CN100479403C

CN100479403C - System and method for access external network of non-radio local network terminal

Info

Publication number: CN100479403C
Application number: CN 200610091155
Authority: CN
Inventors: 姚忠辉; 莫良耀
Original assignee: Huawei Technologies Co Ltd
Current assignee: SnapTrack Inc
Priority date: 2006-06-30
Filing date: 2006-06-30
Publication date: 2009-04-15
Anticipated expiration: 2026-06-30
Also published as: CN101047587A

Abstract

A method for calling external network by non-radio local area network terminal can switch in multiple non-WLAN terminal simultaneously to WLAN network through multi-user access terminal ant then carrying out data transmission with external network by setting up connection for each non-WLAN terminal between multi-user access terminal and WLAN network and by using multi-user access terminal to store relation of each non-WLAN terminal to set-up connection. The multi-user access terminal used for realizing said method is also disclosed.

Description

A kind of system and method for access external network of non-radio local network terminal

Technical field

The present invention relates to the WLAN (wireless local area network) access technology, particularly a kind of system and method for access external network of non-radio local network terminal.

Background technology

The wireless lan (wlan) technology is owing to have wireless penetration, can compare two-forty wired and insert and advantage such as cheap, and is subjected to the welcome in market deeply.Begun to replace cable LAN at present and be widely used in occasions such as family, campus, hotel, enterprise's office, and begun to be widely deployed in public's focus, for the public provides the broadband wireless data access service as a kind of WiMAX access technology.ISO/IEC8802-11:1999 " telecommunication and information exchange local net and metropolitan area network particular requirement the 11st part between information technology system: WLAN MAC layer (MAC) and physical layer (PHY) standard " is the international standard of WLAN, the corresponding IEEE 802.11 of its content.

China has also issued WLAN standard GB/T 15629.11-2003, and the main difference of itself and international standard is embodied on the security mechanism of access control.In fact, the wlan product of market extensive use mainly is to make according to the additional standard at IEEE 802.11 of IEEE 802.11 standards project groups issues, comprises at the additional standard of IEEE 802.11: IEEE 802.11b, IEEE 802.11g, IEEE 802.11a etc.Wherein, IEEE 802.11b, IEEE 802.11g are operated in the 2.4Hz frequency range, and IEEE 802.11a is operated in the 5GHz frequency range.The physical layer rate that IEEE 802.11b supports can reach 11Mb/s, and the physical layer rate that IEEE 802.11g, IEEE 802.11a support can reach 54Mb/s.IEEE 802.11 is working out and is supporting the more standard 802.11n of high-throughput at present, to support various real time business and multimedia application better, increases power system capacity.

Referring to Fig. 1, Fig. 1 is the network architecture schematic diagram of the wlan system of prior art IEEE 802.11 definition.As shown in Figure 1, this wlan system comprises: dissemination system (DS, DistributionSystem), wlan network access point (AP, Access Point), WLAN interface termination equipment (STA, Station), logical point (portal) and cable LAN.

Wherein, AP is equivalent to mobile network's base station, and its major function is to make STA to communicate with other the STA or the relevant device of cable LAN.For example: a plurality of STA are linked into WLAN (wireless local area network) of an AP composition and communicate; The STA that is linked into different AP forms a WLAN (wireless local area network) and communicates; And the relevant device of STA and cable LAN communicates.Be associated with this services set of STA primordial (BSS) under the AP.

DS makes between the different BSS, and can form a big local area network (LAN) between BSS and the cable LAN, is referred to as extended service set (ESS).Logical point is meant provides the logical point that MAC service data unit (MSDUs) is transmitted between DS and the cable LAN.

Each STA is that corresponding wireless communication media keeps two state variables, be respectively applied for authentication state and the association status of sign STA, keep the state of corresponding end at an end of WLAN wireless communication media, under the different states, it is different allowing the type of 802.11 frames that transmit.Wherein, 1 class frame refers to control frame and part management frames, and 2 class frames refer to other management frames outside the 1 class frame, and 3 class frames refer to Frame and power-saving control frame, specifically sees also IEEE 802.11 standards.

Referring to Fig. 2, Fig. 2 is the state machine of the STA of prior art IEEE 802.11 standards.For a STA, on AP, need to safeguard the state of this STA.Initial state is a state 1: not authentication, association; Behind STA this AP of beacon frame information decision access according to AP, STA and AP begin 802.11 authentication processes, behind authentication success, get the hang of 2: authenticate, and related; Get the hang of after 2, STA begins to carry out related negotiation with AP, after being successfully associated, promptly gets the hang of 3: authenticate, and related.At this moment, in the DS of system as shown in Figure 1, will keep the mapping relations of this STA and this AP, make when other website sends packet to this STA in the system, and can correctly send to the AP related, be transmitted to this STA by this AP again with this STA.

Because 802.11 authentications that provided and security mechanism can not satisfy the demand for security in the practical application, 802.11i strengthens its fail safe.802.11i the open system option of formulating employing 802.11 is as 802.11 authentications, the objective effect of this mode is equivalent to not authentication, adopt the mechanism of 802.1X as authentication and key management, support aes algorithm on encryption method, concrete security mechanism is consulted during setting up association.Therefore, for 802.11i, get the hang of after 3, link between STA and the AP is not before 802.1X authentication and key agreement are finished, can only transmit the 802.1X data message by the uncontrolled port of 802.1X, after completing successfully session key agreement, other data messages can be encrypted transmission by the 802.1X controlled ports between AP and STA.

China's WLAN WAPI safety standard basic principle and IEEE802.11i are similar, adopt and the same connection control method based on port of 802.1X.

For the link between STA and the AP, can be with media store key-course (MAC) address of STA and AP to representing.According to the IEEE802.11 standard, a link can only be arranged between STA and the AP.Therefore, between STA and AP, can only adopt the unique security mechanism with this link bundling, and different Business Streams can not be realized logic isolation at the MAC layer on safety.

Make a STA support the demand that multi-service inserts in order to satisfy, in particular for solving when the different business that inserts STA and having separately independently safety certificate, require to carry out mutual problem, two kinds of solutions are arranged at present: virtual link (Virtual Link) mechanism and virtual terminal mechanism with different certificate servers.Here, described service security certificate can be GSM/UMTS network SIM card, also can be usemame/password etc.

Virtual link mechanism allows to have multilink between STA and AP, and different links adopts different addresses to identifying, and referring to Fig. 3, Fig. 3 is the schematic diagram of corresponding many virtual links of basic link between prior art STA and the AP.

As shown in Figure 3, when a STA and AP set up when related, the MAC Address of STA and the MAC Address of AP, promptly BSSID has determined a link between AP and STA, is called basic link.Based on basic link, can between STA and AP, set up many virtual links.At the MAC layer, every virtual link by the end address (EA, End-Point Address) at virtual link two ends to unique identification, such as Fig. 3 (EA1, EA2), (EA3, EA4), (EA5 EA6) just identifies different virtual links.The two ends of virtual link can be specified the end address of oneself separately, also can such as the AP side, specify two end addresses of virtual link by a certain end.Virtual link is by basic link establishment, and promptly virtual link is set up when being correlated with the MAC management frames, uses basic end of link address that conduct is sent and receiver address.When setting up virtual link, consult security mechanism and the end address of determining that virtual link is adopted, described security mechanism can adopt 802.1X, perhaps CNS WAPI, perhaps other online registration method etc.

Before not setting up virtual link, communicate by basic link between AP and the STA, just the transmission address (TA) of 802.11MAC frame and receiver address (RA) they are the end address of basic link.After setting up virtual link, can carry out authentication and consulting session key based on this virtual link.The transmission address and the receiver address that are carried on the Medium Access Control (MAC) Protocol Data Unit frame on this virtual link are the end address of this virtual link.

A certain end, such as STA, MAC application layer on the inner MAC layer, be MAC user, can be by this end address of direct use to using virtual link, also can use virtual link by the virtual link number (Virtual Link No.) by the assignment of local terminal MAC floor, the end address of virtual link number and corresponding virtual link is to there being mapping relations.Therefore, at each bar virtual link, should distribute the unique virtual link of local terminal number, when MAC user need use or manage a certain virtual link, should carry corresponding virtual link number for message that the MAC floor sends or primitive interface at the MAC layer.Here, MAC layer and MAC client layer all belong to the internal logic layer of a certain end.After virtual link is successfully set up, a certain end, such as STA, MAC user can ask the MAC layer to carry out the data message transmission based on virtual link.

Referring to Fig. 4, Fig. 4 is the data passes schematic flow sheet of prior art based on virtual link.

Step 401, the MAC user of local terminal sends datagram request message to the MAC layer of local terminal, wherein carries: MAC layer source address, destination address, virtual link number, and data to be sent.

Step 402, after the MAC layer of local terminal is received this data message request message, according to source address and destination address, and by virtual link number definite transmission address and receiver address, make up MAC Frame leading address territory, the data message carried out operations such as segmentation and encryption by the security mechanism of 802.11 protocol requirements and corresponding virtual link simultaneously, form one or a sequence Medium Access Control (MAC) Protocol Data Unit after, send to the MAC layer of the other end by wave point, such as AP.The MAC layer of the other end is decrypted and the segmentation recombination the data message that receives again.

After step 403, the MAC layer of local terminal are finished data message and are sent, data message status indication of MAC course MAC user response, whether the state that indication corresponding data message transmits on virtual link is as successfully sending etc.

After step 404, the other end are finished a data message that receives local terminal, will wherein carry source address, destination address, empty link number, and the data message of reception to the relevant MAC user of the other end indication that sends datagram.

Virtual terminal mechanism is another thinking that is different from virtual link, and promptly a STA can carry out authentication and related with AP by a plurality of STA of emulation independently.Therefore, different professional or application can be based on different virtual terminals.The transmission address of the Medium Access Control (MAC) Protocol Data Unit frame of transmission and receiver address are the MAC Address of this virtual terminal and the MAC Address of AP in eating dishes without rice or wine.

Along with the popularization that WLAN is used, industry proposes WLAN and inserts and the seamless interconnected requirement of plurality of access modes, and such as bluetooth (Bluetooth) and WLAN, public land mobile radio communication (GSM, 3GPP network etc.) interconnects with WLAN's.Say that from user perspective hope can be ignored the technological disparity between bluetooth, WLAN (wireless local area network) and the wide area network (GSM/3GPP), make user's connection can pass through different internet arrival objective networks, realize intercommunication and fusion with employed business.

The technology of non-WLAN terminal equipments such as bluetooth, PDA by many interfaces shared device visited WLAN network of a band WLAN interface of supporting arranged at present, but existing technology is not supported between shared device and the wlan network and sets up multilink, therefore, can not realize a plurality of non-WLAN terminals by shared device simultaneously and external network carry out a plurality of aaa authentications or obtain the multiple business service.In addition, these technology are only treated shared device as a forwarding unit, can not make non-WLAN terminal and external network carry out data interaction before, learn whether the communication link between self and the wlan network can support non-WLAN terminal access external network.

Summary of the invention

In view of this, main purpose of the present invention is to provide a kind of system of access external network of non-radio local network terminal, makes a plurality of non-WLAN terminals insert wlan network simultaneously, and then visits external network simultaneously.

Another main purpose of the present invention is to provide a kind of multi-user who visits external network to access terminal, and makes a plurality of non-WLAN terminals insert wlan network simultaneously, and then visits external network simultaneously.

The 3rd main purpose of the present invention is to provide a kind of method of access external network of non-radio local network terminal, makes a plurality of non-WLAN terminals insert wlan network simultaneously, and then visits external network simultaneously.

First aspect in order to achieve the above object the invention provides a kind of system of access external network of non-radio local network terminal, and this system comprises: at least one network of non-radio local WLAN terminal, multi-user access terminal, wlan network and external network,

Wherein, wlan network links to each other with external network, carries out data interaction;

Described non-WLAN terminal accesses terminal with the multi-user and links to each other by link-local, and described multi-user accesses terminal and links to each other with wlan network by the WLAN data link,

Described multi-user accesses terminal and is used to each non-WLAN terminal to connect between self and wlan network and preserves annexation; And carry out data forwarding for each non-WLAN terminal and wlan network.

Described multi-user accesses terminal by WLAN interface, at least one non-WLAN interface, shared access-in management unit and shares the access DSU and form, wherein,

The WLAN interface, be used to each non-WLAN terminal the multi-user access terminal and wlan network between connect, and carry out data interaction with wlan network;

Non-WLAN interface is used for non-WLAN terminal access multi-user and accesses terminal, and carries out data interaction with non-WLAN terminal;

Share the access-in management unit, be used to preserve the annexation between each non-WLAN terminal and WLAN interface and wlan network;

Share and insert DSU, be used to non-WLAN terminal and wlan network that data forwarding transmission service is provided.

Described WLAN interface comprises that further virtual link or virtual terminal set up module, be used to each non-WLAN terminal the multi-user access terminal and wlan network between set up a virtual link or a virtual terminal;

Described shared access-in management unit further comprises annexation preservation module, is used to preserve and manage the binding relationship of each non-WLAN terminal and virtual link or virtual terminal.

The ability information that the ability information administration module that described shared access-in management unit further comprises is used to store and manage pre-configured or dynamic generation, described ability information comprises: whether the multi-user accesses terminal supports to share access function, access function is shared in unlatching, and the multi-user accesses terminal and wlan network between whether set up the WLAN data link;

Described non-WLAN interface further comprises the capability negotiation module, be used for carrying out interacting message with non-WLAN terminal, ability information by the query capability information management module, notify non-WLAN terminal multi-user to access terminal whether to support and enable shared access function, and the multi-user accesses terminal whether set up the WLAN data link with wlan network.

Described WLAN interface further comprises network selection module, be used to each non-WLAN terminal that the network selecting service is provided, and the result of network selecting is transferred to non-WLAN interface by sharing the access-in management unit, be transferred to non-WLAN terminal by non-WLAN interface again.

Described non-WLAN interface comprises that further key transmits module, is used for the key with non-WLAN terminal or virtual link or virtual terminal binding of non-WLAN terminal and external network negotiation is passed to shared access-in management unit;

Described shared access-in management unit comprises that further key transmits module, is used for the key that key with non-WLAN interface transmits the module transmission and sends to the WLAN interface;

Described WLAN interface further comprises the encapsulation encrypting module, be used to encapsulate the data message that the shared non-WLAN terminal that inserts the DSU forwarding is sent, and transmit the key that module sends according to the key of sharing the access-in management unit and determine the encryption and decryption key, and the data message after the encryption keys of utilize the determining encapsulation, and the external network of deciphering wlan network forwarding sends to the enciphered data message of this non-WLAN terminal

Described wlan network further comprises the encapsulation encrypting module, be used for the data message that the package outside network sends, and the key of consulting according to non-WLAN terminal and external network with non-WLAN terminal or virtual link or virtual terminal binding is determined the encryption and decryption key, and utilize the encryption keys external network of determining to send to the data message of this non-WLAN terminal, decipher the enciphered data message that non-WLAN terminal sends by the WLAN interface.

Described multi-user accesses terminal and is arranged in the equipment with visit external network function,

Described equipment with visit external network function supports self to obtain the service that external network provides when supporting non-WLAN terminal access external network.

Described non-WLAN terminal is: have the terminal of IEEE 802.3 or 802.15 series standard interfaces or have the terminal of USB interface;

Described non-WLAN terminal accesses terminal by IEEE 802.3 or 802.15 series standard interfaces or USB interface and multi-user and sets up link-local and link to each other.

Described non-WLAN terminal is individual digital auxiliary equipment PDA, Bluetooth terminal, usb terminal or GSM mobile handset;

Described non-WLAN terminal accesses terminal by USB interface or blue tooth interface and multi-user and sets up link-local and link to each other.

Described external network is: the non-wlan network that aaa server place network or other are connected with wlan network.

Second aspect in order to achieve the above object the invention provides a kind of multi-user who visits external network and accesses terminal, and it comprises:

WLAN interface, at least one non-WLAN interface, shared access-in management unit and the shared DSU that inserts,

Non-WLAN interface is used for non-WLAN terminal access multi-user and accesses terminal, and carries out data interaction with non-WLAN terminal, and described wlan network links to each other with described external network, carries out data interaction;

Described WLAN interface further comprises the encapsulation encrypting module, be used to encapsulate the data message that the shared non-WLAN terminal that inserts the DSU forwarding is sent, and transmit the key that module sends according to the key of sharing the access-in management unit and determine the encryption and decryption key, and the data message after the encryption keys of utilize the determining encapsulation, and the external network transmitted of deciphering wlan network sends to the enciphered data message of this non-WLAN terminal.

The third aspect in order to achieve the above object, the invention provides a kind of method of access external network of non-radio local network terminal, the multi-user is set in system accesses terminal, wlan network links to each other with external network, carry out data interaction, this method may further comprise the steps:

Set up link-local between A, each non-WLAN terminal and multi-user access terminal, the multi-user access terminal and wlan network between set up the WLAN data link;

B, multi-user access terminal and connect between self and wlan network for each non-WLAN terminal;

C, non-WLAN terminal access terminal by the multi-user and wlan network and external network carry out data interaction.

The described multi-user of step B accesses terminal and sets up a virtual link or virtual terminal in the non-WLAN terminal that accesses terminal for: multi-user to each of connecting between self and wlan network between self and wlan network for each non-WLAN terminal, and preserves the binding relationship of each non-WLAN terminal and virtual link or virtual terminal.

Described link-local of steps A and described WLAN data link further comprise after setting up and finishing:

Whether the multi-user accesses terminal and non-WLAN terminal is carried out interacting message, notify non-WLAN terminal multi-user to access terminal to support and enable shared access function, and the multi-user accesses terminal whether set up the WLAN data link with wlan network.

The multi-user accesses terminal and carries out network selecting according to the identifier of the external network of non-WLAN terminal transmission and the COS of non-WLAN terminal needs, behind the acquisition network selecting result, the network selecting result is returned non-WLAN terminal.

The described non-WLAN terminal of step C accesses terminal by the multi-user and wlan network and external network carry out data interaction and comprise: non-WLAN terminal is to the flow process of outside network delivery data and the external network flow process to non-WLAN terminal Data transmission,

Described non-WLAN terminal comprises to the flow process of outside network delivery data:

The data message that C1, non-WLAN terminal will carry non-WLAN terminal MAC Address, destination address and data by link-local sends to the multi-user and accesses terminal;

C2, multi-user access terminal to the data message that receives according to the wlan network standard packaging, and after the data message after the encapsulation encrypted, send to the wlan network side;

C3, wlan network side data message deciphering to receiving, and the data message after will deciphering sends to destination address,

Described external network comprises to the flow process of non-WLAN terminal Data transmission:

The data message that c1, external network will carry source address, non-WLAN terminal MAC Address and data sends to the wlan network side;

C2, wlan network side, and after the data message after the encapsulation encrypted, send to the multi-user and access terminal according to the wlan network standard packaging the data message that receives;

C3, multi-user access terminal and decipher the data message that receives, and the data message after will deciphering according to non-WLAN terminal MAC Address sends to non-WLAN terminal.

Step C2 or c2 are described to the data message that receives according to the wlan network standard packaging to be: according to 802.11 data frame format encapsulation of data messages.

Step C2 is described to after the encryption of the data message after the encapsulation, sending to the wlan network side is: the multi-user accesses terminal and determines data message after corresponding virtual link or the virtual terminal secret key encryption encapsulation according to virtual link or virtual terminal binding information, and, data message is sent to the wlan network side with the end address of virtual link or virtual terminal transmission and receiver address as data message; Step C3 is described to the data message deciphering that receives to be: the corresponding key of end matching addresses according to virtual link or virtual terminal is decrypted the data message that receives;

Perhaps, step C2 is described to after the encryption of the data message after the encapsulation, sending to the wlan network side is: the multi-user accesses terminal and selects data message after the corresponding secret key encryption encapsulation according to the WLAN data link, and the MAC Address of the MAC Address of non-WLAN terminal and network side access point AP is sent to the wlan network side as the transmission and the receiver address of data message; Step C3 is described to the data message deciphering that receives to be: the corresponding key of transmission matching addresses according to the data message that receives is decrypted the data message that receives.

Step c2 is described to after the encryption of the data message after the encapsulation, send to the multi-user access terminal for: the wlan network lateral root is determined corresponding virtual link or virtual terminal encryption key according to virtual link or virtual terminal binding information, utilize the encryption key of determining that the data message after encapsulating is encrypted, and, data message is sent to the multi-user access terminal the end address of virtual link or virtual terminal transmission and receiver address as data message; The data message that the described deciphering of step c3 receives is: the corresponding key of end matching addresses according to virtual link or virtual terminal is decrypted the data message that receives;

Perhaps, step c2 is described to after the encryption of the data message after the encapsulation, send to the multi-user and access terminal and determine that according to the destination address of the data message that receives corresponding encryption key comes the enciphered data message for: wlan network lateral root, and with the MAC Address of the MAC Address of non-WLAN terminal and network side access point AP as the reception of data message with send the address and send to the multi-user and access terminal; The data message that the described deciphering of step c3 receives is: according to the corresponding key of the matching destination address of the data message that receives, the data message that receives is decrypted.

The described multi-user of step B access terminal for each non-WLAN terminal after connecting between self and wlan network, further comprise:

A, non-WLAN terminal send disconnection link-local message and access terminal to the multi-user;

B, multi-user access terminal and receive this disconnection link-local message, discharge the link-local related resource of self storing.

Behind the link-local related resource of the described release of step b self storage, further comprise:

When there were binding relationship in non-WLAN terminal and certain virtual link or virtual terminal, the multi-user accessed terminal and sends deletion virtual link or virtual terminal message to the wlan network side, and discharged the corresponding virtual link or the virtual terminal resource of self storage.

The described multi-user of step B access terminal for each non-WLAN terminal after connecting between self and wlan network, when the multi-user access terminal and wlan network between the WLAN data link disconnect or certain virtual link is deleted or certain virtual terminal when deleted, further comprise:

A1, multi-user access terminal to all unavailable notices of non-WLAN interface transmission wlan network of self, or virtual link has been deleted notice, or virtual terminal has been deleted notice, and discharge self the storage the WLAN data link and the related resource of virtual link, or the information relevant, or the information relevant with deleting virtual terminal with deleting virtual link;

After b1, non-WLAN interface are received described notice, encapsulate the unavailable message of wlan network and issue non-WLAN terminal based on link-local.

After step b1 carries out, but when wlan network time spent once more, this method further comprises:

A2, multi-user access terminal and wlan network is set up the WLAN data link;

B2, the multi-user storage link-state information that accesses terminal, and the link assignment link identification number for having created send the wlan network available message based on link-local to non-WLAN terminal; Perhaps,

A3, non-WLAN terminal access terminal to the multi-user by link-local and send the active inquiry request;

B3, multi-user access terminal and search the WLAN data link state information of self storing, and send wlan network available message based on link-local to non-WLAN terminal according to Query Result.

Step b2 or b3 are described after non-WLAN terminal sends the wlan network available message, further comprise: the multi-user accesses terminal to each non-WLAN terminal connects between self and wlan network, and preserves the annexation of each non-WLAN terminal and wlan network.

The system and method for non-WLAN terminal access external network provided by the invention by access terminal the multi-user and wlan network between set up virtual link or virtual terminal for each non-WLAN terminal, realized a plurality of non-WLAN terminals simultaneously by multi-user's access wlan network that accesses terminal, and then and external network carry out transfer of data.

Provided by the invention accessing terminal by the multi-user visited the system and method for external network, also make non-WLAN terminal access terminal by the multi-user obtain the business service that external network provides before, can access terminal by the multi-user and confirm whether the link of setting up between self and the WLAN can support non-WLAN terminal access external network, and the multi-user accesses terminal and can also carry external network identifier and the isoparametric message of required service type according to what non-WLAN terminal sent, for non-WLAN terminal provides the network selecting service.Therefore, utilize and provided by the inventionly can expand the scope of application of non-WLAN terminal by the access terminal system and method for visit external network of multi-user.

Description of drawings

Fig. 1 is the network architecture schematic diagram of the wlan system of prior art IEEE 802.11 definition;

Fig. 2 is the state machine of the STA of prior art IEEE 802.11 standards;

Fig. 3 is the schematic diagram of corresponding many virtual links of basic link between prior art STA and the AP;

Fig. 4 is the data passes schematic flow sheet of prior art based on virtual link;

Fig. 5 is the structural representation of the system of the non-WLAN terminal access of the present invention external network;

The frame diagram of the shared access service that Fig. 6 provides for the multi-user in the system shown in Figure 5 accesses terminal;

The structural representation that Fig. 7 (a) accesses terminal for the multi-user in the system shown in Figure 5; (b) be the structural representation of the preferred embodiment that the multi-user accesses terminal shown in (a).

Fig. 8 is the flow chart of the method for the non-WLAN terminal access of the present invention external network;

Fig. 9 is the schematic flow sheet of a preferred embodiment of method shown in Figure 8;

Figure 10 is the data passes schematic flow sheet of the non-WLAN terminal of the present invention to external network;

Figure 11 is the data passes schematic flow sheet of external network of the present invention to non-WLAN terminal;

Figure 12 disconnects the flow chart that is connected with wlan network for the non-WLAN terminal of the present invention;

Figure 13 disconnects the flow chart with the method that is connected of non-WLAN terminal for multi-user of the present invention accesses terminal;

Figure 14 learns the flow chart that wlan network is available once more for the non-WLAN terminal of the present invention;

Figure 15 learns the flow chart that wlan network is available once more for the non-WLAN terminal of the present invention;

Figure 16 inserts the flow chart of a preferred embodiment of the method for wlan network once more by link-local for the non-WLAN terminal of the present invention.

Embodiment

For making purpose of the present invention, technical scheme and beneficial effect clearer, below in conjunction with embodiment and accompanying drawing, the present invention is described in more detail.

The system and method for non-WLAN terminal access external network provided by the invention by access terminal the multi-user and wlan network between connect for each non-WLAN terminal, and access terminal by the multi-user and to preserve each non-WLAN terminal and the build binding relationship that is connected, realized a plurality of non-WLAN terminals simultaneously by multi-user's access wlan network that accesses terminal, so simultaneously and external network carry out transfer of data.

Referring to Fig. 5, Fig. 5 is the structural representation of the system of the non-WLAN terminal access of the present invention external network.As shown in Figure 5, this system comprises: at least one network of non-radio local WLAN terminal 501, multi-user access terminal 502, wlan network 503 and external network 504.

Wherein, wlan network 503 links to each other with external network 504, carries out data interaction.

Described non-WLAN terminal 501 and multi-user access terminal and 502 link to each other by link-local, and described multi-user inserts eventually that 502 ends link to each other with wlan network 503 by the WLAN data link,

Described multi-user accesses terminal and 502 is used to each non-WLAN terminal 501 to connect and preserve annexation at self and 503 of wlan networks; And carry out data forwarding for each non-WLAN terminal 501 and wlan network 503.

Non-WLAN terminal 501 is not supported the WLAN interface, but may be equipped with the smart card apparatus that a certain class has subscription network information, in order to visit external network, home network such as the sealed contract relation, these do not access terminal with the equipment of WLAN interface and multi-user and 502 are connected by link-local, then by the multi-user access terminal 502 and wlan network 503 between the WLAN data link insert external network 504.Non-like this WLAN terminal 501 just can be by link-local and WLAN data link visit external network 504.

Non-WLAN terminal among Fig. 5 can be terminal with IEEE.802.3 or 802.15 series standard interfaces or the terminal with USB interface, and described non-WLAN terminal accesses terminal by IEEE.802.3 or 802.15 series standard interfaces or USB interface and multi-user and sets up link-local and link to each other.

Non-WLAN terminal 501 can not have the equipment of WLAN interface for individual digital auxiliary equipment (PDA), Bluetooth terminal, usb terminal or GSM mobile handset etc.If non-WLAN terminal 501 is PDA, then non-WLAN terminal 501 accesses terminal with the multi-user and is connected by the USB link-local between 502; If non-WLAN terminal 501 is a bluetooth cellular phone, then non-WLAN terminal 501 and multi-user access terminal and link to each other by the bluetooth link-local between 502.Local short-range communication link between the present invention accesses terminal non-WLAN terminal and multi-user is referred to as non-WLAN terminal and the multi-user link-local between accessing terminal.

External network 504 is the non-wlan network that wlan network connects, and can be the network at objective network, aaa server place or the like.

In addition, if the multi-user among Fig. 5 accesses terminal 502 when being arranged on notebook etc. and can realizing in the equipment of visiting from outside, the described equipment that can realize visiting from outside also can carry out independently aaa authentication and service delivery with external network when supporting non-WLAN terminal access external network.When can realize that by this equipment of visiting from outside and external network carry out voice communication such as: bluetooth cellular phone, this terminal still can be used Internet service that the subscribed services merchant of self provides or limited TV (IPTV) service or the like.

Referring to Fig. 6, the frame diagram of the shared access service that Fig. 6 provides for the multi-user in the system shown in Figure 5 accesses terminal.As shown in Figure 6, the multi-user accesses terminal and supports non-WLAN terminal to share access, and following service is provided:

1) capability negotiation service.The multi-user accesses terminal and can carry out the ability information negotiation with other the non-WLAN terminal that will share access.The handling capacity information reconciliation, non-WLAN terminal can be confirmed: whether the multi-user accesses terminal to support to share and inserts; Share and access terminal whether enable shared access function; Whether the multi-user accesses terminal has set up the WLAN data link with wlan network; Whether support the anonymous access of MAC Address.If non-WLAN terminal use as identify label, does not wish MAC Address when eating dishes without rice or wine to expose MAC Address, can be the interim MAC Address of this non-WLAN terminal distribution by the wlan network side.

2) Connection Service.The connection management service is provided, manages the connection status of each interface, control non-WLAN terminal and insert being connected of wlan network or disconnection and wlan network.The Connection Service that accesses terminal and provide by the multi-user, wlan network can be based on the WLAN data link that accesses terminal and set up with the multi-user, learn that each links the non-WLAN terminal that the multi-user accesses terminal, and these need be visited the client that is considered as oneself on the non-WLAN terminal logic of external network.The multi-user accesses terminal and dynamically notifies the state of non-WLAN terminal wlan network by the message that sends " wlan network can be used " or " wlan network is unavailable ".

3) network selecting service.Wished to share the non-WLAN terminal of access before the certificate server of plan and external network carries out authentication, " insert request information; make the multi-user access terminal and carry out network selecting, arrive oneself home network or Internet (Internet) by sending to determine to access terminal by this multi-user.Wherein " insert in the request information and have the external network identifier, parameters such as needed COS; The multi-user accesses terminal and then has the external network identifier, parameters such as COS and network selecting result in " inserting response " message of responding.

4) data transport service.The multi-user accesses terminal and can discern the data message that distinct interface sends over, and can not create virtual link according to policy selection, creates virtual link or virtual terminal carries data message, and sends to wlan network; On the other hand, also the data message that wlan network sends over by wave point can be distributed to corresponding local interface, send to corresponding non-WLAN terminal by link-local again, thereby data transport service is provided.

Referring to Fig. 7 (a), the structural representation that Fig. 7 (a) accesses terminal for the multi-user in the system shown in Figure 5.Shown in Fig. 7 (a), this system comprises: at least one non-WLAN interface 701, shared access-in management unit 702, shared DSU 703 and the WLAN interface 704 of inserting.Wherein,

WLAN interface 704 be used to each non-WLAN terminal the multi-user access terminal and wlan network between connect, and carry out data interaction with wlan network.

The non-WLAN terminal that is used for non-WLAN interface 701 inserts the multi-user and accesses terminal, and carries out data interaction with non-WLAN terminal.

Shared access-in management unit 702 is used to preserve the annexation between each non-WLAN terminal and WLAN interface 704 and wlan network.

Sharing access DSU 703 is used to non-WLAN terminal and wlan network that data forwarding transmission service is provided.

Referring to Fig. 7 (b), Fig. 7 (b) is the structural representation of the preferred embodiment that the multi-user accesses terminal shown in Fig. 7 (a).Shown in Fig. 7 (b),

Non-WLAN interface 701 comprises that capability negotiation module and key transmit module.

Whether the capability negotiation module is used for carrying out interacting message with non-WLAN terminal, notify non-WLAN terminal multi-user to access terminal to support and enable shared access function, and the multi-user accesses terminal whether set up the WLAN data link with wlan network.

The key of non-WLAN interface 701 transmits module and is used for the key with non-WLAN terminal or virtual link or virtual terminal binding of non-WLAN terminal and external network negotiation is passed to shared access-in management unit.

Share access-in management unit 702 and comprise that ability information administration module, annexation are preserved module and key transmits module.

Wherein, the ability information administration module is used to store and manage the ability information of pre-configured or dynamic generation, such as: whether the multi-user accesses terminal supports to share access function, access function is shared in unlatching, and the multi-user accesses terminal and wlan network between whether set up information such as WLAN data link.

Annexation is preserved module and is used to discern and is connected to the access terminal non-WLAN terminal of each interface of multi-user, is each interface assignment interface identifier; And the binding relationship of preserving each non-WLAN terminal and virtual link or virtual terminal.

The key transmission module of shared access-in management unit 702 is used for the key of the key transmission module transmission of non-WLAN interface is sent to the WLAN interface.

Non-WLAN terminal sends " ability information query requests " message for the capability negotiation module of non-WLAN interface 701 based on link-local, wherein carries parameter: the multi-user access terminal whether provide terminal share whether access function, multi-user access terminal and wlan network whether set up the WLAN data link of intercommunication needs and the link between wlan network and the external network available etc.Non-WLAN interface 701 is inquired about the ability of each parameter correspondence of carrying in " ability information query requests " message from the ability information administration module of sharing access-in management unit 702, and the capability query response is returned to non-WLAN terminal.

Referring to table 1, shown in the table 1 is several local messages relevant with shared access-in management unit 702.

Share and insert DSU 703, be used to non-WLAN terminal and wlan network that data forwarding transmission service is provided, comprise: give WLAN interface 704 with the data passes that non-WLAN interface 701 receives, and give non-WLAN interface 701 data passes that WLAN interface 704 receives.Should share access DSU 703 can integrate with the MAC application layer of WLAN interface 704, also can be provided with separately, is equivalent to be provided with one and shares the access DSU on the MAC application layer.

Referring to table 2, table 2 is the local data primitive relevant with share inserting DSU 703.

WLAN interface 704 comprises: virtual link or virtual terminal are set up module, network selection module and encapsulation encrypting module,

Virtual link or virtual terminal set up module be used to each non-WLAN terminal the multi-user access terminal and wlan network between set up a virtual link or a virtual terminal.

Network selection module is used to each non-WLAN terminal that the network selecting service is provided, and the result of network selecting is transferred to non-WLAN interface 701 by sharing access-in management unit 703, is transferred to non-WLAN terminal by non-WLAN interface 701 again.

Share the message of access-in management unit and non-WLAN interactive interfacing	Share the message of access-in management unit and WLAN interactive interfacing
		The message of the notice link-local state that non-WLAN interface sends	The message of the notice WLAN data link state that the WLAN interface sends
The notice link-local that carries interface identifier that non-WLAN interface sends has disconnected message	Share virtual link that the access-in management unit sends number, non-WLAN terminal MAC Address binding notification message
		Sharing the wlan network of access-in management unit transmission can use or unavailable message	The notice link-local that carries virtual link number of sharing that the access-in management unit sends has disconnected message
Share the local information query/response message between access-in management unit and the non-WLAN interface	The notice WLAN data link that the WLAN interface sends has disconnected or virtual link has been deleted message

Table 1

Share the data primitive that inserts DSU and non-WLAN interactive interfacing	Share the data primitive that inserts DSU and WLAN interactive interfacing
		Data passes is carried non-WLAN terminal MAC address, destination address, and data---from non-WLAN interface	Data sending request is carried non-WLAN terminal MAC Address, destination address, and data---insert DSU from sharing
Data passes is carried source address, non-WLAN terminal MAC Address, and data---insert DSU from sharing	The source address that 802.11 Frames that receive are carried in the Data Receiving indication, non-WLAN terminal MAC Address, data---from the WLAN interface

Table 2

The encapsulation encrypting module is used to encapsulate the data message that the shared non-WLAN terminal that inserts DSU 702 forwardings is sent, and transmit the key that module sends according to the key of sharing access-in management unit 702 and determine the encryption and decryption key, and the data message after the encryption keys of utilize the determining encapsulation, and the external network transmitted of deciphering wlan network sends to the enciphered data message of this non-WLAN terminal.

Simultaneously, the wlan network 503 in the system shown in Figure 5 further comprises the encapsulation encrypting module, is used to encapsulate and encrypt the data message that external network sends; And the enciphered data message of deciphering WLAN interface 704 transmissions.

If a plurality of non-WLAN terminals insert the multi-user by a plurality of non-WLAN interfaces 701 and access terminal, then in order to realize that a plurality of non-WLAN terminals carry out data interaction with external network simultaneously, between WLAN interface 704 that the multi-user accesses terminal and wlan network, to set up many virtual links, perhaps between WLAN interface 704 and wlan network, adopt the mode of virtual terminal based on the WLAN data link.

In order to realize non-WLAN terminal by multi-user's visit external network that accesses terminal, mechanism provided by the invention comprises: 1) non-WLAN terminal accesses terminal by the multi-user and inserts the method for wlan network.2) method that non-WLAN terminal disconnects and wlan network links.3) non-WLAN terminal is based on wlan network and external network method of transferring data.

Referring to Fig. 8, Fig. 8 is the flow chart of the method for the non-WLAN terminal access of the present invention external network.As shown in Figure 8, this flow process comprises the steps:

Step 801 is set up link-local between each non-WLAN terminal and multi-user access terminal, the multi-user access terminal and wlan network between set up the WLAN data link.Link-local and WLAN data link are formed the data link of non-WLAN terminal to wlan network together.

Step 802, the multi-user accesses terminal and connects between self and wlan network for each non-WLAN terminal;

Step 803, non-WLAN terminal accesses terminal by the multi-user and wlan network and external network carry out data interaction.

The described multi-user of step 802 accesses terminal and sets up a virtual link or virtual terminal in the non-WLAN terminal that can access terminal for: multi-user to each of connecting between self and wlan network between self and wlan network for each non-WLAN terminal, and preserves the binding relationship of each non-WLAN terminal and virtual link or virtual terminal.

The described non-WLAN terminal of step 801 further comprises after finishing to the data link foundation of wlan network:

Multi-user of the present invention accesses terminal and can connect a plurality of non-WLAN terminals, and the present invention by access terminal the multi-user and the wlan network side between set up many virtual links based on the WLAN data link, perhaps the multi-user access terminal and the wlan network side between adopt the mode of virtual terminal, realized that a plurality of non-WLAN terminals insert wlan networks, and then realized that a plurality of non-WLAN terminals carry out data interaction with external network simultaneously.

Referring to Fig. 9, Fig. 9 is the schematic flow sheet of a preferred embodiment of method shown in Figure 8.As shown in Figure 9, this flow process may further comprise the steps:

Step 901, the multi-user accesses terminal and sets up the WLAN data link by WLAN interface and wlan network.The multi-user accesses terminal and itself just can obtain the business service of external network by this WLAN data link.

Step 902, the WLAN interface that the multi-user accesses terminal shares the state notifying of WLAN data link with the access-in management unit.

Step 903, the non-WLAN interface that non-WLAN terminal and multi-user access terminal is set up a link-local.

Step 904, the non-WLAN interface that the multi-user accesses terminal shares the state notifying of link-local with the access-in management unit.

Step 905 is shared access-in management unit storage link-state information; The distribution interface identifier has been created the interface identifier of link with these, and the MAC Address of interface identifier and non-WLAN terminal is bound.

Step 906, to multi-user's transmission " ability information query requests " message that accesses terminal, the parameter of wherein carrying has non-WLAN terminal based on link-local: the multi-user access terminal whether provide terminal share whether access function, multi-user access terminal and wlan network whether set up WLAN data link and the link between wlan network and the external network that intercommunication needs available.

Step 907, non-WLAN interface and shared access-in management unit that the multi-user accesses terminal carry out information inquiry and response, mainly are to hold consultation according to the parameter in " ability information query requests ".

Step 908, the multi-user accesses terminal and sends " ability information inquiry response " message by corresponding link-local to non-WLAN terminal, and Query Result is fed back to non-WLAN terminal.Such as, the multi-user accesses terminal and does not support to share access function or do not enable shared access function, will show in the result and not support to share access function or do not enable shared access function.

Step 909, whether non-WLAN terminal sends and " inserts request information, and enter power saving waiting-timeout state to multi-user's corresponding non-WLAN interface that accesses terminal according to response results decision.If " ability information inquiry response " shows that the multi-user accesses terminal and do not support to share access function or do not enable shared access function, non-WLAN terminal just can not send and " insert request information.

If " ability information inquiry response " shows that the multi-user accesses terminal and enable shared access function, what non-WLAN terminal will send business service type that the network identifier that carry subscription network and non-WLAN terminal support to the non-WLAN interface that the multi-user accesses terminal " inserts request information.Here, described network identifier is NAI etc., and the business service type of described non-WLAN terminal support is Internet data, services, GSM/3G voice service or data, services etc.

If do not receive " inserting response " message in the overtime in addition time limit, non-WLAN terminal can send twice at most again and " insert request information.Like this, " after inserting request information, if do not receive " inserting response " message yet, then non-WLAN terminal just thinks that wlan network is unavailable, finishes to insert the trial of wlan network to send three times.

Step 910, what the non-WLAN interface that the multi-user accesses terminal will be received " inserts request information and passes to shared access-in management unit; by shared access-in management unit affix interface identifier parameter, also transmission of encapsulation " the WLAN interface that the access request information accesses terminal to the multi-user.At this moment, " inserting request information has carried network identifier, business service type and the interface identifier of subscription network and has inserted indication.Here, described access indication is used for showing and inserts first or insert again, insert indication and can show with one 16 system numerical table, as: be designated as 1 if insert, then be indicated as first and insert; If be 0, then for inserting again.

Step 911, the WLAN interface that the multi-user accesses terminal is according to " inserting " network selecting " flow process of the parameter startup wlan system in the request information, obtain the result of network selecting.

If the WLAN interface that the multi-user accesses terminal is supported virtual link mechanism, execution in step 912-914 then, otherwise direct execution in step 915.

Step 912, corresponding non-WLAN terminal, based on virtual link of existing basic link establishment, just the BSSID of the AP of WLAN interface mac address that accesses terminal with the multi-user and wlan network side sends to AP as the transmission address (TA) and the receiver address (RA) of " virtual link is set up request " frame between WLAN interface that the multi-user accesses terminal and wlan network.

The end address designation method of virtual link can be following two kinds:

First method, the end address of oneself is specified at two ends separately, the multi-user accesses terminal and the MAC Address of non-WLAN terminal is appointed as the end address of virtual link one end, again by the wlan network side with the end address that the BSSID of AP is appointed as the other end, perhaps newly distribute an interim MAC Address.In this case, the multi-user access terminal side and wlan network side all can be with virtual link and non-WLAN terminal binding.

Second method by a certain end, such as the AP side, is specified two end addresses of virtual link.In this case, the multi-user accesses terminal side can be with virtual link and non-WLAN terminal binding, and need be with non-WLAN terminal address in " virtual link request to create ", so that the wlan network side is got up this virtual link and non-WLAN terminal binding.

Step 913, after successfully creating virtual link, the WLAN interface that the multi-user accesses terminal sends " binding notice " to shared access-in management unit, wherein with the MAC Address that goes up virtual link number and non-WLAN terminal.

Step 914 is shared the access-in management unit with virtual link, and the binding of the MAC Address of interface identifier and non-WLAN terminal selects corresponding virtual link to carry aaa authentication message and business datum between non-WLAN terminal and the wlan network in view of the above.

Step 915, the WLAN interface that the multi-user accesses terminal passes to shared access-in management unit with the result of network selecting, and passes to the corresponding non-WLAN interface that the multi-user accesses terminal by shared access-in management unit.

Also can send in " binding notice ",, pass to together and share the access-in management unit with the result who goes up network selecting in step 913.Share the access-in management unit and again the network selecting result is passed to corresponding non-WLAN interface.

Here, share the access-in management unit network selecting result is passed to the step of corresponding non-WLAN interface can be before step 913, also can be in step 913 to 914 process, also can be after step 914.

Step 916, the non-WLAN interface that the multi-user accesses terminal sends " inserting response " message according to the network selecting result to non-WLAN terminal, wherein carries the network selecting result, network identifier, COS inquiry response result.Can non-WLAN terminal be waken up from the power saving holding state, receives " inserting response " message, and obtain the business service that needs by wlan network according to " inserting response " message authentication.

Wherein, the network selecting result comprises: " wlan network is not supported the intercommunication with the subscription network of non-WLAN terminal " and " intercommunication of the subscription network of wlan network support and non-WLAN terminal " two kinds.

Step 917～918, based on link-local and WLAN data link, non-WLAN terminal and aaa server carry out aaa authentication, carry out the business datum transmission with objective network.

Shown in the step 917 of Fig. 9, based on link-local and WLAN data link, non-WLAN terminal and aaa server carry out aaa authentication, such as carrying out the SIM-EAP authentication, behind the authentication success, non-WLAN terminal will pass to the WLAN interface that the multi-user accesses terminal by link-local with the master session key (MSK) that aaa server is consulted out, WLAN interface and wlan network carry out the 4-Way Handshake key agreement according to the 802.11i standard, negotiate pair temporal key (PTK), determine the encryption and decryption key of non-WLAN terminal again according to this PTK, and preserve the definite encryption and decryption key virtual link corresponding or the binding relationship of virtual terminal with non-WLAN terminal or non-WLAN terminal.

After non-WLAN terminal check can arrive external network by wlan network, just can carry out the transmission of aaa authentication data, and authentication is by obtaining the business datum transmission after the mandate of 1x port based on link-local and WLAN data link.The transmission of these business datums belongs to the data, services of non-WLAN terminal and external network.

Realize that by the mode of setting up many virtual links with the wlan network side that accesses terminal the multi-user a plurality of non-WLAN terminals insert wlan network simultaneously among the described embodiment of Fig. 9, and then carry out data interaction with external network.The present invention can also realize that a plurality of non-WLAN terminals insert wlan network simultaneously by the mode of virtual terminal, only step 912 need be changed to step 914:

Step 912a, corresponding each non-WLAN terminal, between WLAN interface that the multi-user accesses terminal and wlan network, create a virtual terminal, and initiate a related request, MAC Address with non-WLAN terminal, or other interim MAC Address is as the interim MAC Address of virtual terminal, and writes down the interim MAC Address of this virtual terminal and the mapping relations of non-WLAN terminal.

Step 913a, the WLAN interface sends " virtual terminal binding " notice to shared access-in management unit, and this notice is carried the MAC Address of virtual terminal number and non-WLAN terminal.

Step 914a shares the MAC Address of access-in management unit binding virtual terminal number, interface identifier and non-WLAN terminal, selects corresponding virtual terminal to carry aaa authentication message and business datum between non-WLAN terminal and the wlan network in view of the above.

Referring to Figure 10, Figure 10 is the data passes schematic flow sheet of the non-WLAN terminal of the present invention to external network.As shown in figure 10, this flow process comprises the steps:

Step 1001, non-WLAN terminal sends to the non-WLAN interface that the multi-user accesses terminal by the data message that link-local will carry non-WLAN terminal MAC Address, destination address, data.

Step 1002, non-WLAN interface is resolved the data message that receives, and wherein non-WLAN terminal MAC Address, destination address and data passes is given to share insert DSU.

Step 1003 is shared and is inserted DSU to WLAN interface transmission " data sending request " message, wherein carries: non-WLAN terminal MAC Address, destination address and data.

Step 1004, the data message that the WLAN interface receives according to 802.11 data frame formats encapsulation, and after the encryption of data message that will be packaged with the destination address of this data message address 3 as this 802.11 Frame, sends to the wlan network side.

Here, the WLAN interface comprises logic sublayers such as MAC layer shown in Figure 4 and MAC user.The local terminal or the other end in the WLAN interface corresponding diagram 4, the corresponding other end of wlan network side, what this step was described is the situation of the transfer of data of WLAN interface and wlan network side.

If support virtual link mechanism, then determine corresponding virtual link, and select this 802.11 Frame of corresponding secret key encryption according to non-WLAN terminal MAC Address, then with the virtual link end address to transmission address and receiver address as this 802.11 Frame;

If virtual support terminal mechanism, then determine corresponding virtual terminal according to non-WLAN terminal MAC Address, and select this 802.11 Frame of corresponding secret key encryption, then with the BSSID of the AP of the MAC Address of virtual terminal and wlan network side as sending address and receiver address; The MAC Address of described virtual terminal is certain the interim MAC Address of wlan network side distribution or the MAC Address of non-WLAN terminal.

If do not support virtual link or virtual terminal mechanism, then according to basic link, the data link that is WLAN interface and wlan network side is determined this 802.11 Frame of corresponding secret key encryption, with the BSSID of non-WLAN terminal MAC Address and AP as sending address and receiver address.

Step 1005, after the wlan network side joint was received data message, after the data message was decrypted, the source address of restore data message was the MAC Address of non-WLAN terminal and the destination address that sends to this data message by DS then.

If support virtual link or virtual terminal, then the wlan network lateral root mates corresponding key according to the transmission address of 802.11 Frames and receiver address and is decrypted; If do not support virtual link, then the corresponding key of transmission matching addresses according to 802.11 Frames is decrypted.

Referring to Figure 11, Figure 11 is the data passes schematic flow sheet of external network of the present invention to non-WLAN terminal.As shown in figure 11, this flow process comprises the steps:

The data message that step 1101, external network are passed to non-WLAN terminal comprises: source address, destination address, promptly non-WLAN terminal MAC Address and data.

Step 1102, the wlan network side encapsulates the data message that receives according to the form of 802.11 Frames, after the data message after the encapsulation is encrypted, sends to the WLAN interface that the multi-user accesses terminal.

If adopt virtual link mechanism, then the wlan network lateral root determines that according to the virtual link binding information corresponding virtual link encryption key encrypts this data message, and with the end address of virtual link to as receiver address with send the address.

If adopt virtual terminal mechanism, then determine this data message of corresponding secret key encryption, and the MAC Address of virtual terminal and the BSSID of AP are inserted in the receiver address and transmission address field of 802.11 Frames according to the virtual terminal binding information.

If promptly do not adopt virtual link mechanism, do not adopt virtual terminal mechanism yet, then the wlan network side finds corresponding key to come scrambled data frame according to the destination address of former data message, and with the BSSID of non-WLAN terminal MAC Address and AP as the receiver address of this 802.11 Frame with send the address, with the source address of former data message source address, this 802.11 Frame is sent to the WLAN interface that the multi-user accesses terminal by eating dishes without rice or wine as this 802.11 Frame.

Step 1103, the WLAN interface that the multi-user accesses terminal is received this 802.11 Frame, after its deciphering, the data frame transfer after the deciphering is inserted DSU to sharing.

If support virtual link mechanism, then the WLAN interface is determined corresponding virtual link and key, and is deciphered this data message according to receiver address, the transmission address of this Frame.The source address (sa) of the data message after the deciphering is constant, destination address is set to corresponding non-WLAN terminal MAC Address, by " Data Receiving indication " this data message is transferred to and share inserts DSU, the parameter of wherein carrying comprises: source address, non-WLAN terminal MAC Address, virtual link number, data.

If virtual support terminal mechanism, then the WLAN interface according to the receiver address of this Frame, send the address and determine corresponding virtual terminal number and key, and decipher this data message.The source address of the data message after the deciphering is constant, destination address is changed to corresponding non-WLAN terminal MAC Address, to be transferred to data message by " Data Receiving indication " and share insert DSU, the parameter of wherein carrying comprises: source address, non-WLAN terminal MAC Address, virtual terminal number, data.

If promptly do not adopt virtual link mechanism, do not adopt virtual terminal mechanism yet, then the wlan network lateral root is determined this data message of corresponding secret key decryption according to the receiver address of 802.11 Frames that receive, and then by " Data Receiving indication " this data message is passed to the shared DSU that inserts.The parameter of carrying in " Data Receiving indication " comprises: source address, receiver address, the data of 802.11 Frames that receive.

Step 1104 is shared the access DSU and is searched the binding information of oneself storing according to non-WLAN terminal MAC Address, determines corresponding non-WLAN interface.

Step 1105 is shared and is inserted the data primitive of DSU to corresponding non-WLAN interface transmission " data passes ", and the parameter of wherein carrying comprises: source address, non-WLAN terminal MAC Address and data.

Step 1106, non-WLAN interface sends to non-WLAN terminal by link-local with the data message that receives.

The present invention also provides the method that is connected that disconnects non-WLAN terminal and wlan network.Comprise two kinds of situations: a kind ofly initiatively disconnect and being connected of wlan network for non-WLAN terminal; Another kind of access terminal being connected of initiatively disconnection and non-WLAN terminal for the multi-user.

Referring to Figure 12, Figure 12 disconnects the flow chart that is connected with wlan network for the non-WLAN terminal of the present invention.As shown in figure 12, this flow process may further comprise the steps:

Step 1201 when non-WLAN terminal does not need local links, can send the non-WLAN interface that " disconnection link-local " message accesses terminal to the multi-user.

Step 1202, the non-WLAN interface that the multi-user accesses terminal be to sharing the notice that the access-in management unit sends " link-local disconnects ", wherein carries interface identifier number.

Step 1203 is shared the notice release link-local related resource of access-in management unit according to " link-local disconnects " of receiving, such as the state information of storing, interface identifier or the like.

Step 1204 is shared the access-in management unit and is passed on the notice of " link-local disconnects " to the WLAN interface again.Like this, the WLAN interface is received the identify label address with this non-WLAN terminal again, such as MAC Address, during for the data message of source address, just can not play the effect of transmitting of filtering with this data message forwarding to wlan network.

If do not use virtual link or virtual terminal, then process ends; If adopt virtual link or virtual terminal mechanism, then there are binding relationship in this non-WLAN terminal and certain virtual link or virtual terminal, execution in step 1205.

Step 1205, the WLAN interface can send the message of " deletion virtual link or virtual terminal " to the wlan network side, and the virtual link resource or the virtual STA resource of local terminal discharged.

When the multi-user access terminal and wlan network between the WLAN data link disconnect or certain virtual link or virtual terminal when deleted, the multi-user accesses terminal and can be initiatively sends the notice of " wlan network is unavailable " to self non-WLAN interface, so that the non-WLAN terminal that links to each other with non-WLAN interface can know that wlan network is unavailable.

Referring to Figure 13, Figure 13 disconnects the flow chart with the method that is connected of non-WLAN terminal for multi-user of the present invention accesses terminal.As shown in figure 13, this flow process may further comprise the steps:

Step 1301, when the WLAN data link between WLAN interface and the wlan network disconnects or certain virtual link when deleted, the WLAN interface can send the WLAN data link and disconnect, or virtual link deletes, or deleted being notified to of virtual terminal shared the access-in management unit.

Step 1302 is shared the access-in management unit and is received when the WLAN data link has disconnected notice, to the notice of all non-WLAN interface transmissions " wlan network is unavailable ".

Share the access-in management unit and receive when virtual link has been deleted notice,, send the notice of " wlan network is unavailable " to corresponding non-WLAN interface according to the binding relationship of virtual link and non-WLAN interface.

Share the access-in management unit and receive when virtual terminal has been deleted notice,, send the notice of " wlan network is unavailable " to corresponding non-WLAN interface according to the binding relationship of virtual terminal and non-WLAN interface.

Step 1303, when the multi-user accesses terminal after all non-WLAN interfaces send the notice of " wlan network is unavailable ", multi-user access terminal the WLAN data link that discharges self storage and the related resource of virtual link.Such as: the WLAN data link state information of storage, all virtual links and non-WLAN interface binding information or the like.

When the multi-user accesses terminal when some non-WLAN interfaces send the notice of " wlan network is unavailable ", the multi-user accesses terminal and discharges the binding information of the virtual link self preserved and this non-WLAN interface or discharge the virtual terminal self preserved and the binding relationship of this non-WLAN interface.

Step 1304, after non-WLAN interface was received the notice of " wlan network is unavailable ", the message of encapsulation one " wlan network is unavailable " was issued non-WLAN terminal based on link-local.

After non-WLAN terminal learns that wlan network is unavailable, if wlan network is available once more, again created a WLAN data link between WLAN interface that accesses terminal such as the multi-user and wlan network, then need the multi-user to access terminal, divide following two kinds of situations to handle the non-WLAN terminal of message informing of " wlan network can be used ".

1) the passive message of learning that whether wlan network can be used of non-WLAN terminal

The prerequisite right and wrong WLAN terminal of this method and multi-user access terminal and have set up link-local.Referring to Figure 14, Figure 14 learns the flow chart that wlan network is available once more for the non-WLAN terminal of the present invention.As shown in figure 14, this flow process comprises the steps:

Step 1401, the multi-user accesses terminal and has set up the WLAN data link by WLAN interface and wlan network.

Step 1402, the WLAN interface that the multi-user accesses terminal shares the state notifying of WLAN data link with the access-in management unit.

Step 1403 is shared access-in management unit storage link-state information, and the link assignment link identification number for having created.The link identification number is to be used for managing the WLAN data link created.

Step 1404, the shared access-in management unit that the multi-user accesses terminal send the notice of " the WLAN data link can be used " to all non-WLAN interfaces of having created local links.

Step 1405, non-WLAN interface will encapsulate the message of one " wlan network can be used " and issue non-WLAN terminal based on link-local.Like this, non-WLAN terminal just can learn once more that whether wlan network can use.

2) whether non-WLAN terminal active inquiry wlan network can be used

The prerequisite right and wrong WLAN terminal of this method and multi-user access terminal and have set up link-local.Referring to Figure 15, Figure 15 learns the flow chart that wlan network is available once more for the non-WLAN terminal of the present invention.As shown in figure 15, this flow process comprises the steps:

Step 1501, non-WLAN terminal sends " active inquiry request " by link-local and accesses terminal to the multi-user, prepares the inquiry wlan network and can whether use.

Step 1502, non-WLAN interface will send one " query requests " to sharing the access-in management unit.

Step 1503 is shared the access-in management unit and is searched the WLAN data link state information of oneself storing, and sends " inquiry response " according to the non-WLAN interface of Query Result.

Step 1504, non-WLAN interface be according to the inquiry response result, sends one " active inquiry response " to non-WLAN terminal based on link-local, and that wherein carries shows the parameter whether wlan network can be used.Like this, non-WLAN terminal just can learn that whether wlan network can use.

After non-WLAN terminal learned that wlan network is available once more, the present invention also provided non-WLAN terminal to access terminal by the multi-user and has inserted the method for wlan network once more.Referring to Figure 16, Figure 16 inserts the flow chart of a preferred embodiment of the method for wlan network once more by link-local for the non-WLAN terminal of the present invention.As shown in figure 16, this flow process comprises the steps:

Step 1601, non-WLAN terminal send to the non-WLAN interface that the multi-user accesses terminal and " re-access request information, carry in this message and show that this time inserts for the access indication that re-accesses and the network identifier of subscription network, such as NAI.

What step 1602, non-WLAN interface encapsulation received " re-access request information, and the message after will encapsulating passes to shared access-in management unit.

Step 1603 is shared the access-in management unit sends " establishment virtual link " or " establishment virtual terminal " to the WLAN interface notice.

Step 1604 is created a virtual link or is created a virtual terminal and the wlan network side is carried out information interaction between WLAN interface that the multi-user accesses terminal and wlan network.

Step 1605, the WLAN interface that the multi-user accesses terminal is to sharing the notice that the access-in management unit sends " virtual link binding " or " virtual terminal binding ".

Step 1606 is shared access-in management unit binding virtual link and interface identifier or virtual terminal and interface identifier.

Step 1607, share the access-in management unit to non-WLAN interface send carry re-access the result re-access the response notice, re-access the result for re-accessing success or refusal re-accesses.Non-WLAN interface is replied to non-WLAN terminal by link-local and is carried the response that re-accesses that re-accesses the result.

If above-mentioned WLAN interface is not supported virtual link or virtual terminal mechanism, then do not need to carry out the step 1603,1604,1605 and 1606 of Figure 16.

Because non-WLAN terminal inserts wlan network by multi-user's success that accesses terminal before this, and and external network carried out aaa authentication and professional transmission, so in the described in this embodiment access procedure again, give tacit consent to non-WLAN terminal and can use to the link of wlan network and external network.Therefore, in access process again shown in Figure 16, do not carry out the network selecting operation, and directly re-access the information interaction of request.

Certainly, after non-WLAN terminal learns that wlan network is available once more, also can realize access procedure to step 916 according to the step 909 in embodiment illustrated in fig. 9.The described access procedure difference of access procedure among Fig. 9 and Figure 16 is: the former has the network selecting operation, and the latter does not have; The former non-WLAN terminal " inserts request " to multi-user's transmission that accesses terminal, and the non-WLAN terminal of the latter " inserts request " again to multi-user's transmissions that access terminal, and inserts request and inserts the access of carrying in asking again and indicate different.

Claims

1, a kind of system of access external network of non-radio local network terminal, this system comprises: wlan network and external network, wlan network links to each other with external network, carry out data interaction, it is characterized in that, this system further comprises: at least one network of non-radio local WLAN terminal, multi-user access terminal

Wherein, described non-WLAN terminal accesses terminal with the multi-user and links to each other by link-local, and described multi-user accesses terminal and links to each other with wlan network by the WLAN data link,

2, the system as claimed in claim 1 is characterized in that, described multi-user accesses terminal by WLAN interface, at least one non-WLAN interface, shared access-in management unit and shares the access DSU and form, wherein,

3, system as claimed in claim 2, it is characterized in that, described WLAN interface comprises that further virtual link or virtual terminal set up module, be used to each non-WLAN terminal the multi-user access terminal and wlan network between set up a virtual link or a virtual terminal;

4, as claim 2 or 3 described systems, it is characterized in that, the ability information that the ability information administration module that described shared access-in management unit further comprises is used to store and manage pre-configured or dynamic generation, described ability information comprises: whether the multi-user accesses terminal supports to share access function, access function is shared in unlatching, and the multi-user accesses terminal and wlan network between whether set up the WLAN data link;

5, as claim 2 or 3 described systems, it is characterized in that, described WLAN interface further comprises network selection module, be used to each non-WLAN terminal that the network selecting service is provided, and the result of network selecting is transferred to non-WLAN interface by sharing the access-in management unit, be transferred to non-WLAN terminal by non-WLAN interface again.

6, as claim 2 or 3 described systems, it is characterized in that, described non-WLAN interface comprises that further key transmits module, is used for the key with non-WLAN terminal or virtual link or virtual terminal binding of non-WLAN terminal and external network negotiation is passed to shared access-in management unit;

As claim 1,2 or 3 described systems, it is characterized in that 7, described multi-user accesses terminal and is arranged in the equipment with visit external network function,

As claim 1,2 or 3 described systems, it is characterized in that 8, described non-WLAN terminal is: have the terminal of IEEE 802.3 or 802.15 series standard interfaces or have the terminal of USB interface;

9, system as claimed in claim 7 is characterized in that, described non-WLAN terminal is individual digital auxiliary equipment PDA, Bluetooth terminal, usb terminal or GSM mobile handset;

10, as claim 1,2 or 3 described systems, it is characterized in that described external network is: the non-wlan network that aaa server place network or other are connected with wlan network.

11, a kind of multi-user who is used for access external network of non-radio local network terminal accesses terminal, it is characterized in that, this multi-user accesses terminal and comprises: WLAN interface, at least one non-WLAN interface, shared access-in management unit and the shared DSU that inserts

The WLAN interface, be used to each non-WLAN terminal the multi-user access terminal and wlan network between connect, and carry out data interaction with wlan network, described wlan network links to each other with described external network, carries out data interaction;

12, multi-user as claimed in claim 11 accesses terminal, it is characterized in that, described WLAN interface comprises that further virtual link or virtual terminal set up module, be used to each non-WLAN terminal the multi-user access terminal and wlan network between set up a virtual link or a virtual terminal;

13, multi-user as claimed in claim 12 accesses terminal, it is characterized in that, the ability information that the ability information administration module that described shared access-in management unit further comprises is used to store and manage pre-configured or dynamic generation, described ability information comprises: whether the multi-user accesses terminal supports to share access function, access function is shared in unlatching, and the multi-user accesses terminal and wlan network between whether set up the WLAN data link;

14, access terminal as claim 11 or 12 described multi-users, it is characterized in that, described WLAN interface further comprises network selection module, be used to each non-WLAN terminal that the network selecting service is provided, and the result of network selecting is transferred to non-WLAN interface by sharing the access-in management unit, be transferred to non-WLAN terminal by non-WLAN interface again.

15, access terminal as claim 11 or 12 described multi-users, it is characterized in that, described non-WLAN interface comprises that further key transmits module, is used for the key with non-WLAN terminal or virtual link or virtual terminal binding of non-WLAN terminal and external network negotiation is passed to shared access-in management unit;

16, a kind of method of access external network of non-radio local network terminal is characterized in that, the multi-user is set in system accesses terminal, and wlan network links to each other with external network, carries out data interaction, and this method may further comprise the steps:

17, method as claimed in claim 16, it is characterized in that, the described multi-user of step B accesses terminal and sets up a virtual link or virtual terminal in the non-WLAN terminal that accesses terminal for: multi-user to each of connecting between self and wlan network between self and wlan network for each non-WLAN terminal, and preserves the binding relationship of each non-WLAN terminal and virtual link or virtual terminal.

As claim 16 or 17 described methods, it is characterized in that 18, described link-local of steps A and described WLAN data link further comprise after setting up and finishing:

As claim 16 or 17 described methods, it is characterized in that 19, described link-local of steps A and described WLAN data link further comprise after setting up and finishing:

20, method as claimed in claim 17, it is characterized in that, the described non-WLAN terminal of step C accesses terminal by the multi-user and wlan network and external network carry out data interaction and comprise: non-WLAN terminal is to the flow process of outside network delivery data and the external network flow process to non-WLAN terminal Data transmission

21, method as claimed in claim 20 is characterized in that, step C2 or c2 are described to the data message that receives according to the wlan network standard packaging to be: according to 802.11 data frame format encapsulation of data messages.

22, as claim 20 or 21 described methods, it is characterized in that, step C2 is described to after the encryption of the data message after the encapsulation, sending to the wlan network side is: the multi-user accesses terminal and determines data message after corresponding virtual link or the virtual terminal secret key encryption encapsulation according to virtual link or virtual terminal binding information, and, data message is sent to the wlan network side with the end address of virtual link or virtual terminal transmission and receiver address as data message; Step C3 is described to the data message deciphering that receives to be: the corresponding key of end matching addresses according to virtual link or virtual terminal is decrypted the data message that receives;

23, method as claimed in claim 20, it is characterized in that, step c2 is described to after the encryption of the data message after the encapsulation, send to the multi-user access terminal for: the wlan network lateral root is determined corresponding virtual link or virtual terminal encryption key according to virtual link or virtual terminal binding information, utilize the encryption key of determining that the data message after encapsulating is encrypted, and, data message is sent to the multi-user access terminal the end address of virtual link or virtual terminal transmission and receiver address as data message; The data message that the described deciphering of step c3 receives is: the corresponding key of end matching addresses according to virtual link or virtual terminal is decrypted the data message that receives;

24, as claim 16 or 17 described methods, it is characterized in that, the described multi-user of step B access terminal for each non-WLAN terminal after connecting between self and wlan network, further comprise:

25, method as claimed in claim 24 is characterized in that, behind the link-local related resource of the described release of step b self storage, further comprises:

26, as claim 16 or 17 described methods, it is characterized in that, the described multi-user of step B access terminal for each non-WLAN terminal after connecting between self and wlan network, when the multi-user access terminal and wlan network between the WLAN data link disconnect or certain virtual link is deleted or certain virtual terminal when deleted, further comprise:

27, method as claimed in claim 26 is characterized in that, after step b1 carries out, but when wlan network time spent once more, this method further comprises:

A2, multi-user access terminal and wlan network is set up the WLAN data link;

B2, the multi-user storage link-state information that accesses terminal, and the link assignment link identification number for having created send the wlan network available message based on link-local to non-WLAN terminal;

Perhaps,

28, method as claimed in claim 27, it is characterized in that, step b2 or b3 are described after non-WLAN terminal sends the wlan network available message, further comprise: the multi-user accesses terminal to each non-WLAN terminal connects between self and wlan network, and preserves the annexation of each non-WLAN terminal and wlan network.