WO2010067960A2 - Fast handover method in a wireless lan, and mobile terminal adopting same - Google Patents

Fast handover method in a wireless lan, and mobile terminal adopting same Download PDF

Info

Publication number
WO2010067960A2
WO2010067960A2 PCT/KR2009/006253 KR2009006253W WO2010067960A2 WO 2010067960 A2 WO2010067960 A2 WO 2010067960A2 KR 2009006253 W KR2009006253 W KR 2009006253W WO 2010067960 A2 WO2010067960 A2 WO 2010067960A2
Authority
WO
WIPO (PCT)
Prior art keywords
access point
handover
mobile terminal
target access
reauthentication
Prior art date
Application number
PCT/KR2009/006253
Other languages
French (fr)
Korean (ko)
Other versions
WO2010067960A3 (en
Inventor
박종태
Original Assignee
경북대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 경북대학교 산학협력단 filed Critical 경북대학교 산학협력단
Publication of WO2010067960A2 publication Critical patent/WO2010067960A2/en
Publication of WO2010067960A3 publication Critical patent/WO2010067960A3/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/24Reselection being triggered by specific parameters
    • H04W36/30Reselection being triggered by specific parameters by measured or perceived connection quality data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/24Reselection being triggered by specific parameters
    • H04W36/26Reselection being triggered by specific parameters by agreed or negotiated communication parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/34Reselection control
    • H04W36/36Reselection control by user or terminal equipment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0016Hand-off preparation specially adapted for end-to-end data sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to a fast handover method of a mobile terminal in a wireless LAN and a mobile terminal using the same. More specifically, a handover performance of a mobile terminal in a wireless LAN environment using IEEE 802.11r supporting fast roaming in the same mobility region
  • the present invention relates to a method and system for installing a user profile management module and a reauthentication request timer module to prevent excessive handover when a mobile station moves between basic service sets and providing high-speed mobility. .
  • the IEEE 802.11 WLAN system has the advantage of easily accessing various Internet multimedia services at high speed at low cost, but has the disadvantage of weak security.
  • the IEEE 802.11i working group proposed the IEEE 802.11i standard security protocol.
  • the IEEE 802.11i security protocol has a problem that excessive handover authentication delay occurs when the mobile station changes a different WLAN access point.
  • the IEEE 802.11r working group has recently adopted the IEEE 802.11r fast BSS Transition protocol, which can reduce the handover authentication delay. It was established.
  • a handover method according to the IEEE 802.11 international standard will be described with reference to the accompanying drawings.
  • FIG. 1 is a system configuration diagram illustrating a handover according to a general IEEE 802.11r standard.
  • the entire system includes a mobile terminal 100, an authentication server 110, and access points (Access Points 120, 130, and 140), and each access point is included in the same extended service set. Belong to the same mobility domain with the same mobility domain identifier (MDID). If the mobile station performs handover in the same mobility area, the mobile station does not hand over the existing security-based IEEE 802.11 method, but instead of the IEEE 802.11r high-speed basic service with security that supports fast roaming in the mobility area. Handover is performed in a manner according to the Fast BSS Transition protocol.
  • MDID mobility domain identifier
  • FIG. 2 is a flowchart illustrating an initial access procedure in which a mobile station first accesses an access point according to IEEE 802.11r in a wireless LAN environment.
  • the mobile terminal when a mobile terminal first attempts to connect with an access point of any mobility area of a wireless LAN environment, the mobile terminal transmits an Open Authentication Request message to the access point (step 201). Receive an Open Authentication Response message from the server (step 202).
  • the public authentication request and public authentication response process is based on the public authentication method of the IEEE802.11 standard.
  • the IEEE802.11 standard provides two authentication mechanisms, an open authentication method and a shared key authentication method.
  • the entire authentication flow is made in clear text, and the client can access the access point without a valid WEP key.
  • shared-key authentication a challenge text packet is sent only if the access point encrypts the client with the correct WEP key and returns it to the access point, where authentication fails if the client has an invalid key or does not have a key. Cannot be connected to
  • the mobile terminal transmits an association request message to the access point (step 203), and receives an association response message from the access point (step 204).
  • the mobile station performs an authentication process by an authentication server according to the IEEE 802.1x / EAP protocol (step 205). Through this authentication process, the access point and the mobile station obtain a pairwise master key (PMK) or PMK-related information, and use the EAPOL-Key message to obtain 4
  • the 4-way handshake process is performed (steps 206, 207, 208, and 209).
  • the mobile terminal then transmits the encrypted information through the access point.
  • FIG. 3 is a flowchart sequentially illustrating a fast transition operation according to a fast basic service aggregation transition protocol of IEEE 802.11r when a mobile terminal performs handover in the same mobility region after initial access.
  • step 300 when a terminal performing an initial access procedure (step 300) performs a handover in the same mobility region, the terminal predicts a movable access point, sets a target access point, and the mobile terminal performs a handover.
  • the authentication request message is transmitted to the target access point (step 301) before the authentication response message is received from the target access point (step 302).
  • the authentication process according to IEEE 802.1x / EAP for the mobile terminal is omitted, and the authentication request message and the response message play a role of the EAPOL-Key 1,2 process in the four-step handshake process upon initial access.
  • a handover occurs and the mobile station transmits a reassociation request message to the target access point (step 303), and receives a reassociation response message from the target access point (step 304).
  • the reconnection request message and the reconnection response message play a role of the EAPOL-Key 3, 4 process of the 4-step handshake process. Therefore, when the mobile terminal hands over to another access point in the same mobility area, the mobile terminal performs a simplified four-step handshake to complete the handover process at high speed and communicate.
  • the IEEE 802.11r protocol performs pre-authentication by requesting an authentication request and receiving a response from a target access point belonging to the same mobility region before handover occurs based on the movement prediction of the terminal.
  • This operation procedure is ideally performed immediately before the handover occurs, but it is difficult to accurately predict when the handover occurs in reality. For this reason, conventional techniques generally prepare a handover by predicting handover when the radio wave strength is lower than or equal to a preset first threshold value (T1) through the radio wave strength received by the mobile terminal, and then set a preset If the signal weakens below two thresholds (T2), a handover is performed.
  • T1 first threshold value
  • T2 preset If the signal weakens below two thresholds
  • the mobile terminal moves from the service area of the access point A to the service area of the B, signal attenuation occurs, the signal strength performs a handover preparation process at the T1 point, and the handover occurs at the T2 point.
  • the mobile terminal transmits an authentication request message in preparation for handover to the target access point B.
  • the reconnection timeout ⁇ is applied from the time ⁇ when the message is transmitted. If there is a situation where the mobile station stops moving and stops at a point where the signal strength is less than T1 and more than T2, the handover is delayed because it does not attenuate to less than the signal strength T2.
  • the time ⁇ is exceeded.
  • PTKSA Pairwise Transient Key Security Association
  • the mobile terminal must pass all initial access procedures including the IEEE 802.1x / EAP procedure in order to abandon the access to the target access point or communicate with the target access point again, resulting in excessive handover delay time.
  • the technical problem to be achieved by the present invention is to solve the problems of the prior art as described above, the object of the present invention, when the mobile terminal moves in the IEEE 802.11 WLAN, handover occurs later than the predicted time point Even if the re-authentication process is performed, it is possible to prevent excessive handover delay time and to provide a fast handover method capable of supporting fast basic service set transition.
  • a feature of the present invention for achieving the above-described technical problem relates to a handover method of a mobile terminal in a wireless LAN environment, the handover method, (a) the received signal strength from the current access point is set in advance Determining a handover to the target access point and transmitting an authentication request message to the target access point when falling below one threshold T1; (b) determining whether to apply the reauthentication request module; (c) driving a timer if the reauthentication request module is applied according to the determination of step (b); (d) receiving an authentication response message from the target access point; (e) transmitting a reauthentication request message to the target access point within a preset reconnection time limit when the timer passes a preset reauthentication request time without performing a handover; (f) if the handover is performed to the target access point within the reconnection time limit, performing a reconnection process with the target access point; It is provided.
  • the step (b) is characterized in that it is determined whether to apply the re-authentication request module according to the information set in the user profile of the mobile terminal,
  • the information is preferably information set by the user's selection or information set according to the type of service of the mobile terminal.
  • the reauthentication request time is preferably set to a time shorter than the reconnection time limit.
  • step (e) when the mobile terminal does not transmit the reconnection request message to the target access point in step (e), it is preferable to determine that the mobile terminal has not performed the handover to the target access point. Do.
  • step (b) if it is determined in step (b) that the reauthentication request module is not applied, an authentication response message is received from a target access point, and the target access point is within the reconnection time limit. If a handover occurs, the reconnection process is performed with the target access point. If the handover does not occur within the reconnection time limit, the authentication information is invalidated.
  • the reconnection time limit starts from the time when the received signal strength of the current access point is less than or equal to the first threshold value T1, or the received signal strength of the current access point is the first threshold value. It starts at (T1) or less and the received signal strength of the target access point is greater than or equal to the second threshold value T2, and ends when the received signal strength of the current access point is less than or equal to the second threshold value T2.
  • a mobile terminal includes a key management module for storing authentication related information; A user profile management module for storing and managing a user profile for the mobile terminal; A handover management module for preparing a handover to a target access point or performing a handover to a target access point according to the received signal strength received by the mobile terminal; A timer, determining whether to request reauthentication according to a setting condition of the user profile, and driving the timer when the authentication request message is sent to the target access point by the handover management module, and the driving time of the timer If a handover does not occur even after a predetermined reauthentication request time has elapsed, a reauthentication request module for transmitting a reauthentication request message to a target access point within a preset reconnection time limit; Provides fast handover in LAN environments.
  • the reauthentication request time is preferably shorter than the reconnection time limit.
  • the user profile is set according to the type of service used by the user or whether the application of the re-authentication request module is selected.
  • the handover method according to the present invention determines the re-authentication request according to the set contents of the user profile management module of the mobile terminal, thereby improving handover performance to ensure high-speed mobility support. Can be.
  • a target access point is used by using a re-authentication request message. Send an authentication request message).
  • the handover can be prevented from going through the entire initial authentication process, thereby preventing excessive handover delay from occurring and providing a fast basic service set. To support the transition.
  • 1 is a configuration of a wireless LAN system to which a conventional IEEE 802.11r is applied.
  • FIG. 2 is a signal flow diagram illustrating an initial access procedure to a wireless access point of a conventional IEEE 802.11r and a mobile terminal to which the present invention is applied.
  • 3 is a message signal flowchart to which the fast movement of the conventional IEEE 802.11r is applied.
  • FIG. 4 is a module structural diagram of a mobile terminal according to a preferred embodiment of the present invention.
  • FIG. 5 is a diagram illustrating an embodiment in which a re-authentication request timer module is applied according to a configuration of a user profile management module for improving handover performance in IEEE 802.11r according to a preferred embodiment of the present invention.
  • FIG. 6 is a signal flow diagram of a mobile terminal to which a re-authentication request timer module is applied according to a configuration of a user profile management module for improving handover performance in IEEE 802.11r according to a preferred embodiment of the present invention.
  • FIG. 7 is a flowchart sequentially illustrating a fast handover procedure in a mobile terminal according to an embodiment of the present invention.
  • FIG. 8 is a system configuration diagram according to another embodiment of the present invention.
  • the term "mobile terminal” refers to equipment that can transmit and receive data through an access point while moving in a wireless LAN environment, such as a wireless communication terminal, PDA, notebook, next-generation laptop or smart phone.
  • the system to which the handover method according to the present invention is applied includes an authentication server, a plurality of access points, and a mobile terminal constituting IEEE 802.11r.
  • the access point belongs to the same extended service set and belongs to the same mobility area using a mobility domain identifier (MDID).
  • MDID mobility domain identifier
  • the mobile terminal When the mobile station performs handover in the same mobility area, the mobile terminal does not hand over the existing security-based IEEE 802.11 method, but instead of performing the handover according to the IEEE 802.11r method with security that supports fast roaming in the mobility area. Do an over.
  • the mobile terminal 400 includes a key management module 410, a handover management module 420, and a fast mobility management module for managing keys in a mobility area. And a re-authentication request module 440 for requesting re-authentication, a user profile management module 450, and a socket interface 460.
  • the key management module 410 derives PMKR1 and PTK using PMK-R0, R0KH-ID, R1KH-ID, PMKR0Name, and PMKR1Name from S0KH and S1KH.
  • the derived PMKR1 and PTK together with PMKR0, authenticate the terminal in the authentication and recombination process (steps 301, 302, 303, and 304) for fast handover to another target access point according to IEEE 802.11r. Used to encrypt data exchanged with
  • the handover management module 420 performs a handover preparation process when the signal falls below the first threshold value T1 according to the signal strength of the radio wave received by the mobile terminal and the signal falls below the second threshold value T2. If it falls, handover to the target AP is performed.
  • the fast mobility management module 430 manages a policy of handover and mobility areas occurring in the same mobility area, and the policy of the mobility area includes information on a reassociation deadline time.
  • the user profile management module 450 stores and manages information about a user profile.
  • the user profile stores information on whether the re-authentication request module 440 is applied and the re-authentication request time.
  • the user profile may be newly set, modified, or changed through the user profile management module.
  • the user may directly set whether to apply the reauthentication request module 440 through the input screen of the user profile management module, or may set whether to apply the reauthentication request module according to the type of service applied to the mobile terminal. Since the handover delay sensitivity is different according to the service type of the mobile terminal, the handover delay sensitivity according to each service type may be determined, and accordingly, whether to apply the reauthentication request module may be determined.
  • the re-authentication request time is set by the user and stored in the user profile management module, or by the system in consideration of the user's policy selection in the user profile, the policy of the mobility area, the type of service being used by the mobile terminal, and the like. It may be set and stored in advance.
  • the reauthentication request time is for transmitting a reauthentication request message to the target access point within the reconnection time limit when the handover does not occur even after a predetermined time has elapsed after transmitting the authentication request message to the target access point. It is set to a few tens to hundreds of milliseconds shorter than Reassociation Deadline Time.
  • the plurality of mobile terminals apply the re-authentication request module to resend the authentication request message.
  • the mobile terminal provides a high mobility by applying a re-authentication request module. If the service being used is a service having low handover delay sensitivity, only the existing IEEE 802.11r standard may be applied without applying the reauthentication request module.
  • the re-authentication request module 440 includes a timer therein and transmits an authentication request message requesting re-authentication to the target access point within the reconnection time limit according to the setting of the user profile.
  • the reauthentication request module 440 determines whether to request a reauthentication according to the user profile of the user profile management module.
  • the mobile station starts a timer from the time point at which the mobile terminal transmits the authentication request message to the target access point in preparation for handover, from which the re-authentication request time and the re-connection time limit are counted.
  • the reauthentication request module requests the handover management module to transmit a reauthentication request message to the target access point within the reconnection time limit.
  • the socket interface 450 is for socket communication between the terminal and the authentication server.
  • FIG. 5 is a diagram showing the overall configuration of a wireless LAN system in which a mobile terminal moves according to a preferred embodiment of the present invention, and a graph showing received signal strengths with access points in the mobile terminal.
  • access points 510 and 520 belonging to the same mobility area as the mobile terminal to which the re-authentication request module is applied according to the setting of the user profile are configured. It is.
  • the access point A 510 is an access point to which the mobile terminal is currently connected
  • the access point B 520 is a target access point to which the mobile terminal performs handover.
  • the handover preparation process is performed at the point where the signal strength is T1, and the handover occurs at the point T2.
  • the mobile terminal transmits an authentication request message to the target access point B 520 as a preparation for handover.
  • the timer of the reauthentication request module is driven to count the reconnection timeout and the reauthentication request time. If a situation in which the mobile station stops moving and stops at a point where the received signal strength from the current connection point is less than T1 and more than T2 occurs, handover is delayed because the signal strength is not reduced to less than T2. At this time, if the handover does not occur when the timer driving time passes the reauthentication request time, the reauthentication request message is transmitted to the target access point within the reconnection time limit.
  • the mobile terminal 500 having the above-described structure communicates with the current access point through an initial access process (step 600), and when the signal strength of the received current access point 510 is less than or equal to T1.
  • the timer of the reauthentication request module is driven to count the reauthentication request time and the reconnection time limit, and an authentication response message is received from the target access point 520 (step 602).
  • the mobile terminal drives the timer of the reauthentication request module from the time point at which the authentication request message is transmitted.
  • the timer is driven.
  • the target access point 520 receiving the reauthentication request message transmits a new reauthentication response message (step 612), where a new reconnection timeout is set.
  • the mobile station transmits a reconnection request message (step 620). Communication is made through a procedure of receiving a response message (step 622).
  • FIG. 7 is a flowchart sequentially illustrating a process of performing a fast handover in a WLAN environment by a mobile terminal having the above-described structure according to the present invention.
  • an initial fully authenticated access procedure is performed (step 700).
  • the initial full authentication access process is the same as that described in FIG. 2 and includes a public authentication request and response process, an access request and response process, a user authentication process to the authentication server, and a four-step handshake process.
  • the mobile terminal transmits the encrypted information to communicate with the access point (step 710).
  • the mobile station determines handover to the target access point (step 720).
  • the handover to the target access point is determined when the received signal strength with the current access point is attenuated below a predetermined first threshold value T1 as shown in FIG. 5.
  • an Authentication Request message is sent to the target access point (step 730).
  • the mobile terminal reads the setting information of the user profile to determine whether to apply the reauthentication request module (step 740).
  • step 740 If the re-authentication request module is not applied in step 740, an authentication response message is received according to the IEEE 802.11r standard (step 780), and a handover occurs within the reconnection timeout ( ⁇ ) (step 782).
  • the reconnection request message and the reconnection response message are transmitted and received (steps 770/775) to complete the handover to the target access point. Otherwise, the connection to the target connection point is abandoned and the initial fully authenticated connection procedure is performed again.
  • the timer is driven (step 745).
  • the mobile terminal receives an authentication response message from the target access point (step 750).
  • the mobile terminal determines whether a handover has occurred within a predetermined reauthentication request time at the timer (step 760). At this time, the mobile terminal does not perform the handover unless the received signal strength with the existing access point falls below the second threshold value T2, and the received signal strength with the existing access point falls below the second threshold value T2. When the received signal strength with the target connection point falls below the second threshold value T2, handover is performed to the target connection point.
  • the mobile terminal transmits the reconnection request message to the target access point, it determines that a handover has occurred.
  • the handover is completed by sending a reconnection request message to the target access point (step 770) and receiving a reconnection response message from the target access point (step 775).
  • the reauthentication request message is transmitted to the target access point within the reconnection time limit to request reauthentication (step 730).
  • the mobile terminal when the mobile terminal according to the present invention applies the authentication information retransmission request timer module, if the mobile terminal does not perform a handover within a preset reauthentication request time using the timer module, the mobile station authenticates again to the target access point. Send a request message and receive an authentication response message to ensure that authentication to the target access point remains valid and to avoid repeating the initial full authentication access step.
  • FIG. 8 is a system configuration diagram showing another embodiment of the present invention.
  • access points 810 and 820 belonging to the same mobility area as the mobile terminal to which the re-authentication request timer module is applied according to the setting of the user profile management module in the IEEE 802.11r according to the present embodiment are configured.
  • the access point A 810 is an access point to which the mobile terminal is currently connected
  • the access point B 820 is a target access point to which the mobile terminal performs handover.
  • the mobile terminal applying the present invention transmits an authentication request message to the target access point when the signal strength from the current connection point is not more than T1, that is, the signal strength from the current connection point is less than T1 and the signal strength of the target connection point is more than T2. Perform over-preparation.
  • the reconnection timeout and the reauthentication request time are applied from the time ⁇ sent the authentication request message. Therefore, if a handover does not occur even after the reauthentication request time elapses from the time of transmitting the authentication request message, the reauthentication request message is transmitted to the target access point within the reconnection time limit.
  • the present invention can be widely used to provide fast handover in a local area network (LAN) environment, and in particular, 802.11r-Amendment 2: Fast, which is a standard document of the IEEE 802.11r working group.
  • the basic service set (BSS) transition can be applied to a method that can support fast roaming in the same mobility area when handover of a user terminal.
  • the present invention provides a re-authentication request timer module according to the configuration of the user profile management module when the mobile terminal hands over to a service area of a new target access point belonging to the same mobility area in a WLAN-based mobile environment. By applying this, it is possible to provide a fast handover method.

Abstract

The present invention relates to a fast handover method in a wireless LAN, and to a mobile terminal adopting the same. The handover method comprises the steps of (a) determining a handover, and transmitting an authentication request message to a target access point, if the intensity of the signal received from the current access point is lower than a preset first threshold value (T1); (b) determining whether or not to apply a reauthentication request module in accordance with the set user profile; (c) driving a timer, if the reauthentication request module is applied in accordance with the result of the determination of step (b); (d) receiving an authentication response message from the target access point; (e) performing a reauthentication process with the target access point if the time counted by the timer has elapsed past the preset reauthentication request time and the handover has not been carried out; and (f) performing a procedure for reaccess to the target access point if the handover to the target access point is performed within a limited reaccess time. The present invention makes a request for reauthentication if a handover does not occur within the limited reaccess time, thereby providing a fast handover.

Description

무선랜에서의 빠른 핸드오버방법 및 이를 적용한 이동단말Fast Handover Method in Wireless LAN and Mobile Terminal Using the Same
무선랜에서의 이동단말의 빠른 핸드오버방법 및 이를 적용한 이동단말에 관한 것으로서, 더욱 구체적으로는 동일한 이동성 영역내에서 빠른 로밍을 지원하는 IEEE 802.11r을 적용한 무선랜 환경에 있어서 이동단말에 핸드오버 성능개선을 위해 사용자 프로파일 관리 모듈과 재인증 요청 타이머 모듈을 설치하여 이동단말이 기본 서비스 집합 (Basic Service Set)간을 이동시 과도한 핸드오버가 발생하는 것을 방지하고 고속 이동성을 제공하는 방법 및 시스템에 관한 것이다.The present invention relates to a fast handover method of a mobile terminal in a wireless LAN and a mobile terminal using the same. More specifically, a handover performance of a mobile terminal in a wireless LAN environment using IEEE 802.11r supporting fast roaming in the same mobility region The present invention relates to a method and system for installing a user profile management module and a reauthentication request timer module to prevent excessive handover when a mobile station moves between basic service sets and providing high-speed mobility. .
본 발명과 관련된 종래의 기술을 살펴보면, 전 세계적으로 활발히 설치되고 있는 기존의 IEEE 802.11 국제 표준 기반의 무선 랜 시스템이 있다. IEEE 802.11 무선 랜 시스템은 저렴한 비용으로 고속으로 다양한 인터넷 멀티미디어 서비스에 쉽게 접근할 수 있는 장점을 가지고 있으나 보안이 취약하다는 단점을 가지고 있다. 이러한 보안상의 문제점을 개선하기 위하여 IEEE 802.11i 작업그룹에서는 IEEE 802.11i 표준 보안 프로토콜을 제시하였다. 그러나 IEEE 802.11i 보안 프로토콜은 이동단말이 상이한 무선 랜 접속점(Access Point)을 바꿀 때 과도한 핸드오버 인증 지연시간(Handover Authentication Delay)이 발생하는 문제점이 있다. 이러한 핸드오버 인증 지연시간을 개선하기 위하여 IEEE 802.11r 작업그룹에서는 최근에 상기 핸드오버 인증 지연시간(Handover Authentication Delay)을 줄일 수 있는 IEEE 802.11r 고속 기본서비스집합 전이 (Fast BSS Transition) 프로토콜을 국제표준으로 제정하였다. 이하, 첨부된 도면을 참조하여 IEEE 802.11 국제표준에 따른 핸드오버 방법에 대하여 개략적으로 설명한다. Looking at the conventional technology related to the present invention, there is a wireless LAN system based on the existing IEEE 802.11 international standards that are actively installed worldwide. The IEEE 802.11 WLAN system has the advantage of easily accessing various Internet multimedia services at high speed at low cost, but has the disadvantage of weak security. In order to improve this security problem, the IEEE 802.11i working group proposed the IEEE 802.11i standard security protocol. However, the IEEE 802.11i security protocol has a problem that excessive handover authentication delay occurs when the mobile station changes a different WLAN access point. In order to improve the handover authentication delay time, the IEEE 802.11r working group has recently adopted the IEEE 802.11r fast BSS Transition protocol, which can reduce the handover authentication delay. It was established. Hereinafter, a handover method according to the IEEE 802.11 international standard will be described with reference to the accompanying drawings.
도 1은 일반적인 IEEE 802.11r 표준에 따른 핸드오버를 설명하기 위하여 도시한 시스템 구성도이다. 도 1을 참조하면, 전체 시스템은 이동단말(100), 인증서버(110), 접속점(Access Point:120, 130, 140)으로 구성되며, 각 접속점은 동일한 확장된 서비스 집합(Extended Service Set)에 속해 있으며 동일한 이동성 영역 식별자(Mobility Domain Identifier : MDID)를 갖는 동일한 이동성 영역(Mobility Domain)에 속해 있다. 이러한 동일한 이동성 영역 내에서 이동단말이 핸드오버를 할 경우, 이동단말은 기존의 보안이 적용된 IEEE 802.11 방식으로 핸드오버하는 것이 아니라 이동성 영역 내에서 빠른 로밍을 지원하는 보안이 적용된 IEEE 802.11r 고속 기본서비스집합 전이(Fast BSS Transition) 프로토콜에 따른 방식으로 핸드오버를 수행한다.1 is a system configuration diagram illustrating a handover according to a general IEEE 802.11r standard. Referring to FIG. 1, the entire system includes a mobile terminal 100, an authentication server 110, and access points ( Access Points 120, 130, and 140), and each access point is included in the same extended service set. Belong to the same mobility domain with the same mobility domain identifier (MDID). If the mobile station performs handover in the same mobility area, the mobile station does not hand over the existing security-based IEEE 802.11 method, but instead of the IEEE 802.11r high-speed basic service with security that supports fast roaming in the mobility area. Handover is performed in a manner according to the Fast BSS Transition protocol.
먼저, 도 2를 참조하여 일반적인 초기 접속 절차를 살펴본다. 도 2는 무선 랜 환경에서 IEEE 802.11r에 따라 이동단말이 처음으로 접속점에 접속하는 초기 접속 절차를 도시한 순서도이다. 도 2를 참조하면, 이동 단말이 무선 랜 환경의 임의의 이동성 영역의 접속점과 접속을 처음 시도할 때, 이동단말은 공개 인증 요청(Open Authentication Request) 메시지를 접속점으로 전송하고(단계 201), 접속점으로부터 공개 인증 응답(Open Authentication Response) 메시지를 수신한다(단계 202). 여기서, 공개 인증 요청 및 공개 인증 응답 과정은 IEEE802.11표준의 공개 인증 방식에 따른 것이다. 참고로, IEEE802.11 표준은 공개(Open) 인증 방식 및 공유키(Shared Key) 인증 방식의 2가지 인증 메커니즘을 제공한다. 상기 공개 인증 방식은 전체 인증 흐름이 평문(Clesr-text)으로 이루어지며, 클라이언트는 올바른 WEP키 없이도 접속점에 접속할 수 있도록 한다. 공유키 인증 방식에서는 접속점이 클라이언트가 올바른 WEP키를 가지고 암호화해서 접속점으로 반환하는 경우에만 챌린지(challenge) 텍스트 패킷을 송신하며, 이때 클라이언트가 잘못된 키를 갖고 있거나 키를 갖고 있지 않으면 인증에 실패해서 접속점과 연결될 수 없게 된다. First, a general initial access procedure will be described with reference to FIG. 2. FIG. 2 is a flowchart illustrating an initial access procedure in which a mobile station first accesses an access point according to IEEE 802.11r in a wireless LAN environment. Referring to FIG. 2, when a mobile terminal first attempts to connect with an access point of any mobility area of a wireless LAN environment, the mobile terminal transmits an Open Authentication Request message to the access point (step 201). Receive an Open Authentication Response message from the server (step 202). Here, the public authentication request and public authentication response process is based on the public authentication method of the IEEE802.11 standard. For reference, the IEEE802.11 standard provides two authentication mechanisms, an open authentication method and a shared key authentication method. In the open authentication scheme, the entire authentication flow is made in clear text, and the client can access the access point without a valid WEP key. In shared-key authentication, a challenge text packet is sent only if the access point encrypts the client with the correct WEP key and returns it to the access point, where authentication fails if the client has an invalid key or does not have a key. Cannot be connected to
이후, 이동단말은 접속점으로 접속 요청(Association Request) 메시지를 접속점으로 전송하고(단계 203), 접속점으로부터 접속 응답(Association Response) 메시지를 수신한다(단계 204). 이동단말은 IEEE 802.1x/EAP 프로토콜에 따라 인증 서버(Authentication Server)에 의한 인증 과정을 수행한다(단계 205). 이 인증과정을 통해 접속점과 이동단말은 짝 마스터 키(Pairwise Master Key; 이하 'PMK'라 한다) 또는 PMK 관련 정보를 확보하게 되고 이를 이용하여 EAPOL-Key 메시지를 이용한 4단계 키 교환 프로토콜에 따른 4단계 핸드쉐이크(4-Way Handshake)과정을 수행한다(단계 206, 207, 208, 209). 다음, 이동단말은 접속점을 통해 암호화된 정보를 전송한다. Thereafter, the mobile terminal transmits an association request message to the access point (step 203), and receives an association response message from the access point (step 204). The mobile station performs an authentication process by an authentication server according to the IEEE 802.1x / EAP protocol (step 205). Through this authentication process, the access point and the mobile station obtain a pairwise master key (PMK) or PMK-related information, and use the EAPOL-Key message to obtain 4 The 4-way handshake process is performed (steps 206, 207, 208, and 209). The mobile terminal then transmits the encrypted information through the access point.
이와 같이, 이동단말이 임의의 이동성 영역에 있는 접속점에 처음 접속하는 경우 전술한 과정을 통해 초기 접속 절차를 수행하게 된다. 그리고, 이동단말이 이동하여 다른 목표접속점에 접속하는 경우, 동일한 이동성 영역내에서 고속으로 핸드오버를 수행하도록 하기 위하여, IEEE 802.11r 표준은 고속 핸드오버 방법을 제시하였다. 도 3은 이동 단말이 초기 접속 이후 동일한 이동성 영역 내에서 핸드오버가 일어날 때, IEEE 802.11r의 고속 기본서비스집합 전이 프로토콜에 따른 빠른 이동(Fast Transition) 동작을 순차적으로 도시한 흐름도이다. 도 3을 참조하면, 초기 접속절차(단계 300)를 수행한 단말이 동일한 이동성 영역 내에서의 핸드오버를 수행할 때에는, 이동가능한 접속점을 예측하여 목표 접속점을 설정하고, 이동단말이 핸드오버를 수행하기 전 목표 접속점(Target Access Point)으로 인증 요청메시지를 전송하고(단계 301) 목표 접속점으로부터 인증 응답 메시지를 수신한다(단계 302).As such, when the mobile terminal first connects to a connection point in an arbitrary mobility region, an initial connection procedure is performed through the above-described process. In addition, when the mobile terminal moves and accesses another target access point, in order to perform handover at high speed in the same mobility region, the IEEE 802.11r standard proposes a fast handover method. FIG. 3 is a flowchart sequentially illustrating a fast transition operation according to a fast basic service aggregation transition protocol of IEEE 802.11r when a mobile terminal performs handover in the same mobility region after initial access. Referring to FIG. 3, when a terminal performing an initial access procedure (step 300) performs a handover in the same mobility region, the terminal predicts a movable access point, sets a target access point, and the mobile terminal performs a handover. The authentication request message is transmitted to the target access point (step 301) before the authentication response message is received from the target access point (step 302).
이 경우, 이동단말에 대한 IEEE 802.1x/EAP에 따른 인증 과정이 생략되고, 인증 요청 메시지와 응답 메시지가 초기 접속 시의 4단계 핸드쉐이크 과정의 EAPOL-Key 1,2 과정의 역할을 하게 된다. 이후 핸드오버가 발생하고 이동단말은 목표 접속점에 재접속 요청(Reassociation Request) 메시지를 전송하고(단계 303), 목표 접속점으로부터 재접속 응답(Reassociation Response) 메시지를 수신한다(단계 304). 이때, 재접속 요청 메시지와 재접속 응답 메시지는 4단계 핸드쉐이크 과정의 EAPOL-Key 3,4 과정의 역할을 하게 된다. 따라서, 이동 단말이 동일한 이동성 영역내의 다른 접속점으로 핸드오버하는 경우, 이동 단말은 간략화된 4단계 핸드쉐이크를 수행하여 고속으로 핸드오버과정을 마치고 통신하게 된다.In this case, the authentication process according to IEEE 802.1x / EAP for the mobile terminal is omitted, and the authentication request message and the response message play a role of the EAPOL-Key 1,2 process in the four-step handshake process upon initial access. Thereafter, a handover occurs and the mobile station transmits a reassociation request message to the target access point (step 303), and receives a reassociation response message from the target access point (step 304). At this time, the reconnection request message and the reconnection response message play a role of the EAPOL-Key 3, 4 process of the 4-step handshake process. Therefore, when the mobile terminal hands over to another access point in the same mobility area, the mobile terminal performs a simplified four-step handshake to complete the handover process at high speed and communicate.
상기 IEEE 802.11r 프로토콜은 단말의 이동 예측을 기반으로 하여 핸드오버가 일어나기 전, 같은 이동성 영역에 속한 목표 접속점에 인증요청을 하고 응답을 받는 방법으로 사전인증을 수행한다. 이러한 동작절차는 핸드오버가 발생하기 바로 직전에 수행하는 것이 가장 이상적이나, 현실적으로 핸드오버가 발생하는 시점을 정확하게 예측하기가 어렵다. 이로 인하여 종래의 기술들은 일반적으로 이동단말이 수신하는 전파세기를 통하여 전파세기가 사전에 설정된 제1 임계값(Threshold 1 : T1) 이하가 되면 핸드오버를 예측하여 핸드오버를 준비하고 사전에 설정된 제2 임계값(Threshold 2 : T2) 이하로 신호가 약해지면 핸드오버를 수행한다. 그러나 실제 환경에서는 사용자의 이동성 행태(Mobility Pattern)가 주위상황에 따라 달라질 수 있기 때문에 이동단말이 다음에 연결할 접속점을 정확히 예측할 수가 없다. The IEEE 802.11r protocol performs pre-authentication by requesting an authentication request and receiving a response from a target access point belonging to the same mobility region before handover occurs based on the movement prediction of the terminal. This operation procedure is ideally performed immediately before the handover occurs, but it is difficult to accurately predict when the handover occurs in reality. For this reason, conventional techniques generally prepare a handover by predicting handover when the radio wave strength is lower than or equal to a preset first threshold value (T1) through the radio wave strength received by the mobile terminal, and then set a preset If the signal weakens below two thresholds (T2), a handover is performed. However, in a real environment, since the mobility pattern of the user may vary depending on the surrounding situation, the mobile terminal cannot accurately predict a connection point to be connected next.
따라서, 이동 단말이 접속점 A의 서비스 영역에서 B의 서비스 영역으로 이동함에 따라 신호 감쇄가 일어나고 신호강도가 T1 지점에서 핸드오버 준비과정을 수행하고 신호강도가 T2 지점에서 핸드오버가 발생한다. 이동단말이 수신하는 현재 접속점(A)으로부터의 신호가 감쇄하여 신호강도가 T1이 되는 α시점에 이동단말은 목표 접속점(B)로의 핸드오버 준비과정으로 인증요청 메시지를 전송한다. 인증요청 메시지가 전송되면 메시지가 전송되는 시점α부터 재접속 제한시간(τ)이 적용된다. 만약 이때 신호강도가 T1 이하이고 T2 이상인 지점에서 이동단말이 이동을 멈추고 정지하는 상황이 발생하면 신호강도 T2 이하로 감쇄하지 않아 핸드오버 발생이 지연되고, 핸드오버가 발생하는 시점인 β가 재접속 제한 시간(τ)를 초과하게 된다. 이런 경우, 이동단말과 목표접속점(B) 사이의 인증정보(PTKSA : Pairwise Transient Key Security Association)는 무효가 되는 문제가 발생한다. 이러한 상황에서 이동단말은 목표 접속점으로의 접속을 포기하거나, 목표 접속점과 다시 통신하기 위해서는 IEEE 802.1x/EAP 과정을 포함한 초기 접속 절차를 모두 거쳐야 하므로, 과도한 핸드오버 지연 시간이 발생하게 된다. Therefore, as the mobile terminal moves from the service area of the access point A to the service area of the B, signal attenuation occurs, the signal strength performs a handover preparation process at the T1 point, and the handover occurs at the T2 point. When the signal from the current access point A received by the mobile terminal is attenuated and the signal strength becomes T1, the mobile terminal transmits an authentication request message in preparation for handover to the target access point B. When the authentication request message is transmitted, the reconnection timeout τ is applied from the time α when the message is transmitted. If there is a situation where the mobile station stops moving and stops at a point where the signal strength is less than T1 and more than T2, the handover is delayed because it does not attenuate to less than the signal strength T2. The time τ is exceeded. In this case, there occurs a problem that the authentication information (PTKSA: Pairwise Transient Key Security Association) between the mobile terminal and the target access point B becomes invalid. In this situation, the mobile terminal must pass all initial access procedures including the IEEE 802.1x / EAP procedure in order to abandon the access to the target access point or communicate with the target access point again, resulting in excessive handover delay time.
본 발명이 이루고자 하는 기술적 과제는 상기와 같은 종래기술의 문제점을 해결하기 위하여 안출된 것으로서, 본 발명의 목적은 IEEE 802.11 무선 랜에서 이동단말이 이동할 때, 핸드오버가 예측 시점보다 늦게 핸드오버가 발생하더라도 재인증과정을 수행함으로써, 과도한 핸드오버 지연시간이 발생하는 것을 방지하고 고속 기본서비스집합 전이를 지원할 수 있는 빠른 핸드오버방법을 제공하는 것이다. The technical problem to be achieved by the present invention is to solve the problems of the prior art as described above, the object of the present invention, when the mobile terminal moves in the IEEE 802.11 WLAN, handover occurs later than the predicted time point Even if the re-authentication process is performed, it is possible to prevent excessive handover delay time and to provide a fast handover method capable of supporting fast basic service set transition.
전술한 기술적 과제를 달성하기 위한 본 발명의 특징은, 무선랜 환경에서의 이동 단말의 핸드오버 방법에 관한 것으로서, 상기 핸드오버 방법은, (a) 현재 접속점으로부터의 수신신호세기가 사전에 설정된 제1 임계값(T1) 이하로 떨어지는 경우, 목표접속점으로의 핸드오버를 결정하고 목표접속점으로 인증요청 메시지를 전송하는 단계; (b) 재인증 요청 모듈의 적용 여부를 결정하는 단계; (c) 상기 (b)단계의 결정에 따라 재인증 요청 모듈이 적용되면, 타이머를 구동하는 단계; (d) 상기 목표접속점으로부터 인증응답 메시지를 수신하는 단계; (e) 핸드오버가 수행되지 않은 상태에서 상기 타이머가 사전에 설정된 재인증 요청 시간을 경과한 경우, 사전에 설정된 재접속 제한 시간내에 상기 목표접속점으로 재인증 요청 메시지를 전송하는 단계; (f) 재접속제한시간내에 목표접속점으로 핸드오버가 수행되면, 목표접속점과 재접속 과정을 수행하는 단계; 를 구비한다. A feature of the present invention for achieving the above-described technical problem relates to a handover method of a mobile terminal in a wireless LAN environment, the handover method, (a) the received signal strength from the current access point is set in advance Determining a handover to the target access point and transmitting an authentication request message to the target access point when falling below one threshold T1; (b) determining whether to apply the reauthentication request module; (c) driving a timer if the reauthentication request module is applied according to the determination of step (b); (d) receiving an authentication response message from the target access point; (e) transmitting a reauthentication request message to the target access point within a preset reconnection time limit when the timer passes a preset reauthentication request time without performing a handover; (f) if the handover is performed to the target access point within the reconnection time limit, performing a reconnection process with the target access point; It is provided.
전술한 특징을 갖는 이동단말의 핸드오버 방법에 있어서, 상기 (b)단계는 이동단말의 사용자 프로파일에 설정된 정보에 따라 재인증 요청 모듈의 적용 여부를 결정하는 것을 특징으로 하며, 상기 사용자 프로파일에 설정된 정보는 사용자의 선택에 의해 설정되는 정보이거나, 이동단말의 서비스의 종류에 따라 설정되는 정보인 것이 바람직하다. In the handover method of the mobile terminal having the above-mentioned characteristics, the step (b) is characterized in that it is determined whether to apply the re-authentication request module according to the information set in the user profile of the mobile terminal, The information is preferably information set by the user's selection or information set according to the type of service of the mobile terminal.
전술한 특징을 갖는 이동단말의 핸드오버 방법에 있어서, 상기 재인증 요청 시간은 상기 재접속 제한 시간보다 짧은 시간으로 설정되는 것이 바람직하다. In the handover method of the mobile terminal having the above-mentioned feature, the reauthentication request time is preferably set to a time shorter than the reconnection time limit.
전술한 특징을 갖는 이동단말의 핸드오버 방법에 있어서, 상기 (e) 단계에서 이동단말이 목표접속점으로 재접속요청메시지를 전송하지 않은 경우 이동 단말이 목표접속점으로 핸드오버를 수행하지 않았다고 판단하는 것이 바람직하다.In the handover method of the mobile terminal having the above-mentioned characteristics, when the mobile terminal does not transmit the reconnection request message to the target access point in step (e), it is preferable to determine that the mobile terminal has not performed the handover to the target access point. Do.
전술한 특징을 갖는 이동단말의 핸드오버 방법에 있어서, 상기 (b)단계에서 상기 재인증 요청 모듈을 적용하지 않는 것으로 결정되는 경우, 목표접속점으로부터 인증응답메시지를 수신하고, 재접속제한시간내에 목표접속점으로 핸드오버가 발생하면 목표접속점과 재접속 과정을 수행하며, 재접속제한시간내에 목표접속점으로 핸드오버가 발생하지 않으면 인증정보를 무효로 하는 것이 바람직하다.In the handover method of the mobile terminal having the above-mentioned characteristics, if it is determined in step (b) that the reauthentication request module is not applied, an authentication response message is received from a target access point, and the target access point is within the reconnection time limit. If a handover occurs, the reconnection process is performed with the target access point. If the handover does not occur within the reconnection time limit, the authentication information is invalidated.
전술한 특징을 갖는 이동단말의 핸드오버 방법에 있어서, 상기 재접속 제한 시간은 현재 접속점의 수신신호세기가 제1 임계값(T1)이하인 시점부터 시작되거나, 현재 접속점의 수신신호세기가 제1 임계값(T1)이하이고 목표접속점의 수신신호세기가 제2 임계값(T2) 이상인 시점부터 시작되며, 현재 접속점의 수신신호세기가 제2 임계값(T2) 이하인 시점에서 종료된다. In the handover method of the mobile terminal having the above-mentioned characteristic, the reconnection time limit starts from the time when the received signal strength of the current access point is less than or equal to the first threshold value T1, or the received signal strength of the current access point is the first threshold value. It starts at (T1) or less and the received signal strength of the target access point is greater than or equal to the second threshold value T2, and ends when the received signal strength of the current access point is less than or equal to the second threshold value T2.
본 발명의 다른 특징에 따른 이동 단말은, 인증관련정보를 저장하는 키관리 모듈; 이동 단말에 대한 사용자 프로파일을 저장 및 관리하는 사용자 프로파일 관리 모듈; 이동단말이 수신하는 수신신호세기에 따라 목표접속점으로의 핸드오버를 준비하거나 목표접속점으로의 핸드오버를 수행하는 핸드오버 관리 모듈; 타이머를 구비하고, 상기 사용자 프로파일의 설정 조건에 따라 재인증 요청할지 여부를 결정하고, 상기 핸드오버 관리 모듈에 의해 목표 접속점으로 인증요청메시지를 전송한 때에 상기 타이머를 구동하고, 타이머의 구동 시간이 사전에 설정된 재인증 요청 시간을 경과한 후에도 핸드오버가 발생되지 아니한 경우에는 사전에 설정된 재접속 제한 시간내에 목표접속점으로 재인증 요청 메시지를 전송하는 재인증 요청 모듈;을 구비하여 다수 개의 접속점을 갖는 무선랜환경에서 빠른 핸드오버를 제공한다.According to another aspect of the present invention, a mobile terminal includes a key management module for storing authentication related information; A user profile management module for storing and managing a user profile for the mobile terminal; A handover management module for preparing a handover to a target access point or performing a handover to a target access point according to the received signal strength received by the mobile terminal; A timer, determining whether to request reauthentication according to a setting condition of the user profile, and driving the timer when the authentication request message is sent to the target access point by the handover management module, and the driving time of the timer If a handover does not occur even after a predetermined reauthentication request time has elapsed, a reauthentication request module for transmitting a reauthentication request message to a target access point within a preset reconnection time limit; Provides fast handover in LAN environments.
전술한 특징을 갖는 이동 단말에 있어서, 상기 재인증 요청 시간은 상기 재접속 제한 시간보다 짧은 것이 바람직하다. In the mobile terminal having the aforementioned feature, the reauthentication request time is preferably shorter than the reconnection time limit.
전술한 특징을 갖는 이동 단말에 있어서, 상기 사용자 프로파일은 상기 재인증 요청 모듈의 적용 여부를 사용자의 선택에 의해 설정하거나, 이동단말이 이용하는 서비스의 종류에 따라 설정하는 것이 바람직하다. In the mobile terminal having the above-mentioned feature, it is preferable that the user profile is set according to the type of service used by the user or whether the application of the re-authentication request module is selected.
이상에서 설명한 바와 같이 , IEEE 802.11r 환경에서 본 발명에 따른 핸드오버 방법은 이동단말의 사용자 프로파일 관리 모듈의 설정된 내용에 따라 재인증 요청 여부를 결정하여 핸드오버 성능을 개선하여 고속 이동성 지원을 보장할 수 있다.As described above, in the IEEE 802.11r environment, the handover method according to the present invention determines the re-authentication request according to the set contents of the user profile management module of the mobile terminal, thereby improving handover performance to ensure high-speed mobility support. Can be.
본 발명은 IEEE 802.11 무선 랜에서 이동단말이 동일한 이동성 영역 내에서 이동할 때, 핸드오버 예측 시점보다 늦게 핸드오버가 발생하더라도 재 인증 요청 메시지(Re-Authentication Request Message)를 이용하여 목표 접속점(Target Access Point)에 인증요청 메시지를 전송한다. 그 결과, 핸드오버가 재접속 제한시간(Reassociation Deadline Time)이 경과한 후에 발생하더라도, 전체 초기 인증과정을 모두 거치는 것을 방지할 수 있도록 하여, 과도한 핸드오버 지연시간이 발생하는 것을 방지하고 고속 기본서비스집합 전이를 지원할 수 있게 된다. According to the present invention, when a mobile station moves within the same mobility area in an IEEE 802.11 WLAN, even if a handover occurs later than a handover prediction time, a target access point is used by using a re-authentication request message. Send an authentication request message). As a result, even if the handover occurs after the reassociation deadline time has elapsed, the handover can be prevented from going through the entire initial authentication process, thereby preventing excessive handover delay from occurring and providing a fast basic service set. To support the transition.
도 1은 종래의 IEEE 802.11r이 적용되는 무선랜 시스템 구성도이다. 1 is a configuration of a wireless LAN system to which a conventional IEEE 802.11r is applied.
도 2는 종래 IEEE 802.11r 및 본 발명이 적용된 이동단말의 무선 접속점으로의 초기 접속절차에 관한 신호 순서도이다. 2 is a signal flow diagram illustrating an initial access procedure to a wireless access point of a conventional IEEE 802.11r and a mobile terminal to which the present invention is applied.
도 3은 종래 IEEE 802.11r의 빠른 이동이 적용된 메시지 신호 순서도이다.3 is a message signal flowchart to which the fast movement of the conventional IEEE 802.11r is applied.
도 4는 본 발명의 바람직한 실시예에 따른 이동단말의 모듈 구조도이다.4 is a module structural diagram of a mobile terminal according to a preferred embodiment of the present invention.
도 5는 본 발명의 바람직한 실시예에 따라 IEEE 802.11r에서 핸드오버 성능개선을 위한 사용자 프로파일 관리 모듈의 설정에 따라 재인증 요청 타이머 모듈이 적용된 실시 구성예이다. 5 is a diagram illustrating an embodiment in which a re-authentication request timer module is applied according to a configuration of a user profile management module for improving handover performance in IEEE 802.11r according to a preferred embodiment of the present invention.
도 6은 본 발명의 바람직한 실시예에 따라 IEEE 802.11r에서 핸드오버 성능개선을 위해 사용자 프로파일 관리 모듈의 설정에 따라 재인증 요청 타이머 모듈이 적용된 이동단말의 신호 순서도이다.6 is a signal flow diagram of a mobile terminal to which a re-authentication request timer module is applied according to a configuration of a user profile management module for improving handover performance in IEEE 802.11r according to a preferred embodiment of the present invention.
도 7은 본 발명의 바람직한 실시예에 따른 이동 단말에서의 빠른 핸드오버 과정을 순차적으로 도시한 흐름도이다. 7 is a flowchart sequentially illustrating a fast handover procedure in a mobile terminal according to an embodiment of the present invention.
도 8은 본 발명의 다른 실시예에 따른 시스템 구성도이다. 8 is a system configuration diagram according to another embodiment of the present invention.
이하, 첨부된 도면을 참조하여 본 발명의 바람직한 실시예에 따른 무선랜 환경에서의 이동 단말에서의 빠른 핸드오버 방법 및 이를 적용한 이동단말에 대하여 구체적으로 설명한다. 본 발명에서의 '이동단말'이라 함은 무선통신단말기, PDA, 노트북, 차세대 노트북 또는 스마트 폰 등과 같이 무선랜 환경에서 이동하면서 접속점을 통해 데이터를 송수신할 수 있는 장비를 일컫는다. 본 발명에 따른 핸드오버 방법이 적용되는 시스템은 IEEE 802.11r을 구성하는 인증서버, 다수 개의 접속점, 이동 단말을 구비한다. 접속점은 동일한 확장된 서비스 집합(Extended Service Set)에 속해 있으며 이동성영역 식별자(Mobility Domain Identifier : MDID)를 사용하는 동일한 이동성 영역에 속해있다. 이러한 동일한 이동성 영역 내에서 이동단말이 핸드오버를 할 경우, 이동단말은 기존의 보안이 적용된 IEEE 802.11 방식으로 핸드오버 하는 것이 아니라 이동성 영역 내에서 빠른 로밍을 지원하는 보안이 적용된 IEEE 802.11r 방식으로 핸드오버를 수행한다.Hereinafter, with reference to the accompanying drawings will be described in detail with respect to a fast handover method in a mobile terminal in a wireless LAN environment according to a preferred embodiment of the present invention and a mobile terminal applying the same. In the present invention, the term "mobile terminal" refers to equipment that can transmit and receive data through an access point while moving in a wireless LAN environment, such as a wireless communication terminal, PDA, notebook, next-generation laptop or smart phone. The system to which the handover method according to the present invention is applied includes an authentication server, a plurality of access points, and a mobile terminal constituting IEEE 802.11r. The access point belongs to the same extended service set and belongs to the same mobility area using a mobility domain identifier (MDID). When the mobile station performs handover in the same mobility area, the mobile terminal does not hand over the existing security-based IEEE 802.11 method, but instead of performing the handover according to the IEEE 802.11r method with security that supports fast roaming in the mobility area. Do an over.
도 4는 본 발명의 바람직한 실시예에 따른 빠른 핸드오버를 수행하는 이동 단말(400)의 내부 구조를 개략적으로 도시한 블록도이다. 도 4를 참조하면, 본 발명에 따른 이동 단말(400)은 이동성 영역에서 키를 관리하는 키 관리 모듈(Key Management Module, 410), 핸드오버 관리 모듈(Handover Management Module, 420), 빠른 이동 관리 모듈(FT Management Module, 430), 재인증을 요청하는 재인증 요청 모듈(440), 사용자 프로파일 관리 모듈(450), 소켓 인터페이스(Socket Interface, 460)를 구비한다. 4 is a block diagram schematically illustrating an internal structure of a mobile terminal 400 performing fast handover according to an exemplary embodiment of the present invention. Referring to FIG. 4, the mobile terminal 400 according to the present invention includes a key management module 410, a handover management module 420, and a fast mobility management module for managing keys in a mobility area. And a re-authentication request module 440 for requesting re-authentication, a user profile management module 450, and a socket interface 460.
상기 키 관리 모듈(410)은 S0KH, S1KH에서 PMK-R0와 R0KH-ID, R1KH-ID, PMKR0Name, PMKR1Name을 이용하여 PMKR1, PTK를 유도해 낸다. 이 유도된 PMKR1과 PTK는 PMKR0와 함께 IEEE 802.11r에 따른 다른 목표접속점으로의 고속 핸드오버를 위한 인증 과정 및 재결합과정(단계 301, 302, 303, 304)에서 단말을 인증하고 이동단말과 접속점 사이에 교환되는 데이터를 암호화하는데 사용된다. The key management module 410 derives PMKR1 and PTK using PMK-R0, R0KH-ID, R1KH-ID, PMKR0Name, and PMKR1Name from S0KH and S1KH. The derived PMKR1 and PTK, together with PMKR0, authenticate the terminal in the authentication and recombination process (steps 301, 302, 303, and 304) for fast handover to another target access point according to IEEE 802.11r. Used to encrypt data exchanged with
상기 핸드오버 관리 모듈(420)은 이동단말이 수신하는 전파의 신호강도에 따라 신호가 제1 임계값(T1)이하로 떨어지면 핸드오버 준비과정을 수행하고 신호가 제2 임계값(T2) 이하로 떨어지면 목표 접속점(Target AP)로의 핸드오버를 수행한다. The handover management module 420 performs a handover preparation process when the signal falls below the first threshold value T1 according to the signal strength of the radio wave received by the mobile terminal and the signal falls below the second threshold value T2. If it falls, handover to the target AP is performed.
상기 빠른 이동관리 모듈(430)은 동일한 이동성 영역 내에서 일어나는 핸드오버 및 이동성 영역의 정책을 관리하며, 상기 이동성 영역의 정책에는 재접속 제한 시간(Reassociation Deadline Time)에 대한 정보가 포함된다. The fast mobility management module 430 manages a policy of handover and mobility areas occurring in the same mobility area, and the policy of the mobility area includes information on a reassociation deadline time.
상기 사용자 프로파일 관리 모듈(450)은 사용자 프로파일에 대한 정보를 저장 및 관리한다. 상기 사용자 프로파일은 재인증 요청 모듈(440)의 적용 여부 및 재인증 요청 시간에 대한 정보를 저장한 것으로서, 상기 사용자 프로파일 관리 모듈을 통해 사용자 프로파일의 정보들을 새로이 설정하거나 수정 및 변경가능하다. 상기 사용자 프로파일 관리 모듈의 입력 화면을 통해 재인증 요청 모듈(440)의 적용 여부를 사용자가 직접 설정하거나, 이동단말에 적용되는 서비스의 종류에 따라 재인증 요청 모듈의 적용 여부를 설정할 수 있다. 이동단말의 서비스의 종류에 따라 핸드오버 지연 민감도가 상이하므로, 각 서비스 종류에 따른 핸드오버 지연 민감도를 판단하고, 이에 따라 재인증 요청 모듈의 적용 여부를 결정할 수도 있다. 또한, 상기 재인증 요청 시간은 사용자가 직접 설정하여 사용자 프로파일 관리 모듈에 저장하거나, 사용자 프로파일에서의 사용자의 정책 선택, 이동성 영역의 정책, 이동단말이 이용중인 서비스의 종류 등을 고려하여 시스템에 의해 사전에 설정되어 저장될 수 있다. 상기 재인증 요청 시간은 목표접속점으로 인증 요청 메시지를 전송한 후 일정 시간이 경과하였음에도 불구하고 핸드오버가 발생하지 않은 경우 목표 접속점으로 재접속 제한시간내에 재인증 요청 메시지를 전송하기 위한 것으로서, 재접속 제한시간(Reassociation Deadline Time)보다 수십~ 수백 밀리초 정도 짧은 시간으로 설정된다. The user profile management module 450 stores and manages information about a user profile. The user profile stores information on whether the re-authentication request module 440 is applied and the re-authentication request time. The user profile may be newly set, modified, or changed through the user profile management module. The user may directly set whether to apply the reauthentication request module 440 through the input screen of the user profile management module, or may set whether to apply the reauthentication request module according to the type of service applied to the mobile terminal. Since the handover delay sensitivity is different according to the service type of the mobile terminal, the handover delay sensitivity according to each service type may be determined, and accordingly, whether to apply the reauthentication request module may be determined. In addition, the re-authentication request time is set by the user and stored in the user profile management module, or by the system in consideration of the user's policy selection in the user profile, the policy of the mobility area, the type of service being used by the mobile terminal, and the like. It may be set and stored in advance. The reauthentication request time is for transmitting a reauthentication request message to the target access point within the reconnection time limit when the handover does not occur even after a predetermined time has elapsed after transmitting the authentication request message to the target access point. It is set to a few tens to hundreds of milliseconds shorter than Reassociation Deadline Time.
만약 재인증 요청 모듈의 적용 여부를 결정하기 위한 사용자 프로파일 관리 모듈이 없다면, 단일의 이동성 영역 내에 다수의 이동단말이 있는 경우, 다수의 이동 단말이 재인증 요청 모듈을 적용하여 인증요청 메시지를 재전송하고 자원을 예약하게 됨으로써, 이에 따른 오버헤드로 인해 동일한 이동성 영역내의 통신이 원활하지 못할 수 있다. 따라서, 전술한 구성을 갖는 사용자 프로파일 관리 모듈을 구비함으로써, 이동단말이 현재 이용중인 서비스가 핸드오버 지연 민감도가 높은 서비스일 경우에는 재인증 요청 모듈을 적용하여 높은 이동성을 제공하며, 이동단말이 현재 이용 중인 서비스가 핸드오버 지연 민감도가 낮은 서비스일 경우에는 재인증 요청 모듈을 적용하지 않고 기존의 IEEE 802.11r 표준만을 적용하도록 할 수 있다.If there is no user profile management module for determining whether to apply the re-authentication request module, if there are a plurality of mobile terminals in a single mobility area, the plurality of mobile terminals apply the re-authentication request module to resend the authentication request message. By reserving resources, communication in the same mobility area may not be smooth because of the overhead. Accordingly, by providing the user profile management module having the above-described configuration, when the service currently being used by the mobile terminal is a service having a high handover delay sensitivity, the mobile terminal provides a high mobility by applying a re-authentication request module. If the service being used is a service having low handover delay sensitivity, only the existing IEEE 802.11r standard may be applied without applying the reauthentication request module.
상기 재인증 요청 모듈(440)은 내부에 타이머를 구비하고, 사용자 프로파일의 설정에 따라 재인증을 요청하는 인증 요청 메시지를 재접속 제한시간내에 목표접속점으로 전송한다. 상기 재인증 요청 모듈(440)은 상기 사용자 프로파일 관리 모듈의 사용자 프로파일에 따라 재인증 요청 여부를 결정한다. 재인증 요청이 결정되면, 이동단말이 핸드오버 준비과정에서 목표 접속점에 인증 요청메시지를 전송하는 시점부터 타이머를 구동시키며, 이때부터 재인증 요청 시간 및 재접속 제한 시간이 카운트된다. 타이머의 구동시간이 재인증 요청 시간이 경과한 후에도 핸드오버가 발생하지 않은 경우, 상기 재인증 요청 모듈은 핸드오버 관리 모듈로 재접속 제한 시간내에 목표 접속점으로 재인증 요청메시지를 전송하도록 요청한다. The re-authentication request module 440 includes a timer therein and transmits an authentication request message requesting re-authentication to the target access point within the reconnection time limit according to the setting of the user profile. The reauthentication request module 440 determines whether to request a reauthentication according to the user profile of the user profile management module. When the re-authentication request is determined, the mobile station starts a timer from the time point at which the mobile terminal transmits the authentication request message to the target access point in preparation for handover, from which the re-authentication request time and the re-connection time limit are counted. If the handover does not occur even after the timer operation time has elapsed after the reauthentication request time, the reauthentication request module requests the handover management module to transmit a reauthentication request message to the target access point within the reconnection time limit.
상기 소켓 인터페이스(450)는 단말과 인증서버 간 소켓통신을 위한 것이다.The socket interface 450 is for socket communication between the terminal and the authentication server.
이하, 도 5 내지 도 7을 참조하여 전술한 구성을 갖는 이동단말이 핸드오버하는 과정을 구체적으로 설명한다. 도 5는 본 발명의 바람직한 실시예에 따른 이동단말이 이동하는 무선랜 시스템을 전체적으로 도시한 구성도 및 이동단말에서의 접속점들과의 수신신호세기를 표시한 그래프이다. 도 5를 참조하면, 본 발명에 따른 IEEE 802.11r의 국제표준에 따른 무선랜환경에서 사용자 프로파일의 설정에 따라 재인증 요청 모듈을 적용한 이동단말과 동일한 이동성 영역에 속한 접속점(510, 520)으로 구성되어있다. 접속점 A(510)는 이동단말이 현재 접속하고 있는 접속점이며, 접속점 B(520)는 이동단말이 핸드오버를 수행할 목표 접속점(Target AP)이다. 이동 단말이 접속점 A의 서비스 영역에서 B의 서비스 영역으로 이동함에 따라 신호 감쇄가 일어나고 신호강도가 T1인 지점에서 핸드오버 준비과정을 수행하고 신호강도가 T2 지점에서 핸드오버가 발생한다. 이동단말이 수신하는 현재 접속점(510)으로부터의 신호가 감쇄하여 신호강도가 T1이 되는 α시점에 이동단말은 목표 접속점 B(520)로 핸드오버 준비과정으로서 인증요청 메시지를 전송한다. 인증요청 메시지가 전송되는 시점 α부터 재인증 요청 모듈의 타이머를 구동하여 재접속 제한시간 및 재인증 요청시간을 카운트하게 된다. 만약 이때 현재 접속점으로부터의 수신신호강도가 T1 이하이고 T2 이상인 지점에서 이동단말이 이동을 멈추고 정지하는 상황이 발생하면, 신호강도 T2 이하로 감쇄하지 않아 핸드오버 발생이 지연된다. 이때, 타이머 구동 시간이 재인증 요청 시간을 경과한 때 핸드오버가 발생되지 않은 경우 재접속 제한 시간내에 재인증 요청 메시지를 목표접속점으로 전송하게 된다. Hereinafter, a process of handover by the mobile terminal having the above-described configuration will be described in detail with reference to FIGS. 5 to 7. FIG. 5 is a diagram showing the overall configuration of a wireless LAN system in which a mobile terminal moves according to a preferred embodiment of the present invention, and a graph showing received signal strengths with access points in the mobile terminal. Referring to FIG. 5, in the wireless LAN environment according to the international standard of IEEE 802.11r according to the present invention, access points 510 and 520 belonging to the same mobility area as the mobile terminal to which the re-authentication request module is applied according to the setting of the user profile are configured. It is. The access point A 510 is an access point to which the mobile terminal is currently connected, and the access point B 520 is a target access point to which the mobile terminal performs handover. As the mobile terminal moves from the service area of the access point A to the service area of the B, signal attenuation occurs, the handover preparation process is performed at the point where the signal strength is T1, and the handover occurs at the point T2. When the signal from the current access point 510 received by the mobile terminal is attenuated and the signal strength is T1, the mobile terminal transmits an authentication request message to the target access point B 520 as a preparation for handover. From the time α when the authentication request message is transmitted, the timer of the reauthentication request module is driven to count the reconnection timeout and the reauthentication request time. If a situation in which the mobile station stops moving and stops at a point where the received signal strength from the current connection point is less than T1 and more than T2 occurs, handover is delayed because the signal strength is not reduced to less than T2. At this time, if the handover does not occur when the timer driving time passes the reauthentication request time, the reauthentication request message is transmitted to the target access point within the reconnection time limit.
도 6은 본 발명의 바람직한 실시예에 따른 이동단말이 빠른 핸드오버 방법을 구현하기 위하여 접속점들과 송수신되는 데이터를 순차적으로 설명하기 위하여 도시한 흐름도이다. 도 6을 참조하면, 전술한 구조를 갖는 이동단말(500)은 초기 접속과정(단계 600)을 거쳐 현재 접속점과 통신을 하며, 수신하는 현재 접속점(510)의 신호세기가 T1이하가 되면 이동단말은 목표 접속점(520)으로의 핸드오버를 결정하고 인증요청 메시지를 목표 접속점(520)으로 전송하게 된다(단계601). 인증 요청 메시지를 전송한 후, 재인증 요청 모듈의 타이머를 구동하여 재인증 요청 시간 및 재접속 제한 시간을 카운트하며, 목표접속점(520)으로부터 인증 응답 메시지를 수신한다(단계 602). 6 is a flowchart illustrating a sequence of data transmitted and received with the access points in order for the mobile terminal to implement a fast handover method according to an embodiment of the present invention. Referring to FIG. 6, the mobile terminal 500 having the above-described structure communicates with the current access point through an initial access process (step 600), and when the signal strength of the received current access point 510 is less than or equal to T1. Determines handover to the target access point 520 and sends an authentication request message to the target access point 520 (step 601). After transmitting the authentication request message, the timer of the reauthentication request module is driven to count the reauthentication request time and the reconnection time limit, and an authentication response message is received from the target access point 520 (step 602).
이와 같이 상기 이동단말은 인증 요청 메시지를 전송하는 시점부터 재인증 요청 모듈의 타이머를 구동하게 된다. 이때, 도 5에 도시된 바와 같이 현재 접속점으로부터의 수신신호세기가 제1 임계값(T1) 이하인 시점에 인증 요청 메시지를 전송하므로 타이머를 구동시키게 된다. 타이머 구동 시간이 재인증 요청 시간을 경과한 후에 핸드오버가 발생되었는지 여부를 확인한다. 예컨대, 이동단말이 현재접속점으로부터의 수신신호세기가 T1인 지점에서 정지해 있다면 재접속 제한시간 내에 핸드오버가 발생하지 않을 것이다. 이와 같이 재접속 제한 시간보다 약간 짧은 재인증 요청 시간이 경과한 후에도 핸드오버가 발생되지 않은 경우, 재접속 제한 시간내에 재인증 요청 메시지를 목표 접속점으로 전송한다(단계 610). 재인증 요청 메시지를 받은 목표접속점(520)은 새로운 재인증 응답 메시지를 전송하며(단계 612), 이때 새로운 재접속 제한시간이 설정된다. As such, the mobile terminal drives the timer of the reauthentication request module from the time point at which the authentication request message is transmitted. In this case, as shown in FIG. 5, since the authentication request message is transmitted when the received signal strength from the current access point is less than or equal to the first threshold value T1, the timer is driven. Check whether handover has occurred after the timer run time has passed the reauthentication request time. For example, if the mobile station is stopped at the point where the received signal strength from the current access point is T1, no handover will occur within the reconnection timeout. If no handover occurs after the reauthentication request time slightly shorter than the reconnection time limit, the reauthentication request message is transmitted to the target access point within the reconnection time limit (step 610). The target access point 520 receiving the reauthentication request message transmits a new reauthentication response message (step 612), where a new reconnection timeout is set.
이후 이동단말이 현재 접속점으로부터의 수신신호세기가 T2인 지점을 지나게 되면 핸드오버가 일어나게 되고 상기한 방법으로 핸드오버가 예측시점보다 늦게 발생하더라도 이동단말은 재접속 요청 메시지를 전송하고(단계 620) 재접속 응답 메시지를 받는 절차를 통해 통신을 할 수 있게 된다(단계 622). Then, when the mobile terminal passes the point where the received signal strength from the current access point is T2, a handover occurs. Even if the handover occurs later than the expected time in the above manner, the mobile station transmits a reconnection request message (step 620). Communication is made through a procedure of receiving a response message (step 622).
이하, 도 7을 참조하여 본 발명에 따라 전술한 구조를 갖는 이동단말에서의 빠른 핸드오버 방법을 구체적으로 설명한다. 도 7은 본 발명에 따라 전술한 구조를 갖는 이동단말이 무선랜 환경에서 빠른 핸드오버를 수행하는 과정을 순차적으로 도시한 흐름도이다. Hereinafter, a quick handover method in a mobile terminal having the above-described structure according to the present invention will be described in detail with reference to FIG. 7. 7 is a flowchart sequentially illustrating a process of performing a fast handover in a WLAN environment by a mobile terminal having the above-described structure according to the present invention.
먼저, IEEE 802.11r이 적용된 이동단말이 무선랜 환경에 진입하여, 접속점(Access Point)에 처음으로 접속을 요청할 때 초기 완전 인증 접속 과정을 수행한다(단계 700). 초기 완전 인증 접속 과정은 도 2에서 설명된 것과 동일한 것으로서, 공개 인증 요청 및 응답 과정, 접속 요청 및 응답 과정, 인증서버로의 사용자 인증 과정, 4단계 핸드쉐이크 과정으로 이루어진다. 이러한 과정을 거친 후, 이동 단말은 암호화된 정보를 전송하여 접속점과 통신을 하게 된다(단계 710).First, when a mobile terminal to which IEEE 802.11r is applied enters a wireless LAN environment and performs a request for access to an access point for the first time, an initial fully authenticated access procedure is performed (step 700). The initial full authentication access process is the same as that described in FIG. 2 and includes a public authentication request and response process, an access request and response process, a user authentication process to the authentication server, and a four-step handshake process. After this process, the mobile terminal transmits the encrypted information to communicate with the access point (step 710).
다음, 이동단말은 접속점과의 수신 신호가 감쇄하면, 목표접속점으로의 핸드오버를 결정한다(단계 720). 이때, 목표접속점으로의 핸드오버를 결정하는 것은 도 5에 도시된 바와 같이 현재 접속점과의 수신 신호 세기가 사전에 설정된 제1 임계값(T1)이하로 감쇄한 경우이다. Next, if the received signal with the access point is attenuated, the mobile station determines handover to the target access point (step 720). In this case, the handover to the target access point is determined when the received signal strength with the current access point is attenuated below a predetermined first threshold value T1 as shown in FIG. 5.
핸드오버의 결정에 따라, 목표 접속점으로 인증요청(Authentication Request)메시지를 전송한다(단계 730). 다음, 이동 단말은 사용자 프로파일의 설정 정보를 판독하여 재인증 요청 모듈의 적용 여부를 결정한다(단계 740). In response to the handover determination, an Authentication Request message is sent to the target access point (step 730). Next, the mobile terminal reads the setting information of the user profile to determine whether to apply the reauthentication request module (step 740).
단계 740에서 재인증 요청 모듈이 적용되지 않는 경우, IEEE 802.11r 표준에 따라 인증 응답 메시지를 수신하고(단계 780), 재접속 제한 시간(τ)내에 핸드오버가 발생하는 경우(단계 782) 목표접속점과 재접속 요청 메시지 및 재접속 응답 메시지를 송수신하여(단계 770/775) 목표접속점으로의 핸드오버를 완료하게 된다. 그렇지 않은 경우, 목표접속점으로의 접속을 포기하고 초기 완전인증 접속절차를 다시 수행하게 된다. If the re-authentication request module is not applied in step 740, an authentication response message is received according to the IEEE 802.11r standard (step 780), and a handover occurs within the reconnection timeout (τ) (step 782). The reconnection request message and the reconnection response message are transmitted and received (steps 770/775) to complete the handover to the target access point. Otherwise, the connection to the target connection point is abandoned and the initial fully authenticated connection procedure is performed again.
단계 740에서 재인증 요청 모듈의 적용이 결정되면 타이머를 구동한다(단계 745). 다음, 이동 단말은 목표접속점으로부터 인증 응답(Authentication Response)메시지를 수신한다(단계 750). 다음, 이동단말은 상기 타이머가 사전 설정된 재인증 요청 시간내에 핸드오버가 발생했는지 여부를 판단한다(단계 760). 이때, 이동 단말은 기존의 접속점과의 수신신호세기가 제2 임계값 (T2)이하로 떨어지지 않으면 핸드오버를 수행하지 않으며, 기존의 접속점과의 수신신호세기가 제2 임계값(T2) 이하로 떨어지고 목표 접속점과의 수신 신호세기가 제2 임계값(T2) 이상인 경우에 목표접속점으로 핸드오버를 하게 된다. 여기서, 이동 단말은 목표접속점으로 재접속 요청 메시지를 전송한 경우에는 핸드오버가 발생했다고 판단한다. If the application of the re-authentication request module is determined in step 740, the timer is driven (step 745). Next, the mobile terminal receives an authentication response message from the target access point (step 750). Next, the mobile terminal determines whether a handover has occurred within a predetermined reauthentication request time at the timer (step 760). At this time, the mobile terminal does not perform the handover unless the received signal strength with the existing access point falls below the second threshold value T2, and the received signal strength with the existing access point falls below the second threshold value T2. When the received signal strength with the target connection point falls below the second threshold value T2, handover is performed to the target connection point. Here, when the mobile terminal transmits the reconnection request message to the target access point, it determines that a handover has occurred.
단계 760에서 재인증 요청 시간내에 핸드오버가 발생한 경우, 목표접속점으로 재접속 요청 메시지를 전송하고(단계 770) 목표접속점으로부터 재접속 응답 메시지를 수신함으로써(단계 775), 핸드오버를 완료하게 된다. If a handover occurs within the reauthentication request time in step 760, the handover is completed by sending a reconnection request message to the target access point (step 770) and receiving a reconnection response message from the target access point (step 775).
단계 760에서 재인증 요청 시간내에 핸드오버가 발생되지 않은 경우, 재접속 제한 시간내에 목표 접속점으로 재인증 요청 메시지를 전송하여 재인증을 요청하게 된다(단계 730). If the handover does not occur within the reauthentication request time in step 760, the reauthentication request message is transmitted to the target access point within the reconnection time limit to request reauthentication (step 730).
전술한 바와 같이, 본 발명에 따른 이동단말이 인정정보 재전송 요청 타이머 모듈을 적용하는 경우, 상기 타이머 모듈을 이용해 사전에 설정된 재인증 요청 시간 내에 이동단말이 핸드오버를 수행하지 않으면 목표접속점으로 다시 인증요청 매시지를 전송하고 인증 응답 메시지를 수신하여 목표접속점으로의 인증이 유효한 상태를 유지하도록 하고 초기 완전인증 접속단계를 반복하는 것을 방지한다.  As described above, when the mobile terminal according to the present invention applies the authentication information retransmission request timer module, if the mobile terminal does not perform a handover within a preset reauthentication request time using the timer module, the mobile station authenticates again to the target access point. Send a request message and receive an authentication response message to ensure that authentication to the target access point remains valid and to avoid repeating the initial full authentication access step.
이하, 도 8을 참조하여 본 발명에 따른 빠른 핸드오버 방법의 다른 실시예를 설명한다. 도 8은 본 발명의 다른 실시예를 도시한 시스템 구성도이다. 도 8을 참조하면, 본 실시예에 따른 IEEE 802.11r에서 사용자 프로파일 관리 모듈의 설정에 따라 재인증 요청 타이머 모듈을 적용한 이동단말과 동일한 이동성 영역에 속한 접속점(810, 820)으로 구성되어있다. 접속점 A(810)는 이동단말이 현재 접속하고 있는 접속점이며, 접속점 B(820)는 이동단말이 핸드오버를 수행할 목표 접속점(Target AP)이다. 이동 단말이 접속점 A의 서비스 영역에서 B의 서비스 영역으로 이동함에 따라 신호 감쇄가 일어나고 신호강도가 T1 지점에서 핸드오버 준비과정을 수행하기 위해 인증요청 메시지를 전송해야 하나 목표 접속점B(820)의 신호강도가 T2보다 약해서 인증요청 메시지에 대한 응답 메시지를 전송할 수 없는 상황이다. 본 발명을 적용한 이동단말은 이런 상황에서, T1시점이 아니라 t1시점 즉, 현재 접속점으로부터의 신호 강도가 T1 이하이고 목표 접속점의 신호 강도가 T2 이상이 되면, 목표접속점으로 인증요청 메시지를 전송하여 핸드오버 준비과정을 수행한다. 이때 재접속 제한시간 및 재인증 요청 시간은 인증 요청 메시지를 전송한 α시점부터 적용된다. 따라서, 인증 요청 메시지를 전송한 α시점부터 재인증 요청 시간이 경과한 후에도 핸드오버가 발생되지 않은 경우에는 재접속 제한 시간내에 목표접속점으로 재인증 요청 메시지를 전송하게 된다. Hereinafter, another embodiment of the fast handover method according to the present invention will be described with reference to FIG. 8. 8 is a system configuration diagram showing another embodiment of the present invention. Referring to FIG. 8, access points 810 and 820 belonging to the same mobility area as the mobile terminal to which the re-authentication request timer module is applied according to the setting of the user profile management module in the IEEE 802.11r according to the present embodiment are configured. The access point A 810 is an access point to which the mobile terminal is currently connected, and the access point B 820 is a target access point to which the mobile terminal performs handover. As the mobile terminal moves from the service area of the access point A to the service area of the B, a signal attenuation occurs and the signal strength should transmit an authentication request message to perform the handover preparation process at the point T1, but the signal of the target access point B 820 The strength is weaker than T2, so the response message for the authentication request message cannot be transmitted. In this situation, the mobile terminal applying the present invention transmits an authentication request message to the target access point when the signal strength from the current connection point is not more than T1, that is, the signal strength from the current connection point is less than T1 and the signal strength of the target connection point is more than T2. Perform over-preparation. At this time, the reconnection timeout and the reauthentication request time are applied from the time α sent the authentication request message. Therefore, if a handover does not occur even after the reauthentication request time elapses from the time of transmitting the authentication request message, the reauthentication request message is transmitted to the target access point within the reconnection time limit.
이러한 과정을 통해, 목표접속점으로 핸드오버하지 않은 상태에서 재접속 제한 시간이 경과하더라도, 재인증 요청 시간 경과후 재접속 제한 시간이 초과하기 전의 시점에 재인증 요청 과정을 수행함으로써 빠른 핸드오버를 할 수 있게 된다. Through this process, even if the reconnection timeout has elapsed without being handed over to the target access point, a quick handover can be performed by performing the reauthentication request process after the reauthentication request time has elapsed before the reconnection timeout has elapsed. do.
이상에서 본 발명에 대하여 그 바람직한 실시예를 중심으로 설명하였으나, 이는 단지 예시일 뿐 본 발명을 한정하는 것이 아니며, 본 발명이 속하는 분야의 통상의 지식을 가진 자라면 본 발명의 본질적인 특성을 벗어나지 않는 범위에서 이상에 예시되지 않은 여러 가지의 변형과 응용이 가능함을 알 수 있을 것이다. 그리고, 이러한 변형과 응용에 관계된 차이점들은 첨부된 청구 범위에서 규정하는 본 발명의 범위에 포함되는 것으로 해석되어야 할 것이다. Although the present invention has been described above with reference to preferred embodiments thereof, it is only an example and is not intended to limit the present invention, and those skilled in the art do not depart from the essential characteristics of the present invention. It will be appreciated that various modifications and applications which are not illustrated above in the scope are possible. And differences relating to such modifications and applications should be construed as being included in the scope of the invention defined in the appended claims.
본 발명은 무선랜(Local Area Network: LAN) 환경에서 빠른 핸드오버를 제공하기 위하여 널리 사용될 수 있으며, 특히 국제전기전자기술자협회(IEEE) 802.11r 작업그룹의 표준 문서인 802.11r-Amendment 2: Fast Basic Service Set(BSS) Transition에서 사용자 단말의 핸드오버 시 같은 이동성 영역 내에서 빠른 로밍을 지원해줄 수 있는 방법에 적용될 수 있다. 또한, 본 발명은 무선랜 기반의 모바일 환경에서 이동 단말이 같은 이동성 영역에 속한 새로운 목표 접속점 (Target Access Point)의 서비스 구역으로 핸드오버하는 경우에 사용자 프로파일 관리 모듈의 설정에 따라 재인증 요청 타이머 모듈을 적용함으로써, 고속 핸드오버 방법을 제공할 수 있게 된다. The present invention can be widely used to provide fast handover in a local area network (LAN) environment, and in particular, 802.11r-Amendment 2: Fast, which is a standard document of the IEEE 802.11r working group. The basic service set (BSS) transition can be applied to a method that can support fast roaming in the same mobility area when handover of a user terminal. In addition, the present invention provides a re-authentication request timer module according to the configuration of the user profile management module when the mobile terminal hands over to a service area of a new target access point belonging to the same mobility area in a WLAN-based mobile environment. By applying this, it is possible to provide a fast handover method.

Claims (9)

  1. 무선랜 환경에서의 이동 단말의 핸드오버 방법에 있어서, In a handover method of a mobile terminal in a wireless LAN environment,
    (a) 현재 접속점으로부터의 수신신호세기가 사전에 설정된 제1 임계값(T1) 이하로 떨어지는 경우, 목표접속점으로의 핸드오버를 결정하고 목표접속점으로 인증요청 메시지를 전송하는 단계;(a) determining the handover to the target access point and transmitting an authentication request message to the target access point when the received signal strength from the current access point falls below a preset first threshold value T1;
    (b) 재인증 요청 모듈의 적용 여부를 결정하는 단계;(b) determining whether to apply the reauthentication request module;
    (c) 상기 (b)단계의 결정에 따라 재인증 요청 모듈이 적용되면, 타이머를 구동하는 단계; (c) driving a timer if the reauthentication request module is applied according to the determination of step (b);
    (d) 상기 목표접속점으로부터 인증응답 메시지를 수신하는 단계;(d) receiving an authentication response message from the target access point;
    (e) 핸드오버가 수행되지 않은 상태에서 상기 타이머가 사전에 설정된 재인증 요청 시간을 경과한 경우, 사전에 설정된 재접속 제한 시간내에 상기 목표접속점으로 재인증 요청 메시지를 전송하는 단계;(e) transmitting a reauthentication request message to the target access point within a preset reconnection time limit when the timer passes a preset reauthentication request time without performing a handover;
    (f) 재접속제한시간내에 목표접속점으로 핸드오버가 수행되면, 목표접속점과 재접속 과정을 수행하는 단계;(f) if the handover is performed to the target access point within the reconnection time limit, performing a reconnection process with the target access point;
    를 구비하는 무선랜 환경에서의 이동단말의 빠른 핸드오버 방법. Fast handover method of a mobile terminal in a wireless LAN environment comprising a.
  2. 제1항에 있어서, 상기 (b)단계는 이동단말의 사용자 프로파일에 설정된 정보에 따라 재인증 요청 모듈의 적용 여부를 결정하는 것을 특징으로 하며, 상기 사용자 프로파일에 설정된 정보는 사용자의 선택에 의해 설정되는 정보이거나, 이동단말의 서비스의 종류에 따라 설정되는 정보인 것을 특징으로 하는 이동단말의 빠른 핸드오버 방법. The method of claim 1, wherein the step (b) determines whether to apply the reauthentication request module according to the information set in the user profile of the mobile terminal, wherein the information set in the user profile is set by the user's selection. Or information set according to the type of service of the mobile terminal.
  3. 제1항에 있어서, 상기 재인증 요청 시간은 상기 재접속 제한 시간보다 짧은 시간으로 설정되는 것을 특징으로 하는 이동단말의 빠른 핸드오버 방법.The method of claim 1, wherein the reauthentication request time is set to a time shorter than the reconnection time limit.
  4. 제1항에 있어서, 상기 (e) 단계에서 이동단말이 목표접속점으로 재접속요청메시지를 전송하지 않은 경우 이동 단말이 목표접속점으로 핸드오버를 수행하지 않았다고 판단하는 것을 특징으로 하는 이동단말의 빠른 핸드오버 방법. The fast handover of the mobile terminal according to claim 1, wherein if the mobile terminal does not transmit the reconnection request message to the target access point in step (e), it is determined that the mobile terminal has not performed the handover to the target access point. Way.
  5. 제1항에 있어서, 상기 (b)단계에서 상기 재인증 요청 모듈을 적용하지 않는 것으로 결정되는 경우, 목표접속점으로부터 인증응답메시지를 수신하고, 재접속제한시간내에 목표접속점으로 핸드오버가 발생하면 목표접속점과 재접속 과정을 수행하며, 재접속제한시간내에 목표접속점으로 핸드오버가 발생하지 않으면 인증정보를 무효로 하는 것을 특징으로 하는 이동단말의 빠른 핸드오버 방법. The target access point of claim 1, wherein when it is determined in step (b) that the re-authentication request module is not applied, an authentication response message is received from the target access point, and if a handover occurs to the target access point within the reconnection time limit, the target access point is detected. And performing a reconnection process, and invalidating the authentication information if a handover does not occur within the target access point within the reconnection time limit.
  6. 제1항에 있어서, 상기 재접속 제한 시간은 현재 접속점의 수신신호세기가 제1 임계값(T1)이하인 시점부터 시작되거나, 현재 접속점의 수신신호세기가 제1 임계값(T1)이하이고 목표접속점의 수신신호세기가 제2 임계값(T2) 이상인 시점부터 시작되며, 현재 접속점의 수신신호세기가 제2 임계값(T2) 이하인 시점에서 종료되는 것을 특징으로 하는 이동단말의 빠른 핸드오버 방법. The method of claim 1, wherein the reconnection timeout starts at a time when the received signal strength of the current access point is less than or equal to the first threshold value T1, or the received signal strength of the current access point is less than or equal to the first threshold value T1. A method for fast handover of a mobile terminal, characterized in that it starts at a time when the received signal strength is greater than or equal to the second threshold value (T2) and ends at a time when the received signal strength of the current access point is less than or equal to the second threshold value (T2).
  7. 인증관련정보를 저장하는 키관리 모듈;A key management module for storing authentication related information;
    이동 단말에 대한 사용자 프로파일을 저장 및 관리하는 사용자 프로파일 관리 모듈;A user profile management module for storing and managing a user profile for the mobile terminal;
    이동단말이 수신하는 수신신호세기에 따라 목표접속점으로의 핸드오버를 준비하거나 목표접속점으로의 핸드오버를 수행하는 핸드오버 관리 모듈;A handover management module for preparing a handover to a target access point or performing a handover to a target access point according to the received signal strength received by the mobile terminal;
    타이머를 구비하고, 상기 사용자 프로파일의 설정 조건에 따라 재인증 요청할지 여부를 결정하고, 상기 핸드오버 관리 모듈에 의해 목표 접속점으로 인증요청메시지를 전송한 때에 상기 타이머를 구동하고, 타이머의 구동 시간이 사전에 설정된 재인증 요청 시간을 경과한 후에도 핸드오버가 발생되지 아니한 경우에는 사전에 설정된 재접속 제한 시간내에 목표접속점으로 재인증 요청 메시지를 전송하는 재인증 요청 모듈;A timer, determining whether to request reauthentication according to a setting condition of the user profile, and driving the timer when the authentication request message is sent to the target access point by the handover management module, and the driving time of the timer A re-authentication request module for transmitting a re-authentication request message to a target access point within a preset reconnection time limit if a handover does not occur even after a predetermined re-authentication request time elapses;
    을 구비하여 다수 개의 접속점을 갖는 무선랜환경에서 빠른 핸드오버를 제공하는 이동단말.Mobile terminal providing a fast handover in a wireless LAN environment having a plurality of access points.
  8. 제7항에 있어서, 상기 재인증 요청 시간은 상기 재접속 제한 시간보다 짧은 것을 특징으로 하는 빠른 핸드오버를 제공하는 이동단말.8. The mobile terminal of claim 7, wherein the reauthentication request time is shorter than the reconnection time limit.
  9. 제7항에 있어서, 상기 사용자 프로파일은 상기 재인증 요청 모듈의 적용 여부를 사용자의 선택에 의해 설정하거나, 이동단말이 이용하는 서비스의 종류에 따라 설정하는 것을 특징으로 하는 빠른 핸드오버를 제공하는 이동단말. The mobile terminal of claim 7, wherein the user profile is set according to a user's selection of the application of the reauthentication request module or according to a type of service used by the mobile terminal. .
PCT/KR2009/006253 2008-12-12 2009-10-28 Fast handover method in a wireless lan, and mobile terminal adopting same WO2010067960A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2008-0126337 2008-12-12
KR1020080126337A KR100991169B1 (en) 2008-12-12 2008-12-12 Fast handover method in the wireless LAN and mobile device using the fast handover method

Publications (2)

Publication Number Publication Date
WO2010067960A2 true WO2010067960A2 (en) 2010-06-17
WO2010067960A3 WO2010067960A3 (en) 2010-08-05

Family

ID=42243154

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2009/006253 WO2010067960A2 (en) 2008-12-12 2009-10-28 Fast handover method in a wireless lan, and mobile terminal adopting same

Country Status (2)

Country Link
KR (1) KR100991169B1 (en)
WO (1) WO2010067960A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014003479A1 (en) * 2012-06-28 2014-01-03 주식회사 케이티 Aid reassignment method, and apparatus for performing said aid reassignment method
CN103797855A (en) * 2012-03-28 2014-05-14 日电(中国)有限公司 Method and apparatus for handover

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101328735B1 (en) * 2011-11-23 2013-11-11 숭실대학교산학협력단 Apparatus and method for connection cotrol in wireless network environment
KR102186849B1 (en) 2014-08-29 2020-12-04 영남대학교 산학협력단 Method of Load balancing for wireless network system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040077335A1 (en) * 2002-10-15 2004-04-22 Samsung Electronics Co., Ltd. Authentication method for fast handover in a wireless local area network
US20050177723A1 (en) * 2004-02-10 2005-08-11 Industrial Technology Research Institute SIM-based authentication method capable of supporting inter-AP fast handover
JP2007282129A (en) * 2006-04-11 2007-10-25 Sony Ericsson Mobilecommunications Japan Inc Radio information transmission system, radio communication terminal, and access point

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040077335A1 (en) * 2002-10-15 2004-04-22 Samsung Electronics Co., Ltd. Authentication method for fast handover in a wireless local area network
US20050177723A1 (en) * 2004-02-10 2005-08-11 Industrial Technology Research Institute SIM-based authentication method capable of supporting inter-AP fast handover
JP2007282129A (en) * 2006-04-11 2007-10-25 Sony Ericsson Mobilecommunications Japan Inc Radio information transmission system, radio communication terminal, and access point

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103797855A (en) * 2012-03-28 2014-05-14 日电(中国)有限公司 Method and apparatus for handover
WO2014003479A1 (en) * 2012-06-28 2014-01-03 주식회사 케이티 Aid reassignment method, and apparatus for performing said aid reassignment method

Also Published As

Publication number Publication date
WO2010067960A3 (en) 2010-08-05
KR20100067793A (en) 2010-06-22
KR100991169B1 (en) 2010-11-01

Similar Documents

Publication Publication Date Title
CN101014041B (en) Systems and methods for handoff in wireless network
KR101101060B1 (en) Apparatus, and an associated method, for facilitating fast transition in a network system
JP5421274B2 (en) Handover method between different radio access networks
EP1414262B1 (en) Authentication method for fast handover in a wireless local area network
US8549293B2 (en) Method of establishing fast security association for handover between heterogeneous radio access networks
CN1652630B (en) Method for generating access point addressable neighbouring areas map, the access point and wireless network
WO2010077007A2 (en) Handover method of mobile terminal between heterogeneous networks
WO2010019020A9 (en) Security protected non-access stratum protocol operation supporting method in a mobile telecommunication system
EP1708417B1 (en) An interactive method of a wireless local area network user terminal rechoosing a management network
US10887804B2 (en) Pre-roaming security key distribution for faster roaming transitions over cloud-managed Wi-Fi networks of heterogeneous IP subnets
WO2010065008A1 (en) Method and system for pre-authentication
EP1794915A1 (en) Method and system for fast roaming of a mobile unit in a wireless network
WO2010067960A2 (en) Fast handover method in a wireless lan, and mobile terminal adopting same
US8077682B2 (en) Secure roaming between wireless access points
WO2010067959A2 (en) Method and system for a high-speed handover in a wireless lan having a plurality of mobility domains
EP3182639A1 (en) A method and apparatus for handling keys for encryption and integrity
WO2017171835A1 (en) Key management for fast transitions
WO2011065790A2 (en) Method and apparatus for supporting idle mode handover in heterogeneous wireless communication system
Huang et al. SAP: seamless authentication protocol for vertical handoff in heterogeneous wireless networks
KR101434750B1 (en) Geography-based pre-authentication for wlan data offloading in umts-wlan networks
Rajavelsamy et al. A novel method for authentication optimization during handover in heterogeneous wireless networks
Kastell et al. Secure handover procedures
Balažia et al. Seamless handover in 802.11 networks
Marques et al. Fast, secure handovers in 802.11: back to the basis
KR20090075351A (en) System and method for authorizing a handover in mobile ip networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09832046

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09832046

Country of ref document: EP

Kind code of ref document: A2