CN101056177A - Radio mesh re-authentication method based on the WLAN secure standard WAPI - Google Patents
Radio mesh re-authentication method based on the WLAN secure standard WAPI Download PDFInfo
- Publication number
- CN101056177A CN101056177A CN200710099959.5A CN200710099959A CN101056177A CN 101056177 A CN101056177 A CN 101056177A CN 200710099959 A CN200710099959 A CN 200710099959A CN 101056177 A CN101056177 A CN 101056177A
- Authority
- CN
- China
- Prior art keywords
- virtual
- access point
- certificate
- key
- grouping
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the network, especially the safety technological area of wireless mesh network, it is characterized in that: firstly suppose the adjacent physical access point AP into a virtual access point AP, and form a virtual certificate in each physical access point AP, then authenticate the virtual AP certificate and terminal certificate for virtual access point AP through the authentication server according to the available WAPI standard, after passed, the authentication server AS may send the certificate authentication results to the physical access point AP connected with this terminal; then send the key block after encrypted with the common key to the other physical access point AP in the virtual access point AP from the physical access point AP connected with the terminal, meanwhile send the authentication results to the terminal, after received the authentication results, this terminal may create the basic key BK. The invention solves how to reduce the roam switching re-authentication delay problems when the available WAPI used for the wireless mesh network, meanwhile it has the high expansibility for large-capacity network.
Description
Technical field
The present invention relates to the application process of wireless network secure, be specifically related to the application process of wireless LAN secure standard WAPI in the based on wireless mesh network (WLAN Authentication and Privacy Infrastructure, WLAN (wireless local area network) is differentiated and secret architecture).
Background technology
In recent years, obtained swift and violent development based on the broadband wireless network of 802.11 wireless local area network technologies, various Wideband wireless technologys such as switched wireless, wireless mesh network etc. emerge in an endless stream, and have obtained in the world using widely.According to incompletely statistics, by in January, 2006, global WiFi focus sum surpasses 100,000, surpasses 130 countries and uses the WiFi technology.Meanwhile, portable terminal is also day by day abundant, to mobile phone, PDA etc., has promoted further developing of wireless broadband network and application thereof from traditional notebook terminal.
Various novel real time flow mediums are used the netsurfing handover delay are had higher requirement under the wireless environment, and wherein the re-authentication time delay is the key factor of influence roaming handoff delay, therefore propose pre-authentication scheme among the WLAN authentication and privacy infrastructure WAPI and solved user's fast moving switching problem, but this method for pre-identifying not only efficient low, be not suitable for being applied to the large-scale wireless network, and be difficult to effectively be applied to novel radio broadband networks such as wireless mesh network.
According to standard WAPI mechanism, when terminal STA (Station) when a wireless access point AP (Access point) switches to another AP and goes up, need carry out the certificate of STA and new AP once more differentiates and cipher key agreement process, thereby cause STA re-authentication time delay between two AP long, influence roaming performance of handoffs.For this reason, existing WAPI standard proposes pre-authentication scheme and solves this problem: before the roaming, STA carries out the pre-discrimination process of certificate by the AP of current connection, and generates base key, be stored in STA respectively and the AP that will roam in; When STA roamed on the new AP, if pre-the discriminating passed through, STA and AP then directly carried out the negotiation of singlecast key and the announcement process of multicast key, need not carry out WAI certificate discrimination process once more.
Yet, find that by analyzing there is following problem in the pre-authentication scheme of this WAPI:
(1) needs after STA and connection AP finish the negotiation of unicast session key and installation key, just can to start pre-discrimination process, so need take STA and the communication channel that connection AP has set up, influence data communication normally between AP and the STA.
(2) in the pre-discrimination process, find AP on every side, then it is differentiated in advance by AP that STA connects.This method can be subjected to the influence of discovery mechanism, and the AP that causes pre-discriminating is not the target AP that STA will move.If adopt other discovery mechanisms, then can increase the expense of STA and AP.
(3) after pre-discriminating was finished, STA can generate a base key BK (Base Key) tabulation.If network size is very big, the base key tabulation that STA generates and safeguards can be very complicated, thereby increase the expense of STA.
(4) pre-authentication scheme is former designs for conventional WLAN, because AP need bear the function of user's access and other AP of relaying simultaneously in the wireless mesh network, be not applied in the based on wireless mesh network as this mechanism not being added with revising, will increase the weight of connect the burden of AP, be unfavorable for that network further expands.
Summary of the invention
The object of the present invention is to provide in a kind of wireless mesh network the method for using WAPI mechanism, the re-authentication time delay is switched in the roaming when using this method can reduce WAPI mechanism to be applied to wireless mesh network, improves the application efficiency of WAPI mechanism in the wireless mesh network.
The invention is characterized in: propose the notion of virtual AP first, existing WAPI mechanism is improved, proposed the WAPI application system in the wireless mesh network.
The related definition of virtual AP is as follows:
Define 1 virtual AP: adjacent a plurality of physics AP in the network, virtual is same AP, uses same virtual AP certificate (as giving a definition 2) jointly.
Define the certificate of 2 virtual AP: the public key certificate that can prove the virtual AP identity.The virtual AP certificate is a public key certificate, is the digital identity voucher of virtual AP, can determine the identity of virtual AP by the private key checking onlyly.
The main contents of virtual AP certificate comprise sequence number, version number, issuer title, the term of validity, the title of virtual AP, the PKI of virtual AP, expansion item, signature algorithm, the issuer signature of certificate in this definition.Wherein comprise the number that comprises physics AP in the virtual AP in the expansion item, and the identity of physics AP.Accompanying drawing 1 is the format description of virtual AP certificate.The concrete realization of virtual AP certificate can be by obtaining the expansion item expansion in X.509 certificate and the GBW certificate.
According to definition 1, STA is connected in the network on any physics AP, is equal to be connected on the same virtual AP.STA and this virtual AP are carried out mutual two-way authentication (both the legitimacy to STA authenticated, and the legitimacy to virtual AP authenticates again) by authentication server AS (Authentication Server).After authentication is passed through, STA is in the virtual Domain (all physics AP scopes that virtual AP is virtual) of virtual AP when mobile, can carry out the certificate discrimination process once more, and before directly utilizing and the result of virtual AP discriminating, carry out the negotiation of follow-up singlecast key and multicast key.
The present invention compares with the pre-authentication scheme of existing WAPI has following advantage:
(1) need not carry out the negotiations process of certificate discrimination process and base key once more, shorten the time of delay that STA switches between different AP.
(2) STA only needs a base key just to can be implemented in moving in the virtual Domain, need not generate and safeguard a base key tabulation, thereby alleviates the burden of STA end.
(3) implementation procedure is simple, and does not change the authentication system structure of WAPI.The change of doing at the AP place is fully transparent for STA, does not make any modification for present WAPI client.
(4) has extensibility.In large scale network, network can be divided into different tuftlets, adopt the authentication server structure of classification then, not only can realize fast moving among a small circle, and can realize the fast moving of STA in large scale network.
Description of drawings
Fig. 1 is the certificate format schematic diagram of virtual AP: version number, and 2 eight hytes of length are represented an integer; Sequence number, 4 eight hytes of length are represented an integer; The issuer title is made up of length field and content field; The term of validity, term of validity field length are 8 eight hytes, by the zero-time of 4 eight hytes with form the deadline of 4 eight hytes; The virtual AP title is made up of length field and content field; The virtual AP PKI is made up of length field and content field.Content field comprises public key algorithm sign, public key algorithm parameter and public key value field; Virtual AP expansion item, comprise two fields of extended attribute number and extended attribute tabulation, wherein an extended attribute digital section is 1 eight hyte, the number of sign extended attribute, number according to the present extended attribute of definition is 2, extended attribute list field content comprises the number that comprises physics AP in the virtual AP, and the identity of physics AP; Signature algorithm, which kind of algorithm the expression issuer adopts certificate is signed, and comprises two son fields of length and content; The issuer signature, the issuer signature field comprises length and signature value.
Fig. 2 is a WAPI application structure schematic diagram in the based on wireless mesh network.
Fig. 3 is STA WAPI identifying procedure figure based on virtual AP when being connected in the wireless mesh network first.
Fig. 4 is STA flow diagram of authentication procedures again when mobile in the wireless mesh network territory.
Embodiment
The present invention is described in further detail below in conjunction with accompanying drawing.
Fig. 1 is a WAPI application structure schematic diagram in the based on wireless mesh network.With some adjacent physics AP in the wireless mesh network virtual be same virtual AP, identical virtual AP certificate (distribution of certificate, management and install not within discussion scope of the present invention) is installed in these physics AP.STA is connected in the network on any physics AP, just be equal to be connected on this virtual AP, connect the function that physics AP realizes virtual AP.
Fig. 2 is that STA is connected to identifying procedure figure in the wireless mesh network first.STA is connected in the wireless mesh network first, and is as follows based on the WAPI verification process of virtual AP:
Step 1: the STA of virtual AP in being connected virtual Domain sends and differentiates the activation grouping.Differentiate that activating packet format activates the packet format unanimity with the discriminating that defines in the existing WAPI standard, comprises identification field, differentiates identification field, AS identity field, certificate field, parameter field.Improvement for existing WAPI standard is the virtual AP certificate (seeing definition 1) that uses the present invention's definition in certificate field.
STA handles according to existing WAPI standard procedure after receiving and differentiating the activation grouping, and the generation discrimination request grouping sends to the physics AP that STA connects.Wherein discrimination request grouping generates and carries out according to existing WAPI standard code.
Step 2: connect physics AP and receive discrimination request grouping after, at first verify for the grouping that receives according to existing WAPI standard code.Then according to the existing WAPI standard code discrimination request grouping that Generates Certificate, and send to the AS authentication server.Is in this step in the discrimination request grouping of WAPI standard definition to the improvement that has WAPI mechanism now, and what certificate field comprised is the virtual AP certificate that the present invention defines.
Step 3: authentication server AS handles according to existing WAPI standard after receiving the request of certificate authentication grouping of virtual AP transmission.The present invention is when carrying out certification authentication according to original WAPI standard for the improvement of authentication server AS, for the checking of physics AP certificate, is improved to the checking for the virtual AP certificate with originally.
Concrete grammar is, legitimacy by following steps checking virtual AP identity: whether the issuer name field is this authentication server AS title in the authentication server AS checking virtual AP certificate content, before the deadline whether checking term of validity field, and whether the PKI of title, the virtual AP of checking virtual AP is correct, and whether the issuer signature field is correct.
Authentication server AS still carries out according to existing WAPI standard for the checking of STA.
After authentication server AS finished two-way authentication for virtual AP and STA, according to existing WAPI standard, structure certificate authentication response packet was comprising the certificate verification object information of virtual AP.The certificate verification object information of virtual AP comprises certificate, authentication result and the authentication server AS of virtual AP to preceding two signature.The certificate authentication response packet also should comprise other information that define in the existing WAPI standard in addition.
Authentication server AS sends to the associated physics AP of STA with the certificate authentication response packet.
After the associated physics AP of step 4:STA received the certificate authentication response packet, the present invention had carried out following improvement for existing WAPI standard, to realize the function of virtual AP.
Concrete implementation procedure is as follows: the at first checking of dividing into groups according to existing WAPI standard according to the process of existing WAPI standard code, if the certificate verification result of STA is successfully, then generates base key BK according to standard code.In this physics AP, generate a key grouping then, the content of grouping comprise generation base key BK information and connect MAC (the WLAN (wireless local area network) media interviews control) address information of STA.Physics AP utilizes the PKI in the virtual AP certificate that encryption is carried out in grouping.And the grouping after will encrypting sends to other physics AP in the virtual AP.Need to prove the fail safe that guarantee this process of transmitting, concrete fail safe process of transmitting is not within discussion scope of the present invention.
Other physics AP receives after STA connects the key grouping that physics AP sends and carries out following processing in the virtual AP: 1) utilize the private key of virtual AP that grouping is decrypted calculating.2) in physics AP, generate a tabulation, the MAC Address of buffer memory STA and base key BK.The MAC Address of STA and base key BK are one-to-one relationships.
STA connects physics AP after sending the key grouping, inserts authentication response packet according to existing WAPI standard construction, and sends to STA.Key data wherein and signature field refer to the key data and the signature of virtual AP respectively.Identity field is meant the identity of virtual AP, comprising the sequence-number field in the virtual AP certificate, issuer name field, virtual AP name field.
Step 5:STA handles according to existing WAPI standard after receiving and inserting authentication response packet, generates base key BK at the STA end.
Follow-up unicast session key is consulted and multicast session key is announced negotiations process according to existing WAPI standard, carries out between STA and connection physics AP.
Fig. 3 is STA flow diagram of authentication procedures again when mobile in the wireless mesh network territory.STA finish first differentiate after, when mobile, verification process is as follows again in the wireless mesh network territory:
Step 1: rebulid physical connection according to the pre-authentication scheme of existing WAPI standard: 1) STA sends the request of seeking to AP.2) AP sends to STA and seeks response.3) STA sends the link verification request to AP.4) AP sends the link verification response to STA.5) STA sends related request to AP, and wherein the base key list field in the WAPI information element is the base key information that a same physics AP consults generation.
After the associated new AP of step 2:STA received related request, new physics AP carried out following processing: check 1) whether before the deadline STA submits the base key letter to.2) BK of buffer memory compares among BK that effectively then STA is submitted to and the AP.3) comparing result is identical, then skips WAPI certificate discrimination process, directly uses base key BK, carries out unicast session key negotiation and multicast session key announcement according to existing WAPI standard code.Comparing result is different, then carries out complete WAPI certificate according to existing WAPI standard and differentiates and cipher key agreement process.
Claims (1)
1,, it is characterized in that containing successively following steps based on the mesh re-authentication method of wireless LAN secure standard WAPI:
Step (1) some adjacent physical access point AP in the wireless mesh network virtual be same virtual access point AP, at connect identical virtual AP certificate of installation among each physical access point AP, its data format is as follows successively: the title of version number, sequence number, issuer title, the term of validity, virtual access point AP, the PKI of virtual access point AP, virtual access point AP expansion item, signature algorithm and issuer signature;
The terminal STA of step (2) virtual access point AP in being connected described access point virtual Domain sends differentiates the activation grouping, it is consistent that the discriminating that defines in its data format and the wireless LAN secure standard WAPI activates grouping, it comprises identification field, differentiates identification field, authentication server AS identity field, certificate field and parameter field that certificate field is wherein used the described virtual AP certificate of step (1);
Step (3) connects terminal STA receive that the described discriminating of step (2) activates grouping after, handle and generate discrimination request grouping according to the WAPI standard and send to the current physical access point AP that connects of this terminal;
After physical access point AP described in step (4) step (3) receives the discrimination request grouping described in the step (3), according to the checking of WAPI standard and the discrimination request grouping that Generates Certificate, and send to authentication server AS with the name of virtual access point AP, certificate field in the described discrimination request grouping is the described virtual AP certificate of step (1), also sends the certificate of this terminal STA simultaneously;
This authentication server of step (5) AS verifies described virtual AP certificate and STA certificate according to the WAPI standard after receiving the described request of certificate authentication grouping of step (4); After checking finished, this authentication server AS was according to the WAPI standard, and structure comprises the certificate authentication response packet of virtual AP certificate verification object information, and sends to the present physical access point AP that connects of described terminal STA; Comprise in virtual AP certificate verification object information: this virtual AP certificate, authentication result and authentication server AS are to this signature of two;
The present physical access point AP that connects of this terminal STA of step (6) receives the processing according to the following steps successively later on of the described certificate authentication response packet of step (5):
Step (6.1) is if the certification authentication of this terminal STA success, then press the WAPI standard and generate base key BK, and generate the grouping of key, the WLAN (wireless local area network) media interviews control mac address information of the terminal STA that is connected comprising the base key BK that generates and physical access point AP;
The physical access point AP that is connected in step (6.2) step (6) utilize PKI in the own virtual AP certificate to the described key of step (6.1) grouping encrypt, and encrypted secret key is divided into groups to send to other physical access point AP among the virtual access point AP;
Other physical access point among step (6.3) the virtual access point AP is carried out following steps successively after the key grouping of receiving the physical access point AP transmission that this terminal STA connects:
Step (6.3.1) utilizes the private key of virtual access point AP that this key grouping is decrypted computing;
Step (6.3.2) generates the MAC Address and the base key BK of this terminal STA of tabulation buffer memory among each other physical access point AP in virtual access point AP, both are one-to-one relationship;
Step (6.3.3) the physical access point AP that this terminal STA connected is sending key grouping back by authentication response packet of WAPI standard construction and send to this terminal STA, key data in this grouping and signature field are key data and the signatures of virtual access point AP, identity field is the identity of virtual access point AP, and it comprises sequence-number field, issuer name field, virtual AP name field in the virtual AP certificate;
This terminal STA of step (7) is received described in the step (6.3.3) after the authentication response packet, presses the WAPI standard and handles and generate base key BK.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100999595A CN101056177B (en) | 2007-06-01 | 2007-06-01 | Radio mesh re-authentication method based on the WLAN secure standard WAPI |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100999595A CN101056177B (en) | 2007-06-01 | 2007-06-01 | Radio mesh re-authentication method based on the WLAN secure standard WAPI |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101056177A true CN101056177A (en) | 2007-10-17 |
| CN101056177B CN101056177B (en) | 2011-06-29 |
Family
ID=38795805
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007100999595A Expired - Fee Related CN101056177B (en) | 2007-06-01 | 2007-06-01 | Radio mesh re-authentication method based on the WLAN secure standard WAPI |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101056177B (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101568117A (en) * | 2009-05-14 | 2009-10-28 | 刘建 | Pre-discrimination method and system in wireless local area network |
| CN101222325B (en) * | 2008-01-23 | 2010-05-12 | 西安西电捷通无线网络通信有限公司 | Wireless multi-hop network key management method based on ID |
| WO2010130121A1 (en) * | 2009-05-15 | 2010-11-18 | 中兴通讯股份有限公司 | Method and system for accessing 3rd generation network |
| WO2011020279A1 (en) * | 2009-08-19 | 2011-02-24 | 西安西电捷通无线网络通信股份有限公司 | Public key certificate-based identity authentication method and system thereof |
| CN102026196A (en) * | 2010-12-30 | 2011-04-20 | 东莞宇龙通信科技有限公司 | Authentication method based on WAPI ( wireless LAN authentication and privacy infrastructure), access point and mobile terminal |
| CN102036240A (en) * | 2009-09-27 | 2011-04-27 | 中兴通讯股份有限公司 | Method for synchronizing mobile phone information onto personnel computer (PC), mobile phone, computer and network system |
| CN102131199A (en) * | 2011-03-21 | 2011-07-20 | 华为技术有限公司 | WAPI (Wlan Authentication and Privacy Infrastructure) authentication method and access point |
| CN101583083B (en) * | 2009-06-01 | 2011-11-30 | 中兴通讯股份有限公司 | Implementation method of real-time data service and real-time data service system |
| CN101794401B (en) * | 2010-01-15 | 2012-01-25 | 华为终端有限公司 | Flash safety starting method and data card |
| US8412943B2 (en) | 2007-11-08 | 2013-04-02 | China Iwncomm Co., Ltd. | Two-way access authentication method |
| WO2013044469A1 (en) * | 2011-09-28 | 2013-04-04 | Dong Xiang | Deadlock-free adaptive routing algorithm |
| US8417951B2 (en) | 2008-05-09 | 2013-04-09 | China Iwncomm Co., Ltd. | Roaming authentication method based on WAPI |
| CN101808317B (en) * | 2009-02-18 | 2013-07-03 | 联想(北京)有限公司 | Computer device and method for realizing wireless local area network security measure |
| WO2013104301A1 (en) * | 2012-01-09 | 2013-07-18 | 中兴通讯股份有限公司 | Method for transmitting message, method for establishing secure connection, access point and workstation |
| CN104168623A (en) * | 2013-05-17 | 2014-11-26 | 上海贝尔股份有限公司 | Method, apparatus and system for managing wireless connection of WiFi mobile apparatus |
| CN105933941A (en) * | 2015-11-25 | 2016-09-07 | 北京邮电大学 | Handoff decision strategy based on QoS of user in SWAN framework |
| CN107317683A (en) * | 2017-06-20 | 2017-11-03 | 上海浩霖汇信息科技有限公司 | A kind of bi-directional verification method and device of electronics license |
| CN108183803A (en) * | 2012-11-13 | 2018-06-19 | 阿尔卡特朗讯公司 | For the limited certificate registration of the unknown device in hot spot networks |
| US10868803B2 (en) | 2017-01-13 | 2020-12-15 | Parallel Wireless, Inc. | Multi-stage secure network element certificate provisioning in a distributed mobile access network |
| CN112136299A (en) * | 2018-05-17 | 2020-12-25 | 诺基亚技术有限公司 | Facilitating residential wireless roaming via VPN connectivity over a public service provider network |
| WO2021196047A1 (en) * | 2020-03-31 | 2021-10-07 | 华为技术有限公司 | Key processing method and apparatus |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100508474C (en) * | 2002-02-10 | 2009-07-01 | 华为技术有限公司 | Method for switching over between switch-in points moving terminal in wireless local network |
| US8972582B2 (en) * | 2002-10-03 | 2015-03-03 | Nokia Corporation | Method and apparatus enabling reauthentication in a cellular communication system |
| CN1186906C (en) * | 2003-05-14 | 2005-01-26 | 东南大学 | Wireless LAN safety connecting-in control method |
| US7275157B2 (en) * | 2003-05-27 | 2007-09-25 | Cisco Technology, Inc. | Facilitating 802.11 roaming by pre-establishing session keys |
| CN1319337C (en) * | 2003-07-02 | 2007-05-30 | 华为技术有限公司 | Authentication method based on Ethernet authentication system |
| US20050243769A1 (en) * | 2004-04-28 | 2005-11-03 | Walker Jesse R | Apparatus and method capable of pre-keying associations in a wireless local area network |
| CN100544253C (en) * | 2004-07-22 | 2009-09-23 | 中兴通讯股份有限公司 | The safe re-authentication method of mobile terminal of wireless local area network |
-
2007
- 2007-06-01 CN CN2007100999595A patent/CN101056177B/en not_active Expired - Fee Related
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8412943B2 (en) | 2007-11-08 | 2013-04-02 | China Iwncomm Co., Ltd. | Two-way access authentication method |
| CN101222325B (en) * | 2008-01-23 | 2010-05-12 | 西安西电捷通无线网络通信有限公司 | Wireless multi-hop network key management method based on ID |
| US8688974B2 (en) | 2008-01-23 | 2014-04-01 | China Iwncomm Co., Ltd. | Method for managing wireless multi-hop network key |
| US8417951B2 (en) | 2008-05-09 | 2013-04-09 | China Iwncomm Co., Ltd. | Roaming authentication method based on WAPI |
| CN101808317B (en) * | 2009-02-18 | 2013-07-03 | 联想(北京)有限公司 | Computer device and method for realizing wireless local area network security measure |
| CN101568117A (en) * | 2009-05-14 | 2009-10-28 | 刘建 | Pre-discrimination method and system in wireless local area network |
| US8769647B2 (en) | 2009-05-15 | 2014-07-01 | Zte Corporation | Method and system for accessing 3rd generation network |
| WO2010130121A1 (en) * | 2009-05-15 | 2010-11-18 | 中兴通讯股份有限公司 | Method and system for accessing 3rd generation network |
| CN101583083B (en) * | 2009-06-01 | 2011-11-30 | 中兴通讯股份有限公司 | Implementation method of real-time data service and real-time data service system |
| WO2011020279A1 (en) * | 2009-08-19 | 2011-02-24 | 西安西电捷通无线网络通信股份有限公司 | Public key certificate-based identity authentication method and system thereof |
| CN102036240A (en) * | 2009-09-27 | 2011-04-27 | 中兴通讯股份有限公司 | Method for synchronizing mobile phone information onto personnel computer (PC), mobile phone, computer and network system |
| CN101794401B (en) * | 2010-01-15 | 2012-01-25 | 华为终端有限公司 | Flash safety starting method and data card |
| CN102026196A (en) * | 2010-12-30 | 2011-04-20 | 东莞宇龙通信科技有限公司 | Authentication method based on WAPI ( wireless LAN authentication and privacy infrastructure), access point and mobile terminal |
| CN102131199B (en) * | 2011-03-21 | 2013-09-11 | 华为技术有限公司 | WAPI (Wlan Authentication and Privacy Infrastructure) authentication method and access point |
| CN102131199A (en) * | 2011-03-21 | 2011-07-20 | 华为技术有限公司 | WAPI (Wlan Authentication and Privacy Infrastructure) authentication method and access point |
| WO2013044469A1 (en) * | 2011-09-28 | 2013-04-04 | Dong Xiang | Deadlock-free adaptive routing algorithm |
| WO2013104301A1 (en) * | 2012-01-09 | 2013-07-18 | 中兴通讯股份有限公司 | Method for transmitting message, method for establishing secure connection, access point and workstation |
| CN108183803A (en) * | 2012-11-13 | 2018-06-19 | 阿尔卡特朗讯公司 | For the limited certificate registration of the unknown device in hot spot networks |
| CN108183803B (en) * | 2012-11-13 | 2021-04-16 | 阿尔卡特朗讯公司 | Device related to limited certificate registration in hotspot network |
| CN104168623A (en) * | 2013-05-17 | 2014-11-26 | 上海贝尔股份有限公司 | Method, apparatus and system for managing wireless connection of WiFi mobile apparatus |
| US10555188B2 (en) | 2013-05-17 | 2020-02-04 | Alcatel Lucent | Methods, devices, and system for managing wireless connection of WiFi mobile devices |
| CN105933941B (en) * | 2015-11-25 | 2019-06-11 | 北京邮电大学 | Switch decision strategy process based on user QoS in a kind of SWAN framework |
| CN105933941A (en) * | 2015-11-25 | 2016-09-07 | 北京邮电大学 | Handoff decision strategy based on QoS of user in SWAN framework |
| US10868803B2 (en) | 2017-01-13 | 2020-12-15 | Parallel Wireless, Inc. | Multi-stage secure network element certificate provisioning in a distributed mobile access network |
| CN107317683A (en) * | 2017-06-20 | 2017-11-03 | 上海浩霖汇信息科技有限公司 | A kind of bi-directional verification method and device of electronics license |
| CN107317683B (en) * | 2017-06-20 | 2019-12-13 | 上海浩霖汇信息科技有限公司 | bidirectional verification method and device for electronic certificate |
| CN112136299A (en) * | 2018-05-17 | 2020-12-25 | 诺基亚技术有限公司 | Facilitating residential wireless roaming via VPN connectivity over a public service provider network |
| WO2021196047A1 (en) * | 2020-03-31 | 2021-10-07 | 华为技术有限公司 | Key processing method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101056177B (en) | 2011-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101056177B (en) | Radio mesh re-authentication method based on the WLAN secure standard WAPI | |
| CN1191696C (en) | Sefe access of movable terminal in radio local area network and secrete data communication method in radio link | |
| CN100341290C (en) | Authentication method for fast handover in a wireless local area network | |
| US7743408B2 (en) | Secure association and management frame verification | |
| CN1191703C (en) | Safe inserting method of wide-band wireless IP system mobile terminal | |
| CN1124759C (en) | Safe access method of mobile terminal to radio local area network | |
| CN102440019B (en) | Traffic encryption key generation in a wireless communication network | |
| US8185091B2 (en) | Network access authentication and authorization method and an authorization key updating method | |
| CN1186906C (en) | Wireless LAN safety connecting-in control method | |
| CN1697373A (en) | Method for negotiating about cipher key shared by users and application server | |
| CN101079891B (en) | Wireless switching network re-authentication method based on wireless LAN secure standard WAPI | |
| CN1265609C (en) | Confirmation method for safe mobile e-business platform digital certificate | |
| CN101083530A (en) | Method for realizing intra-mobile entity authentication and cipher key negotiation using short message | |
| WO2009135445A1 (en) | Roaming authentication method based on wapi | |
| CN1564509A (en) | Key consaltation method in radio LAN | |
| WO2011015060A1 (en) | Extensible authentication protocol authentication method, base station and authentication server thereof | |
| CN108390909B (en) | Fleet-oriented safety mobility management method based on aggregation authentication | |
| CN101420695B (en) | 3G customer fast roaming authentication method based on wireless LAN | |
| CN111615837B (en) | Data transmission method, related equipment and system | |
| CN100525182C (en) | Authentication and encryption method for wireless network | |
| CN1725685A (en) | Security identification method for mobiole terminal of radio cocal network | |
| CN101707769A (en) | Method and system for WAPI reauthentication in wireless local area network | |
| CN115038084A (en) | Decentralized trusted access method for cellular base station | |
| CN1561042A (en) | Method of managing mobile terminal by radio local network insertion point equipment | |
| CN1225941C (en) | Roaming access method of mobile node in radio IP system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110629 |