WO2010096995A1 - 一种以分离mac模式实现会聚式wapi网络架构的方法 - Google Patents
一种以分离mac模式实现会聚式wapi网络架构的方法 Download PDFInfo
- Publication number
- WO2010096995A1 WO2010096995A1 PCT/CN2009/075536 CN2009075536W WO2010096995A1 WO 2010096995 A1 WO2010096995 A1 WO 2010096995A1 CN 2009075536 W CN2009075536 W CN 2009075536W WO 2010096995 A1 WO2010096995 A1 WO 2010096995A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- access controller
- wireless terminal
- site
- wai
- wapi
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Definitions
- the present invention relates to a method of implementing a converged WAPI network architecture in a split MAC mode. Background technique
- Wireless LAN in the autonomous architecture WLAN (Wireless Local Area Networks)
- the wireless access point AP Access Point
- the autonomous architecture is based on the WLAN authentication and security infrastructure.
- the network working mode of this autonomous architecture has gradually become an obstacle to the development of wireless technology due to its inherent defects.
- the AP acts as an Internet Protocol (IP) addressable device and needs to be managed independently, including monitoring, configuration, and control.
- IP Internet Protocol
- the wireless transmission medium is used as a shared resource.
- each AP In order to improve the performance of the network, each AP must be monitored in real time and dynamically updated according to the current usage of the shared medium, and manually configured and wirelessly transmitted. Media-related AP parameters will consume a lot of manpower and material resources.
- the WLAN of the autonomous architecture especially in the case of large-scale deployment, monitoring, configuring, and controlling the AP will impose a heavy management burden on the network. Moreover, maintaining the consistency of the AP configuration is also very difficult.
- the sharing and dynamic characteristics of the wireless transmission medium require that the APs in the network cooperate to achieve maximum network performance and minimum wireless interference, which puts higher requirements on AP configuration management.
- Security is one of the important factors to consider when designing a wireless network. Large-scale deployment will also pose a huge challenge to the security of WLAN. It can be seen that the working mode of the autonomous architecture WLAN is no longer suitable for the deployment of large-scale networks. It is urgent to design a WAPI-based converged WLAN network architecture, namely the WAPI thin AP architecture.
- the purpose of the present invention is to overcome the shortcomings of the above-mentioned autonomous WLAN network architecture, and to provide a separate media access control MAC (Medium Access Control) for implementing a wireless local area network security infrastructure WPI (WLAN Privacy Infrastructure) by an access controller AC (Access Controller).
- MAC Medium Access Control
- WPI wireless local area network security infrastructure
- AC Access Controller
- the technical solution of the present invention is:
- the present invention is a method for implementing a converged WAPI network architecture in a split MAC mode, which is special in that: the method includes the following steps:
- MAC mode separating the MAC function and the WAPI function of the wireless access point to the wireless terminal point and the access controller respectively;
- step 2.1) The specific steps of step 2.1) above are as follows: 2.1.1)
- the station passively listens to the beacon frame of the wireless terminal point to obtain the parameter of the wireless terminal point including the WAPI information element; or the station actively sends the inquiry request frame to the wireless terminal point, and the wireless terminal point receives the inquiry request frame of the station.
- Sending a query response frame to the site, and the site receives the query response frame to obtain a parameter of the wireless terminal point including the WAPI information element;
- the WAPI information element includes an authentication and key management suite and a cipher suite supported by the wireless terminal point;
- the station sends a link verification request frame to the access controller to request link verification with the access controller;
- the access controller sends a link verification response frame to the station according to the link verification request frame of the station;
- the station sends an association request frame to the access controller, and the request is associated with the access controller.
- the site includes the WAPI information element in the association request frame to determine the authentication and key management suite and password selected by the site. Kit
- step 2.2) The access controller resolves the association request frame of the site and sends an association response frame to the site.
- the access controller sends a WAI to the wireless terminal to start the execution notification, and informs the wireless terminal to include the MAC address, the WLAN ID number, and the authentication start identifier information of the station, where the authentication start identifier is used to notify the wireless terminal to close the controlled port. , only forwarding WAI protocol data from the corresponding site;
- the wireless terminal sends a WAI to the access controller to start the notification response message.
- step 2.3) The specific steps of step 2.3) above are as follows:
- step 2.4 The specific steps of step 2.4) above are as follows:
- the access controller sends a WAI end execution notification to the wireless terminal, informing the wireless terminal of information including the station's MAC address, WLAN ID, and authentication end identifier, wherein the authentication end identifier is used to inform the wireless terminal to open the controlled port. Forward all data from the corresponding site, including WAI protocol data and non-WAI protocol data;
- step 2.5) The wireless terminal point sends a WAI End Execution Notification Response message to the access controller.
- the specific steps of step 2.5) above are as follows:
- the access controller encrypts and sends data to the site
- the access controller decrypts data from the site.
- the present invention provides a communication flow between entities in a split WLAN network architecture in a MAC mode, and separates the MAC function and the WAPI function of the AP into a wireless terminal point (WTP) and an AC, implemented by WTP.
- WTP wireless terminal point
- the present invention has the following advantages: it proposes a method for implementing a converged WAPI network architecture in a split MAC mode, and overcomes the limitation that the current autonomous network architecture based on the WAPI protocol cannot be applied to large-scale WLAN deployment requirements. Sex. It adopts a split MAC mode to achieve unified monitoring, configuration and control of the WTP by the AC, so as to achieve centralized management of WTP in the WLAN.
- the WAPI protocol is implemented by the AC, and the WAPI protocol and the convergence WLAN architecture are not available.
- the seam is fused to ensure the security of the WLAN.
- the present invention not only satisfies the large-scale deployment requirements of WLAN, but also ensures the security of the WLAN under the converged architecture.
- FIG. 1 is a flow chart of a convergence WAPI network architecture message of a split MAC mode implemented by AC in the AC;
- MAC mode Separate the MAC function and WAPI function of the AP into WTP and AC respectively;
- STA passively listens to WTP beacon frames to obtain WTP related parameters, including WAPI information elements, such as WTP-supported authentication and key management suites and cipher suites; or STAs actively send interrogation request frames to WTP.
- WAPI information elements such as WTP-supported authentication and key management suites and cipher suites
- STAs actively send interrogation request frames to WTP.
- the WTP After receiving the inquiry request frame of the STA, the WTP sends the STA to the STA.
- the STA receives the WTP's inquiry response frame to obtain WTP related parameters, including WAPI information elements, for example, WTP-supported authentication and key management suites and cipher suites;
- the STA After obtaining the WTP probe response, the STA sends a link verification request frame to the AC to request link verification with the AC;
- the AC sends a link verification response frame to the STA according to the link verification request frame of the STA;
- the STA sends an association request frame to the AC, and the request is associated with the AC.
- the STA includes the WAPI information element in the association request to determine the authentication and key management suite and the cipher suite selected by the STA;
- the AC resolves the association request frame of the STA, and sends an association response frame to the STA.
- the AC sends a WAI to the WTP to start the execution notification, and informs the WTP of the information including the MAC address, the WLAN ID number, the authentication start identifier, and the like of the STA, where the authentication start identifier is used to notify the WTP to close the controlled port, and only forwards the corresponding STA from the corresponding STA.
- WAI protocol data
- WTP sends a WAI to the AC to start the notification response message.
- the AC sends a WAI Ending Execution Notice to the WTP, informing the WTP of the STA including the MAC address, the WLAN ID, and the authentication end identifier of the STA.
- the authentication end identifier is used to inform the WTP to open the controlled port and forward all data from the corresponding STA. , including WAI protocol data and non-WAI protocol data;
- WTP sends a WAI Ending Execution Notification Response message to the AC.
- a secure channel can be preset between the AC and the WTP, and the secure channel can establish a private network between the AC and the WTP or utilize a security protocol (such as a datagram transport layer security DTLS). (Datagram Transport Layer Security) protocol to build,
- a security protocol such as a datagram transport layer security DTLS. (Datagram Transport Layer Security) protocol to build,
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/203,645 US8813199B2 (en) | 2009-02-27 | 2009-12-14 | Method for realizing convergent WAPI network architecture with separate MAC mode |
JP2011551392A JP5208285B2 (ja) | 2009-02-27 | 2009-12-14 | スプリットmacモードによる集中型wapiネットワークアーキテクチャの実現方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009100214230A CN101577905B (zh) | 2009-02-27 | 2009-02-27 | 一种以分离mac模式实现会聚式wapi网络架构的方法 |
CN200910021423.0 | 2009-02-27 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010096995A1 true WO2010096995A1 (zh) | 2010-09-02 |
Family
ID=41272653
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2009/075536 WO2010096995A1 (zh) | 2009-02-27 | 2009-12-14 | 一种以分离mac模式实现会聚式wapi网络架构的方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US8813199B2 (zh) |
JP (1) | JP5208285B2 (zh) |
CN (1) | CN101577905B (zh) |
WO (1) | WO2010096995A1 (zh) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101646171B (zh) * | 2009-02-27 | 2011-08-17 | 西安西电捷通无线网络通信股份有限公司 | 以分离mac模式实现wapi与capwap融合的方法 |
CN101577904B (zh) | 2009-02-27 | 2011-04-06 | 西安西电捷通无线网络通信股份有限公司 | 以分离mac模式实现会聚式wapi网络架构的方法 |
CN101577905B (zh) | 2009-02-27 | 2011-06-01 | 西安西电捷通无线网络通信股份有限公司 | 一种以分离mac模式实现会聚式wapi网络架构的方法 |
CN101577978B (zh) | 2009-02-27 | 2011-02-16 | 西安西电捷通无线网络通信股份有限公司 | 一种以本地mac模式实现会聚式wapi网络架构的方法 |
CN102006590A (zh) * | 2009-09-03 | 2011-04-06 | 中兴通讯股份有限公司 | 一种在wapi终端间实现直接通信的系统及方法 |
EP3006548B1 (en) | 2014-10-08 | 2017-05-10 | The Procter and Gamble Company | Fabric enhancer composition |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1996840A (zh) * | 2006-12-29 | 2007-07-11 | 西安西电捷通无线网络通信有限公司 | 一种基于wapi的无线局域网运营方法 |
CN101155396A (zh) * | 2006-09-25 | 2008-04-02 | 联想(北京)有限公司 | 一种终端结点切换方法 |
CN101577905A (zh) * | 2009-02-27 | 2009-11-11 | 西安西电捷通无线网络通信有限公司 | 一种以分离mac模式实现会聚式wapi网络架构的方法 |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FI111208B (fi) | 2000-06-30 | 2003-06-13 | Nokia Corp | Datan salauksen järjestäminen langattomassa tietoliikennejärjestelmässä |
US6996714B1 (en) | 2001-12-14 | 2006-02-07 | Cisco Technology, Inc. | Wireless authentication protocol |
US7325246B1 (en) | 2002-01-07 | 2008-01-29 | Cisco Technology, Inc. | Enhanced trust relationship in an IEEE 802.1x network |
US6788658B1 (en) * | 2002-01-11 | 2004-09-07 | Airflow Networks | Wireless communication system architecture having split MAC layer |
US7525984B2 (en) * | 2003-07-23 | 2009-04-28 | Mediatek Inc. | Method and apparatus for unifying MAC protocols |
US8713626B2 (en) | 2003-10-16 | 2014-04-29 | Cisco Technology, Inc. | Network client validation of network management frames |
US7461248B2 (en) | 2004-01-23 | 2008-12-02 | Nokia Corporation | Authentication and authorization in heterogeneous networks |
US7426550B2 (en) | 2004-02-13 | 2008-09-16 | Microsoft Corporation | Extensible wireless framework |
CN1681239B (zh) | 2004-04-08 | 2012-01-04 | 华为技术有限公司 | 在无线局域网系统中支持多种安全机制的方法 |
CN100527668C (zh) | 2004-04-24 | 2009-08-12 | 华为技术有限公司 | 实现wapi协议与802.1x协议兼容的方法 |
US7483996B2 (en) * | 2004-11-29 | 2009-01-27 | Cisco Technology, Inc. | Techniques for migrating a point to point protocol to a protocol for an access network |
US7907734B2 (en) | 2005-03-04 | 2011-03-15 | Panasonic Corporation | Key distribution control apparatus, radio base station apparatus, and communication system |
CN100369434C (zh) | 2006-07-31 | 2008-02-13 | 西安西电捷通无线网络通信有限公司 | 无线局域网中实现基于wapi体制的虚拟局域网的方法 |
US20080072047A1 (en) * | 2006-09-20 | 2008-03-20 | Futurewei Technologies, Inc. | Method and system for capwap intra-domain authentication using 802.11r |
JP2008131445A (ja) | 2006-11-22 | 2008-06-05 | Canon Inc | ファクシミリ装置、及びその制御方法、プログラム、記憶媒体 |
CN100583752C (zh) | 2006-11-30 | 2010-01-20 | 北京中电华大电子设计有限责任公司 | 802.11芯片中wapi、ccmp共存的方法和装置 |
WO2008069520A1 (en) | 2006-12-07 | 2008-06-12 | Electronics And Telecommunications Research Institute | Ip converged mobile access gateway for 3g mobile service and service method using the same |
US7991152B2 (en) * | 2007-03-28 | 2011-08-02 | Intel Corporation | Speeding up Galois Counter Mode (GCM) computations |
US8335490B2 (en) * | 2007-08-24 | 2012-12-18 | Futurewei Technologies, Inc. | Roaming Wi-Fi access in fixed network architectures |
US8713329B2 (en) * | 2009-02-26 | 2014-04-29 | Red Hat, Inc. | Authenticated secret sharing |
CN101577978B (zh) | 2009-02-27 | 2011-02-16 | 西安西电捷通无线网络通信股份有限公司 | 一种以本地mac模式实现会聚式wapi网络架构的方法 |
CN101577904B (zh) | 2009-02-27 | 2011-04-06 | 西安西电捷通无线网络通信股份有限公司 | 以分离mac模式实现会聚式wapi网络架构的方法 |
-
2009
- 2009-02-27 CN CN2009100214230A patent/CN101577905B/zh not_active Expired - Fee Related
- 2009-12-14 JP JP2011551392A patent/JP5208285B2/ja active Active
- 2009-12-14 US US13/203,645 patent/US8813199B2/en active Active
- 2009-12-14 WO PCT/CN2009/075536 patent/WO2010096995A1/zh active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101155396A (zh) * | 2006-09-25 | 2008-04-02 | 联想(北京)有限公司 | 一种终端结点切换方法 |
CN1996840A (zh) * | 2006-12-29 | 2007-07-11 | 西安西电捷通无线网络通信有限公司 | 一种基于wapi的无线局域网运营方法 |
CN101577905A (zh) * | 2009-02-27 | 2009-11-11 | 西安西电捷通无线网络通信有限公司 | 一种以分离mac模式实现会聚式wapi网络架构的方法 |
Non-Patent Citations (1)
Title |
---|
XIANG WANG: "Communication Protocol of Centralized WLAN Architecture", COMPUTER ENGINEERING, vol. 34, no. 22, November 2008 (2008-11-01), pages 115 - 117 * |
Also Published As
Publication number | Publication date |
---|---|
US8813199B2 (en) | 2014-08-19 |
JP5208285B2 (ja) | 2013-06-12 |
CN101577905B (zh) | 2011-06-01 |
US20110307943A1 (en) | 2011-12-15 |
JP2012519398A (ja) | 2012-08-23 |
CN101577905A (zh) | 2009-11-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2010096997A1 (zh) | 一种以本地mac模式实现会聚式wapi网络架构的方法 | |
AU2004244634B2 (en) | Facilitating 802.11 roaming by pre-establishing session keys | |
EP3082354B1 (en) | Location privacy protection methods and devices | |
CN101557592B (zh) | 一种会聚式wlan中由ac完成wpi时的sta漫游切换方法及其系统 | |
WO2011144174A1 (zh) | 配置接入设备的方法、装置及系统 | |
WO2012075863A1 (zh) | 无线局域网集中式802.1x认证方法及装置和系统 | |
WO2010096995A1 (zh) | 一种以分离mac模式实现会聚式wapi网络架构的方法 | |
WO2013174267A1 (zh) | 无线局域网络的安全建立方法及系统、设备 | |
WO2022147803A1 (zh) | 安全通信方法及设备 | |
WO2010096998A1 (zh) | 以分离mac模式实现会聚式wapi网络架构的方法 | |
WO2010096996A1 (zh) | 以本地mac模式实现wapi与capwap融合方法 | |
WO2010130132A1 (zh) | 一种会聚式wlan中由无线终端点完成wpi时的站点切换方法及系统 | |
WO2010130129A1 (zh) | 会聚式wlan中由访问控制器完成wpi时的站点切换方法及其系统 | |
WO2010097003A1 (zh) | 以分离mac模式实现wapi与capwap融合方法 | |
CN102883265B (zh) | 接入用户的位置信息发送和接收方法、设备及系统 | |
WO2010097004A1 (zh) | 一种以分离mac模式实现wapi与capwap融合的方法 | |
WO2012116599A1 (zh) | 安全隧道建立方法和基站 | |
WO2022067827A1 (zh) | 一种密钥推衍方法及其装置、系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09840663 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13203645 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011551392 Country of ref document: JP |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 09840663 Country of ref document: EP Kind code of ref document: A1 |