CN102045721B - Safe switching method for user terminal in wireless metropolitan area network (WMAN) - Google Patents
Safe switching method for user terminal in wireless metropolitan area network (WMAN) Download PDFInfo
- Publication number
- CN102045721B CN102045721B CN201010608897.8A CN201010608897A CN102045721B CN 102045721 B CN102045721 B CN 102045721B CN 201010608897 A CN201010608897 A CN 201010608897A CN 102045721 B CN102045721 B CN 102045721B
- Authority
- CN
- China
- Prior art keywords
- user terminal
- base station
- target
- current base
- iad
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the technical field of wireless metropolitan area networks (WMAN), in particular to a safe switching method for a user terminal in a wireless metropolitan area network (WMAN). The safe switching method comprises the following steps: sending a switching request message to the access gateway of a target base station by the user terminal; returning a switching response message to the user terminal by the access gateway via the target base station; sending a request message to the target base station for allowing the user terminal to join in by the access gateway; and receiving the request message for allowing the user terminal to join in by the target base station, configuring a port for carrying out safe transmission for the user terminal by the target base station, and returning a response message for allowing the user terminal to join in to the access gateway by the target base station. The safe switching method is used to realize that the user terminal can be safely and fast switched from one base station to the other base station under the same access gateway in the WMAN.
Description
Technical field
The present invention relates to Overview of wireless MAN technologies field, particularly a kind of user terminal changing method of safe wireless MAN.
Background technology
IEEE 802.16 wireless MANs, as the important development direction of following wireless access technology, enjoy all circles' extensive concern.Yet safety problem is restricting it and is further promoting and development always.In IEEE 802.16d, define the authentication protocol based on public key encryption algorithm (RSA) and digital certificate, can realize the authentication of base station to user terminal.The major defect of IEEE 802.16d is: the unilateral authentication of base station to user terminal is only provided, and the authentication of user terminal to base station is not provided, personation base station user cheating terminal is very easy to.In addition, authorization key (AK) and session key (TEK) are all produced by base station one side, under the condition of this unilateral authentication, are difficult to make user terminal to trust the mass formation of session key TEK.IEEE 802.16e has carried out the modification of enhancement to IEEE 802.16d, introduced Extensible Authentication Protocol (Extensible Authentication Protocol is called for short EAP).But, still only comprised the unidirectional authentication of base station to user terminal.
Application number is the safety access method that the safety access method > > (being called for short WMAN-SA) of a patent < < wireless MAN of 200810027930.0 provides a kind of wireless MAN, in Certificate Authority process, adopted the two-way authentication of user terminal and base station to replace original unilateral authentication, it is impossible that the trust that assailant pretends to be legitimate base station to gain user terminal by cheating becomes, and avoided the possibility of man-in-the-middle attack.In the negotiations process of key, key is produced jointly by user terminal and base station, has replaced by base station assigns, has guaranteed the quality of key, has strengthened the fail safe of wireless MAN.Therefore, improved agreement can meet function, the performance requirement of former wireless MAN equally, and safer.
Along with the development of mobile computing business, the demand that user is switched increases day by day.During following WMAN-SA large scale deployment application, the switching of user terminal between different base station managed by IAD.And WMAN-SA has only defined identity discriminating, key management, data encryption, data are differentiated and the functions such as protection of resetting, do not comprise IAD and user is switched to the concrete scheme managing.
Summary of the invention
The problem existing for above-mentioned prior art, the invention provides a kind of user terminal changing method of safe wireless MAN, to solve in wireless MAN, can realize user terminal from the base station technical problem that is switched to another base station same IAD safely and fast.
In order to realize goal of the invention of the present invention, the technical scheme of employing is as follows:
A user terminal changing method for safe wireless MAN, described method comprises:
Target BS receives the handover request information that user terminal sends, and target BS forwards handover request information to IAD;
IAD returns to handoff response information to target BS, and target BS forwards handoff response information to user terminal;
IAD sends and adds user terminal requests information to target BS;
Target BS receives and adds user terminal requests information, and for user terminal is configured for the first controlled ports that carries out safe transmission, the first controlled ports is set is open mode and return and add user terminal response message to IAD.
As a kind of preferred version, described method also comprises deletes user profile step, specifically comprises:
The current base station that IAD successfully accesses when sending roaming message to user terminal sends the user terminal requests information of deleting;
Current base station receives the user terminal requests information of deleting, close the second controlled ports being associated with user terminal, delete user terminal information, and return and delete user terminal response message, described the second controlled ports be current base station be user terminal configure for carrying out the port of safe transmission.
As further preferred version, at IAD, to target BS, send and add before user terminal requests information, carry out and delete user profile step.
As further preferred version, at target BS, to IAD, return and add after user terminal response message, carry out and delete user profile step.
As preferred version further, described target BS and current base station are by the safe access protocol in base station and the IAD relation that breaks the wall of mistrust.
As a kind of preferred version, described target BS forwards user terminal handover request information to IAD, controls user terminal add the concrete grammar of target BS to comprise by IAD:
Target BS receives the handover request information that user terminal sends, target BS forwards handover request information to IAD, described handover request information comprises current base station sign and user terminal identification, and described current base station is the base station that user terminal successfully accesses when sending roaming message;
IAD returns to handoff response information to target BS, and target BS forwards handoff response information to user terminal, and described handoff response information comprises current base station sign, user terminal identification and handover request result;
IAD sends and adds user terminal requests information to target BS, the described user terminal requests information that adds comprises target BS sign, user terminal identification and controlled ports Status Flag, and controlled ports Status Flag is set to allow to forward non-management kind of message;
Target BS receives and adds user terminal requests information, for user terminal is configured for the first controlled ports that carries out safe transmission, open the first controlled ports, and to IAD, return and add user terminal response message, described in add user terminal response message to comprise that target BS sign, user terminal identification and user terminal add result.
As further preferred version, the concrete grammar that described current base station is deleted user terminal information comprises:
IAD sends to current base station the user terminal requests information of deleting, and described deletion user terminal requests information comprises current base station sign and user terminal identification;
Current base station receives the user terminal requests information of deleting, according to user terminal identification, close the second controlled ports being associated with user terminal and delete user terminal information, and return and delete user terminal response message, described the second controlled ports be current base station be user terminal configuration for carrying out the port of safe transmission, described deletion user terminal response message comprises current base station sign, user terminal identification and deletes result.
As further preferred version, described target BS is designated the uniqueness sign of target BS, described target BS is designated MAC Address, current base station is designated the uniqueness sign of current base station, current base station is designated MAC Address, user terminal identification is the uniqueness sign of user terminal, and user terminal identification is MAC Address.
The present invention has realized in wireless MAN, user terminal can be from a base station safely and fast be switched to another base station same IAD.
Accompanying drawing explanation
Fig. 1 is network topological diagram of the present invention, and user terminal is switched to target BS from current base station;
Fig. 2 is message flow chart of the present invention;
Fig. 3 is the flow chart of the embodiment of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention will be further described in detail.
Solution of the present invention is: system comprises IAD, current base station, target BS and user terminal.By IAD, user terminal and certificate server, complete the access based on WMAN-SA agreement, the forwarding of message is only responsible in base station, and base station is managed by IAD.User terminal is switched to target BS from current base station, and IAD notice current base station is deleted this user terminal, and IAD notification target base station adds this user terminal.
Be illustrated in figure 3 the flow chart of the embodiment of the present invention.
Step S101: target BS receives the handover request information that user terminal sends, target BS forwards handover request information to the IAD of target BS, wherein handover request information includes but not limited to current base station sign and user terminal identification, current base station is the base station that user terminal successfully accesses when sending roaming message, execution step S102;
Step S102: IAD returns to handoff response information to target BS, target BS forwards handoff response information to user terminal, handoff response information includes but not limited to current base station sign, user terminal identification and handover request result, handover request result includes but not limited to handover success or failed sign, execution step S103;
Step S103: IAD sends to current base station the user terminal requests information of deleting, deletes user terminal requests information and includes but not limited to current base station sign and user terminal identification, execution step S104;
Step S104: current base station receives the user terminal requests information of deleting, according to user terminal identification, close the second controlled ports being associated with user terminal and delete user terminal information, and return and delete user terminal response message, the second controlled ports be current base station be user terminal configure for carrying out the port of safe transmission, deleting user terminal response message includes but not limited to current base station sign, user terminal identification and deletes result, deletion result includes but not limited to delete successfully or unsuccessfully identifies, execution step S105;
Step S105: IAD sends and adds user terminal requests information to target BS, add user terminal requests information to include but not limited to target BS sign, user terminal identification and controlled ports Status Flag, controlled ports Status Flag is set to allow to forward non-management kind of message, execution step S106;
Step S106: target BS receives and adds user terminal requests information, for user terminal is configured for the first controlled ports that carries out safe transmission, open the first controlled ports and return and add user terminal response message to IAD, adding user terminal response message to include but not limited to that target BS sign, user terminal identification and user terminal add result.
After controlled ports is closed, only can forward management type (as WMAN-SA) message, if controlled ports is opened, can forward management type message and non-management type (as business such as audio frequency, videos) message.
Wherein, step S103~S104 can carry out before step S105~S106, was direct-cut operation, also can after step S105~S106, carry out, and be soft handover.
As shown in Figure 1, the embodiment of the present invention for be the scene of switching between a plurality of base stations of user terminal under same gateway management, therefore described target BS and current base station are by the safe access protocol in base station and the IAD relation that breaks the wall of mistrust.
The safe access protocol in above-mentioned base station can application reference number be the Chinese patent of CN200910039197.9: the safety access method > > of the base station of a < < mobile communication system.
And terminal security agreement between user terminal and base station can application reference number be the safety access method > > (being called for short WMAN-SA) of a patent < < wireless MAN of 200810027930.0 or the standard agreement that adopts IEEE Std 802.16.
Due between base station and IAD by the safe access protocol in the base station relation that breaks the wall of mistrust, and the access of user terminal and current base station has adopted the access of terminal security agreement, therefore user terminal switches and is safe and reliable and without repeating authentication between this, thus realization switching fast and safely.
Be illustrated in figure 2 message flow chart of the present invention.
1. user terminal sends handover request message to target BS, and message comprises: user terminal identification, current base station sign;
2. target BS receives that after handover request message, forwarding messages is to IAD;
3. IAD sends switching response message to target BS, and message comprises: user terminal identification, current base station sign, handover request result (success or failure);
4. target BS is received after switching response message, is transmitted to user terminal;
5. IAD sends and deletes user terminal requests message to current base station, and message content comprises: current base station sign, user terminal identification;
6. current base station is received and is deleted after user terminal requests message, the relevant information of closing controlled ports, deleting user terminal according to user terminal identification, send and delete user terminal response message, message content comprises: current base station sign, user terminal are deleted result (success or failure);
7. IAD sends and adds user terminal requests message to target BS, message content comprises: target BS sign, user terminal identification, controlled ports Status Flag (this controlled ports Status Flag is for opening, and expression can forward management type message and non-management kind of message);
8. target BS is received and is added after user terminal requests message, opens controlled ports, sends and adds user terminal response message, and message content comprises: target BS sign, user terminal identification, user terminal add result (success or failure).
Wherein, step 5~6 can be carried out before step 7~8, also can after step 7~8, carry out.
The above is only the preferred embodiment of the present invention; it should be pointed out that for the person of ordinary skill of the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (7)
1. a user terminal changing method for the wireless MAN of safety, is characterized in that, described method comprises:
Target BS receives the handover request information that user terminal sends, target BS forwards handover request information to IAD, described handover request information comprises current base station sign and user terminal identification, and described current base station is the base station that user terminal successfully accesses when sending roaming message;
IAD returns to handoff response information to target BS, and target BS forwards handoff response information to user terminal, and described handoff response information comprises current base station sign, user terminal identification and handover request result;
IAD sends and adds user terminal requests information to target BS, the described user terminal requests information that adds comprises target BS sign, user terminal identification and controlled ports Status Flag, and controlled ports Status Flag is set to allow to forward non-management kind of message;
Target BS receives and adds user terminal requests information, for user terminal is configured for the first controlled ports that carries out safe transmission, the first controlled ports is set is open mode and return and add user terminal response message to IAD, described in add user terminal response message to comprise that target BS sign, user terminal identification and user terminal add result.
2. changing method according to claim 1, is characterized in that, described method also comprises deletes user profile step, specifically comprises:
The current base station that IAD accesses by terminal security agreement to user terminal sends the user terminal requests information of deleting;
Current base station receives the user terminal requests information of deleting, close the second controlled ports being associated with user terminal, delete user terminal information, and return and delete user terminal response message, described the second controlled ports be current base station be user terminal configure for carrying out the port of safe transmission.
3. changing method according to claim 2, is characterized in that, at IAD, to target BS, sends and adds before user terminal requests information, carries out and deletes user profile step.
4. changing method according to claim 2, is characterized in that, at target BS, returns add after user terminal response message to IAD, carries out and deletes user profile step.
5. according to the changing method described in claim 1~4 any one, it is characterized in that, described target BS and current base station are by the safe access protocol in base station and the IAD relation that breaks the wall of mistrust.
6. changing method according to claim 2, is characterized in that, the concrete grammar that described current base station is deleted user terminal information comprises:
IAD sends to current base station the user terminal requests information of deleting, and described deletion user terminal requests information comprises current base station sign and user terminal identification;
Current base station receives the user terminal requests information of deleting, according to user terminal identification, close the second controlled ports being associated with user terminal and delete user terminal information, and return and delete user terminal response message, described the second controlled ports be current base station be user terminal configuration for carrying out the port of safe transmission, described deletion user terminal response message comprises current base station sign, user terminal identification and deletes result.
7. changing method according to claim 1, it is characterized in that, described target BS is designated the uniqueness sign of target BS, described target BS is designated MAC Address, current base station is designated the uniqueness sign of current base station, current base station is designated MAC Address, the uniqueness sign that user terminal identification is user terminal, and user terminal identification is MAC Address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010608897.8A CN102045721B (en) | 2010-12-28 | 2010-12-28 | Safe switching method for user terminal in wireless metropolitan area network (WMAN) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010608897.8A CN102045721B (en) | 2010-12-28 | 2010-12-28 | Safe switching method for user terminal in wireless metropolitan area network (WMAN) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102045721A CN102045721A (en) | 2011-05-04 |
| CN102045721B true CN102045721B (en) | 2014-03-05 |
Family
ID=43911377
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010608897.8A Expired - Fee Related CN102045721B (en) | 2010-12-28 | 2010-12-28 | Safe switching method for user terminal in wireless metropolitan area network (WMAN) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102045721B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2949126A4 (en) * | 2013-01-22 | 2016-08-31 | Nokia Technologies Oy | Method and apparatus for device handover |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852196A (en) * | 2005-11-03 | 2006-10-25 | 华为技术有限公司 | Method for releasing idling-resource in WiMAX system |
| CN101031132A (en) * | 2006-02-28 | 2007-09-05 | 华为技术有限公司 | Wireless resource management system and switch controlling method based on it |
| CN101047966A (en) * | 2006-03-29 | 2007-10-03 | 中兴通讯股份有限公司 | Base station switchover method |
| EP2031920A1 (en) * | 2007-06-29 | 2009-03-04 | Nokia Siemens Networks Oy | Method for handover data acqusition in a cellular communications network and communications network |
| WO2009057730A2 (en) * | 2007-10-31 | 2009-05-07 | Nec Corporation | System and method for selection of security algorithms |
| CN101888630A (en) * | 2009-05-11 | 2010-11-17 | 华为终端有限公司 | Authentication Method, system and device for switching access networks |
-
2010
- 2010-12-28 CN CN201010608897.8A patent/CN102045721B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852196A (en) * | 2005-11-03 | 2006-10-25 | 华为技术有限公司 | Method for releasing idling-resource in WiMAX system |
| CN101031132A (en) * | 2006-02-28 | 2007-09-05 | 华为技术有限公司 | Wireless resource management system and switch controlling method based on it |
| CN101047966A (en) * | 2006-03-29 | 2007-10-03 | 中兴通讯股份有限公司 | Base station switchover method |
| EP2031920A1 (en) * | 2007-06-29 | 2009-03-04 | Nokia Siemens Networks Oy | Method for handover data acqusition in a cellular communications network and communications network |
| WO2009057730A2 (en) * | 2007-10-31 | 2009-05-07 | Nec Corporation | System and method for selection of security algorithms |
| CN101888630A (en) * | 2009-05-11 | 2010-11-17 | 华为终端有限公司 | Authentication Method, system and device for switching access networks |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102045721A (en) | 2011-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8549293B2 (en) | Method of establishing fast security association for handover between heterogeneous radio access networks | |
| US9049594B2 (en) | Method and device for key generation | |
| US7286671B2 (en) | Secure network access method | |
| Cao et al. | EGHR: Efficient group-based handover authentication protocols for mMTC in 5G wireless networks | |
| CN107920350B (en) | Privacy protection switching authentication method based on SDN and 5G heterogeneous network | |
| EP1414262A1 (en) | Authentication method for fast handover in a wireless local area network | |
| KR20100054178A (en) | Security method and apparatus related mobile terminal security capability in mobile telecommunication system | |
| CN102395170A (en) | Systems and methods for handoff in wireless network | |
| Zhao et al. | Is 5G handover secure and private? A survey | |
| CN110753346A (en) | Private mobile communication network key generation method, private mobile communication network key generation device and controller | |
| US20170150411A1 (en) | Switching method and switching system between heterogeneous networks | |
| WO2010130191A1 (en) | Authentication method of switching access networks, system and device thereof | |
| CN113170369A (en) | Method and apparatus for security context handling during an intersystem change | |
| CN102045721B (en) | Safe switching method for user terminal in wireless metropolitan area network (WMAN) | |
| CN102065429B (en) | Method for safely switching user terminal in wireless metropolitan area network | |
| CN102065427B (en) | Method for safely switching user terminal in wireless metropolitan area network | |
| CN111526008B (en) | Authentication method under mobile edge computing architecture and wireless communication system | |
| CN102065428B (en) | User terminal switching method of safe wireless metropolitan area network | |
| Yang et al. | A new wireless mesh network authentication scheme based on threshold method | |
| KR20100021690A (en) | Method and system for supporting authentication and security protected non-access stratum protocol in mobile telecommunication system | |
| Niranjani et al. | Distributed security architecture for authentication in 4G networks | |
| WO2023142097A1 (en) | User equipment-to-network relay security for proximity based services | |
| US20240137757A1 (en) | Systems and methods for authorization of proximity based services | |
| CN112865975B (en) | Message security interaction method and system and signaling security gateway device | |
| US20240236663A9 (en) | Systems and methods for authorization of proximity based services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140305 Termination date: 20201228 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |