WO2006074591A1 - A wireless local area network and a method for implementing a mobile terminal’s fast handover - Google Patents

A wireless local area network and a method for implementing a mobile terminal’s fast handover Download PDF

Info

Publication number
WO2006074591A1
WO2006074591A1 PCT/CN2005/002351 CN2005002351W WO2006074591A1 WO 2006074591 A1 WO2006074591 A1 WO 2006074591A1 CN 2005002351 W CN2005002351 W CN 2005002351W WO 2006074591 A1 WO2006074591 A1 WO 2006074591A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile station
physical
authentication
basic service
aps
Prior art date
Application number
PCT/CN2005/002351
Other languages
French (fr)
Chinese (zh)
Inventor
Zhonghui Yao
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2006074591A1 publication Critical patent/WO2006074591A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/08Reselecting an access point
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to the field of communications, and in particular, to a wireless local area network and a method for implementing fast handover of a mobile station in a wireless local area network.
  • WLAN wireless local area network
  • APs WLAN access point devices
  • MT mobile terminal
  • the MT scans the wireless channel.
  • the MT scans each wireless channel and performs related indicator measurements, such as field strength measurements.
  • related indicator measurements such as field strength measurements.
  • the MT can select the channel with the best radio channel quality as the target AP for handover.
  • the MT initiates a re-association request to the new AP.
  • the new AP After receiving the re-association request, the new AP must cause the system to delete the association established with the old AP before the MT handover, and then establish a new association with the mobile station.
  • the mobile station related data service flow is forwarded by the new AP.
  • the mobile station will continue to scan and measure other wireless channels to determine whether to switch to the new AP 0.
  • 802.11 ⁇ defines a pre-authentication method, that is, a new AP is used as an 802.1X authentication point before re-association, 802.1x authentication is performed between the mobile station and the network authentication server, and the master key is negotiated, and the network authentication server The master key is delivered to the new AP.
  • the new AP and the mobile station can negotiate an air interface encryption key based on the key, thereby effectively reducing service interruption time.
  • PT/CN2005/002351 The above pre-authentication method initiates a complete 802.1X authentication process prior to re-association. Since the authentication process also relies on the current association, the following risks exist:
  • the mobile station Since the mobile station often requests re-association because the currently associated channel signal is weak, it is also dependent on the current association that the communication between the mobile station and the AP may be unreliable, and the 802.1X authentication process may not be completed correctly.
  • the mobile station may have moved outside the range covered by the current channel before the authentication is completed, resulting in the failure to complete the 802.1X authentication process.
  • the present invention provides a wireless local area network and a method for implementing fast handover of a mobile station, so as to solve the problem that the service interruption time may be prolonged when the mobile station switches in the prior art.
  • the present invention provides the following technical solutions:
  • a method for implementing fast handover of a mobile station in a wireless local area network includes a mobile station and an access point (AP) that connects the mobile station to the network, and each AP and its associated mobile station form a basic service set (BSS) Between the mobile station and the AP, the air interface is protected by an encryption material associated with the basic service set identifier; wherein, the plurality of physical APs form a logical AP and share the same basic service set identifier (BBSS-ID).
  • the mobile station directly protects the air interface using the cryptographic material associated with the basic service set identifier prior to handover when switching between the plurality of physical APs.
  • the access controllers in the WLAN manage the mapping relationship between the logical APs and the corresponding physical APs.
  • the same basic service identifier is configured in each physical AP.
  • the access controller is used as an authentication point, and the physical AP only forwards the authentication packet in the authentication process performed between the mobile station and the access controller.
  • a wireless local area network includes a mobile station, an access point (AP) that connects the mobile station to the network; wherein the wireless local area network further includes an access controller (AC), and multiple APs share the same basic service set identifier (BBSS- ID), the access controller configures the basic service set identifier to each of the shared identifiers In the AP.
  • AP access point
  • AC access controller
  • BBSS- ID basic service set identifier
  • the access controller functions as an 802.1X authentication point to complete an authentication process with the mobile station.
  • the mobile station can re-associate to the new AP and can share the previous master key without re-authentication or pre-authentication, which speeds up the handover speed and helps to avoid the temporary service interruption caused by the handover and affects the service quality. .
  • FIG. 1 is a schematic diagram of a physical AP corresponding to a logical AP in a wireless local area network
  • FIG. 2 is a schematic diagram of multiple physical APs corresponding to one logical AP in a wireless local area network according to the present invention
  • FIG. 3 is an access controller to an AP in the present invention.
  • the best way is to be able to do re-association without pre-authentication or re-authentication.
  • RSN Robot Security Network
  • the best way is that the mobile station can continue to use the previous encryption material after re-association, especially the master key, so that the new AP can share the master key of the old AP. .
  • the encryption material associated with the original AP may have been deleted, and the assumption of implementing master key sharing on the network side does not guarantee compatibility with the mobile station.
  • the root cause is -
  • BSS Basic Service Set
  • the AP generally uses the BSS-ID to identify its corresponding wireless interface.
  • the AP is assumed to be an 802.1X authentication point and the BSS-ID is used as the identification of the authentication point.
  • the master key is bound to the mobile station MAC address and the AP identity (BSS-ID). Therefore, when the mobile station switches from an AP to a new AP, because the BSS-ID is different, the previous master key is only associated with the old AP and cannot be shared.
  • BSS-ID the AP identity
  • a BSS-ID corresponds to an AP or 802.1X authentication point defined by 802.1, and this AP is referred to as a logical AP, and a logical AP is identified by a BSS-ID.
  • a physical AP device corresponds to a logical AP, and its BSS-ID is set to the hardware device at the time of production.
  • Multiple APs can be interconnected by DS (Distributed System), so that different BSSs together form an extended service set to form a local area network.
  • DS Distributed System
  • the present invention forms a logical AP and shares by multiple physical APs.
  • the same basic service set identifier (BSS-ID) that is, these physical APs all have the same BSS-ID, so when the mobile station switches between these physical APs, since the BSS-ID does not change, the mobile station is switched to After the new AP, the air interface can be directly protected by the cryptographic material associated with the BSS-ID before the handover.
  • physical AP1, physical AP2, and physical AP3 correspond to one logical AP, that is, they share the same BSS identifier BSS-ID.
  • a centralized access controller (AC) is introduced in the network architecture, and the AC manages the mapping of physical APs to logical APs.
  • the BSS-ID is configured by the AC to the physical AP after the physical AP is powered on.
  • the AC is the upper-level switch (generally called a Wi-Fi switch) or router (generally called the access router AR) of the AP (see the IETF CAPWAP working group for the WLAN centralized architecture). Summary).
  • the physical AP power-on initialization process completes the negotiation of the communication mechanism between the physical AP and the AC, as shown in Figure 3.
  • the AP sends a configuration request message to the AC, and the AC returns a configuration response message to the AP, where the message carries the BSS-ID of the logical AP.
  • the AP obtains the AC configuration data, it will start running in normal mode.
  • the MAC frame sent by the AP to the mobile station through the air interface uses the identifier of the logical AP BSS-ID. Therefore, when the mobile station switches between the physical AP1, the physical AP2, and the physical AP3, the master key can be shared without re-authentication or pre-authentication, thereby speeding up the switching speed.
  • the mobile station is associated with the logical AP.
  • the 802.1X authentication process will be started.
  • Its authentication point is a logical AP.
  • the logical AP function as an 802.1X authentication point is implemented on the AC, that is, the AC is an 802. IX authentication point.
  • the 802. IX authentication process a physical AP only forwards packets and does not process packets directly.
  • the AC sends the encrypted material to the AP as the logical AP.
  • the AP can perform air interface encryption and decryption.

Abstract

A wireless LAN(WLAN) and a method for implementing a mobile terminal’s fast handover, the WLAN comprises mobile terminals and access points(Ap) which accesses mobile terminals to the network, each AP and the mobile terminals associated with it form a basic service set(BSS), between the mobile terminals and the Aps, utilizing the cryptographic material which is associated with the BSS identification to protect the air interface; wherein, a plurality of physical Aps form a logic AP and share the same basic service set identification(BBSS-ID), when the mobile terminals handover between a plurality of Aps, it uses directly the cryptographic material which was associated with the BSS identification before handover to protect the air interface. Meantime, the present invention also discloses a wireless LAN.

Description

-种无线局域网及实现移动台快速切换的方法 技术领域  -Wireless local area network and method for realizing fast switching of mobile station
本发明涉及通信领域, 尤其涉及一种无线局域网及在无线局域网中实现 移动台快速切换的方法。  The present invention relates to the field of communications, and in particular, to a wireless local area network and a method for implementing fast handover of a mobile station in a wireless local area network.
背景技术 Background technique
目前 IEEE 802.11系列已成为无线局域网(WLAN)的标准,得到广泛的 支持与应用, 并出现了大规模企业覆盖组网、 大型社区组网甚至城域组网的 需求。 在这种大型的 WLAN 网络中, 需要部署大量的 WLAN接入点设备 (Access Point, AP), 不同的 AP各覆盖特定的区域, 并一起形成一个连续 覆盖的大区域。 因此, 要求支持移动台 (Mobile Terminal, MT)在该连续覆 盖的区域内移动时能够从一个 AP切换到另一个 AP而保持业务的连续性。移 动台切换的基本流程如下:  At present, the IEEE 802.11 series has become the standard of wireless local area network (WLAN), which has been widely supported and applied, and has emerged demand for large-scale enterprise coverage networking, large-scale community networking, and even metropolitan networking. In such a large-scale WLAN network, a large number of WLAN access point devices (APs) need to be deployed, and different APs cover specific areas and form a large area of continuous coverage. Therefore, it is required to support the mobile terminal (MT) to switch from one AP to another while maintaining the continuity of the service while moving in the continuously covered area. The basic flow of mobile station switching is as follows:
1、 MT扫描无线信道。 MT扫描各无线信道并进行相关指标测量, 如场 强测量, 当 MT要从一个 AP切换到另一个 AP时,将根据这些测试结果作为 依据。 例如, MT可以选择无线信道质量最佳的信道作为切换的目标 AP。  1. The MT scans the wireless channel. The MT scans each wireless channel and performs related indicator measurements, such as field strength measurements. When the MT is to be switched from one AP to another, it will be based on these test results. For example, the MT can select the channel with the best radio channel quality as the target AP for handover.
2、 发起重关联请求。 MT向新的 AP发起重关联请求, 新的 AP收到重 关联请求后, 必须使得系统将该 MT切换之前与老的 AP所建立的关联删除, 然后再与该移动台建立新的关联。  2. Initiate a re-association request. The MT initiates a re-association request to the new AP. After receiving the re-association request, the new AP must cause the system to delete the association established with the old AP before the MT handover, and then establish a new association with the mobile station.
3、 新的关联建立后, 该移动台相关数据业务流即通过新的 AP所转发。 同时, 移动台还会继续扫描并测量其他的无线信道, 以判断是否要切换到新 的 AP0 3. After the new association is established, the mobile station related data service flow is forwarded by the new AP. At the same time, the mobile station will continue to scan and measure other wireless channels to determine whether to switch to the new AP 0.
4、当 WLAN网络是一个 802.11i所定义的 RSN(Robust Security Network, 健壮的安全网络) 时, 移动台与新的 AP需要建立安全信任关系, 协商新的 加密参数。 802.11Ϊ定义了一种预认证方法, 即在重关联之前将新的 AP作为 802.1X的认证点, 在移动台与网络鉴权服务器之间进行 802.1x认证, 协商主 密钥, 网络鉴权服务器同时将主密钥下发到新 AP。 这样, 当重关联到新的 AP时, 新 AP和移动台之间就可基于该密钥协商空口加密密钥, 有效减少业 务中断时间。 P T/CN2005/002351 上述预认证方法在重关联之前启动了一次完整的 802.1X认证过程, 由于 该认证过程还依赖于当前的关联, 存在以下风险: 4. When the WLAN network is an RSN (Robust Security Network) defined by 802.11i, the mobile station and the new AP need to establish a security trust relationship and negotiate new encryption parameters. 802.11Ϊ defines a pre-authentication method, that is, a new AP is used as an 802.1X authentication point before re-association, 802.1x authentication is performed between the mobile station and the network authentication server, and the master key is negotiated, and the network authentication server The master key is delivered to the new AP. In this way, when re-associating with a new AP, the new AP and the mobile station can negotiate an air interface encryption key based on the key, thereby effectively reducing service interruption time. PT/CN2005/002351 The above pre-authentication method initiates a complete 802.1X authentication process prior to re-association. Since the authentication process also relies on the current association, the following risks exist:
1、 由于移动台往往因为当前关联的信道信号变弱而请求重关联,这时还 依赖于当前关联可能使得移动台与 AP之间的通信不可靠, 802.1X认证过程 不一定能正确完成。  1. Since the mobile station often requests re-association because the currently associated channel signal is weak, it is also dependent on the current association that the communication between the mobile station and the AP may be unreliable, and the 802.1X authentication process may not be completed correctly.
2、 802.1X认证过程所花费的时间存在不确定性, 移动台可能在认证未 完成前已移到当前信道所能覆盖的范围之外, 导致不能完成 802.1X认证过 程。  2. There is uncertainty in the time taken by the 802.1X authentication process. The mobile station may have moved outside the range covered by the current channel before the authentication is completed, resulting in the failure to complete the 802.1X authentication process.
当预认证不能完成时, 重关联后需重新认证, 这样导致业务中断时间增 大。  When the pre-authentication cannot be completed, re-authentication is required after the re-association, which causes the service interruption time to increase.
发明内容 Summary of the invention
本发明提供一种无线局域网及实现移动台快速切换的方法, 以解决现有 技术中移动台切换时可能导致业务中断时间延长的问题。  The present invention provides a wireless local area network and a method for implementing fast handover of a mobile station, so as to solve the problem that the service interruption time may be prolonged when the mobile station switches in the prior art.
为解决上述问题, 本发明提供以下技术方案:  In order to solve the above problems, the present invention provides the following technical solutions:
一种在无线局域网中实现移动台快速切换的方法, 所述无线局域网包括 移动台和将移动台接入网络的接入点(AP),各 AP与其关联的移动台构成一 个基本服务集 (BSS), 移动台与 AP之间利用与所述基本服务集标识关联的 加密材料保护空中接口;其中, 由多个物理 AP形成一个逻辑 AP并共享同一 个基本服务集标识(BBSS-ID), 所述移动台在该多个物理 AP之间切换时直 接使用切换前与该基本服务集标识相关联的加密材料保护空中接口。  A method for implementing fast handover of a mobile station in a wireless local area network, the wireless local area network includes a mobile station and an access point (AP) that connects the mobile station to the network, and each AP and its associated mobile station form a basic service set (BSS) Between the mobile station and the AP, the air interface is protected by an encryption material associated with the basic service set identifier; wherein, the plurality of physical APs form a logical AP and share the same basic service set identifier (BBSS-ID). The mobile station directly protects the air interface using the cryptographic material associated with the basic service set identifier prior to handover when switching between the plurality of physical APs.
由无线局域网中的接入控制器管理逻辑 AP到所对应的各物理 AP的映射 关系, 并在各物理 AP 向接入控制器请求配置时, 将同一个基本服务标识配 置到各物理 AP中。  The access controllers in the WLAN manage the mapping relationship between the logical APs and the corresponding physical APs. When the physical APs request configuration from the access controller, the same basic service identifier is configured in each physical AP.
将所述接入控制器作为认证点, 所述物理 AP在移动台与接入控制器间 进行的认证流程中仅转发认证报文。  The access controller is used as an authentication point, and the physical AP only forwards the authentication packet in the authentication process performed between the mobile station and the access controller.
在完成认证流程后, 所述接入控制器将加密密钥发送到物理 AP上。 一种无线局域网, 包括移动台, 将移动台接入网络的接入点 (AP); 其 中该无线局域网还包括接入控制器(AC),多个 AP共享同一个基本服务集标 识(BBSS-ID), 所述接入控制器将该基本服务集标识配置到共享该标识的各 AP中。 After the authentication process is completed, the access controller sends the encryption key to the physical AP. A wireless local area network includes a mobile station, an access point (AP) that connects the mobile station to the network; wherein the wireless local area network further includes an access controller (AC), and multiple APs share the same basic service set identifier (BBSS- ID), the access controller configures the basic service set identifier to each of the shared identifiers In the AP.
所述接入控制器作为 802.1X认证点, 完成与移动台之间的认证流程。 采用本发明, 移动台重关联到新的 AP后可以共享以前的主密钥, 不需 要重认证或预认证, 加快了切换速度, 有利于避免因切换所导致的临时性业 务中断而影响服务质量。  The access controller functions as an 802.1X authentication point to complete an authentication process with the mobile station. By adopting the invention, the mobile station can re-associate to the new AP and can share the previous master key without re-authentication or pre-authentication, which speeds up the handover speed and helps to avoid the temporary service interruption caused by the handover and affects the service quality. .
附图说明 DRAWINGS
图 1为现有技术无线局域网中一个物理 AP对应一个逻辑 AP的示意图; 图 2为本发明无线局域网中多个物理 AP对应一个逻辑 AP的示意图; 图 3为本发明中接入控制器向 AP配置基本服务集标识的流程图。  1 is a schematic diagram of a physical AP corresponding to a logical AP in a wireless local area network; FIG. 2 is a schematic diagram of multiple physical APs corresponding to one logical AP in a wireless local area network according to the present invention; FIG. 3 is an access controller to an AP in the present invention. A flowchart for configuring basic service set IDs.
具体实施方式 detailed description
为实现移动台的快速切换, 最佳途径是能够做到重关联时不做预认证或 重认证。 对于 RSN (Robust Security Network, 健壮的安全网络) 网络, 最佳 途径是移动台在重关联后能继续使用以前的加密材料, 特别是主密钥, 使新 的 AP能共享老 AP的主密钥。  In order to achieve fast switching of mobile stations, the best way is to be able to do re-association without pre-authentication or re-authentication. For the RSN (Robust Security Network) network, the best way is that the mobile station can continue to use the previous encryption material after re-association, especially the master key, so that the new AP can share the master key of the old AP. .
但对于移动台来说, 当从一个 AP重关联到另一个 AP时, 与原 AP相关 的加密材料可能已删除, 在网络侧实现主密钥共享的假设不能保证与移动台 的兼容性, 其根本原因在于- However, for a mobile station, when re-associating from one AP to another AP, the encryption material associated with the original AP may have been deleted, and the assumption of implementing master key sharing on the network side does not guarantee compatibility with the mobile station. The root cause is -
( 1 )一个 AP及与其关联的移动台构成一个 BSS (基本服务集), 用一 个 BSS-ID标识, 该 BSS-ID为 IEEE 802 MAC地址。 (1) An AP and its associated mobile station form a BSS (Basic Service Set), identified by a BSS-ID, which is an IEEE 802 MAC address.
(2) AP在实现上一般用 BSS-ID标识其对应的无线接口。在实现 802.1X 时,从移动台看, AP被假定为 802.1X鉴权点而且用 BSS-ID作为鉴权点的标 识。  (2) The AP generally uses the BSS-ID to identify its corresponding wireless interface. When implementing 802.1X, from the perspective of the mobile station, the AP is assumed to be an 802.1X authentication point and the BSS-ID is used as the identification of the authentication point.
(3 ) 当完成 802.1X认证并协商到主密钥后, 该主密钥与移动台 MAC 地址、 AP标识(BSS-ID)绑定在一起。 因此, 当移动台从一个 AP切换到新 的 AP时, 由于 BSS-ID不同, 以前的主密钥只与老的 AP有关联而不能继续 共享使用。  (3) After the 802.1X authentication is completed and the master key is negotiated, the master key is bound to the mobile station MAC address and the AP identity (BSS-ID). Therefore, when the mobile station switches from an AP to a new AP, because the BSS-ID is different, the previous master key is only associated with the old AP and cannot be shared.
从上述可知, 当 BSS-ID发生变化时,在移动台侧是无法实现主密钥共享 的。 从移动台看, 一个 BSS-ID对应 802.1Π所定义的 AP或 802.1X认证点, 将这种 AP称之为逻辑 AP,一个逻辑 AP用 BSS-ID标识。对于传统网络(参 考图 1 ), 一个物理 AP设备对应一个逻辑 AP, 其 BSS-ID在生产出厂时已设 置到硬件设备中。 多个 AP可通过 DS (分布式系统)互联, 使得不同的 BSS 一起形成一个扩展服务集, 构成一个局域网。 As can be seen from the above, when the BSS-ID changes, the master key sharing cannot be implemented on the mobile station side. From the perspective of the mobile station, a BSS-ID corresponds to an AP or 802.1X authentication point defined by 802.1, and this AP is referred to as a logical AP, and a logical AP is identified by a BSS-ID. For traditional networks (see Referring to Figure 1), a physical AP device corresponds to a logical AP, and its BSS-ID is set to the hardware device at the time of production. Multiple APs can be interconnected by DS (Distributed System), so that different BSSs together form an extended service set to form a local area network.
为了使移动台在重关联后能够共享与切换前与 BSS-ID相关联的加密材 料(主要是主密钥), 实现移动台的快速切换, 本发明由多个物理 AP形成一 个逻辑 AP并共享同一个基本服务集标识 (BSS-ID), 即这些物理 AP都拥有 同样的 BSS-ID, 这样当移动台在这些物理 AP之间切换时, 由于 BSS-ID没 改变,所以移动台在切换到新的 AP后就可直接使用切换前与 BSS-ID相关联 的加密材料保护空中接口。  In order to enable the mobile station to share the encrypted material (mainly the master key) associated with the BSS-ID before the handover after the re-association, and realize the fast handover of the mobile station, the present invention forms a logical AP and shares by multiple physical APs. The same basic service set identifier (BSS-ID), that is, these physical APs all have the same BSS-ID, so when the mobile station switches between these physical APs, since the BSS-ID does not change, the mobile station is switched to After the new AP, the air interface can be directly protected by the cryptographic material associated with the BSS-ID before the handover.
参阅图 2所示, 物理 AP1、 物理 AP2和物理 AP3 (不限于 3个)对应一 个逻辑 AP, 即它们共享同一个 BSS标识 BSS-ID。 在网络架构中引入一个集 中的接入控制器(AC), AC管理物理 AP到逻辑 AP的映射。 BSS-ID在物理 AP上电初始化后由 AC配置到物理 AP。在无线局域网的集中式体系结构中, AC即为 AP的上一级交换机(一般称为 Wi-Fi交换机)或路由器(一般称为 接入路由器 AR) (参阅 IETF CAPWAP工作组对 WLAN集中式架构的总结)。  As shown in Figure 2, physical AP1, physical AP2, and physical AP3 (not limited to three) correspond to one logical AP, that is, they share the same BSS identifier BSS-ID. A centralized access controller (AC) is introduced in the network architecture, and the AC manages the mapping of physical APs to logical APs. The BSS-ID is configured by the AC to the physical AP after the physical AP is powered on. In a centralized architecture of a wireless LAN, the AC is the upper-level switch (generally called a Wi-Fi switch) or router (generally called the access router AR) of the AP (see the IETF CAPWAP working group for the WLAN centralized architecture). Summary).
物理 AP上电初始化过程将完成物理 AP与 AC之间通信机制的协商,如 图 3所示。 完成初始化后, AP向 AC发送配置请求消息, AC向该 AP返回 配置响应消息,该消息中携带逻辑 AP的 BSS-ID。 AP在获得 AC配置数据后 将开始正常模式下的运行。 AP 正常运行后, AP通过空口发送到移动台的 MAC帧, 都使用逻辑 AP的标识 BSS-ID。 因此, 当移动台在物理 AP1、 物 理 AP2和物理 AP3之间切换时,就可以做到主密钥共享而无需重认证或预认 证, 从而加快切换速度。  The physical AP power-on initialization process completes the negotiation of the communication mechanism between the physical AP and the AC, as shown in Figure 3. After the initialization is complete, the AP sends a configuration request message to the AC, and the AC returns a configuration response message to the AP, where the message carries the BSS-ID of the logical AP. After the AP obtains the AC configuration data, it will start running in normal mode. After the AP is running normally, the MAC frame sent by the AP to the mobile station through the air interface uses the identifier of the logical AP BSS-ID. Therefore, when the mobile station switches between the physical AP1, the physical AP2, and the physical AP3, the master key can be shared without re-authentication or pre-authentication, thereby speeding up the switching speed.
从移动台的角度,移动台与逻辑 AP建立关联。当完成关联后,若是 RSN 网络,将启动 802.1X认证流程。其鉴权点是逻辑 AP。在本发明中,作为 802.1X 鉴权点的逻辑 AP功能在 AC上实现,也就是说 AC为 802. IX认证点。在 802. IX 鉴权流程中, 物理 AP只是进行报文转发, 不直接处理报文。  From the perspective of the mobile station, the mobile station is associated with the logical AP. When the association is completed, if it is an RSN network, the 802.1X authentication process will be started. Its authentication point is a logical AP. In the present invention, the logical AP function as an 802.1X authentication point is implemented on the AC, that is, the AC is an 802. IX authentication point. In the 802. IX authentication process, a physical AP only forwards packets and does not process packets directly.
当空口 MAC (媒体接入控制)层加密在物理 AP上实现时, AC作为逻 辑 AP完成认证流程后应将加密材料发送到 AP, 使 AP能进行空口加解密。  When the MAC (Media Access Control) layer encryption is implemented on the physical AP, the AC sends the encrypted material to the AP as the logical AP. The AP can perform air interface encryption and decryption.
采用本发明的方法, 当移动台从一个物理 AP切换到另一个物理 AP时, 由于逻辑 AP没有发生变化,所以可以继续在新的物理 AP上使用以前的加密 材料。 即在执行重关联时, AC将以前的加密材料发送给该 AP, 这样就实现 了一个逻辑 AP下各物理 AP共享加密材料,无须重认证或预认证,加快了切 换速度, 从而大大地减少了业务中断的时间。 , With the method of the present invention, when a mobile station switches from one physical AP to another physical AP, Since the logical AP has not changed, it is possible to continue using the previous cryptographic material on the new physical AP. That is, when the re-association is performed, the AC sends the previous encrypted material to the AP, thus realizing the sharing of the encrypted material by each physical AP under a logical AP, without re-authentication or pre-authentication, which speeds up the switching speed, thereby greatly reducing the switching speed. The time of business interruption. ,
显然, 本领域的技术人员可以对本发明进行各种改动和变型而不脱离本 发明的精神和范围。 这样, 倘若本发明的这些修改和变型属于本发明权利要 求及其等同技术的范围之内, 则本发明也意图包含这些改动和变型在内。  It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of the inventions

Claims

叔 利 要 求 书 Uncle request
1.一种在无线局域网中实现移动台快速切换的方法, 所述无线局域网包 括移动台和将移动台接入网络的接入点 (AP), 各 AP与其关联的移动台构成 一个基本服务集(BSS),移动台与 AP之间利用与所述基本服务集标识关联的 加密材料保护空中接口; 其特征在于, 由多个物理 AP形成一个逻辑 AP并共享 同一个基本服务集标识(BBSS-ID),所述移动台在该多个物理 AP之间切换时 直接使用切换前与该基本服务集标识相关联的加密材料保护空中接口。 A method for implementing fast handover of a mobile station in a wireless local area network, the wireless local area network comprising a mobile station and an access point (AP) for accessing the mobile station to the network, and each AP and its associated mobile station constitute a basic service set (BSS), the mobile station and the AP protect the air interface by using an encryption material associated with the basic service set identifier; and the feature is that a plurality of physical APs form a logical AP and share the same basic service set identifier (BBSS- ID), the mobile station directly protects the air interface using the cryptographic material associated with the basic service set identifier before the handover between the plurality of physical APs.
2.如权利要求 1所述的方法, 其特征在于, 由无线局域网中的接入控制 器管理逻辑 AP到所对应的各物理 AP的映射关系, 并在该各物理 AP向接入 控制器请求配置时, 将同一个基本服务标识配置到各物理 AP中。  The method according to claim 1, wherein the access controller in the WLAN manages the mapping relationship between the logical APs and the corresponding physical APs, and requests the access controllers from the physical APs. Configure the same basic service identifier to be configured in each physical AP.
3.如权利要求 2所述的方法, 其特征在于, 将所述接入控制器作为认证 点, 所述物理 AP在移动台与接入控制器间进行的认证流程中仅转发认证报 文。  The method according to claim 2, wherein the access controller is used as an authentication point, and the physical AP only forwards the authentication message in an authentication process performed between the mobile station and the access controller.
4.如权利要求 3所述的方法, 其特征在于, 在完成认证流程后, 所述接 入控制器将与基本服务集标识相关联的加密材料发送到物理 AP上。  The method according to claim 3, wherein after completing the authentication process, the access controller transmits the encrypted material associated with the basic service set identifier to the physical AP.
5. 如权利要求 4所述的方法, 其特征在于, 所述认证为 802.1X认证。 5. The method according to claim 4, wherein the authentication is 802.1X authentication.
6.一种无线局域网, 包括移动台, 将移动台接入网络的接入点 (AP); 其特征在于还包括接入控制器(AC),多个所述 AP共享同一个基本服务集标 识(BBSS-ID), 所述接入控制器将该基本服务集标识配置到共享该标识的各 AP中。 A wireless local area network, comprising a mobile station, an access point (AP) that accesses the mobile station to the network; characterized in that it further comprises an access controller (AC), and the plurality of the APs share the same basic service set identifier (BBSS-ID), the access controller configures the basic service set identifier into each AP sharing the identifier.
7. 如权利要求 6所述的无线局域网, 其特征在于, 所述接入控制器作为 802.1X认证点, 完成与移动台之间的认证流程。  The WLAN according to claim 6, wherein the access controller functions as an 802.1X authentication point to complete an authentication process with the mobile station.
PCT/CN2005/002351 2005-01-13 2005-12-29 A wireless local area network and a method for implementing a mobile terminal’s fast handover WO2006074591A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510001958.3 2005-01-13
CNB2005100019583A CN100428715C (en) 2005-01-13 2005-01-13 Wireless LAN and method for implementing quick switching between mobile stations

Publications (1)

Publication Number Publication Date
WO2006074591A1 true WO2006074591A1 (en) 2006-07-20

Family

ID=36677353

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/002351 WO2006074591A1 (en) 2005-01-13 2005-12-29 A wireless local area network and a method for implementing a mobile terminal’s fast handover

Country Status (2)

Country Link
CN (1) CN100428715C (en)
WO (1) WO2006074591A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110213809A (en) * 2013-11-21 2019-09-06 华为技术有限公司 System and method for non-cellular wireless access

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321396B (en) * 2008-04-14 2014-03-12 中兴通讯股份有限公司 Mobile station switch implementing method and method for constructing safety access service network
CN101304615B (en) * 2008-07-09 2011-08-03 杭州华三通信技术有限公司 Hybrid access method and apparatus
CN101640892B (en) * 2009-08-21 2011-09-28 杭州华三通信技术有限公司 Wireless network deployment method and wireless access point
CN109922489B (en) * 2017-12-13 2022-02-11 中国移动通信集团北京有限公司 AP aggregation method, device and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003054721A1 (en) * 2001-12-19 2003-07-03 Thomson Licensing S.A. Method and apparatus for handing off a mobile terminal between a mobile network and a wireless lan
CN1438789A (en) * 2002-02-10 2003-08-27 华为技术有限公司 Method for swhiching over between swith-in points moving terminal in winefree local network
WO2004054283A2 (en) * 2002-12-11 2004-06-24 Koninklijke Philips Electronics N.V. System and method for performing a fast handoff in a wireless local area network

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7792527B2 (en) * 2002-11-08 2010-09-07 Ntt Docomo, Inc. Wireless network handoff key
CN1186906C (en) * 2003-05-14 2005-01-26 东南大学 Wireless LAN safety connecting-in control method
US7275157B2 (en) * 2003-05-27 2007-09-25 Cisco Technology, Inc. Facilitating 802.11 roaming by pre-establishing session keys
CN1290362C (en) * 2003-05-30 2006-12-13 华为技术有限公司 Key consulting method for switching mobile station in wireless local network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003054721A1 (en) * 2001-12-19 2003-07-03 Thomson Licensing S.A. Method and apparatus for handing off a mobile terminal between a mobile network and a wireless lan
CN1438789A (en) * 2002-02-10 2003-08-27 华为技术有限公司 Method for swhiching over between swith-in points moving terminal in winefree local network
WO2004054283A2 (en) * 2002-12-11 2004-06-24 Koninklijke Philips Electronics N.V. System and method for performing a fast handoff in a wireless local area network

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110213809A (en) * 2013-11-21 2019-09-06 华为技术有限公司 System and method for non-cellular wireless access
CN110213809B (en) * 2013-11-21 2021-01-15 华为技术有限公司 System and method for non-cellular wireless access
US11451362B2 (en) 2013-11-21 2022-09-20 Huawei Technologies Co., Ltd. Systems and methods for non-cellular wireless access using logical entity IDS in a hyper cell

Also Published As

Publication number Publication date
CN1805387A (en) 2006-07-19
CN100428715C (en) 2008-10-22

Similar Documents

Publication Publication Date Title
US7864732B2 (en) Systems and methods for handoff in wireless network
KR101467780B1 (en) Method for handover between heterogeneous radio access networks
JP4639020B2 (en) Transfer of security relevance during mobile terminal handover
US7672459B2 (en) Key distribution and caching mechanism to facilitate client handoffs in wireless network systems
KR101490243B1 (en) A Method of establishing fast security association for handover between heterogeneous radio access networks
US7873352B2 (en) Fast roaming in a wireless network using per-STA pairwise master keys shared across participating access points
EP1414262B1 (en) Authentication method for fast handover in a wireless local area network
CN107690138B (en) Fast roaming method, device, system, access point and mobile station
RU2503147C2 (en) Handover method and handover apparatus
US20060187878A1 (en) Methods, apparatuses and systems facilitating client handoffs in wireless network systems
WO2007045147A1 (en) An accessing network method, system and terminal of the wireless local area network terminal
US7961684B2 (en) Fast transitioning resource negotiation
US20080056272A1 (en) Pre-authentication across an 802.11 layer-3 IP network
US8819778B2 (en) Method and system for switching station in centralized WLAN when WPI is performed by access controller
WO2006074591A1 (en) A wireless local area network and a method for implementing a mobile terminal’s fast handover
US11310724B2 (en) Key management for fast transitions
CN103796206B (en) Roaming method and communication system applied to traffic system
WO2006074592A1 (en) A method and device for supporting multiple logic networks in the wlan
CN108235386A (en) A kind of communication means and equipment
Martinovic et al. Measurement and analysis of handover latencies in IEEE 802.11 i secured networks
US20220377554A1 (en) Access point verification using crowd-sourcing
KR100473004B1 (en) Inter-Access Point Roaming Method
WO2023093277A1 (en) Roaming method and system
US11653206B2 (en) Trusted roaming for federation-based networks
WO2010130138A1 (en) Station (sta) switching method and system while completing wireless local area network privacy infrastructure (wpi) by wireless terminal point (wtp) in convergent wlan

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05824027

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 5824027

Country of ref document: EP