CN118175545A - FTTR wireless terminal authentication method and wireless terminal authentication network - Google Patents
FTTR wireless terminal authentication method and wireless terminal authentication network Download PDFInfo
- Publication number
- CN118175545A CN118175545A CN202410603620.8A CN202410603620A CN118175545A CN 118175545 A CN118175545 A CN 118175545A CN 202410603620 A CN202410603620 A CN 202410603620A CN 118175545 A CN118175545 A CN 118175545A
- Authority
- CN
- China
- Prior art keywords
- wireless terminal
- authentication
- sub
- network
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 230000006855 networking Effects 0.000 claims abstract description 31
- 238000004590 computer program Methods 0.000 claims description 23
- 230000000694 effects Effects 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 abstract description 3
- 101150081243 STA1 gene Proteins 0.000 description 28
- 101100161473 Arabidopsis thaliana ABCB25 gene Proteins 0.000 description 24
- 101100096893 Mus musculus Sult2a1 gene Proteins 0.000 description 24
- 238000010586 diagram Methods 0.000 description 16
- 230000003993 interaction Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 7
- 241000465502 Tobacco latent virus Species 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000012790 confirmation Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 239000000835 fiber Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q11/0067—Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q2011/0079—Operation or maintenance aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/16—Gateway arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention provides a FTTR wireless terminal authentication method and a wireless terminal authentication network. The method comprises the following steps: the first gateway in the first sub-network informs the authentication state of the wireless terminal passing the access authentication to the second gateway in the second sub-network, so that the access authentication is not required to be repeated when the wireless terminal roams to the second sub-network, wherein the first sub-network and the second sub-network are sub-networks in the all-optical network networking. The invention solves the problem of service interruption of the STA caused by repeated authentication when the STA roams across the sub-networks in the related technology, and achieves the effect of ensuring the service continuity of the wireless terminal when the wireless terminal roams across the sub-networks.
Description
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a FTTR wireless terminal authentication method and a wireless terminal authentication network.
Background
The access technology of intelligent home gateways has evolved to FTTR (Fiber to the Room, fiber-to-room) full house fiber optic networking (FTTR full optical networking for short). FTTR the all-optical networking includes a plurality of wireless APs (Access points) which are wireless networks formed by connecting a master gateway and a plurality of slave gateways through optical fibers, wherein the wireless APs are the master gateway or the slave gateway with WiFi function. The user can freely move in the coverage area of FTTR all-optical networking and connect to the nearest AP at any time. Compared with the traditional single AP network, the FTTR all-optical networking has wider wireless coverage range and larger network capacity.
In a large networking scenario, such as a dormitory building scenario, FTTR all-optical networking controlled by a single main gateway often cannot meet the service requirement of the whole area, and at this time, a mode of re-networking a plurality of sub-networks can be adopted to solve the problem, wherein one sub-network is FTTR all-optical networking, and consists of one main gateway and a plurality of sub-gateways.
In a multi-sub-network re-networking scenario, when an STA (Station) needs to roam across sub-networks, a primary gateway in the sub-network where the STA is currently located cannot acquire access authentication information of the STA in other sub-networks, which results in repeated authentication after the STA roams across sub-networks, thereby causing service interruption of the STA.
Disclosure of Invention
The embodiment of the invention provides a FTTR wireless terminal authentication method and a wireless terminal authentication network, which at least solve the problem of service interruption of a STA (station) caused by repeated authentication when the STA roams across sub-networks in the related technology.
According to an embodiment of the present invention, there is provided a wireless terminal authentication method including: the first gateway in the first sub-network informs the authentication state of the wireless terminal passing the access authentication to the second gateway in the second sub-network, so that the access authentication is not required to be repeated when the wireless terminal roams to the second sub-network, wherein the first sub-network and the second sub-network are sub-networks in the all-optical network networking.
According to another embodiment of the present invention, there is provided a wireless terminal authentication method FTTR including: a second gateway in a second sub-network receives an authentication state of the wireless terminal which is transmitted by a first gateway in a first sub-network and passes the access authentication; and under the condition that the wireless terminal roams to the second sub-network, determining the authentication state of the wireless terminal according to the identification information of the wireless terminal, wherein the first sub-network and the second sub-network are sub-networks in an all-optical network networking.
According to another embodiment of the present invention, there is provided a wireless terminal authentication network including: and the first gateway is used for informing the second gateway in the second sub-network of the authentication state of the wireless terminal passing the access authentication, so that the access authentication does not need to be repeated when the wireless terminal roams to the second sub-network, wherein the first gateway is positioned in the first sub-network, and the first sub-network and the second sub-network are sub-networks in the all-optical network networking.
According to another embodiment of the present invention, there is provided a wireless terminal authentication network including: the second gateway is used for receiving the authentication state of the wireless terminal which is transmitted by the first gateway and passes the access authentication and is positioned in the first sub-network; and under the condition that the wireless terminal roams to the second sub-network, determining the authentication state of the wireless terminal according to the identification information of the wireless terminal, wherein the first sub-network and the second sub-network are sub-networks in an all-optical network networking.
According to a further embodiment of the invention, there is also provided a computer readable storage medium having stored therein a computer program, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
According to a further embodiment of the invention, there is also provided an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
According to a further embodiment of the invention, there is also provided a computer program product comprising a computer program, instructions which, when executed by a processor, carry out the steps of any of the method embodiments described above.
According to the embodiment of the invention, under the situation of multi-sub-network networking, the first gateway in the first sub-network can inform the authentication state of the wireless terminal passing the access authentication to the second gateway in the second sub-network, so that when the wireless terminal roams to the second sub-network, the wireless terminal can access to the second sub-network without repeated access authentication, and the service interruption of the STA caused by the access authentication is avoided, thereby solving the problem of the service interruption of the STA caused by repeated authentication when the STA roams across the sub-networks in the related art, and achieving the effect of ensuring the service continuity of the wireless terminal when the wireless terminal roams across the sub-networks.
Drawings
Fig. 1 is a block diagram of a hardware architecture of a computer terminal for running FTTR a wireless terminal authentication method according to an embodiment of the present invention;
Fig. 2 is a network architecture diagram of a multi-subnetwork network in accordance with an embodiment of the present invention;
fig. 3 is a block diagram of the FTTR gateway according to an embodiment of the present invention;
FIG. 4 is a diagram of an IEEE1905 message frame format and a newly added IEEE1905 message, according to an embodiment of the invention;
fig. 5 is a schematic diagram of a newly added TLV type according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an authentication information interaction flow of a primary gateway roaming across a sub-network according to an embodiment of the invention;
fig. 7 is a flowchart of a wireless terminal authentication method FTTR according to an embodiment of the present invention;
Fig. 8 is a flow chart of an STA actively roaming to a newly deployed sub-network in accordance with an embodiment of the present invention;
Fig. 9 is a schematic diagram of a wireless terminal authentication information notification message according to an embodiment of the present invention;
Fig. 10 is a flow chart of a STA directed to roam to a newly deployed sub-network in accordance with an embodiment of the present invention;
Fig. 11 is a schematic diagram of a wireless terminal authentication information notification message according to another embodiment of the present invention;
Fig. 12 is a flowchart of a wireless terminal authentication method according to another embodiment of the present invention;
fig. 13 is a flow chart of a STA actively roaming to a newly deployed sub-network in accordance with another embodiment of the present invention;
fig. 14 is a schematic diagram of a wireless terminal authentication information request message according to an embodiment of the present invention;
fig. 15 is a schematic diagram of a wireless terminal authentication information report message according to an embodiment of the present invention;
Fig. 16 is a flow chart of an STA actively roaming to a newly deployed sub-network in accordance with yet another embodiment of the present invention;
Fig. 17 is a schematic diagram of a wireless terminal authentication information report message according to another embodiment of the present invention;
Fig. 18 is a block diagram of a wireless terminal authentication network according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings in conjunction with the embodiments.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
The method embodiments provided in the embodiments of the present application may be performed in a mobile terminal, a computer terminal or similar computing device. Taking the example of running on a computer terminal, fig. 1 is a block diagram of the hardware structure of a computer terminal running the wireless terminal authentication method according to an embodiment of the present application. As shown in fig. 1, the computer terminal may include one or more (only one is shown in fig. 1) processors 102 (the processor 102 may include, but is not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA) and a memory 104 for storing data, wherein the computer terminal may further include a transmission device 106 for communication functions and an input-output device 108. It will be appreciated by those skilled in the art that the configuration shown in fig. 1 is merely illustrative and is not intended to limit the configuration of the computer terminal described above. For example, the computer terminal may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store a computer program, for example, a software program of application software and a module, such as a computer program corresponding to the wireless terminal authentication method in the embodiment of the present invention, and the processor 102 executes the computer program stored in the memory 104 to perform various functional applications and data processing, that is, to implement the method. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory remotely located relative to the processor 102, which may be connected to the computer terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of a computer terminal. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, simply referred to as a NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is configured to communicate with the internet wirelessly.
The embodiment of the application can be operated on a network architecture of the multi-sub-network networking shown in fig. 2, and as shown in fig. 2, the networking comprises: the system comprises an upper layer network element, a sub-network 1, a sub-network 2 and a sub-network 3, wherein in each sub-network, a main gateway is connected with two auxiliary gateways through a beam splitter, namely the sub-network 1 comprises a main gateway 1, an auxiliary gateway 1-1 and an auxiliary gateway 1-2; the sub-network 2 comprises a master gateway 2, a slave gateway 2-1 and a slave gateway 2-2; the sub-network 3 comprises a master gateway 3, a slave gateway 3-1, a slave gateway 3-2.
In the embodiment of the present invention, a greater number of sub-networks, master gateways or slave gateways may be included in the multi-sub-network, and fig. 2 is only a preferred embodiment and is not intended to limit the number of sub-networks, master gateways or slave gateways.
As shown in fig. 2, STAs (wireless terminals) freely move within the coverage area of a multi-subnetwork network, during which the STAs roam between APs, and the roaming behavior of the STAs can be divided into two forms according to the initiator of the roaming procedure:
And the STA autonomously initiates roaming, namely actively searching for a new AP when the STA perceives that the self network condition is poor, and autonomously switching and associating to the new AP at a proper time.
AP-initiated roaming: the AP detects the state of the STA in real time, and when detecting that the AP of the STA which is more suitable in the networking exists, the AP sends a roaming guide instruction to the STA to guide the STA to switch to another AP.
The AP is a master gateway or a slave gateway, and the STA roams among the APs, comprising: the method comprises the steps of roaming an STA from a main gateway of a current sub-network to a main gateway of other sub-networks, roaming the STA from a sub-gateway of the current sub-network to a main gateway of the other sub-networks, roaming the STA from the main gateway of the current sub-network to a sub-gateway of the other sub-networks, and roaming the STA from the sub-gateway of the current sub-network to a sub-gateway of the other sub-networks.
In a wireless network, when an STA roams from a current AP to other APs, the other APs need to perform access authentication on the STA, that is, the access authentication of the STA means to perform identity verification and authorization on the STA to ensure that only the STA that is approved can access the network, and common access authentication modes of the STA include:
WEP/WPA 2 authentication: and (3) authenticating the STA by using the password, and accessing the network only by inputting the correct password.
MAC address filtering: authentication is performed according to the MAC address of the STA, and only the STA with the MAC address in a preset MAC address list can access the network.
EAP authentication: authentication using EAP (Extensible Authentication Protocol ) typically requires that a secure communication link be established between the AP and the authentication server.
802.1X authentication: authentication using the IEEE 802.1X protocol requires that the STA provide valid identity credentials, such as a user name and password, and then verify through an authentication server.
Portal authentication: by popping up a Web login page, the user is required to provide valid identity credentials, such as a user name and password, to gain network access.
Fast handover authentication: is a generic term of a class of protocols, which can reduce the time of disconnection and reconnection of an STA, and to some extent improve the switching speed of the STA between different APs and the experience of seamless roaming, including ackc, PMK cache, IEEE 802.11r.
OKC (optoristic KEY CACHING): through the mode of caching the secret key, the STA is quickly reconnected and kept connected when switching the AP. The STA can use the previously cached key to perform fast authentication, avoiding the re-performing of the complete authentication process.
PMK buffer (PAIRWISE MASTER KEY CACHING): similar to the OKC, fast handover and reconnection is also achieved by caching keys. The STA can directly acquire the key used before from the buffer memory when switching the AP, and does not need to carry out the complete authentication process again.
IEEE 802.11r (Fast BSS Transition, FT): through pre-handshake and fast BSSID switching mechanism, fast switching and seamless roaming of STA between different APs are realized.
As shown in fig. 3, a distributed authentication management module is disposed on the FTTR gateway, and is configured to process the receiving, sending and processing of the cross-subnet authentication management message.
In the embodiment of the present invention, only IEEE1905 message/TLV is used as an example, and the actual implementation is not limited to using IEEE1905/TLV messages, and this function may be implemented based on ethernet custom frames or IP layer custom messages, where four message types are newly added in the embodiment of the present invention, and are used for encapsulating and carrying TLVs and performing inter-subnet authentication management message interactions, and fig. 4 is a schematic diagram of an IEEE1905 message frame format and a newly added IEEE1905 message according to an embodiment of the present invention.
As shown in fig. 5, three TLV types are added in the embodiment of the present invention, which are used for carrying interworking identifier information/STA authentication information request/STA authentication status information.
In this embodiment, a large network (i.e., a multi-subnetwork network) formed by a plurality of FTTR subnetworks is configured with an interworking identifier, and a main gateway corresponding to the same interworking identifier can perform cross-subnetwork interaction. The main gateway which needs to carry out cross-sub-network networking can be used for adding a certain cross-sub-network through the intercommunication identification in a manual/automatic configuration mode.
Fig. 6 is a schematic diagram of an authentication information interaction flow of a primary gateway roaming across sub-networks according to an embodiment of the present invention, where, as shown in fig. 6, the primary gateway may send STA authentication information for synchronizing authentication status information of STAs in its own sub-network with the primary gateway of other sub-networks, for example: the main gateway sends a wireless terminal authentication information notification message to the main gateway of other sub-networks, wherein the authentication information notification message carries the authentication state information of the STA in the sub-network.
The scene/condition that can trigger the primary gateway to send STA authentication information notification messages to the primary gateway of other sub-networks includes:
(1) After the STA is online in the own sub-network and passes authentication, the primary gateway may send an STA authentication information notification message, i.e. an authentication status notification, to the primary gateway of the other sub-network.
(2) When the primary gateway prepares to guide the STA under the own sub-network to other sub-networks, the primary gateway may send an STA authentication information notification message to the primary gateway of the target sub-network.
(3) After the STA is disconnected or de-authenticated in the own sub-network, the primary gateway may send an STA authentication information notification message to the primary gateway of the other sub-network.
As shown in fig. 6, the primary gateway may also transmit an STA authentication information request message to the primary gateway in other sub-networks to request authentication status information of the STA in the counterpart network.
The scene/condition that can trigger the primary gateway to send STA authentication information request message to the primary gateway of other sub-networks includes:
(1) When the primary gateway completes deployment for the first time, the primary gateway may send an STA authentication information request message to the primary gateways of other sub-networks.
(2) When the STA is online in the own sub-network and the authentication state of the STA is unknown, the main gateway can send the STA authentication information request message to the main gateways of other sub-networks.
As shown in fig. 6, when the primary gateway receives the STA authentication information request message of the other sub-network primary gateway, the method includes:
(1) If the STA authentication information request carries the identification information of the appointed STA, immediately replying an STA authentication information report message to the opposite party and carrying the wireless terminal authentication state information of the appointed STA.
(2) If the identification information of the STA is not specified in the STA authentication information request, a STA authentication information report message needs to be replied to the opposite party, wherein the STA authentication information report message carries the wireless terminal authentication status information of all STAs of the opposite party.
As shown in fig. 6, when receiving the wireless terminal authentication information report message sent by the other master gateway, the master gateway needs to immediately reply to the wireless terminal authentication information report message reception confirmation message.
Aiming at the scene of STA cross-sub-network roaming in FTTR all-optical networking, the embodiment of the invention also provides a wireless terminal authentication method running on the computer terminal or multi-sub-network networking, which is a cross-sub-network cooperative authentication method, can rapidly judge the authentication state of the STA when the STA is in cross-sub-network roaming, avoid repeated authentication, ensure the service continuity of the STA when the STA is in cross-sub-network roaming, and bring better roaming experience for users. Fig. 7 is a flowchart of a wireless terminal authentication method according to an embodiment of the present invention, as shown in fig. 7, the flowchart including the steps of:
In step S702, a first gateway in a first sub-network notifies an authentication state of a wireless terminal that has passed access authentication to a second gateway in a second sub-network, so that the wireless terminal does not need to repeatedly perform access authentication when roaming to the second sub-network, wherein the first sub-network and the second sub-network are sub-networks in an all-optical network.
When the embodiment of the invention is implemented based on the two-layer protocol, two-layer communication is required between the main gateways, and similarly, when the embodiment of the invention is implemented based on the three-layer protocol, three-layer communication is required between the main gateways.
In this embodiment, the first gateway and the second gateway are configured with the same interworking identifier.
In one embodiment, in a case where the second gateway is deployed before authentication of the wireless terminal in the first sub-network, the first gateway located in the first sub-network notifies the authentication status of the wireless terminal having passed the access authentication to the second gateway located in the second sub-network, comprising: and if the wireless terminal meets the first condition, sending a first message (namely an authentication information notification message) of the wireless terminal to the second gateway so as to notify the second gateway of the authentication state of the wireless terminal passing the access authentication through the first message.
Wherein the first condition includes at least: the wireless terminal is online on the first sub-network and passes access authentication; the wireless terminal is disconnected in the first sub-network; the wireless terminal has been de-authenticated in the first subnetwork. The first message carries at least one of the following information: the identification information of the wireless terminal, the authentication state information of the wireless terminal, the authentication mode and the authentication password.
For example, after the STA is online in a certain sub-network and passes authentication, the main gateway of the sub-network notifies the main gateway of other sub-networks of the authentication status of the STA, and when the STA actively roams to other sub-networks, the authentication does not need to be repeated.
Taking the multi-sub-network networking shown in fig. 2 as an example, the current main gateways 1, 2 and 3 and the sub-networks where they are located have all been deployed, and the same "interworking identifier" = "0x11" has been configured, and the internet communication can be performed stably and normally. The access flow is shown in fig. 8 when the STA actively roams to other sub-networks, and includes the following steps:
Step S801: the STA1 is on line in a main gateway 1 of the sub-network 1 and completes access authentication, wherein the authentication mode of the access authentication is a portal authentication mode;
step S802: the main gateway 1 sends wireless terminal authentication information notification messages to the main gateway 2 and the main gateway 3, wherein the messages carry information such as identification information, authentication state information, authentication mode, user name, password and the like of the STA 1; wherein, a partial message field of the wireless terminal authentication information notification message is shown in fig. 9;
step S803: the main gateway 2 and the main gateway 3 record information, including information such as identification information, authentication state information, authentication mode, user name, password and the like of the recording STA 1;
Step S804: STA1 associates with primary gateway 2 and STA1 is authentication-free at primary gateway 2.
Specifically, when the STA1 roams to the sub-network where the primary gateway 2 is located, the primary gateway 2 determines that the STA has passed authentication according to the record information, without repeating authentication.
In one embodiment, in a case where the second gateway is deployed after authentication of the wireless terminal in the first sub-network, the first gateway located in the first sub-network notifies the authentication status of the wireless terminal having passed the access authentication to the second gateway located in the second sub-network, including: and under the condition that the wireless terminal meets a second condition, sending a first message to the second gateway so that the second gateway determines the authentication state of the wireless terminal according to the identification information and the authentication state information of the wireless terminal carried in the first message, wherein the second condition at least comprises: the wireless terminal is directed by the first gateway to roam to the second gateway.
For example: after the STA is online in a certain sub-network and passes authentication, the other sub-networks complete deployment, and before the main gateway prepares to guide the STA1 to roam to a target sub-network (i.e. a newly deployed sub-network), the main gateway informs the authentication state of the STA1 to the target main gateway, and the STA1 does not need repeated authentication when roaming to the target sub-network.
Taking the multi-subnetwork networking shown in fig. 2 as an example, STA1 is online on subnetwork 1 and passes MAC authentication, then the deployment of primary gateways 2, 3 is completed, and the same "interworking identifier" = "0x11" is already configured, when primary gateway 1 prepares to guide STA roaming to the subnetwork where primary gateway 2 is located, as shown in fig. 10, the flow includes the following steps:
Step S1001: the main gateway 1 sends a wireless terminal authentication information notification message to the main gateway 2, wherein the message carries identification information, authentication state information and authentication mode information of the STA 1; wherein, a partial message field of the wireless terminal authentication information notification message is shown in fig. 11;
step S1002: the primary gateway 2 records information including: identification information, authentication state information and authentication mode information of the STA 1;
step S1003: STA1 associates with primary gateway 2 and STA1 is authentication-free at primary gateway 2.
Specifically, when the STA1 roams to the sub-network where the primary gateway 2 is located, the primary gateway 2 determines that the STA has passed authentication according to the record information, without repeating authentication.
In one embodiment, in a case where the second gateway is deployed after authentication of the wireless terminal in the first sub-network, the first gateway located in the first sub-network notifies the authentication status of the wireless terminal having passed the access authentication to the second gateway located in the second sub-network, including: transmitting a third message (i.e., an STA authentication information report message) to the second gateway according to a second message (i.e., an STA authentication information request message) transmitted by the second gateway for requesting an authentication state of the wireless terminal; to notify the second gateway of authentication status information of the wireless terminal through the third message.
In this embodiment, the authentication manner of the wireless terminal in the first sub-network includes at least one of the following: portal authentication, MAC authentication, FT authentication, IP authentication, weChat authentication, EAP authentication.
Through the steps, under the situation of multi-sub-network networking, the first gateway in the first sub-network can inform the authentication state of the wireless terminal passing the access authentication to the second gateway in the second sub-network, so that the wireless terminal can access the second sub-network without repeated access authentication when roaming to the second sub-network, and service interruption of the STA caused by the access authentication is avoided, thereby solving the problem of service interruption of the STA caused by repeated authentication when the STA roams across the sub-networks in the related art and achieving the effect of guaranteeing service continuity of the wireless terminal when roaming across the sub-networks.
Fig. 12 is a flowchart of a wireless terminal authentication method according to another embodiment of the present invention, as shown in fig. 12, including the steps of:
step S1202, a second gateway in a second sub-network receives an authentication state of a wireless terminal which is transmitted by a first gateway in a first sub-network and passes access authentication;
Step S1204, when the wireless terminal roams to the second sub-network, determining an authentication state of the wireless terminal according to the identification information of the wireless terminal, wherein the first sub-network and the second sub-network are sub-networks in an all-optical network.
In this embodiment, the first gateway and the second gateway are configured with the same interworking identifier.
In the case where the second gateway is deployed for the wireless terminal before authentication in the first sub-network, in step S1202 of the present embodiment, it includes: receiving a first message sent by the first gateway under the condition that the wireless terminal meets a first condition; and receiving the authentication state of the wireless terminal through the first message. Wherein the first condition includes one of: the wireless terminal is online on the first sub-network and passes access authentication; the wireless terminal is disconnected in the first sub-network; the wireless terminal has been de-authenticated in the first subnetwork.
In the case where the second gateway is deployed for the wireless terminal after authentication in the first subnetwork, in step S1202 of the present embodiment, it includes: receiving a first message sent by the first gateway under the condition that the wireless terminal meets a second condition; receiving an authentication state of the wireless terminal through the first message, wherein the second condition at least comprises: the wireless terminal is directed by the first gateway to roam to the second gateway.
In this embodiment, the first message carries at least one of the following information: the identification information of the wireless terminal, the authentication state information of the wireless terminal, the authentication mode and the authentication password.
In the case where the second gateway is deployed for the wireless terminal after authentication in the first subnetwork, in step S1202 of the present embodiment, it includes: transmitting a second message requesting an authentication state of the wireless terminal to the first gateway if a third condition is satisfied; according to the received third message returned by the first gateway, a fourth message confirming the receipt of the third message is sent to the first gateway; and determining the authentication state of the wireless terminal according to the wireless terminal identification information and the authentication state information carried in the third message. Wherein the third condition includes at least: the first deployment of the second gateway is completed; the wireless terminal is online at the second gateway and the status of access authentication is unknown.
For example: after the STA is online in a certain sub-network and passes authentication, other sub-networks complete deployment, the STA immediately and actively initiates roaming to a target sub-network (namely, the STA actively roams to a newly deployed sub-network), and a main gateway of the target sub-network can request the current main gateway to acquire the authentication state of the STA, and then the STA is allowed to access the network without repeated authentication in the process.
Taking the multi-subnetwork networking shown in fig. 2 as an example, STA1 is online in subnetwork 1 and passes the FT authentication, the primary gateways 2 and 3 have just been deployed, and the same "interworking identifier" = "0x11" has been configured, and STA1 immediately and actively roams to the subnetwork where primary gateway 2 is located, the flow is shown in fig. 13:
step S1301: STA1 associates with primary gateway 2.
Step S1302: the primary gateway 2 sends a wireless terminal authentication information request message to the primary gateway 1 and the primary gateway 3, where the message carries identification information of the STA1, associated BSSID information, and authentication mode. Wherein a partial message field of the wireless terminal authentication information request message is shown in fig. 14.
Step S1303: the primary gateways 1 and 3 send wireless terminal authentication information report messages to the primary gateway 2, wherein the messages carry identification information, authentication status information (pass), authentication mode, PMK information of the STA1 and the same MID. The primary gateway 3 sends a wireless terminal authentication information report message to the primary gateway 2, where the message carries the identification information and authentication status information of the STA1 (unknow), and the same MID. Wherein a partial message field of the wireless terminal authentication information report message is shown in fig. 15.
Step S1304: the main gateway 2 sends a wireless terminal authentication information report message reception confirmation message to the main gateway 1 and the main gateway 3 respectively, and the messages carry the same MID.
Step S1305: STA1 is free of authentication access on primary gateway 2.
Specifically, the primary gateway 2 determines that the STA has passed authentication based on the record information, and allows it to access the network without repeating authentication.
Also for example: after the STA1 is online in a certain sub-network and passes authentication, the main gateway of other sub-networks completes deployment, the newly deployed main gateway can query the other main gateways for the full amount of STA identification information and authentication status information, after a period of time, the STA1 actively initiates roaming to the sub-network 2 (i.e. the STA1 actively roams to the newly deployed sub-network), and repeated authentication is not needed in the roaming process.
Taking the multi-subnetwork networking shown in fig. 2 as an example, when STA1 is online in subnetwork 1 and passes the IP authentication (secure IP list), the deployment of the primary gateways 2,3 is completed, and the same "interworking identifier" = "0x11" is already configured, and the flow is as shown in fig. 16, which includes the following steps:
step S1601: the primary gateway 2 transmits a wireless terminal authentication information request message to the primary gateway 1 and the primary gateway 3, and the message does not carry any identification information of the STA.
Step S1602: the primary gateway 1, 3 sends a wireless terminal authentication information report message to the primary gateway 2, where the message carries identification information, IP information, authentication mode information, and authentication status information (pass) of all STAs in the own network that complete authentication, and the same MID. The primary gateway 3 sends a wireless terminal authentication information report message to the primary gateway 2, where the message carries identification information and authentication status information of all STAs that complete authentication in the own network, and the same MID. Wherein a partial message field of the wireless terminal authentication information report message is shown in fig. 17.
Step S1603: the main gateway 2 sends a wireless terminal authentication information report message reception confirmation message to the main gateway 1 and the main gateway 3 respectively, and the messages carry the same MID.
Step S1604: the primary gateway 2 records authentication information of the relevant STA.
Step S1605: STA1 associates with primary gateway 2 and is free of authentication access on primary gateway 2.
Specifically, after a period of time, STA1 actively roams to the sub-network where primary gateway 2 is located. The primary gateway 2 determines that the STA has passed authentication according to the recorded information, and allows it to access the network without repeated authentication.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
In this embodiment, a wireless terminal authentication network is further provided, and the wireless terminal authentication network is used to implement the foregoing embodiments and preferred implementations, which have already been described and will not be described again. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
Fig. 18 is a block diagram of a wireless terminal authentication network according to an embodiment of the present invention, and the apparatus includes a first gateway 181 and a second gateway 182 as shown in fig. 18.
And a first gateway 181, configured to notify a second gateway located in a second sub-network of an authentication state of a wireless terminal that has passed access authentication, so that the wireless terminal does not need to repeatedly perform access authentication when roaming to the second sub-network, where the first gateway is located in the first sub-network, and the first sub-network and the second sub-network are sub-networks in an all-optical network.
A second gateway 182, configured to be located in an authentication state of a wireless terminal that receives access authentication sent by a first gateway located in the first sub-network; and under the condition that the wireless terminal roams to the second sub-network, determining the authentication state of the wireless terminal according to the identification information of the wireless terminal, wherein the first sub-network and the second sub-network are sub-networks in an all-optical network networking.
Aiming at the scene of STA cross-sub-network roaming in FTTR all-optical network networking, the provided cooperative authentication network of the main gateway cross-sub-network can judge the authentication state of the STA in time when the cross-sub-network roaming of the STA is realized, so that repeated authentication is avoided, the service continuity of the STA in the cross-sub-network roaming is ensured, and better roaming experience is brought.
It should be noted that each of the above modules may be implemented by software or hardware, and for the latter, it may be implemented by, but not limited to: the modules are all located in the same processor; or the above modules may be located in different processors in any combination.
The implementation of the cross-subnetwork interaction in the embodiment of the present invention is not limited to the interaction between the main gateways, and the embodiment of the present invention only uses the interaction between the main gateways as an example to describe the present invention, which is only a preferred embodiment of the present invention and is not intended to limit the present invention. The cross-subnetwork interaction further includes interactions between the master gateway and the slave gateway, and the slave gateway, and specific examples of interactions may refer to examples described in the examples and exemplary embodiments of interactions between the master gateway and the slave gateway, and this example is not described herein again.
Embodiments of the present invention also provide a computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
In one exemplary embodiment, the computer readable storage medium may include, but is not limited to: a usb disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory RAM), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing a computer program.
An embodiment of the invention also provides an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
In an exemplary embodiment, the electronic apparatus may further include a transmission device connected to the processor, and an input/output device connected to the processor.
Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.
Embodiments of the present invention also provide a computer program product comprising a computer program, instructions which, when executed by a processor, implement the steps of any of the method embodiments described above.
It will be appreciated by those skilled in the art that the modules or steps of the invention described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may be implemented in program code executable by computing devices, so that they may be stored in a storage device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the principle of the present invention should be included in the protection scope of the present invention.
Claims (21)
1. A method for authenticating a wireless terminal of FTTR, comprising:
The first gateway in the first sub-network informs the authentication state of the wireless terminal passing the access authentication to the second gateway in the second sub-network, so that the access authentication is not required to be repeated when the wireless terminal roams to the second sub-network, wherein the first sub-network and the second sub-network are sub-networks in the all-optical network networking.
2. The method of claim 1, wherein the first gateway and the second gateway are configured with the same interworking identity.
3. The method of claim 1, wherein, in the case where the second gateway is deployed for the wireless terminal before authentication in the first sub-network, the first gateway located in the first sub-network notifies the second gateway located in the second sub-network of the authentication status of the wireless terminal that has been authenticated by access, comprising:
And sending a first message of the wireless terminal to the second gateway under the condition that the wireless terminal meets a first condition so as to inform the second gateway of the authentication state of the wireless terminal which passes the access authentication through the first message.
4. A method according to claim 3, wherein the first condition comprises at least:
the wireless terminal is online on the first sub-network and passes access authentication;
the wireless terminal is disconnected in the first sub-network;
The wireless terminal has been de-authenticated in the first subnetwork.
5. The method according to claim 1, wherein in case the second gateway is deployed after authentication of the wireless terminal in the first sub-network, the first gateway located in the first sub-network notifies the authentication status of the wireless terminal having passed the access authentication to the second gateway located in the second sub-network, comprising:
and under the condition that the wireless terminal meets a second condition, sending a first message to the second gateway so that the second gateway determines the authentication state of the wireless terminal according to the identification information and the authentication state information of the wireless terminal carried in the first message, wherein the second condition at least comprises: the wireless terminal is directed by the first gateway to roam to the second gateway.
6. The method according to any of claims 3-5, wherein the first message carries at least one of the following information: the identification information of the wireless terminal, the authentication state information of the wireless terminal, the authentication mode and the authentication password.
7. The method according to claim 1, wherein in case the second gateway is deployed after authentication of the wireless terminal in the first sub-network, the first gateway located in the first sub-network notifies the authentication status of the wireless terminal having passed the access authentication to the second gateway located in the second sub-network, comprising:
According to a second message sent by the second gateway and used for requesting the authentication state of the wireless terminal, a third message is sent to the second gateway; to notify the second gateway of authentication status information of the wireless terminal through the third message.
8. The method according to any of claims 1-5, 7, wherein the authentication means by which the wireless terminal authenticates in the first sub-network comprises at least one of: portal authentication, MAC authentication, FT authentication, IP authentication, weChat authentication, EAP authentication.
9. A wireless terminal authentication method, comprising:
A second gateway in a second sub-network receives an authentication state of the wireless terminal which is transmitted by a first gateway in a first sub-network and passes the access authentication;
And under the condition that the wireless terminal roams to the second sub-network, determining the authentication state of the wireless terminal according to the identification information of the wireless terminal, wherein the first sub-network and the second sub-network are sub-networks in an all-optical network networking.
10. The method of claim 9, wherein the first gateway and the second gateway are configured with the same interworking identity.
11. The method of claim 9, wherein, in the case where the second gateway is deployed for the wireless terminal before authentication in the first sub-network, the second gateway located in the second sub-network receives the authentication status of the wireless terminal that has passed the access authentication and is transmitted by the first gateway located in the first sub-network, comprising:
receiving a first message sent by the first gateway under the condition that the wireless terminal meets a first condition;
And receiving the authentication state of the wireless terminal through the first message.
12. The method of claim 11, wherein the first condition comprises one of:
the wireless terminal is online on the first sub-network and passes access authentication;
the wireless terminal is disconnected in the first sub-network;
The wireless terminal has been de-authenticated in the first subnetwork.
13. The method of claim 9, wherein, in the case where the second gateway is deployed after authentication of the wireless terminal in the first sub-network, the second gateway in the second sub-network receives the authentication status of the wireless terminal that has passed the access authentication and is transmitted by the first gateway in the first sub-network, comprising:
receiving a first message sent by the first gateway under the condition that the wireless terminal meets a second condition;
receiving an authentication state of the wireless terminal through the first message, wherein the second condition at least comprises: the wireless terminal is directed by the first gateway to roam to the second gateway.
14. The method according to any of claims 11-13, wherein the first message carries at least one of the following information: the identification information of the wireless terminal, the authentication state information of the wireless terminal, the authentication mode and the authentication password.
15. The method of claim 9, wherein, in the case where the second gateway is deployed after authentication of the wireless terminal in the first sub-network, the second gateway in the second sub-network receives the authentication status of the wireless terminal that has passed the access authentication and is transmitted by the first gateway in the first sub-network, comprising:
transmitting a second message requesting an authentication state of the wireless terminal to the first gateway if a third condition is satisfied;
According to the received third message returned by the first gateway, a fourth message confirming the receipt of the third message is sent to the first gateway;
and determining the authentication state of the wireless terminal according to the wireless terminal identification information and the authentication state information carried in the third message.
16. The method of claim 15, wherein the third condition comprises at least:
The first deployment of the second gateway is completed;
The wireless terminal is online at the second gateway and the status of access authentication is unknown.
17. A wireless terminal authentication network, comprising:
And the first gateway is used for informing the second gateway in the second sub-network of the authentication state of the wireless terminal passing the access authentication, so that the access authentication does not need to be repeated when the wireless terminal roams to the second sub-network, wherein the first gateway is positioned in the first sub-network, and the first sub-network and the second sub-network are sub-networks in the all-optical network networking.
18. A wireless terminal authentication network, comprising:
The second gateway is used for receiving the authentication state of the wireless terminal which is transmitted by the first gateway and passes the access authentication and is positioned in the first sub-network; and under the condition that the wireless terminal roams to a second sub-network, determining the authentication state of the wireless terminal according to the identification information of the wireless terminal, wherein the first sub-network and the second sub-network are sub-networks in an all-optical network networking.
19. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program, wherein the computer program, when executed by a processor, realizes the steps of the method as claimed in any one of claims 1 to 8 or the steps of the method as claimed in any one of claims 9-16.
20. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor, when executing the computer program, implements the steps of the method as claimed in any one of claims 1 to 8 or the steps of the method as claimed in any one of claims 9-16.
21. A computer program product comprising a computer program, instructions, characterized in that the computer program, instructions when executed by a processor, implement the steps of the method as claimed in any one of claims 1 to 8, or the steps of the method as claimed in any one of claims 9-16.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410603620.8A CN118175545B (en) | 2024-05-15 | 2024-05-15 | FTTR wireless terminal authentication method and wireless terminal authentication network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410603620.8A CN118175545B (en) | 2024-05-15 | 2024-05-15 | FTTR wireless terminal authentication method and wireless terminal authentication network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118175545A true CN118175545A (en) | 2024-06-11 |
| CN118175545B CN118175545B (en) | 2024-07-23 |
Family
ID=91351424
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410603620.8A Active CN118175545B (en) | 2024-05-15 | 2024-05-15 | FTTR wireless terminal authentication method and wireless terminal authentication network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118175545B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104378790A (en) * | 2014-10-27 | 2015-02-25 | 深圳市蜂联科技有限公司 | Roam control strategy applied to cluster APs |
| CN109067788A (en) * | 2018-09-21 | 2018-12-21 | 新华三技术有限公司 | A kind of method and device of access authentication |
| CN116367251A (en) * | 2023-03-31 | 2023-06-30 | 珠海泰芯半导体有限公司 | Roaming method, device and system of WiFi equipment, storage medium and WiFi equipment |
| CN117651270A (en) * | 2024-01-30 | 2024-03-05 | 中兴通讯股份有限公司 | Roaming processing method, device and storage medium |
-
2024
- 2024-05-15 CN CN202410603620.8A patent/CN118175545B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104378790A (en) * | 2014-10-27 | 2015-02-25 | 深圳市蜂联科技有限公司 | Roam control strategy applied to cluster APs |
| CN109067788A (en) * | 2018-09-21 | 2018-12-21 | 新华三技术有限公司 | A kind of method and device of access authentication |
| CN116367251A (en) * | 2023-03-31 | 2023-06-30 | 珠海泰芯半导体有限公司 | Roaming method, device and system of WiFi equipment, storage medium and WiFi equipment |
| CN117651270A (en) * | 2024-01-30 | 2024-03-05 | 中兴通讯股份有限公司 | Roaming processing method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118175545B (en) | 2024-07-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8549293B2 (en) | Method of establishing fast security association for handover between heterogeneous radio access networks | |
| US10129745B2 (en) | Authentication method and system for wireless mesh network | |
| US8731194B2 (en) | Method of establishing security association in inter-rat handover | |
| CN102415072B (en) | Methods and apparatus to discover authentication information in wireless networking environment | |
| RU2407181C1 (en) | Authentication of safety and control of keys in infrastructural wireless multilink network | |
| US8175272B2 (en) | Method for establishing secure associations within a communication network | |
| RU2639696C2 (en) | Method, device and system for maintaining activity of access session on 802,1x standard | |
| JP2018046568A (en) | Authentication using dhcp services in mesh networks | |
| CN109121469A (en) | The system and method for equipment identification and authentication | |
| CN104956638A (en) | Restricted certificate enrollment for unknown devices in hotspot networks | |
| CN112449315A (en) | Network slice management method and related device | |
| EP3534648B1 (en) | Automated network access based on same mac address | |
| CN110855677A (en) | Network distribution method and device, electronic equipment and storage medium | |
| KR101460766B1 (en) | Security setting system and the control method for using clurster function in Wireless network system | |
| CN113676904B (en) | Slice authentication method and device | |
| US20110107403A1 (en) | Communication system, server apparatus, information communication method, and program | |
| CN118175545B (en) | FTTR wireless terminal authentication method and wireless terminal authentication network | |
| JP2017034690A (en) | Authentication method, access point, and program that allow wireless terminal of third party to connect to access point owned by user | |
| CN114270881A (en) | Network access method and device | |
| US20110153819A1 (en) | Communication system, connection apparatus, information communication method, and program | |
| WO2024153121A1 (en) | Method and apparatus for communication, storage medium, and program product | |
| WO2022021433A1 (en) | Method for device access authentication, terminal device, and cloud platform | |
| WO2023213184A1 (en) | Communication method and communication apparatus | |
| WO2023213208A1 (en) | Communication method and communication apparatus | |
| WO2021253859A1 (en) | Slice authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |