CN106304050A - A kind of wireless roaming method and device - Google Patents

A kind of wireless roaming method and device Download PDF

Info

Publication number
CN106304050A
CN106304050A CN201610692208.3A CN201610692208A CN106304050A CN 106304050 A CN106304050 A CN 106304050A CN 201610692208 A CN201610692208 A CN 201610692208A CN 106304050 A CN106304050 A CN 106304050A
Authority
CN
China
Prior art keywords
associated key
sta
mark
match
bssid
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610692208.3A
Other languages
Chinese (zh)
Other versions
CN106304050B (en
Inventor
李明金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Information Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201610692208.3A priority Critical patent/CN106304050B/en
Publication of CN106304050A publication Critical patent/CN106304050A/en
Application granted granted Critical
Publication of CN106304050B publication Critical patent/CN106304050B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/08Reselecting an access point

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Embodiments providing a kind of wireless roaming method and device, described method includes: receive the association request that STA sends;If association request carries associated key mark, then determine that STA is roaming STA, and associated key mark is mated with locally stored associated key, associated key is designated what the associated key of distribution when STA is associated with the AP associated according at least to self generated;If the match is successful, then STA is allowed to carry out fast roaming;If it fails to match, then other AP managed to the AC belonging to AP sends the matching request carrying associated key mark, so that the associated key mark associated key locally stored with other AP is mated by other AP;If receive in Preset Time other AP send the match is successful response, then allow STA carry out fast roaming.Success rate and the Consumer's Experience of fast roaming can be effectively promoted by the present invention.

Description

A kind of wireless roaming method and device
Technical field
The present invention relates to communication technical field, particularly relate to a kind of wireless roaming method and device.
Background technology
When terminal (Station, STA) roams to another AP from an access point (Access Point, AP), for protecting Card network security, another AP needs again to be authenticated this STA, such as 802.1X certification, the time needed due to certification The longest, service roaming can be caused long for time delay, affect the experience of user.
In order to realize service roaming without postpone, prior art proposes method for fast roaming between AP, particular by access Controller (Access Controller, AC) stores the associated key (such as, double ten thousand between all AP and STA of this AC management Can key (Pairwise Master Key, PMK).When STA roams between the aps, in the association request that STA can be sent by AC The PMKID that carries (PMK Identifier, a kind of can be to the MAC Address of PMK, STA, basic service set identification (Basic Service Set Identifier, BSSID) etc. parameter carry out the associated key mark that Hash operation obtains), with locally stored PMK mate, if the match is successful, then allow STA carry out fast roaming, if it fails to match, then need STA again to enter Row wireless authentication.
But, in above-mentioned method for fast roaming, when different STA certification when obtaining PMK on different AP, substantial amounts of PMK will be stored on AC, but, owing to the memory size of AC is limited, when the PMK of storage exceeds the memory range of AC, AC The PMK stored at first will be abandoned.So, when STA corresponding for this PMK roams into the AP using this PMK association again, due to AC Internal memory in the most there is not this PMK, then fast roaming failure, STA needs to re-start certification with this AP.Visible, above-mentioned quickly Because of the restriction of AC memory space, roaming mode, can cause that fast roaming success rate is relatively low, Consumer's Experience is poor.
Summary of the invention
Embodiment of the present invention technical problem to be solved is to provide a kind of wireless roaming method and device, to improve quickly The success rate of roaming and Consumer's Experience.
The embodiment of the invention discloses a kind of wireless roaming method, be applied to AP, the method includes:
Receive the association request that terminal STA sends;
If association request carries associated key mark, it is determined that STA is roaming STA, and is identified by associated key Mating with locally stored associated key, associated key is designated STA and enters with the AP associated according at least to self During row association, the associated key of distribution generates;
If the match is successful, then STA is allowed to carry out fast roaming;
If it fails to match, then other AP managed to the access controller AC belonging to AP sends and carries associated key mark The matching request known, so that the associated key mark associated key locally stored with other AP is mated by other AP;
If receive in Preset Time other AP send the match is successful response, then allow STA carry out fast roaming.
The embodiment of the present invention additionally provides a kind of radio roaming device, is applied to AP, and this device includes:
Receiver module, for receiving the association request that terminal STA sends;
Matching module, during for carrying associated key mark in association request, determines that STA is roaming STA, and will close Connection key identification mate with locally stored associated key, associated key be designated STA according at least to self with associated An AP when being associated the associated key of distribution generate;
First permissions module, for when the matching result of matching module is that the match is successful, it is allowed to STA quickly overflows Trip;
Sending module, for when the matching result of matching module is that it fails to match, to the access controller AC belonging to AP Other AP of management sends the matching request carrying associated key mark, so that other AP is by associated key mark and other AP Locally stored associated key mates;
Second permissions module, for receive in Preset Time other AP send the match is successful response time, it is allowed to STA Carry out fast roaming.
In sum, in the embodiment of the present invention, by receiving the association request that STA sends;If association request is carried Relevant key identification, it is determined that STA is roaming STA, and associated key mark and locally stored associated key are carried out Joining, it is raw that this associated key is designated the associated key of distribution when STA is associated with the AP associated according at least to self Become;If the match is successful, then STA is allowed to carry out fast roaming;If it fails to match, then to belonging to AP AC manage other AP sends the matching request carrying associated key mark, so that other AP is by locally stored with other AP for associated key mark Associated key mates;If receive in Preset Time other AP send the match is successful response, then allow STA carry out Fast roaming.Thus by storing associated key at AP end, effectively alleviate the pressure of AC end, improve fast roaming simultaneously Success rate and Consumer's Experience.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below by institute in the description to the embodiment of the present invention The accompanying drawing used is needed to be briefly described, it should be apparent that, the accompanying drawing in describing below is only some enforcements of the present invention Example, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to according to these accompanying drawings Obtain other accompanying drawing.
Fig. 1 is the flow chart of a kind of wireless roaming method of the present invention;
Fig. 2 is the network architecture schematic diagram in the embodiment of the present invention between AC and AP;
Fig. 3 is one of structured flowchart of a kind of radio roaming device of the present invention;
Fig. 4 is the two of the structured flowchart of a kind of radio roaming device of the present invention;
Fig. 5 is the three of the structured flowchart of a kind of radio roaming device of the present invention;
Fig. 6 is the four of the structured flowchart of a kind of radio roaming device of the present invention;
Fig. 7 is the five of the structured flowchart of a kind of radio roaming device of the present invention;
Detailed description of the invention
Understandable for enabling the above-mentioned purpose of the present invention, feature and advantage to become apparent from, real with concrete below in conjunction with the accompanying drawings The present invention is further detailed explanation to execute mode.
One of core idea of the embodiment of the present invention is, proposes a kind of wireless roaming method and device, to promote quickly Roaming success rate and Consumer's Experience.
With reference to Fig. 1, it is shown that the flow chart of a kind of wireless roaming method embodiment of the present invention, the method is applied to AP, Specifically may include steps of:
Step 101, receives the association request that STA sends.
In this step, this association request is probably STA from another AP (that is, belonging to the AP under same AC with this AP) Send when roaming into this AP, it is also possible to send when STA reaches the standard grade again after this AP rolls off the production line, it is also possible to STA accesses first Send during this AP (any AP of the most not associated mistake).
Step 102, if carrying associated key mark in association request, it is determined that STA is roaming STA, and will association Key identification mates with locally stored associated key, this associated key be designated STA according at least to self with associated An AP when being associated the associated key of distribution generate.
Concrete, after AP receives the association request of STA, this association request can be detected.If be detected that association Request carries associated key mark (PMKID), then may determine that this STA is for roaming STA.Then, AP is by association request The associated key mark carried is mated with locally stored associated key.Here, locally stored for AP associated key is It is linked into the associated key (PMK) that the terminal success of this AP is distributed when this AP side completes wireless authentication.
Wherein, associated key is designated STA and is accessing before this AP, and the arbitrary AP under managing with the AC belonging to this AP is carried out During association, the associated key of distribution is generated.If it is to say, association request carries associated key mark, then should The AP under AC management belonging to STA with AP associated.If association request is not carried associated key mark, then this STA AP under not managing with the AC belonging to AP associated, and is above-mentioned described STA and accesses the situation of AP first.
Step 103, if the match is successful, then allows STA to carry out fast roaming.
Concrete, if the associated key mark carried in association request and at least one associated key of storage in AP Be made into merit, then permission STA is carried out fast roaming by this AP, i.e. AP utilizes this associated key that the match is successful and STA to carry out quickly 4-Way Handshake process in roaming, so that STA completes fast roaming.
Step 104, if it fails to match, then other AP managed to the AC belonging to AP sends and carries associated key mark Matching request so that other AP by associated key mark the associated key locally stored with other AP mate.
Concrete, if the associated key mark carried in association request all mates mistake with the associated key of storage in AP Lose, then this AP is by sending matching request to other AP of affiliated AC management, can include associated key mark in this matching request Know, the address information (such as MAC Address) of STA and Basic Service Set Identification (Basic Service Set Identifier, BSSID).Wherein, BSSID refers to the BSSID of the AP accessed when STA generates associated key mark.
After other AP receives this matching request, extract associated key therein mark, and by this associated key mark with Locally stored associated key mark is mated, follow-up can be according further to the indication feedback matching result of matching request. Such as, this matching request may indicate that receiving the AP of this matching request is required to feed back matching result (no matter matching result is into Merit or failure), it is also possible to instruction only by matching result be successful AP feedback, in this case, receive this matching request and Matching result is that failed AP is without feeding back matching result.
Step 105, if receive in Preset Time other AP send the match is successful response, then allow STA carry out Fast roaming.
Concrete, above-mentioned the match is successful response can carry and identify with the associated key in association request that the match is successful Associated key.So, AP can utilize the 4-Way Handshake mistake that this associated key that the match is successful and STA carry out in fast roaming Journey, so that STA completes fast roaming.
Further, in embodiments of the present invention, this wireless roaming method can further include:
If AP do not receive in Preset Time other AP send the match is successful response, it is determined that this STA not with AP institute Any AP under the AC management belonged to carried out association, and notified that STA re-starts wireless authentication, and concrete identifying procedure is existing Technology, is not described in detail in this.
In a preferred embodiment of the invention, in above-mentioned steps 102, associated key is identified with locally stored by AP Associated key mark carry out the process mated, may include that
AP, based on locally stored each associated key, all generates the associated key mark of correspondence.Wherein, AP generates each The generating mode that the generating mode of associated key mark generates associated key mark with STA is identical.
Then, AP judge generate associated key mark in whether exist with association request in carry associated key mark Identical associated key mark.
If it is present determine that the match is successful, otherwise, it determines it fails to match.
In another preferred embodiment of the present invention, association request also carries the address information of STA (such as, MAC Address) and BSSID, in this case, associated key is designated STA and closes with the AP associated according to self During connection, the associated key of distribution, the address information of STA and BSSID generate, and such as, STA utilizes hash algorithm generation etc..Phase Answering, associated key mark is carried out the process mated by AP with locally stored associated key mark, may include that
AP is based on locally stored each associated key, and the address information carried in association request and BSSID, and it is right to generate The associated key mark answered.Wherein, AP generates generating mode and the STA generation associated key mark of each associated key mark Generating mode is identical.
Then, AP judge generate associated key mark in whether exist with association request in carry associated key mark Identical associated key mark.
If it is present determine that the match is successful, otherwise, it determines it fails to match.
In another preferred embodiment of the present invention, association request carries the address information (example of STA equally As, MAC Address) and BSSID, associated key is designated distribution when STA is associated with the AP associated according to self Associated key, the address information of STA and BSSID generate.Unlike the embodiments above: AP locally stored have with often Address information that individual associated key is corresponding and BSSID.AP is during coupling associated key, by locally stored each association Key and address information corresponding to each associated key and BSSID all generate the associated key mark of correspondence.Wherein, AP generates The generating mode that the generating mode of associated key mark generates associated key mark with STA is identical.Then, AP utilizes the pass generated Connection key identification compares one by one with the associated key mark carried in association request, if in the associated key mark generated not There is the associated key mark that the associated key mark carried with association request is identical, the most directly judge that it fails to match.
If the associated key mark generated exists the associated key mark that the associated key mark corresponding with STA is identical, The address that then AP will carry in the locally stored address information corresponding with this associated key mark and BSSID and association request Information and BSSID are further compared, if the most identical, it is determined that the match is successful, if any one therein not phase With, it is determined that it fails to match.
It should be noted that in embodiments of the present invention, after other AP receives matching request, associated key is identified and it Associated key locally stored for its AP carries out the concrete matching process mated, identical with the matching process that above-mentioned AP performs.
Additionally, in above-mentioned steps 104, AP can directly by the communication port that pre-builds between other AP to it Its AP sends the matching request carrying associated key mark;Associated key mark can also be carried to other AP transmission by AC Matching request, i.e. AP first sends the matching request carrying associated key mark to its affiliated AC, the most again by this AC to it Its AP forwards this matching request.
The wireless roaming method of the present invention can be applicable to STA and roamed into the scene of another AP by an AP, it is also possible to should Again the scene of AP is accessed for STA.In order to be better understood from the wireless roaming method of the present invention, below with STA by an AP The embodiment roaming into another AP is described in detail.It should be noted that disconnect at STA Yu AP and again access the reality of AP Execute the step in example identical with the step in the present embodiment, do not repeat them here.
With reference to Fig. 2, it is shown that the network connection diagram of the embodiment of the present invention.In fig. 2:
AC with AP1-AP4 is communicatively coupled, and AC manages AP1-AP4.
In one embodiment of the invention, between AP1-AP4, all foundation has communication port, to transmit message.Concrete, Path Setup process between AP needs to carry out mutual authentication, only in the case of authentication successfully, between AP Communication port can be successfully established.It is specific as follows that communication port sets up process: with the Path Setup process between AP1 and AP2 As a example by, AP1 sends ID authentication request to AP2, and AP2 responds this ID authentication request, and returns authentication response to AP1, AP1 receives this authentication response, determines and carries out authentication success with AP2, AP1 Yu AP2 sets up communication port.
In another embodiment of the present invention, the transmission of message can also be carried out between AP1-AP4 by AC, illustrate Bright: AP1 needs when other AP sends message, can send needing the message sent to AC, then be forwarded to other by AC AP。
It addition, in the present invention, password between AP1-AP4, can also be consulted, for the letter of transmission between AP1-AP4 Breath is encrypted and deciphers.AP1-AP4 can utilize the lane negotiation password set up each other, it is also possible to consults close by AC transfer Code.
Assume that STA carries out wireless authentication (such as, 802.1X certification) first in AP1 side, and acquisition is recognized after the authentication has been successful The associated key (PMK1) of card server distribution, utilizes this PMK with AP1 to realize associating.
In the present invention, STA and AP1 side all stores PMK1.
STA can be calculated by hash algorithm based on PMK1 or MAC Address based on PMK1, STA and the BSSID of AP1 Go out associated key mark (PMK1ID), and this PMK1ID is carried out locally stored, in order to use during follow-up roaming.AP1 can be only Storage PMK1, it is also possible to except storing in addition to PMK1, also stores PMK1ID (by AP1 MAC Address based on PMK1, STA and AP1 BSSID calculates, and algorithm is with STA side), the MAC Address of STA and the BSSID of AP1, the content of the latter's storage can be with row Sheet form embodies, in order to AP1 follow-up auxiliary STA fast roaming.
Assume that STA is moved because of certain reason, move to the wireless signal of AP2 from the wireless signal coverage of AP1 Under coverage, and STA wants to realize the fast roaming from AP1 to AP2, and now, STA can send to AP2 and carry The association request of PMK1ID.
After AP2 receives this association request, this association request can be detected, find this association request carries PMK1ID, i.e. carry associated key mark, assert STA for roaming STA, in this case, AP2 can by PMK1ID with this The associated key of ground storage mates.
In a kind of matching way, this association request is only carried PMK1ID, AP2 and is detecting that this association request carries After associated key mark, corresponding associated key can be generated based on locally stored all associated keys by hash algorithm Mark;Then, it is judged that whether the associated key mark of generation exists PMK1ID, and when being judged as YES, determines that the match is successful, When being judged as NO, determine that it fails to match.In this matching way, if as a example by STA only associated AP1, AP2 herein Matching result is that it fails to match;If rolled off the production line at AP1 with STA, utilize not only PMK1 as a example by AP2 rolls off the production line but also reaches the standard grade, herein Joining result is that the match is successful.
In another kind of matching way, except carrying PMK1ID in this association request, also carry MAC Address and the AP1 of STA BSSID.AP2 is after detecting that this association request carries associated key mark, and AP2 is close based on locally stored each association The MAC Address carried in key and this association request and BSSID, generate corresponding associated key by hash algorithm and identify;Then, Judge whether the associated key generated mark exists PMK1ID, and when being judged as YES, determine that the match is successful, be judged as NO Time, determine that it fails to match.In this matching way, if as a example by STA only associated AP1, the matching result of AP2 is herein It fails to match;If rolled off the production line at AP1 with STA, utilizing not only PMK1 as a example by AP2 rolls off the production line but also reaches the standard grade, matching result herein is It is made into merit.
In another matching way, except carrying PMK1ID in this association request, also carry MAC Address and the AP1 of STA BSSID.AP2 is after detecting that this association request carries associated key mark, it is judged that locally stored each associated key Whether there is PMK1ID in corresponding associated key mark, the associated key mark that the most each associated key is corresponding is by AP2 Based on each associated key, the MAC Address of STA that each associated key is corresponding and corresponding BSSID, generated by hash algorithm 's;AP2 can be generated in advance storage to this locality, it is also possible to generates after receiving this association request.
When being judged as NO, determine that it fails to match, if as a example by STA only associated AP1, the matching result of AP2 herein It is that it fails to match;When being judged as YES, continue the locally stored MAC Address corresponding with PMK1ID and BSSID, with this pass The MAC Address and the BSSID that carry in connection request compare one by one;If the most identical, it is determined that the match is successful, if with STA rolls off the production line at AP1, not only utilizes PMK1 as a example by AP2 rolls off the production line but also reaches the standard grade, and matching result herein is that the match is successful;If at least One differs, it is determined that it fails to match, if STA is hacked, it is possible that this situation.This matching way can carry The safety of high wireless access.
No matter use which kind of matching way above-mentioned, when matching result is that the match is successful, it is allowed to STA carries out fast roaming. That is, STA utilizes PMK1 with AP2 to realize quickly associating.
When matching result is that it fails to match, the coupling that AP2 carries PMK1ID to AP1, AP3 and AP4 transmission respectively is asked Ask.This matching request is the request after AP2 uses the password consulted to be encrypted, and AP2 can use the logical of foundation in advance Letter passage sends this matching request, it would however also be possible to employ this matching request of AC transfer.
After AP1, AP3 and AP4 receive this matching request, no matter it is which AP, all uses identical with the matching way of AP2 PMK1ID is mated by matching way with the most locally stored associated key.
If as a example by STA only associated AP1, then, follow-up AP2 can receive in certain period of time AP1 send Joining success response, in this case, AP2 can response be decrypted to the match is successful, obtains PMK1, it is allowed to STA is carried out quickly Roaming, i.e. STA can use PMK1 quickly to associate with AP2.
If because of certain reason (such as AP1 fault), AP2 (can be according to practical situation or empirical value in certain period of time Arrange) response that do not receives that the match is successful, then refuse the association request of STA, and notify that STA re-starts wireless authentication.
In sum, the technical scheme in the embodiment of the present invention, by managing associated key dispersion storage to same AC Under AP on, thus the associated key mark carried in AP detects the local association request not existing and sending with STA is mutually During the associated key joined, it is possible to get associated key from the AP associated with this STA, thus substantially increase the utilization of resources Rate and fast roaming success rate, improve Consumer's Experience effectively.
On the basis of above-described embodiment, present invention also offers a kind of radio roaming device, be applied on AP.
With reference to Fig. 3, it is shown that one of structured flowchart of the present invention a kind of radio roaming device embodiment, specifically can include Such as lower module:
Receiver module 31, for receiving the association request that terminal STA sends.
Matching module 32, during for carrying associated key mark in association request, determines that STA is roaming STA, and will Associated key mark mate with locally stored associated key, associated key be designated STA according at least to self with associate When the AP crossed is associated, the associated key of distribution generates.
First permissions module 33, for when the matching result of matching module 32 is that the match is successful, it is allowed to STA is carried out quickly Roaming.
Sending module 34, for when the matching result of matching module 32 is that it fails to match, to the Access Control belonging to AP Other AP of device AC management sends the matching request carrying associated key mark, so that associated key is identified and it by other AP Associated key locally stored for its AP mates.
Optionally, in a preferred embodiment of the invention, sending module 34 can be further used for:
Sent to other AP that the AC belonging to AP manages by the communication port set up with other AP and carry associated key The matching request of mark, or,
Carried the matching request of associated key mark to other AP transmission that the AC belonging to AP manages by AC.
With continued reference to Fig. 3, radio roaming device also includes the second permissions module 35, for receiving it in Preset Time During response that its AP sends that the match is successful, it is allowed to STA carries out fast roaming.
With reference to Fig. 4, in a preferred embodiment of the invention, on the basis of Fig. 3, radio roaming device also includes:
Notification module 36, for do not receive in Preset Time other AP send the match is successful response time, notify STA Re-start wireless authentication.
With reference to Fig. 5, in a preferred embodiment of the invention, on the basis of Fig. 3, matching module 32 specifically includes:
First generates submodule 51, for according to locally stored each associated key, generating corresponding associated key mark Knowing, wherein, it is identical with the generating mode of STA generation associated key mark that AP generates the generating mode of each associated key mark.
First judges submodule 52, for judging whether the associated key generated mark exists associated key mark, and When being judged as YES, it is determined that the match is successful.When being judged as NO, it is determined that it fails to match.
With reference to Fig. 6, in a preferred embodiment of the invention, on the basis of Fig. 3, matching module 32 can also wrap Include:
Second generates submodule 61, for according to the STA's carried in locally stored each associated key, association request Address information and BSSID, generate corresponding associated key mark, and wherein, AP generates the generating mode of each associated key mark The generating mode generating associated key mark with STA is identical.
Second judges submodule 62, for judging whether to exist in the associated key generated mark associated key mark.And When being judged as YES, it is determined that the match is successful, when being judged as NO, it is determined that it fails to match.
With reference to Fig. 7, in a preferred embodiment of the invention, on the basis of Fig. 3, matching module 32 can also wrap Include:
3rd judges submodule 71, for judging that the associated key that locally stored each associated key is corresponding in identifying is The no associated key that exists identifies, and when being judged as NO, it is determined that it fails to match, and wherein, the association that each associated key is corresponding is close Key is designated what AP generated according to each associated key, the address information of STA that each associated key is corresponding and BSSID, and AP is raw The generating mode that the generating mode becoming each associated key to identify generates associated key mark with STA is identical.
Comparison sub-module 74, for when the 3rd judges the judged result of submodule 73 as being, by locally stored with pass The address information carried in associated key, address information and BSSID, with association request that connection key identification is corresponding and BSSID Compare one by one., and compare whole identical time, determine that the match is successful, when comparing at least one and differing, determine It fails to match.
In sum, the radio roaming device in the embodiment of the present invention, by by associated key dispersion storage to same AC On AP under Guan Li, thus the associated key mark carried in AP detects the local association request not existing and sending with STA During the associated key matched, it is possible to get associated key from the AP associated with this STA, thus substantially increase resource Utilization rate and fast roaming success rate, improve Consumer's Experience effectively.
For device embodiment, due to itself and embodiment of the method basic simlarity, so describe is fairly simple, relevant Part sees the part of embodiment of the method and illustrates.
Each embodiment in this specification all uses the mode gone forward one by one to describe, what each embodiment stressed is with The difference of other embodiments, between each embodiment, identical similar part sees mutually.
Those skilled in the art are it should be appreciated that the embodiment of the embodiment of the present invention can be provided as method, device or calculate Machine program product.Therefore, the embodiment of the present invention can use complete hardware embodiment, complete software implementation or combine software and The form of the embodiment of hardware aspect.And, the embodiment of the present invention can use one or more wherein include computer can With in the computer-usable storage medium (including but not limited to disk memory, CD-ROM, optical memory etc.) of program code The form of the computer program implemented.
The embodiment of the present invention is with reference to method, terminal unit (system) and computer program according to embodiments of the present invention The flow chart of product and/or block diagram describe.It should be understood that can be by computer program instructions flowchart and/or block diagram In each flow process and/or the flow process in square frame and flow chart and/or block diagram and/or the combination of square frame.These can be provided Computer program instructions sets to general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing terminals Standby processor is to produce a machine so that held by the processor of computer or other programmable data processing terminal equipment The instruction of row produces for realizing in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame The device of the function specified.
These computer program instructions may be alternatively stored in and can guide computer or other programmable data processing terminal equipment In the computer-readable memory worked in a specific way so that the instruction being stored in this computer-readable memory produces bag Including the manufacture of command device, this command device realizes in one flow process of flow chart or multiple flow process and/or one side of block diagram The function specified in frame or multiple square frame.
These computer program instructions also can be loaded on computer or other programmable data processing terminal equipment so that On computer or other programmable terminal equipment, execution sequence of operations step is to produce computer implemented process, thus The instruction performed on computer or other programmable terminal equipment provides for realizing in one flow process of flow chart or multiple flow process And/or the step of the function specified in one square frame of block diagram or multiple square frame.
Although having been described for the preferred embodiment of the embodiment of the present invention, but those skilled in the art once knowing base This creativeness concept, then can make other change and amendment to these embodiments.So, claims are intended to be construed to The all changes including preferred embodiment and falling into range of embodiment of the invention and amendment.
Finally, in addition it is also necessary to explanation, in this article, the relational terms of such as first and second or the like be used merely to by One entity or operation separate with another entity or operating space, and not necessarily require or imply these entities or operation Between exist any this reality relation or order.And, term " includes ", " comprising " or its any other variant meaning Containing comprising of nonexcludability, so that include that the process of a series of key element, method, article or terminal unit not only wrap Include those key elements, but also include other key elements being not expressly set out, or also include for this process, method, article Or the key element that terminal unit is intrinsic.In the case of there is no more restriction, by wanting that statement " including ... " limits Element, it is not excluded that there is also other identical element in including the process of described key element, method, article or terminal unit.
Above to a kind of wireless roaming method provided by the present invention and device, it is described in detail, used herein Principle and the embodiment of the present invention are set forth by specific case, and the explanation of above example is only intended to help to understand The method of the present invention and core concept thereof;Simultaneously for one of ordinary skill in the art, according to the thought of the present invention, at tool All will change on body embodiment and range of application, in sum, this specification content should not be construed as the present invention Restriction.

Claims (12)

1. a wireless roaming method, it is characterised in that described method is applied to access point AP, described method includes:
Receive the association request that terminal STA sends;
If described association request carries associated key mark, it is determined that described STA is roaming STA, and by described association Key identification mates with locally stored associated key, described associated key be designated described STA according at least to self with When the AP associated is associated, the associated key of distribution generates;
If the match is successful, then described STA is allowed to carry out fast roaming;
If it fails to match, then it is close that other AP transmission managed to the access controller AC belonging to described AP carries described association The matching request of key mark, so that described associated key mark is entered by other AP with described associated key locally stored for other AP Row coupling;
If receive in Preset Time other AP send the match is successful response, then allow described STA to carry out fast roaming.
Method the most according to claim 1, it is characterised in that described method also includes:
If do not receive in described Preset Time other AP send the match is successful response, then notify that described STA enters again Row wireless authentication.
Method the most according to claim 1 and 2, it is characterised in that described by described associated key identify with locally stored Associated key mate, specifically include:
According to locally stored each associated key, generating corresponding associated key mark, wherein, described AP generates each association The generating mode that the generating mode of key identification generates described associated key mark with described STA is identical;
Judge whether the associated key generated mark exists described associated key mark;
If so, determine that the match is successful;
Otherwise, it determines it fails to match.
Method the most according to claim 1 and 2, it is characterised in that also carry the ground of described STA in described association request Location information and Basic Service Set Identification BSSID, described associated key is designated described STA according to self and the AP associated When being associated, the associated key of distribution, the address information of described STA and BSSID generate;
Described mark by described associated key is mated with locally stored associated key, specifically includes:
Address information according to the described STA carried in locally stored each associated key, described association request and BSSID, Generating corresponding associated key mark, wherein, described AP generates the generating mode of each associated key mark and generates with described STA The generating mode of described associated key mark is identical;
Judge whether the associated key generated mark exists described associated key mark;
If so, determine that the match is successful;
Otherwise, it determines it fails to match.
Method the most according to claim 1 and 2, it is characterised in that also carry the ground of described STA in described association request Location information and BSSID, described associated key is designated when described STA is associated with the AP associated according to self to be distributed Associated key, the address information of described STA and BSSID generate;
Described mark by described associated key is mated with locally stored associated key, specifically includes:
Judge whether the associated key mark that locally stored each associated key is corresponding exists described associated key mark, its In, it is corresponding according to each associated key, each associated key that the associated key that each associated key is corresponding is designated described AP The address information of STA and BSSID generate, and described AP generates the generating mode of each associated key mark and generates with described STA The generating mode of described associated key mark is identical;If it is not, determine that it fails to match;
If so, by the locally stored address information corresponding with described associated key mark and BSSID, with described association request In the address information carried and BSSID compare one by one;
If it is the most identical, it is determined that the match is successful.
If at least one differs, it is determined that it fails to match.
Method the most according to claim 1, it is characterised in that described other AP managed to the AC belonging to described AP sends Carry the matching request of described associated key mark, specifically include:
Sent to other AP that the AC belonging to described AP manages by the communication port set up with other AP and carry described association The matching request of key identification, or,
The coupling carrying described associated key mark to other AP transmission that the AC belonging to described AP manages by described AC is asked Ask.
7. a radio roaming device, it is characterised in that described device is applied to access point AP, described device includes:
Receiver module, for receiving the association request that terminal STA sends;
Matching module, during for carrying associated key mark in described association request, determines that described STA is roaming STA, and Described associated key mark being mated with locally stored associated key, described associated key is designated described STA at least When being associated with the AP associated according to self, the associated key of distribution generates;
First permissions module, for when the matching result of described matching module is that the match is successful, it is allowed to described STA is carried out quickly Roaming;
Sending module, for when the matching result of described matching module is that it fails to match, to the Access Control belonging to described AP Other AP of device AC management sends the matching request carrying described associated key mark, so that other AP is by described associated key Mark is mated with described associated key locally stored for other AP;
Second permissions module, for receive in Preset Time other AP send the match is successful response time, it is allowed to described STA Carry out fast roaming.
Device the most according to claim 7, it is characterised in that described device also includes:
Notification module, during for not receiving other AP response that sends that the match is successful in described Preset Time, notice is described STA re-starts wireless authentication.
9. according to the device described in claim 7 or 8, it is characterised in that described matching module specifically includes:
First generates submodule, for according to locally stored each associated key, generating corresponding associated key mark, its In, described AP generates the generating mode of each associated key mark and generates, with described STA, the generation side that described associated key identifies Formula is identical;
First judges submodule, for judging whether the associated key generated mark exists described associated key mark, and When being judged as YES, it is determined that the match is successful, when being judged as NO, it is determined that it fails to match.
10. according to the device described in claim 7 or 8, it is characterised in that described association request also carries described STA's Address information and Basic Service Set Identification BSSID, described associated key is designated described STA according to self and associated When AP is associated, the associated key of distribution, the address information of described STA and BSSID generate;
Described matching module specifically includes:
Second generates submodule, for according to the described STA carried in locally stored each associated key, described association request Address information and BSSID, generate corresponding associated key mark, wherein, described AP generates the life of each associated key mark The generating mode that one-tenth mode generates described associated key mark with described STA is identical;
Second judges submodule, for judging whether the associated key generated mark exists described associated key mark, and When being judged as YES, it is determined that the match is successful, when being judged as NO, it is determined that it fails to match.
11. according to the device described in claim 7 or 8, it is characterised in that also carry described STA's in described association request Address information and BSSID, described associated key is designated described STA and is associated the time-division according to self with the AP associated Associated key, the address information of described STA and the BSSID sent out generates;
Described matching module specifically includes:
3rd judges submodule, for judging whether exist in the associated key mark that locally stored each associated key is corresponding Described associated key identifies, and when being judged as NO, it is determined that it fails to match, wherein, and the associated key that each associated key is corresponding It is designated what described AP generated according to each associated key, the address information of STA that each associated key is corresponding and BSSID, institute State AP and generate the generating mode of each associated key mark and the generating mode phase of described STA generation described associated key mark With;
Comparison sub-module, for when the described 3rd judges the judged result of submodule as being, by locally stored with described pass The address information carried in connection address information corresponding to key identification and BSSID, with described association request and BSSID carry out by One compares, and compare whole identical time, determine that the match is successful, when comparing at least one and differing, determine coupling lose Lose.
12. devices according to claim 7, it is characterised in that described sending module is further used for:
Sent to other AP that the AC belonging to described AP manages by the communication port set up with other AP and carry described association The matching request of key identification, or,
The coupling carrying described associated key mark to other AP transmission that the AC belonging to described AP manages by described AC is asked Ask.
CN201610692208.3A 2016-08-18 2016-08-18 Wireless roaming method and device Active CN106304050B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610692208.3A CN106304050B (en) 2016-08-18 2016-08-18 Wireless roaming method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610692208.3A CN106304050B (en) 2016-08-18 2016-08-18 Wireless roaming method and device

Publications (2)

Publication Number Publication Date
CN106304050A true CN106304050A (en) 2017-01-04
CN106304050B CN106304050B (en) 2020-05-08

Family

ID=57661552

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610692208.3A Active CN106304050B (en) 2016-08-18 2016-08-18 Wireless roaming method and device

Country Status (1)

Country Link
CN (1) CN106304050B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108449755A (en) * 2018-04-03 2018-08-24 新华三技术有限公司 A kind of terminal access method and device
CN111328066A (en) * 2018-12-14 2020-06-23 中国电信股份有限公司 Method and system for fast roaming of heterogeneous wireless network, master and slave access point equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7624271B2 (en) * 2005-03-24 2009-11-24 Intel Corporation Communications security
CN101951587A (en) * 2010-09-13 2011-01-19 上海市共进通信技术有限公司 Method for realizing fast roaming switch in wireless network in line with 802.11 standard
CN103391543A (en) * 2012-05-07 2013-11-13 中兴通讯股份有限公司 Method and device for achieving roaming switch
US20150040195A1 (en) * 2012-02-07 2015-02-05 Lg Electronics Inc. Method and apparatus for associating station (sta) with access point (ap)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7624271B2 (en) * 2005-03-24 2009-11-24 Intel Corporation Communications security
CN101951587A (en) * 2010-09-13 2011-01-19 上海市共进通信技术有限公司 Method for realizing fast roaming switch in wireless network in line with 802.11 standard
US20150040195A1 (en) * 2012-02-07 2015-02-05 Lg Electronics Inc. Method and apparatus for associating station (sta) with access point (ap)
CN103391543A (en) * 2012-05-07 2013-11-13 中兴通讯股份有限公司 Method and device for achieving roaming switch

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108449755A (en) * 2018-04-03 2018-08-24 新华三技术有限公司 A kind of terminal access method and device
CN111328066A (en) * 2018-12-14 2020-06-23 中国电信股份有限公司 Method and system for fast roaming of heterogeneous wireless network, master and slave access point equipment
CN111328066B (en) * 2018-12-14 2023-09-01 中国电信股份有限公司 Heterogeneous wireless network fast roaming method and system, master and slave access point devices

Also Published As

Publication number Publication date
CN106304050B (en) 2020-05-08

Similar Documents

Publication Publication Date Title
US11178584B2 (en) Access method, device and system for user equipment (UE)
US11496320B2 (en) Registration method and apparatus based on service-based architecture
EP3700124B1 (en) Security authentication method, configuration method, and related device
WO2018137713A1 (en) Internal network slice authentication method, slice authentication proxy entity, and session management entity
US20130305386A1 (en) Method for protecting security of data, network entity and communication terminal
US20240031800A1 (en) Network access authentication method and device
CN102685730B (en) Method for transmitting context information of user equipment (UE) and mobility management entity (MME)
CN112449323B (en) Communication method, device and system
CN102571792A (en) Identity authentication method allowing intelligent mobile wireless terminal to access cloud server
KR102119586B1 (en) Systems and methods for relaying data over communication networks
CN102685745A (en) Wireless access point (AP) equipment authentication method and system
CN109890029B (en) Automatic network distribution method of intelligent wireless equipment
KR20150056076A (en) Apparatus and method for maintaining a security key in a device to device communication system
CN102238201A (en) Internet of things application module and communication method for Internet of things application and Internet of things terminal
WO2015061951A1 (en) Method and device for providing and acquiring security context
WO2016109609A1 (en) System and method for providing authenticated communications from a remote device to a local device
CN104284331A (en) Method and system for connecting with portable WLAN hotspot
CN106792994A (en) A kind of dual system termi-nal WIFI shared method and apparatus
WO2018113402A1 (en) Method and device for joining access node group
CN106304050A (en) A kind of wireless roaming method and device
CN105515757A (en) Security information interaction equipment based on trusted execution environment
EP3412050A1 (en) An agent-based authentication and key agreement method for devices without sim card
CN102158856A (en) Mobile terminal identification code authentication system and method, server and terminal
CN103441989A (en) Authentication and information processing method and device
WO2018076298A1 (en) Security capability negotiation method and related device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: NEW H3C TECHNOLOGIES Co.,Ltd.

Address before: 310053 Hangzhou science and Technology Development Zone, Zhejiang high tech park, No. six and road, No. 310

Applicant before: HANGZHOU H3C TECHNOLOGIES Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230620

Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466

Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right