CN101883359A - Method and device for accessing relay station to network - Google Patents

Method and device for accessing relay station to network Download PDF

Info

Publication number
CN101883359A
CN101883359A CN2009101371031A CN200910137103A CN101883359A CN 101883359 A CN101883359 A CN 101883359A CN 2009101371031 A CN2009101371031 A CN 2009101371031A CN 200910137103 A CN200910137103 A CN 200910137103A CN 101883359 A CN101883359 A CN 101883359A
Authority
CN
China
Prior art keywords
relay station
request
message
relay
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2009101371031A
Other languages
Chinese (zh)
Inventor
时代
梁文亮
卢磊
李波杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN2009101371031A priority Critical patent/CN101883359A/en
Priority to PCT/CN2010/072405 priority patent/WO2010127605A1/en
Publication of CN101883359A publication Critical patent/CN101883359A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/042Public Land Mobile systems, e.g. cellular systems
    • H04W84/047Public Land Mobile systems, e.g. cellular systems using dedicated repeater stations

Abstract

The invention provides a method and a device for accessing a relay station to a network. The method comprises the following steps of: receiving a distance-measuring request from the relay station and sending a distance-measuring response to the relay station; receiving a basic capacity request from the relay station and sending a basic capacity response to the relay station; receiving a security association transmission encryption key request from the relay station and sending a security association transmission encryption key response to the relay station; and receiving a registration request from the relay station, registering the relay station and sending a registration response to the relay station after the registration is finished, wherein the distance-measuring request, the basic capacity request, the security association transmission encryption key request or the registration request carries safe area capacity information and/or data generation capacity information of the relay station.

Description

Method and device that a kind of relay station networks
Technical field
The present invention relates to wireless communication technology, especially relate to method and device that a kind of relay station networks.
Background technology
WiMAX (Worldwide Interoperability for Microwave Access, the microwave interoperability is inserted in the whole world) is a kind of wireless metropolitan area network technology based on IEEE 802.16 standards.In IEEE 802.16 standards, IEEE 802.16d is the standard of fixed wireless access, can be applied to 2~11GHz non line of sight (NLOS) transmission and 10~66GHz sighting distance (LOS) transmission.IEEE 802.16e has added the ambulant new features of support on the basis of IEEE 802.16d.IEEE 802.16j is the air protocol that realizes relaying (relay) ability on the 16e basis that IEEE organizes to set up.In relaying technique, relay station (RS, Relay Station) is the website of data between transfer base station and the terminal, makes wireless signal promptly to arrive the destination through multi-hop through repeatedly transmission.In multihop network basic framework based on relaying technique, comprise following three essential parts: multi-hop relay base station (MRBS, Multi-hop Relay Base Station), RS and user terminal, user terminal comprises subscriber station (SS, Subscriber Station) and travelling carriage (MS, Mobile Station).Wherein:
MRBS a kind ofly is connected for relay station provides with user terminal, the equipment of management and control.
RS is a kind of MRBS of depending on, and the equipment of connection is provided for other RS or user terminal.The RS that has also can provide management and control for subordinate RS or user terminal.Between RS and user terminal eat dishes without rice or wine with MRBS and user terminal between to eat dishes without rice or wine be identical.RS can produce data, also can be restricted to only to transmit data, can not produce data.
In the prior art, as long as the networking of having finished of RS success authenticates, just can be selected to add place of safety (Security Zone) by MRBS, whether the MRBS decision issues the key of place of safety, as issue SZK (Security Zone Key, place of safety key) and SZKEK (Security Zone Key Encryption Key, the encryption key of place of safety key) and give corresponding RS, RS after receiving the key of place of safety, even if successful adding the place of safety.If RS has left the place of safety, do not need to authenticate again and issue key again.
In realizing process of the present invention, the inventor finds that there are the following problems at least in the prior art: defined when relay station networks under the WiMAX network idiographic flow of the side of eating dishes without rice or wine, the flow process that does not have the define grid side specifically should carry out among the IEEE802.16j.Though existing NWG Stage3 has defined the network side detailed process that terminal networks and should carry out, this networking effluent journey networks at terminal, some message is arranged and be not suitable for the scene that RS networks.In addition, the place of safety is not essential realization, and just suggestion realizes, does not support the situation of place of safety to take place so may have RS.But existing protocol does not define the capability negotiation process whether RS supports the place of safety.If there is not corresponding capability negotiation process, may produce MRBS and issue SZK, SZKEK, but RS do not support the situation of place of safety, and cause the waste of key and unnecessary security threat to RS.
Summary of the invention
The main purpose of the embodiment of the invention is to provide a kind of relay station method of network entry and device, when networking to provide relay station, and the flow process of the side of eating dishes without rice or wine and network side.
The present invention provides a kind of relay station method of network entry and device in addition, to realize the negotiation of place of safety ability.
To achieve these goals, the embodiment of the invention provides a kind of relay station method of network entry, and this method comprises:
Reception is from the distance measurement request of relay station, and sends ranging response to described relay station;
Reception is from the basic capacity request of described relay station, and sends the basic capacity response to relay station;
Reception is from the Security Association traffic encryption key request of relay station, and sends the response of Security Association traffic encryption key to relay station;
Reception is carried out the registration of relay station from the register requirement of described relay station, and sends the registration response to relay station after registration is finished;
Wherein, carry the place of safety ability information and/or the data generative capacity information of relay station in described distance measurement request, basic capacity request, the request of Security Association traffic encryption key or the register requirement.
The embodiment of the invention also provides a kind of relay station method of network entry, comprising:
Reception is from the basic capacity request of relay station;
Send relay station to certificate server and adhere to request in advance, this relay station adheres to the basic capacity information of carrying relay station in the request in advance;
Reception is adhered to response in advance from the relay station of certificate server;
After receiving the register requirement from described relay station, send relay station to certificate server and adhere to request, this relay station adheres to the log-on message that carries relay station in the request and the serving BS information of relay station;
Reception from described certificate server be used to confirm that the relay station of serving BS information of the log-on message of relay station and relay station adheres to response message.
The embodiment of the invention also provides a kind of relay station, comprise: transmitting element, this transmitting element is used to send distance measurement request, basic capacity request, the request of Security Association traffic encryption key or register requirement, carries the place of safety ability information and/or the data generative capacity information of this relay station in this distance measurement request, basic capacity request, the request of Security Association traffic encryption key or the register requirement.
The embodiment of the invention also provides a kind of relay base station, comprising:
Basic capacity request receiving element is used to receive the basic capacity request from described relay station;
Report the unit, be used for sending relay station and adhere to request in advance, report the basic capacity information of relay station, and the relay station that receives from certificate server adheres to response in advance to certificate server; The register requirement receiving element is used to receive the register requirement from described relay station;
Relay station adheres to request unit, is used for sending relay station to certificate server and adheres to request, and this relay station adheres to the log-on message that carries relay station in the request and the serving BS information of relay station;
Relay station adheres to response unit, be used to receive from described certificate server be used to confirm that the relay station of serving BS information of the log-on message of relay station and relay station adheres to response message in advance.
The embodiment of the invention has provided the flow process of relay station networking space-time oral-lateral and network side, and has realized the negotiation of relay station and relay base station place of safety ability.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, does not constitute limitation of the invention.In the accompanying drawings:
The effluent journey of eating dishes without rice or wine when Fig. 1 networks for relay station;
Fig. 2 is the flow chart that the relay station of one embodiment of the invention networks;
Fig. 3 is the structured flowchart of the relay station of one embodiment of the invention;
Fig. 4 is the structured flowchart of the relay base station of one embodiment of the invention;
Fig. 5 is the structured flowchart of the relay base station of another embodiment of the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, specific embodiments of the invention are elaborated below in conjunction with accompanying drawing.At this, illustrative examples of the present invention and explanation thereof are used to explain the present invention, but not as a limitation of the invention.
In the IEEE 802.16j standard, have the flow process of relay station networking space-time oral-lateral under a kind of WiMAX network, as shown in Figure 1, this flow process comprises the steps:
Step 101, the down-going synchronous flow process is carried out down-going synchronous with MRBS.
In this step, RS obtains the synchronizing information of MRBS, as UCD (Uplink Channel Descriptor, upstream channel descriptor), DCD (Downlink Channel Descriptor, down channel descriptor), UL_MAP (uplink map), DL_MAP (downlink map) etc.
Step 102, initial ranging (Ranging) process.Specifically can comprise:
RS sends distance measurement request (RNG-REQ) message to MRBS, after MRBS receives RNG-REQ, to RS feedback ranging response (RNG-RSP) message, carry in this RNG-RSP message the frequency deviation that is used to regulate RS, the time inclined to one side information.
Step 103, RS sends basic capacity request message (SBC-REQ, RS Basic CapabilityRequest) to MRBS, carries out the process of basic capability negotiating.
Carry the basic capacity parameter that relay station is supported in this SBC-REQ message, as private cipher key management (PKM, privacy Key Management) protocol version, delegated strategy (Authorization Policy) and message authentication code modes (Message Authentication Code mode) etc.
Step 104 after MRBS receives SBC-REQ message, is replied (SBC-RSP, RS Basic Capability Response) message to the basic capacity of RS feedback, carries the basic capacity parameter that MRBS confirms in the message.
After MRBS received SBC-REQ message, the ability parameter of supporting with self compared, and the ability parameter that both sides are supported is included in the basic capacity response message and sends to RS.
Step 105, RS and MRBS and upper strata certification entity are carried out EAP (Extensible Authentication Protocol) verification process.
In this step, described upper strata certification entity is meant certificate server.
Step 106~108, MRBS and RS carry out three-way handshake process, guarantee that AK (Authorization Key, authorization key) context is synchronous.
Herein, so-called three-way handshake is with the pattern of challenge, request, response, guarantees that the key that two ends comprise is identical, just guarantees the synchronous of key.
Being simply described as follows of three-way handshake process:
MRBS sends Security Association traffic encryption key challenge (SA-TEK-Challenge) message to RS, information such as the random number that portability MRBS produces in this message, authorization key sequence number, authorization key sign and cipher key lifetimes; This SA-TEK-Challenge message can be encapsulated in eating dishes without rice or wine in private cipher key managing response (PKMv2-RSP) message to be transmitted, and can be expressed as PKMv2-RSP/SA-TEK-Challenge or PKMv2SA-TEK-Challenge this moment.
After RS receives SA-TEK-Challenge, send Security Association traffic encryption key request (SA-TEK-Request) message to MRBS, the random number that portability RS produces in the message, information such as the random number that MRBS comprises in Security Association traffic encryption key challenge message, authorization key sequence number, authorization key sign, security capabilities, security negotiation variable; SA-TEK-Request message can be encapsulated in the PKMv2-REQ message in eating dishes without rice or wine to be transmitted, and can be expressed as PKMv2-REQ/SA-TEK-Request or PKMv2SA-TEK-Request this moment.
After MRBS receives SA-TEK-Request, send Security Association traffic encryption key response (SA-TEK-Response) message to RS.MRBS can issue SZK (Security Zone Key, place of safety key) and the SZKEK (Security ZoneKey Encryption Key, place of safety key-encrypting key) that is used for the RS place of safety in the SA-TEK-Response that sends to RS.If this RS is the RS of first networking, then MRBS can generate the SZK and the SZKEK that are used for the RS place of safety before sending SA-TEK-Response.SA-TEK-Response message can be encapsulated in the PKMv2-RSP message in eating dishes without rice or wine to be transmitted, and can be expressed as PKMv2-RSP/SA-TEK-Response or PKMv2SA-TEK-Request this moment.
Step 109~110, RS and MRBS carry out the procurement process of traffic encryption key.Specifically can comprise:
Step 109, RS sends key request (Key-Request) message to MRBS, is used for to MRBS request TEK (traffic encryption key), and this Key-Request message can be encapsulated in the PKMv2-REQ message in the side of eating dishes without rice or wine to be transmitted.
Step 110, MRBS sends key to RS and answers (Key-Reply) message, wherein carries the SA descriptor, and this SA descriptor comprises TEK (Traffic Encryption Key, traffic encryption key) information.This Key-Reply message can be encapsulated in the PKMv2-RSP message in the side of eating dishes without rice or wine to be transmitted.
Step 111, RS to MRBS send register requirement (Registration Request, REG-REQ) message is carried out the negotiation of some abilities of the registration of RS and RS, concrete ability is as shown in the table.
Table 1.MRBS and RS MAC (media interviews control) ability are supported TLV (type-length-letter)
Figure B2009101371031D0000061
Step 112, after the RS registration was finished, MRBS sent registration response (REG_RSP) message and gives RS, has comprised the feedback that various abilities are supported in the above-mentioned table 1 in this registration reply message.
Step 113, MRBS sends relay station configuration order (RS_Config-CMD) message and gives RS, and the concrete parameter of RS is configured.The parameter of configuration can comprise the operator scheme of RS, the sign of RS, and preamble index, or the like.
Step 114, RS returns acknowledge message MR-Generic-ACK to MRBS and confirms.
In the flow process that as above networks, do not define the capability negotiation process whether RS supports the place of safety, if there is not corresponding place of safety capability negotiation process, issued SZK, SZKEK though may produce MRBS to RS, thereby because RS does not support safety to cause the waste of key and unnecessary problems such as security threat.
The flow process that equally, as above networks does not define the negotiations process whether RS supports to produce data capability yet.Because can different operator produce the Capability Requirement difference of data to RS, the RS that thinks that has can independently produce data, and the RS that thinks that has only can transmit data, can not produce data.If do not have RS can produce the capability negotiation of data, then can not satisfy the demand of multiple operator.Following embodiments of the invention will solve as above problem.
Embodiment 1
The embodiment of the invention provides relay station method of network entry in a kind of wireless relay network.
The method of present embodiment is on the basis of flow process shown in Figure 1, district safe to carry ability and/or generation data capability information in PKMv2SA-TEK-Request message in distance measurement request (RNG-REQ) message, SBC-REQ message, three-way handshake process or the REG-REQ message.Particularly, following mode is for example arranged:
(1) can in distance measurement request (RNG-REQ) message, SBC-REQ or PKMv2-REQ/SA-TEK-Request message, add correspondingly field, for example in message, add the RS place of safety and support TLV field and/or data to produce the support field, concrete form such as table 2, table 3 or table 4:
Table 2.RS supports TLV in the place of safety
Figure B2009101371031D0000071
Table 3.RS data produce supports TLV
Figure B2009101371031D0000081
Table 4. place of safety is supported and data produce support TLV
Figure B2009101371031D0000082
Perhaps:
(2) MRBS and the RS MAC ability of REG-REQ message are supported that TLV makes amendment, add the negotiation of RS place of safety tenability and the negotiation that data produce tenability.Amended MRBS and RSMAC ability support that TLV is as shown in table 5:
Table 5.MRBS and RS MAC ability are supported TLV
Figure B2009101371031D0000083
Correspondingly, in embodiments of the present invention, in ranging response, basic capacity response, PKMv2-RSP/SA-TEK-Reponse or registration response, can correspondingly carry the data generative capacity information and/or the place of safety tenability information of the relay station that relay base station supports.
Because when the RS initial network entry, MRBS generally can issue the initial key SZK and the SZKEK of place of safety in PKMv2-RSP/SA-TEK-Reponse message.So the capability negotiation of place of safety was just carried out in embodiment of the invention suggestion before PKMv2-RSP/SA-TEK-Reponse message, therefore preferably at ranging process, add the capability negotiation of whether relay station being supported the place of safety in SBC process or the PKMv2SA-TEK-Request process.
By as upper type, when relay station networks, just add RS and supported the negotiations process of place of safety ability and/or the capability negotiation process that can RS produce data, thereby can avoid the waste of key and unnecessary security threat, and can satisfy the demand of multiple operator.
Embodiment 2
The embodiment of the invention also provides relay station method of network entry in a kind of wireless relay network.This method has provided the flow process of relay station networking space-time oral-lateral and network side.As shown in Figure 2, this method comprises following flow process:
Step 201, the down-going synchronous flow process is carried out down-going synchronous with MRBS.
This step is with aforementioned step 101.
Step 202, initial ranging (Ranging) process.
This step can be with aforementioned step 102, and promptly RS sends distance measurement request (RNG-REQ) message to MRBS, after MRBS receives RNG-REQ, to RS feedback RNG-RSP.
Step 203, RS sends basic capacity request message (SBC-REQ, RS Basic CapabilityRequest) to MRBS, carries out the process of basic capability negotiating.As private cipher key management (PKM, privacy KeyManagement) protocol version, delegated strategy (Authorization Policy) and message authentication code modes (Message Authentication Code mode) etc.
Step 204, MRBS reports certificate server with the SBC information of RS.
Described certificate server for example can be authenticator (Authenticator) or access service network gateway (ASN-GW).
In this step, MRBS sends relay station to certificate server and adheres to request (RS-PreAttachment-REQ) message in advance, and this RS-PreAttachment-REQ carries the basic capacity information of relay station.Herein, message RS-PreAttachment-REQ is the predefined message of the embodiment of the invention, be used for reporting the basic capacity of relay station to the certificate server of network side, the security history (RS SecurityHistory) that has wherein comprised RS, the essential information of SBC information (SBC Context) and serving BS broadcasts (Serving BS Info) etc., and optionally, go back portability and identify the indication information that this message belongs to a RS rather than MS.
After step 205, certificate server are received the message of MRBS, return relay station to MRBS and adhere to response (RS-PreAttachment-RSP) message in advance, to confirm the basic capacity information of relay station.
The certificate server indication (Failure Indication) that whether portability fails in the RS-PreAttachment-RSP message of MRBS feedback, the related context (RS Info) of RS, the security history (RSSecurity History) of RS, and the essential information of serving BS broadcasts (Serving BS Info) etc.
Step 206, MRBS replys (SBC-RSP, RS Basic CapabilityResponse) message to the basic capacity of RS feedback, carries the basic capacity parameter that MRBS confirms in the message.
Step 207, MRBS sends RS-PreAttachment-ACK message as affirmation to certificate server.
Step 208, RS and RS management server (RS Management Server) carry out the verification process of RS.
This RS management server is used for RS is managed, and described management comprises authentication, aspects such as mandate.Described authentication will be passed through AAA (Authentication, Authorization, and Accounting) server and finish.This RS management server can be positioned at same entity with aaa server, also can be positioned at different entities.
If in the preceding step 204, RS-PreAttachment-REQ message does not comprise the indication that sign RS-PreAttachment-REQ belongs to a RS, because in the process of RS authentication, aaa server can obtain the information substrate of RS, comprise identity information, therefore AAA is after the EAP of RS authentication, the essential information of this RS can be handed down to certificate server (Authenticator/ASN-GW), the identity information of the certificate server RS that can provide by aaa server learns that this goes into the website is a RS rather than MS like this; Also can be behind authentication success, by RS management server notice Authenticator/ASN-GW, this goes into the website is a RS rather than MS.
Step 209, the AK Context information that calculates RS of certificate server success, and this information sent to MRBS by cipher key interaction indication (Key_change-Direction) message.
Step 210, MRBS gives certificate server feedback acknowledgment message Key_change-Ack after receiving Key_change-Direction message.
Step 211~213, MRBS and RS carry out three-way handshake process, guarantee that AK (Authorization Key, authorization key) context is synchronous.
This step can be identical with abovementioned steps 106~108.
Step 214, RS sends PKMv2Key-Request message to MRBS, to MRBS request TEK (traffic encryption key).
Step 215, MRBS sends PKMv2Key-Reply message to RS, wherein carries the SA descriptor, and this SA descriptor comprises TEK information.
Step 216, RS sends register requirement (REG_REQ) message to MRBS, and with the negotiation of some abilities of the registration of carrying out RS and RS, concrete ability can be shown in previous table 1.
Can not realize that in order to solve prior art RS supports the negotiation of place of safety ability and/or the negotiation problem that can RS produce the ability of data, as another embodiment of the present invention, can " the MR-BSand RS MAC feature support TLV " of REG_REQ message be made amendment, add the negotiation of RS place of safety ability support and the negotiation that RS produces data capability.Amended " MR-BS and RS MAC feature support TLV " can be shown in table 5 among the embodiment 1.
Step 217, after MRBS receives REG_REQ message, send relay station and adhere to request (RS-Attachment-REQ) message, comprise the log-on message of RS and the essential information of serving BS broadcasts (serving BS Info) in this RS-Attachment-REQ message to certificate server.
Step 218, certificate server are returned relay station to RS and are adhered to response (RS-Attachment-RSP) message.
The log-on message that has comprised RS in this RS-Attachment-RSP message.
Step 219, MRBS sends registration response (REG_RSP) message to RS, carries the affirmation to the ability of RS in this REG_RSP message.Modification to " MR-BS and RS MAC featuresupport TLV " in the REG_RSP message is identical with REG_REQ, promptly as shown in table 5 equally.
Step 220, MRBS sends RS-Attachment-ACK message with as the affirmation to RS-Attachment-RSP message to certificate server.
Step 221-222, RS management server or certificate server send RS_Config-CMD message to MRBS alternatively, and how notice MRBS disposes the essential information of RS.
Step 223, MRBS sends relay station configuration order (RS_Config-CMD) message and gives RS, and the concrete parameter of RS is configured.
Step 224, RS returns MR-Generic-ACK message to MRBS and confirms.
In the embodiment of the invention, provide the flow process of relay station networking space-time oral-lateral and network side, and realized the negotiation that relay station place of safety ability and data produce ability.
Embodiment 3
Network side flow process and embodiment 2 when the relay station of present embodiment networks are identical, do not do detailed description at this.The position that present embodiment is primarily aimed at newly-increased place of safety capability negotiation of the side of eating dishes without rice or wine and data generation capability negotiation is described.
Different with embodiment 2 RS place of safety ability is placed in the REG_REQ message, in the embodiment of the invention RS place of safety ability is placed in initial ranging message, SBC message or the PKMv2 SA-TEK-Request message.Need add corresponding negotiation field this moment in above message, for example can be in the following way: add the RS place of safety and support the TLV field in initial ranging message, SBC message or PKMv2 SA-TEK-Request message, concrete form can be shown in table 2 among the embodiment 1.
Because when the RS initial network entry, MRBS generally can issue the initial key SZK and the SZKEK of place of safety in PKMv2 SA-TEK-Reponse message.So the embodiment of the invention was just carried out the capability negotiation of place of safety before PKMv2 SA-TEK-Reponse message, just, add the capability negotiation of whether relay station being supported the place of safety in SBC process or the PKMv2SA-TEK-Request process at ranging process.
Be placed in the REG_REQ message differently with ability that the RS of embodiment 2 produces data, the data generation ability of RS can be placed in initial ranging message, SBC message or the PKMv2SA-TEK-Request message equally in the embodiment of the invention.Need in initial ranging message, SBC message or PKMv2SA-TEK-Request message, add the corresponding field of consulting this moment, for example can be in the following way: add the RS data and produce and support the TLV field in initial ranging message, SBC message or PKMv2SA-TEK-Request, concrete form can be shown in table 3 among the embodiment 1.
When adding RS place of safety support TLV field and RS data generation support TLV field simultaneously in initial ranging message, SBC message or PKMv2SA-TEK-Request message, concrete form can be shown in table 4 among the embodiment 1.
Correspondingly, in embodiments of the present invention, also carry the data generative capacity information and/or the place of safety tenability information of the relay station that relay base station supports in described ranging response, basic capacity response, PKMv2SA-TEK-Reponse or the registration response.
In the embodiment of the invention, provide the flow process of relay station networking space-time oral-lateral and network side, and realized the negotiation that relay station place of safety ability and data produce ability.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method can instruct relevant hardware to finish by program, this program can be stored in the computer read/write memory medium, such as ROM/RAM, magnetic disc, CD etc.
Embodiment 4
The embodiment of the invention provides the relay station 300 in a kind of wireless relay network, this relay station comprises: transmitting element 310, be used for sending distance measurement request, basic capacity request, the request of Security Association traffic encryption key or register requirement, the place of safety ability information and/or the data generative capacity information of carrying this relay station in this distance measurement request, basic capacity request, the request of Security Association traffic encryption key or the register requirement to relay base station.In another embodiment of the present invention, as shown in Figure 3, described relay station also comprises receiving element 320, be used to receive response message, carry the place of safety ability information and/or the data generative capacity information of the relay station that relay base station supports in the described response message from distance measurement request, basic capacity request, the request of Security Association traffic encryption key or the register requirement that described transmitting element is sent of relay base station.
In the embodiment of the invention when relay station networks, add RS and supported the negotiations process of place of safety ability and/or the capability negotiation process that can RS produce data, thereby can avoid the waste of key and unnecessary security threat, and can satisfy the demand of multiple operator.
Embodiment 5
Present embodiment provides the relay base station in a kind of wireless relay network, and as shown in Figure 4, this relay base station 400 comprises:
Basic capacity request receiving element 410 is used to receive the basic capacity request from described relay station;
Report unit 420, be used for sending relay station and adhere to request RS-PreAttachment-REQ in advance to certificate server, and the relay station that receives from certificate server adheres to response in advance, and wherein said RS-PreAttachment-REQ carries the basic capacity information of relay station.
Register requirement receiving element 430 is used to receive the register requirement from described relay station;
Relay station adheres to request unit 440, is used for sending relay station to certificate server and adheres to request, and this relay station adheres to the log-on message that carries relay station in the request and the serving BS information of relay station;
Relay station adheres to response unit 450, be used to receive from described certificate server be used to confirm that the relay station of serving BS information of the log-on message of relay station and relay station adheres to response message.
In another embodiment of the present invention, as shown in Figure 5, described relay base station also comprises:
First confirmation unit 460 is used for sending relay station to certificate server and adheres to acknowledge message in advance.
Authorization key receiving element 470 is used to receive the authorization key context from certificate server;
Second confirmation unit 480 is used for returning acknowledge message to described certificate server.
The 3rd confirmation unit 490 is used for sending relay station to certificate server and adheres to acknowledge message.
Relay station dispensing unit 500 is used to receive the relay station configuration order from certificate server or relay station management server, and sends the relay station configuration order according to the configuration control information of carrying in this relay station configuration order relay station to described relay station.
In the embodiment of the invention, a unit can be merged in above-mentioned each unit of relay base station, also can further split into a plurality of subelements.
Above-described specific embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is specific embodiments of the invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (18)

1. a relay station method of network entry is characterized in that, comprising:
Reception is from the distance measurement request of relay station, and sends ranging response to described relay station;
Reception is from the basic capacity request of described relay station, and sends the basic capacity response to relay station;
Reception is from the Security Association traffic encryption key request of relay station, and sends the response of Security Association traffic encryption key to relay station;
Reception is carried out the registration of relay station from the register requirement of described relay station, and sends the registration response to relay station after registration is finished;
Wherein, carry the place of safety ability information and/or the data generative capacity information of relay station in described distance measurement request, basic capacity request, the request of Security Association traffic encryption key or the register requirement.
2. method according to claim 1 is characterized in that:
Correspondingly carry the place of safety ability information and/or the data generative capacity information of the relay station that relay base station supports in described ranging response, basic capacity response, the response of Security Association traffic encryption key or the registration response.
3. a relay station method of network entry is characterized in that, comprising:
Reception is from the basic capacity request of relay station;
Send relay station to certificate server and adhere to request in advance, this relay station adheres to the basic capacity information of carrying relay station in the request in advance;
Reception is adhered to response in advance from the relay station of certificate server;
After receiving the register requirement from described relay station, send relay station to certificate server and adhere to request, this relay station adheres to the log-on message that carries relay station in the request and the serving BS information of relay station;
Reception from described certificate server be used to confirm that the relay station of serving BS information of the log-on message of relay station and relay station adheres to response message.
4. method according to claim 3 is characterized in that, the basic capacity information that described relay station adheres to the relay station that carries in the request in advance comprises: the security history of relay station, basic capacity information context and service base station information.
5. method according to claim 4 is characterized in that, the basic capacity information that described relay station adheres to the relay station that carries in the request in advance also comprises: indicate described relay station to adhere to the indication information that request belongs to relay station in advance.
6. method according to claim 3 is characterized in that, also comprises:
Reception is from the distance measurement request of relay station, and sends ranging response to described relay station;
Reception is from the Security Association traffic encryption key request of relay station, and sends the response of Security Association traffic encryption key to relay station.
7. method according to claim 6 is characterized in that:
Carry the place of safety ability information and/or the data generative capacity information of described relay station in described distance measurement request, basic capacity request, the request of Security Association traffic encryption key or the register requirement.
8. method according to claim 3 is characterized in that, also comprises:
Send relay station to certificate server and adhere to acknowledge message in advance.
9. method according to claim 3 is characterized in that, also comprises:
Reception is returned acknowledge message from the authorization key context of certificate server to described certificate server.
10. method according to claim 3 is characterized in that, also comprises:
Send relay station to certificate server and adhere to acknowledge message.
11. method according to claim 3 is characterized in that, also comprises:
Reception is from the relay station configuration order of certificate server or relay station management server, and sends the relay station configuration order according to the configuration control information of carrying in this relay station configuration order relay station to described relay station.
12. a relay station comprises transmitting element, it is characterized in that:
Transmitting element is used for sending distance measurement request, basic capacity request, the request of Security Association traffic encryption key or register requirement, the place of safety ability information and/or the data generative capacity information of carrying this relay station in this distance measurement request, basic capacity request, the request of Security Association traffic encryption key or the register requirement to relay base station.
13. relay station according to claim 12 is characterized in that, also comprises:
Receiving element, be used to receive response message, carry the place of safety ability information and/or the data generative capacity information of the relay station that relay base station supports in the described response message from distance measurement request, basic capacity request, the request of Security Association traffic encryption key or the register requirement that described transmitting element is sent of relay base station.
14. a relay base station is characterized in that, comprising:
Basic capacity request receiving element is used to receive the basic capacity request from described relay station;
Report the unit, be used for sending relay station and adhere to request in advance, report the basic capacity information of relay station, and the relay station that receives from certificate server adheres to response in advance to certificate server;
The register requirement receiving element is used to receive the register requirement from described relay station;
Relay station adheres to request unit, is used for sending relay station to certificate server and adheres to request, and this relay station adheres to the log-on message that carries relay station in the request and the serving BS information of relay station;
Relay station adheres to response unit, be used to receive from described certificate server be used to confirm that the relay station of serving BS information of the log-on message of relay station and relay station adheres to response message.
15. relay base station according to claim 14 is characterized in that, also comprises:
First confirmation unit is used for sending relay station to certificate server and adheres to acknowledge message in advance.
16. relay base station according to claim 14 is characterized in that, also comprises:
The authorization key receiving element is used to receive the authorization key context from certificate server;
Second confirmation unit is used for returning acknowledge message to described certificate server.
17. relay base station according to claim 14 is characterized in that, also comprises:
The 3rd confirmation unit is used for sending relay station to certificate server and adheres to acknowledge message.
18. relay base station according to claim 14 is characterized in that, also comprises:
The relay station dispensing unit is used to receive the relay station configuration order from certificate server or relay station management server, and sends the relay station configuration order according to the configuration control information of carrying in this relay station configuration order relay station to described relay station.
CN2009101371031A 2009-05-04 2009-05-04 Method and device for accessing relay station to network Pending CN101883359A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2009101371031A CN101883359A (en) 2009-05-04 2009-05-04 Method and device for accessing relay station to network
PCT/CN2010/072405 WO2010127605A1 (en) 2009-05-04 2010-05-04 Method and device for relay station to access network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009101371031A CN101883359A (en) 2009-05-04 2009-05-04 Method and device for accessing relay station to network

Publications (1)

Publication Number Publication Date
CN101883359A true CN101883359A (en) 2010-11-10

Family

ID=43049973

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009101371031A Pending CN101883359A (en) 2009-05-04 2009-05-04 Method and device for accessing relay station to network

Country Status (2)

Country Link
CN (1) CN101883359A (en)
WO (1) WO2010127605A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9232404B2 (en) 2009-09-28 2016-01-05 Huawei Technologies Co., Ltd. Method, apparatus, and system for data transmission

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013069170A1 (en) * 2011-11-07 2013-05-16 パナソニック株式会社 Relay station, base station, and band frequency allocation method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070070929A1 (en) * 2005-09-28 2007-03-29 Samsung Electronics Co., Ltd. Apparatus and method for negotiating relay station capability in a multi-hop relay broadband wireless access communication system
CN101351021B (en) * 2007-07-16 2011-11-30 中兴通讯股份有限公司 Microwave access global interconnection system and implementing method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9232404B2 (en) 2009-09-28 2016-01-05 Huawei Technologies Co., Ltd. Method, apparatus, and system for data transmission

Also Published As

Publication number Publication date
WO2010127605A1 (en) 2010-11-11

Similar Documents

Publication Publication Date Title
KR101455721B1 (en) Method and Apparatus for switching an internet network for a portable terminal
CN102111766B (en) Network accessing method, device and system
US20090116647A1 (en) Method for providing fast secure handoff in a wireless mesh network
US9258705B2 (en) Apparatus, method and system for creating and maintaining multicast data encryption key in machine to machine communication system
US7561551B2 (en) Method and system for propagating mutual authentication data in wireless communication networks
CN104168669A (en) Method and system for use of cellular infrastructure to manage small cell access
US20080031155A1 (en) Managing establishment and removal of security associations in a wireless mesh network
US20120005727A1 (en) Method for user terminal authentication and authentication server and user terminal thereof
CN101888630B (en) Authentication Method, system and device for switching access networks
CN106961682B (en) It is a kind of based on the group of mobile relay to path mobile handoff authentication method
CN102450056A (en) Methods and apparatus for use in facilitating the communication of neighboring network information to a mobile terminal with use of a radius compatible protocol
US20090031398A1 (en) Role determination for meshed node authentication
US20100023752A1 (en) Method and device for transmitting groupcast data in a wireless mesh communication network
US20080220799A1 (en) Communication system and handshake method thereof
US20080057906A1 (en) Dual authentication method in mobile networks
CN100558187C (en) A kind of radio switch-in method and access controller
CN101150472A (en) Authentication method, authentication server and terminal in WIMAX
CN101977378B (en) Information transferring method, network side and via node
CN101888631B (en) Method, system and equipment for switching access network
CN102111809B (en) Distributed control architecture for relays in broadband wireless networks
CN101990207B (en) Access control method, home base station (HBS) and HBS authorization server
CN101883359A (en) Method and device for accessing relay station to network
KR20090024655A (en) Methods and devices for establishing security associations and performing handoff authentication in communication systems
CN102958094A (en) System and method for implementation of femtocell wireless access network sharing
KR101171311B1 (en) Method of authenticating relay station in broadband wireless access system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20101110