is present in the generated association key identifier, and if yes, it is determined that the matching is successful, and if no, it is determined that the matching is failed. In this matching manner, if the STA only has associated with the AP1, the matching result of the AP2 is a matching failure; if the STA is off line at AP1 and off line and on line at AP2 using PMK1, the matching result is a successful match.
In another matching mode, the association request carries the MAC address of the STA and the BSSID of the AP1 in addition to the PMK1 ID. After the AP2 detects that the association request carries an association key identifier, the AP2 generates a corresponding association key identifier through a hash algorithm based on each locally stored association key and the MAC address and BSSID carried in the association request; then, it is determined whether PMK1ID is present in the generated association key identifier, and if yes, it is determined that the matching is successful, and if no, it is determined that the matching is failed. In this matching manner, if the STA only has associated with the AP1, the matching result of the AP2 is a matching failure; if the STA is off line at AP1 and off line and on line at AP2 using PMK1, the matching result is a successful match.
In another matching mode, the association request carries the MAC address of the STA and the BSSID of the AP1 in addition to the PMK1 ID. After detecting that the association request carries an association key identifier, the AP2 determines whether PMK1ID exists in the association key identifier corresponding to each locally stored association key, where the association key identifier corresponding to each association key is generated by the AP2 through a hash algorithm based on each association key, the MAC address of the STA corresponding to each association key, and the corresponding BSSID; the AP2 may be generated and stored locally in advance, or may be generated after receiving the association request.
If the judgment is no, determining that the matching fails, and if the STA only associates with the AP1, taking the example that the matching result of the AP2 is the matching failure; if so, continuously comparing the MAC address and the BSSID corresponding to the PMK1ID and stored locally with the MAC address and the BSSID carried in the association request one by one; if the two are all the same, the matching is determined to be successful, and if the STA is offline at the AP1 and is offline and online at the AP2 by using the PMK1 as an example, the matching result is successful; if at least one of the entries is not the same, a failure to match is determined, which may occur if the STA is attacked. The matching mode can improve the security of wireless access.
Regardless of the matching method, when the matching result is that the matching is successful, the STA is allowed to perform fast roaming. That is, the STA achieves fast association with the AP2 using PMK 1.
When the matching result is that the matching fails, the AP2 sends matching requests carrying PMK1ID to the AP1, the AP3 and the AP4, respectively. The matching request is a request encrypted by the AP2 using a negotiated password, and the AP2 may transmit the matching request using a communication channel established in advance, or relay the matching request using an AC.
After the AP1, the AP3, and the AP4 receive the matching request, regardless of which AP is, the PMK1ID and the corresponding locally stored association key are matched in the same matching manner as the matching manner of the AP 2.
If the STA only associates with the AP1, for example, the subsequent AP2 may receive the matching success response sent by the AP1 within a certain time period, in this case, the AP2 may decrypt the matching success response to obtain the PMK1, and allow the STA to perform fast roaming, that is, the STA may use the PMK1 to quickly associate with the AP 2.
If for some reason (e.g., failure of AP 1), AP2 does not receive a matching success response within a certain period of time (which may be set according to practical or empirical values), it rejects the association request of the STA and informs the STA to re-perform wireless authentication.
In summary, in the technical solution of the embodiment of the present invention, the association keys are stored in the AP under the same AC management in a scattered manner, so that when the AP detects that there is no association key locally matching with the association key identifier carried in the association request sent by the STA, the AP associated with the STA can obtain the association key, thereby greatly improving resource utilization and fast roaming success rate, and effectively improving user experience.
On the basis of the above embodiment, the present invention further provides a wireless roaming device, which is applied to the AP.
Referring to fig. 3, a block diagram of a wireless roaming device according to an embodiment of the present invention is shown, which may specifically include the following modules:
a receiving module 31, configured to receive an association request sent by a terminal STA.
The matching module 32 is configured to determine that the STA is a roaming STA when the association request carries an association key identifier, and match the association key identifier with an association key stored locally, where the association key identifier is generated by the STA according to an association key distributed when the STA associates with an associated AP at least.
A first permission module 33, configured to allow the STA to perform fast roaming when the matching result of the matching module 32 is a successful matching.
A sending module 34, configured to send a matching request carrying the associated key identifier to another AP managed by the access controller AC to which the AP belongs when the matching result of the matching module 32 is that matching fails, so that the other AP matches the associated key identifier with an associated key locally stored by the other AP.
Optionally, in a preferred embodiment of the present invention, the sending module 34 may be further configured to:
and sending a matching request carrying the identification of the associated key to other APs managed by the AC to which the AP belongs through a communication channel established with the other APs, or,
and sending a matching request carrying the identification of the associated key to other APs managed by the AC to which the AP belongs through the AC.
With continued reference to fig. 3, the wireless roaming apparatus further includes a second permission module 35, configured to allow the STA to perform fast roaming when receiving a matching success response sent by another AP within a preset time.
Referring to fig. 4, in a preferred embodiment of the present invention, the wireless roaming apparatus further includes, on the basis of fig. 3:
and the notifying module 36 is configured to notify the STA to perform wireless authentication again when a matching success response sent by another AP is not received within a preset time.
Referring to fig. 5, in a preferred embodiment of the present invention, the matching module 32 specifically includes, on the basis of fig. 3:
the first generating sub-module 51 is configured to generate a corresponding association key identifier according to each locally stored association key, where a generation manner of generating each association key identifier by the AP is the same as a generation manner of generating an association key identifier by the STA.
The first determining sub-module 52 is configured to determine whether the generated associated key identifier exists, and if so, determine that the matching is successful. And when the judgment result is no, judging that the matching fails.
Referring to fig. 6, in a preferred embodiment of the present invention, the matching module 32 may further include, on the basis of fig. 3:
and a second generation submodule 61, configured to generate a corresponding association key identifier according to each locally stored association key, address information of the STA and the BSSID carried in the association request, where a generation manner in which the AP generates each association key identifier is the same as a generation manner in which the STA generates the association key identifier.
And a second judging submodule 62, configured to judge whether the generated associated key identifier includes an associated key identifier. And when the judgment is yes, the matching is judged to be successful, and when the judgment is no, the matching is judged to be failed.
Referring to fig. 7, in a preferred embodiment of the present invention, the matching module 32 may further include, on the basis of fig. 3:
and a third determining submodule 71, configured to determine whether an associated key identifier exists in associated key identifiers corresponding to each locally stored associated key, and determine that matching fails when the associated key identifier corresponding to each associated key is determined to be not present, where the associated key identifier corresponding to each associated key is generated by the AP according to each associated key, address information of the STA corresponding to each associated key, and the BSSID, and a generation manner of generating each associated key identifier by the AP is the same as a generation manner of generating the associated key identifier by the STA.
And the comparison submodule 74 is configured to, when the determination result of the third determination submodule 73 is yes, compare the locally stored association key, address information, and BSSID corresponding to the association key identifier with the address information and BSSID carried in the association request one by one. And when all the comparison results are the same, the matching is determined to be successful, and when at least one comparison result is different, the matching is determined to be failed.
In summary, the wireless roaming device in the embodiment of the present invention dispersedly stores the association keys in the APs under the same AC management, so that when the AP detects that there is no association key locally matching the association key identifier carried in the association request sent by the STA, the AP associated with the STA can obtain the association key, thereby greatly improving the resource utilization rate and the fast roaming success rate, and effectively improving the user experience.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The foregoing detailed description of the wireless roaming method and apparatus provided by the present invention, and the specific examples applied herein have been provided to illustrate the principles and embodiments of the present invention, and the above description of the embodiments is only provided to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A wireless roaming method applied to an Access Point (AP), the method comprising:
receiving an association request sent by a terminal STA;
if the association request carries an association key identifier, determining that the STA is a roaming STA, and matching the association key identifier with an association key stored locally, wherein the association key identifier is generated by the STA at least according to an association key distributed when the STA associates with an associated AP; the locally stored association key is an association key distributed when a terminal accessed to an Access Point (AP) successfully completes wireless authentication on the AP side; if the matching is successful, allowing the STA to perform fast roaming;
if the matching fails, sending a matching request carrying the associated key identifier to other APs managed by an Access Controller (AC) to which the AP belongs so that the other APs match the associated key identifier with associated keys locally stored by the other APs;
if the matching success response sent by other APs is received within the preset time, allowing the STA to perform fast roaming;
wherein matching the associated key identifier with a locally stored associated key comprises:
generating a corresponding association key identifier according to each association key stored locally, wherein the generation mode of generating each association key identifier by the AP is the same as the generation mode of generating the association key identifier by the STA;
judging whether the generated associated key identification exists or not;
if yes, determining that the matching is successful;
otherwise, determining that the matching fails.
2. The method of claim 1, further comprising:
and if the matching success response sent by other APs is not received within the preset time, informing the STA to carry out wireless authentication again.
3. The method according to claim 1 or 2, wherein the association request further carries address information of the STA and a basic service set identifier BSSID, and the association key identifier is generated by the STA according to an association key distributed when the STA associates with an associated AP, the address information of the STA, and the BSSID;
the matching the associated key identifier with the locally stored associated key specifically includes:
generating corresponding association key identifications according to each association key stored locally, address information and BSSID of the STA carried in the association request, wherein the generation mode of generating each association key identification by the AP is the same as the generation mode of generating the association key identification by the STA;
judging whether the generated associated key identification exists or not;
if yes, determining that the matching is successful;
otherwise, determining that the matching fails.
4. The method according to claim 1 or 2, wherein the association request further carries address information and BSSID of the STA, and the association key identifier is generated by the STA according to an association key distributed when the STA associates with an associated AP, the address information of the STA, and the BSSID;
the matching the associated key identifier with the locally stored associated key specifically includes:
judging whether the associated key identification exists in the associated key identification corresponding to each associated key stored locally, wherein the associated key identification corresponding to each associated key is generated by the AP according to each associated key, the address information of the STA corresponding to each associated key and the BSSID, and the generation mode of generating each associated key identification by the AP is the same as the generation mode of generating the associated key identification by the STA; if not, determining that the matching fails;
if yes, comparing the address information and BSSID corresponding to the associated key identification and stored locally with the address information and BSSID carried in the associated request one by one;
if all the matching parameters are the same, determining that the matching is successful;
and if at least one item is different, determining that the matching fails.
5. The method according to claim 1, wherein the sending the matching request carrying the association key identifier to the other AP managed by the AC to which the AP belongs specifically includes:
sending a matching request carrying the association key identifier to other APs managed by the AC to which the AP belongs through communication channels established with the other APs, or,
and sending a matching request carrying the association key identifier to other APs managed by the AC to which the AP belongs through the AC.
6. A wireless roaming apparatus, applied to an access point AP, the apparatus comprising:
the receiving module is used for receiving an association request sent by a terminal STA;
a matching module, configured to determine that the STA is a roaming STA when the association request carries an association key identifier, and match the association key identifier with an association key stored locally, where the association key identifier is generated by the STA according to an association key distributed when the STA associates with an associated AP at least; the locally stored association key is an association key distributed when a terminal accessed to an Access Point (AP) successfully completes wireless authentication on the AP side; a first permission module, configured to allow the STA to perform fast roaming when the matching result of the matching module is a successful matching;
a sending module, configured to send a matching request carrying the association key identifier to another AP managed by an access controller AC to which the AP belongs when a matching result of the matching module is a matching failure, so that the other AP matches the association key identifier with an association key locally stored by the other AP;
the second permission module is used for allowing the STA to perform fast roaming when receiving matching success responses sent by other APs within preset time;
wherein the matching module comprises:
the first generation submodule is used for generating corresponding association key identifications according to each association key stored locally, wherein the generation mode of generating each association key identification by the AP is the same as the generation mode of generating the association key identification by the STA;
and the first judgment sub-module is used for judging whether the generated associated key identification exists, judging that the matching is successful when the judgment is yes, and judging that the matching is failed when the judgment is no.
7. The apparatus of claim 6, further comprising:
and the notification module is used for notifying the STA to perform wireless authentication again when the matching success response sent by other APs is not received within the preset time.
8. The apparatus according to claim 6 or 7, wherein the association request further carries address information of the STA and a basic service set identifier BSSID, and the association key identifier is generated by the STA according to an association key distributed when the STA associates with an associated AP, the address information of the STA, and the BSSID;
the matching module specifically comprises:
a second generation submodule, configured to generate a corresponding association key identifier according to each locally stored association key, the address information of the STA and the BSSID carried in the association request, where a generation manner in which the AP generates each association key identifier is the same as a generation manner in which the STA generates the association key identifier;
and the second judgment submodule is used for judging whether the generated associated key identification exists, judging that the matching is successful when the judgment is yes, and judging that the matching is failed when the judgment is no.
9. The apparatus according to claim 6 or 7, wherein the association request further carries address information and BSSID of the STA, and the association key identifier is generated by the STA according to an association key distributed when the STA associates with an associated AP, the address information of the STA, and the BSSID;
the matching module specifically comprises:
a third determining submodule, configured to determine whether the associated key identifier exists in an associated key identifier corresponding to each locally stored associated key, and determine that matching fails when the determination result is negative, where the associated key identifier corresponding to each associated key is generated by the AP according to each associated key, address information of the STA corresponding to each associated key, and the BSSID, and a generation manner in which the AP generates each associated key identifier is the same as a generation manner in which the STA generates the associated key identifier;
and the comparison sub-module is used for comparing the address information and the BSSID which are locally stored and correspond to the associated key identifier with the address information and the BSSID carried in the associated request one by one when the judgment result of the third judgment sub-module is yes, determining that the matching is successful when all the address information and the BSSID are the same, and determining that the matching is failed when at least one item is different.
10. The apparatus of claim 6, wherein the sending module is further configured to:
sending a matching request carrying the association key identifier to other APs managed by the AC to which the AP belongs through communication channels established with the other APs, or,
and sending a matching request carrying the association key identifier to other APs managed by the AC to which the AP belongs through the AC.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610692208.3A CN106304050B (en) | 2016-08-18 | 2016-08-18 | Wireless roaming method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610692208.3A CN106304050B (en) | 2016-08-18 | 2016-08-18 | Wireless roaming method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106304050A CN106304050A (en) | 2017-01-04 |
| CN106304050B true CN106304050B (en) | 2020-05-08 |
Family
ID=57661552
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610692208.3A Active CN106304050B (en) | 2016-08-18 | 2016-08-18 | Wireless roaming method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106304050B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108449755A (en) * | 2018-04-03 | 2018-08-24 | 新华三技术有限公司 | A kind of terminal access method and device |
| CN111328066B (en) * | 2018-12-14 | 2023-09-01 | 中国电信股份有限公司 | Heterogeneous wireless network fast roaming method and system, master and slave access point devices |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7624271B2 (en) * | 2005-03-24 | 2009-11-24 | Intel Corporation | Communications security |
| CN101951587A (en) * | 2010-09-13 | 2011-01-19 | 上海市共进通信技术有限公司 | Method for realizing fast roaming switch in wireless network in line with 802.11 standard |
| CN103391543A (en) * | 2012-05-07 | 2013-11-13 | 中兴通讯股份有限公司 | Method and device for achieving roaming switch |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9451460B2 (en) * | 2012-02-07 | 2016-09-20 | Lg Electronics Inc. | Method and apparatus for associating station (STA) with access point (AP) |
-
2016
- 2016-08-18 CN CN201610692208.3A patent/CN106304050B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7624271B2 (en) * | 2005-03-24 | 2009-11-24 | Intel Corporation | Communications security |
| CN101951587A (en) * | 2010-09-13 | 2011-01-19 | 上海市共进通信技术有限公司 | Method for realizing fast roaming switch in wireless network in line with 802.11 standard |
| CN103391543A (en) * | 2012-05-07 | 2013-11-13 | 中兴通讯股份有限公司 | Method and device for achieving roaming switch |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106304050A (en) | 2017-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110035433B (en) | Verification method and device adopting shared secret key, public key and private key | |
| US11178584B2 (en) | Access method, device and system for user equipment (UE) | |
| US9973925B2 (en) | Method and apparatus for direct communication key establishment | |
| EP3700124B1 (en) | Security authentication method, configuration method, and related device | |
| US11496320B2 (en) | Registration method and apparatus based on service-based architecture | |
| US20160269176A1 (en) | Key Configuration Method, System, and Apparatus | |
| US9654284B2 (en) | Group based bootstrapping in machine type communication | |
| KR101413376B1 (en) | Method for sharing link key in zigbee communication network and communication system therefor | |
| EP2924944B1 (en) | Network authentication | |
| CN106131834B (en) | Network connection method, network connection device and terminal | |
| US20170366343A1 (en) | Methods and apparatus for direct communication key establishment | |
| WO2014094615A1 (en) | Establishing wlan association | |
| CN107567017B (en) | Wireless connection system, device and method | |
| CN113099443A (en) | Equipment authentication method, device, equipment and system | |
| EP3284232B1 (en) | Wireless communications | |
| US20180270653A1 (en) | Methods and apparatus for direct communication key establishment | |
| CN110868719A (en) | Access management system, device and method | |
| CN106304050B (en) | Wireless roaming method and device | |
| CN110719292B (en) | Connection authentication method and system for edge computing equipment and central cloud platform | |
| WO2018126791A1 (en) | Authentication method and device, and computer storage medium | |
| US20220377061A1 (en) | Accelerated Reconnection in Authenticated Networks | |
| CN104135367A (en) | UPnP (Universal Plug and Play) access security authentication method and device | |
| CN102404736B (en) | Method and device for WAI Certificate authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: NEW H3C TECHNOLOGIES Co.,Ltd. Address before: 310053 Hangzhou science and Technology Development Zone, Zhejiang high tech park, No. six and road, No. 310 Applicant before: HANGZHOU H3C TECHNOLOGIES Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230620 Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd. Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466 Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd. |