WO2010130133A1 - Method and system for station switching when wpi is implemented by access controller in convergent wlan - Google Patents

Method and system for station switching when wpi is implemented by access controller in convergent wlan Download PDF

Info

Publication number
WO2010130133A1
WO2010130133A1 PCT/CN2009/075566 CN2009075566W WO2010130133A1 WO 2010130133 A1 WO2010130133 A1 WO 2010130133A1 CN 2009075566 W CN2009075566 W CN 2009075566W WO 2010130133 A1 WO2010130133 A1 WO 2010130133A1
Authority
WO
WIPO (PCT)
Prior art keywords
access controller
destination
station
wireless terminal
site
Prior art date
Application number
PCT/CN2009/075566
Other languages
French (fr)
Chinese (zh)
Inventor
铁满霞
曹军
杜志强
赖晓龙
黄振海
Original Assignee
西安西电捷通无线网络通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN200910022527.3 priority Critical
Priority to CN 200910022527 priority patent/CN101557592B/en
Application filed by 西安西电捷通无线网络通信有限公司 filed Critical 西安西电捷通无线网络通信有限公司
Publication of WO2010130133A1 publication Critical patent/WO2010130133A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/04Key management, e.g. by generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0083Determination of parameters used for hand-off, e.g. generation or modification of neighbour cell lists
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]

Abstract

A method and system for a station switching when WPI (WLAN (Wireless Local Area Network) Privacy Infrastructure) is implemented by an access controller in a convergent WLAN are disclosed by the present invention. The method includes the following steps: the station re-associates with a destination access controller via a destination wireless terminal point; the destination access controller requests a base key or unicast session key from the associated access controller; the associated access controller informs the associated wireless terminal point to delete the station; the destination access controller informs the destination wireless terminal point to add the station; the station and the destination access controller negotiate about a session key based on the requested unicast session key or base key; the destination access controller informs the destination wireless terminal point to turn on the controlled port. By the present invention, in the convergent WLAN based on WAPI (WLAN Authentication and Privacy Infrastructure) protocol, the station can roam and switch rapidly and safely between different wireless terminal points of different controllers.

Description

One kind of centralized WLAN station in the present application and system switching method done by the access controller WPI claims May 14, 2009 filed Chinese Patent Application No. 2009100225 27.3, entitled as "a centralized WLAN by priority STA roaming method and system of handover completion AC WPI "the Chinese patent application in its entirety by reference in the present application. FIELD

The present invention relates to communication technologies, and particularly relates to one kind of time completed by the centralized WLAN access controller WPI site handover method and system. Background technique

Currently wireless LAN i or network (Wireless Local Are a Network, abbreviated WLAN) based WLAN Authentication and Privacy Infrastructure (WLAN Authentication and Privacy Infrastructure, referred to as WAPI) protocol station (Station, referred to as STA) roaming handover methods are the under the proposed autonomous WLAN architecture, it can not be directly applicable to WAPI-based convergent WL AN architecture. In the centralized WLAN architecture, the access controller (Access Contra Her, referred to as the AC), such as wireless routers or switches wireless access control device identification centralized management and policy enforcement functions WLA N These devices can also provide centralized bridge, forwarding, user data encryption and decryption functions. SUMMARY

In order to solve the convergent one kind of WLAN architecture, when the wireless LAN access controller by a confidential basis of the background art due to the current presence of a WLAN STA based WAPI roaming handover method only for defects autonomous architecture, the present invention provides when the structure (WLAN Privacy Inf rastructure, referred WPI), a method of switching between a wireless terminal point (Wirele ss terminal point, abbreviated WTP) at different sites of the access controller and system. Here the access controller may also be replaced by a wireless device such as wireless routers or switches.

Technical solutions of the present invention is: when one kind of the present invention provides a centralized WLAN access controller WPI accomplished by a method for switching site. The method comprising:

Site re-associate the wireless terminal connected through the destination point and the destination access controller; object access controller requests a unicast session key or a group key to the access controller is associated; linked access controller associated with the wireless terminal notification point deletion site ;

Object access controller notifies destination wireless terminal point joining station;

Site and object-based access controller requested unicast session key a session key or a group key agreement;

The purpose access controller to inform the destination wireless terminal point to open the controlled port.

Re-associating site for the above-described connection point and the destination wireless terminal access controller object, specifically comprising:

Passive Listening site destination wireless terminal point of a beacon frame to obtain the relevant parameters of the wireless terminal point object comprises including the WAPI, the WAPI information element includes a destination wireless terminal point of support authentication and key management suite and a cipher suite; or station sends to the destination wireless terminal point polling request frame, the destination wireless terminal point polling station received the request frame transmits polling response frame to the station, i.e. station receives polling response frame to obtain the desired wireless terminal comprises an information element including WAPI point of the relevant parameters, which includes the WAPI destination wireless terminal point of support authentication and key management suite and a cipher suite;

A local media access control (Medium Access Control, abbreviated MAC) mode, the station sends a link to the destination wireless terminal point authentication request frame, the link authentication, the wireless terminal point between the object and the request destination wireless terminal station according dot chain Road authentication request frame, a response frame to the station transmitting a link authentication; MAC in the separation mode, the station sends a link authentication request frame to the access controller object, a link between the authentication object and the requested access controller, the access controller object the link station authentication request frame, a response frame to the station transmitting a link authentication; the link after the verification is successful, the station sends a reassociation request frame to the object access controller, the access controller for the purpose of requesting a re-association, re-association sites request frame comprises a wireless terminal currently associated with the identification point, the controller has associated access identification information element and the WAPI determine the site of the selected authentication and key management suite and a cipher suite; wherein the site of the selected authentication and key management suite and password kits have been associated with the best and the associated access controller The same suite selected; reassociation object access controller parses site request frame transmits a reassociation response frame to the station.

The above object access controller linked to the access controller request unicast session key or a group key, specifically comprising:

Using the object access controller between the access controller already associated with a pre-established secure channel has been sent to the associated access controller unicast session key or a group key request information, which contains information about the site deleted;

Linked controller access request information according to the unicast session key or a group key object access controller linked using a secure channel between the access controller and the access controller transmits to the object of the object access controller unicast session key or a group key, wherein the sending unicast session key to the destination access controller or completely equal to the linked site and unicast session key between the access controller, or by a single site between the access controller and the linked multicast session key calculated by the one-way function using the spreading parameters; group key is sent to the destination access controller or completely equal to the base key between the access controller and the linked sites, or sites accessed by and linked to group key using the extended parameter calculated by the controller between a one-way function; extension parameters between stations is known in advance and the object access controller parameters.

Above linked access controller associated with the wireless terminal notification point deletion site may specifically include: the controller has associated access information in the site information in accordance with a request to delete the unicast session key or a group key object access controller, linked to the the wireless terminal control point transmits the wireless access point and configuration protocol (control and Provisioning of wireless access points protocol, referred to as CAP WAP) site configuration request (Station configuration request) message, the message including the deletion site (delete Station) and other message elements;

Linked wireless terminal point access controller transmits to the linked site CAPWAP Configuration Response (S tation Configuration Response) message that contains the result code for identifying the processing result of the configuration request message to the CAPWAP site (Result Code) message elements.

The above object access controller notifies destination wireless terminal point joining station, may specifically include: object access controller sends CAPWAP station configuration request (Statio n Configuration Request) message to the destination wireless terminal point, the request message includes a force mouth site (Add Station), GB15629.il joining station (GB15629.il Add Station), GB15629.il site session key (GB15629.il Station session key) message element; wherein, GB15629.il site session key message elements is set to a 1, used to inform the destination wireless terminal point WTP off controlled port, forwarding only the WLAN authentication infrastructure (WLAN authentication infrastructure, referred WAI) protocol data from the corresponding station;

The destination wireless terminal station to the destination node sends CAPWAP Configuration Response access controller (Statio n Configuration Response) message, the response message including the processing result CAPWAP station for identifying the transmitting terminal to the destination wireless access point for purposes of the controller configuration request message result code (result code) message elements.

Site access controller with the above-described object-based unicast key negotiation session key a session key or a group requested, may specifically comprise:

When object access controller linked to the access request from the controller is a base key, the access controller and the station for the purpose of WAI unicast key negotiation based on the basic key request; specifically include: from the destination wireless terminal point according CAPWAP WAI unicast key negotiation data encapsulation format of the package, forwarded to the station after the unsealing of the object access controller; destination wireless terminal point of WAI unicast key negotiation data from the site, in accordance with the data encapsulation format CAPWAP after encapsulation, the access controller transmits to the destination;

When the object of access request from the controller is a unicast session key, and the station for the purpose of access controller WAI multicast key announcement; specifically include: destination wireless terminal point of access to the controller from the object, according to the data encapsulation format CAPWAP WAI encapsulated multicast key announcement data, transmitted to site after unpacking; the destination wireless terminal point of WAI multicast key announcement from the station data, encapsulated in accordance with the data encapsulation format CAPWAP, the access controller transmits to the destination.

The above object access controller to inform the destination wireless terminal point to open the controlled port, may specifically include: object access controller sends CAPWAP station configuration request (Statio n Configuration Request) message to the destination wireless terminal point, and the message contains the request to force the mouth site (Add Station), GB15629.il joining station (GB15629.il Add Station), GB15629.il site session key (GB15629.il Station session key) message element; wherein the message session key site elements is set to C 1, used to inform the destination wireless terminal point to open the controlled port corresponding to the site, forwards all data from the site, including WAI WAI protocol data and non-data protocol;

The destination wireless terminal station to the destination node sends CAPWAP Configuration Response access controller (Statio n Configuration Response) message, the response message containing the processing result for CAPWAP site identifier sent to the destination wireless terminal point of the object access controller configuration request message the result code (result code) message elements.

The present invention further provides a centralized WLAN when one kind of done by a site access controller WPI switching system, the system comprising:

Object access controller, the access controller linked, destination wireless terminal point, end point, and has been associated with the wireless station;

The object of the station performed by the wireless terminal and the destination access point reassociation connection controller; the destination access controller requests a unicast session key or a group key to the access controller is associated; access controller linked to the notification delete the site associated with the wireless terminal point;

The destination access point controller notifies the destination wireless terminal station is added;

The access controller and the destination station based on the requested session unicast key negotiation session key or key group.

The present invention provides a system and method for switching the site one kind of centralized WLAN access controller are performed by the WPI, by caching the base key between the STA and the AC generated by the WAI or negotiated unicast session key, the STA roams the switching process using the group key or buffered unicast session key to generate a session key between the WTP and the destination STA, based CAPWAP control message added to achieve between AC and the WTP site, the site deleted, synchronous operation key, the present invention enables roaming of the STA to switch between the different AC WTP of quickly and safely. BRIEF DESCRIPTION

In order to more clearly illustrate the technical solutions in the embodiments or the prior art embodiment of the present invention, the accompanying drawings briefly described embodiments or the prior art needed to be used in describing the embodiments. Apparently, the drawings in the following description only some embodiments, those of ordinary skill in the art is concerned, without any creative effort, and may still derive other drawings from the accompanying drawings of the present invention.

Site 1 of the present invention to provide roaming handover scenario schematic embodiment;

Site roaming handover method flowchart FIG. 2 embodiment of the present invention provides. detailed description

Below in conjunction with the accompanying drawings of the present invention in embodiments, the technical solutions in the embodiments of the present invention are clearly and completely described, obviously, the described embodiments are merely part of embodiments of the present invention rather than all embodiments. Based on the embodiments of the present invention, all other embodiments to those of ordinary skill in the art without paying creative work at the obtained fall within the scope of the present invention.

Referring to Figure 1, the present invention is obtained by AC between the STA and by WAI (WLAN Authentication Infrastructure) generated key negotiation group (Base Key, referred to as BK) or unicast session key (U nicast Session Key, USK abbreviated) buffer using the roaming of the STA during the handover or USK cache generates a session key BK between the WTP and the destination STA, STA and CAPWAP control messages between AC and implemented based WTP added, deleted STA, synchronous operation key proposed which is based on the centralized WLAN architecture of the W API, STA fast secure roaming method and system switching between different AC at the WTP.

Referring to Figure 2, the present invention provides a method in ST A between WTP roaming under different AC switch embodiments, the method may include the steps of:

Step 1: STA re-associate with the connection through the destination object WTP AC. Step 1 may include: Step 11: STA listens for beacon frames passive object WTP related parameter comprises obtaining the WAPI including the WTP purpose, the object of the WAPI WTP support element comprising authentication and key management suite and a cipher suite and the like; or the destination STA sends WTP polling request frame, the STA receive object WTP polling request frame transmits polling response frame to the STA, STA receives polling response frame correlation is obtained i.e. WTP object comprises an information element including the WAPI parameters, including the purpose of the WAPI information element WTP support for authentication and key management suite and passwords kits;

Step 12: In the local MAC mode, WTP STA request frame to transmitting a link authentication purposes, the link authentication, the request and the destination object between WTP WTP link authentication request frame according to the STA, a response frame to the verification link sent ST ; MAC in split mode, STA transmitting a link authentication request frame, a link authentication request, the object of the object between the AC AC link authentication request frame according to the STA, transmitting a link authentication response frame to the STA to the AC object;

Step 13: After the link verification is successful, the STA sends a reassociation request frame object AC, AC for the purpose of requesting a re-association, the STA re-association request frame includes the identifier currently associated WTP, linked identifier AC, and WAPI STA to determine the same information elements of the selected authentication and key management suite and a cipher suite, etc., in which, the STA selected authentication and key management suite and cipher suites isochronous preferably associated with AC and its initial selected package; AC parsing object STA reassociation request frame, transmits a reassociation response frame to the STA.

Step 2: The purpose of the AC to the AC request USK linked or extended unicast session key (Extended U

SK, referred EUSK) or a group or extended key BK (Extended BK, Acronym EBK). 2 may comprise the step of:

Step 21: Linked between AC and using a pre-established secure channel to the linked object AC or AC transmission USK EBK EUSK or BK or request information, which includes information STA deleted.

Step 22: The purpose of the AC request information or EUSK USK or BK or the EBK, AC, linked, EUSK = F (USK, extended parameter), EBK = F (ΒΚ, extended parameter), extended parameters

STA object and AC parameters known in advance, such as the MAC address of both, F is a one-way function.

Step 3: Linked notice has been associated with AC WTP deleted STA. 3 may include the step of:

Step 31: Linked AC requested information STA deletes the information in accordance with the purpose of the AC USK or EUSK or BK or the EBK, the linked WTP sent CAPWAP station configuration request (Station Confi guration Request) message, the message including the deletion site (Delete Station ) and other message elements. Remove Site news elements may include the MAC address of the station.

Step 32: WTP linked to the linked site AC transmission CAPWAP Configuration Response (Station

Configuration Response) message that contains the result code for identifying the processing result of the site CAPWAP Configuration Request (Station Configuration Request) message of (Result Code) message elements.

Step 4: The object of the AC for notification purposes WTP added STA. 4 may comprise the step of:

Step 41: transmitting to a destination object AC WTP CAPWAP Configuration Request station (Station Confi guration Request) message, which contains the site was added (Add Station), GB15629.il joining station (GB15629.il Add Station), GB15629.il session secret site key (GB156

29.11 Station Session Key) and other message elements; wherein, GB15629.il site session key (G

B15629.ll Station Session Key) A message elements is set to 1, for the purpose of informing WT

P off controlled port, forwarding only WAI protocol corresponding to the STA from the data;

Step 42: The purpose of WTP transmitting CAPWAP Configuration Response station (Station Confi guration Response) message to the destination AC, wherein the processing result comprises a result code for identifying the site of CAPWAP Configuration Request (Stat ion Configuration Request) message of (Result Code) information element .

Step 5: STA based on the object key USK AC or EUSK or BK or EBK requested session negotiation. 5 may include the step of:

Step 51: When the destination unicast key negotiation AC to AC when the request is linked or EBK BK, AC and STA ^ BK object or requested EBK in the WAI; specifically include: object pair WTP after unsealing forwarded to the STA; WTP object WAI unicast key negotiation for data transmission from the STA to the AC object encapsulates data in accordance with CAP WAP encapsulation; AC when the linked object is requested USK AC or EUSK, omitting step 51 perform step 52;

Step 52: The purpose of the STA and AC WAI multicast key announcement; specifically include: forwarding the object to the STA WTP decapsulates; WTP object of WAI multicast key announcement encapsulated data from the STA in accordance with the data encapsulation format C APWAP after sending to the destination AC.

Step 6: The purpose of AC told purpose WTP open the controlled port. 6 may include the step of:

Step 61: transmitting to a destination object AC WTP CAPWAP Configuration Request station (Station Confi guration Request) message, which contains the site was added (Add Station), GB15629.il joining station (GB15629.il Add Station), GB15629.il session secret site key (GB1562 9.11 Station session key) and other message elements; wherein, GB15629.il site session key (G B15629.ll Station session key) C element in the message is set to 1, for the purpose of informing the opening corresponding to the STA WT P the controlled port, forwards all data from the STA, including data and non WAI WAI protocol protocol data. Add message site element may include a MAC address of the station.

Step 62: The purpose of WTP transmitting CAPWAP Configuration Response station (Station Confi guration Response) message to the destination AC, wherein the processing result comprises a result code for identifying the site of CAPWAP Configuration Request (Stat ion Configuration Request) message of (Result Code) information element .

The present invention further provides a site switching system is completed by a centralized WLAN access controller the WPI, the system includes a destination access controller, the access controller linked, destination wireless terminal point, terminal point and has been associated with the wireless station, the site by said destination wireless terminal point and the destination access controller connected to the reassociation; controller object access request unicast session key or a group key to the access controller linked; the linked access controller associated with the wireless terminal notification point remove the site; object access controller notifies destination wireless terminal point joining station; site and object-based access controller requested unicast session key negotiated session key or key group.

Those of ordinary skill in the art will be understood: the hardware implementing the above method to complete all or part of the steps associated with embodiments may be implemented by program instructions, the program may be stored in a computer readable storage medium, the program, when executed, performs comprising the steps of the method embodiments described above; and the storage medium comprising: a variety of medium R0M, RAM, magnetic disk, or an optical disc capable of storing program code.

Finally, it should be noted that: the above embodiments are intended to illustrate the present invention, rather than limiting;. Although the embodiments of the present invention has been described in detail, those of ordinary skill in the art should be understood: that they may still the technical solution of the embodiment will be described ^ ί 'father change, or some technical features equivalents; as such modifications or replacements do not cause the essence of corresponding technical solutions to depart from the technical solution of the embodiment of the present invention and range.

Claims

Claims
A centralized WLAN WPI done by a handover method when the site access controller, characterized by comprising:
Site re-associate the wireless terminal connected through the destination point and the destination access controller; object access controller requests a unicast session key or a group key to the access controller is associated; linked access controller associated with the wireless terminal notification point deletion site ;
Object access controller notifies destination wireless terminal point joining station;
Site and object-based access controller requested unicast session key a session key or a group key agreement;
The purpose access controller to inform the destination wireless terminal point to open the controlled port.
2. The method according to claim 1, characterized in that the station re-associate with the object access controller connected to the wireless terminal through the destination point, comprising:
Passive Listening site destination wireless terminal point of a beacon frame to obtain the relevant parameters of the wireless terminal point object comprises including the WAPI, the WAPI information element includes a destination wireless terminal point of support authentication and key management suite and a cipher suite; or station sends to the destination wireless terminal point polling request frame, the destination wireless terminal point polling station received the request frame transmits polling response frame to the station, i.e. station receives polling response frame to obtain the desired wireless terminal comprises an information element including WAPI point of the relevant parameters, which includes the WAPI destination wireless terminal point of support authentication and key management suite and a cipher suite;
A local media access control mode, the wireless terminal station transmits to the destination node of the link authentication request frame, a link between the authentication request destination wireless terminal point, destination wireless terminal point according to the link authentication request frame site, transmitted to the station a link authentication response frame; separation media access control mode, the station transmitting a link authentication request frame to the access controller object, the link authentication, the access controller between the object and the object of the access request according to the link controller verifies sites request frame, transmitting a link authentication response frame to the station;
After the verification is successful the link, the destination station sends a reassociation request frame the access controller, the access controller for the purpose of requesting reassociation site comprises identifying points currently associated with the wireless terminal in the reassociation request frame, the access controller linked WAPI and identification information element is determined sites selected authentication and key management suite and cipher suite; wherein the site of the selected authentication and key management suite and a cipher suite, when linked respectively associated with the selected access controller adhesion Kits same cipher suites and key management; reassociation object access controller parses site request frame transmits a reassociation response frame to the station.
3. The method of claim 1 or claim 2, wherein the destination access controller linked to the access controller requests a unicast session key or a group key, comprising:
Using the object access controller between the access controller already associated with a pre-established secure channel linked to the access controller transmits a unicast session key or a group key request message, wherein the unicast session key or a group key request site contains information delete information;
Linked controller access request information according to the unicast session key or a group key object access controller linked using a secure channel between the access controller and the access controller transmits to the object of the object access controller unicast session key or a group key, wherein the sending unicast session key to the destination access controller or completely equal to the linked site and unicast session key between the access controller, or by a single site between the access controller and the linked multicast session key calculated by the one-way function using the spreading parameters; group key is sent to the destination access controller or completely equal to the linked site and group key between an access controller, or by the station and the access controller linked extended use of the basic key parameter between calculated by the one-way function; extension parameters between stations is known in advance and the object access controller parameters.
4. The method of claim 3, wherein said controller has associated access point notifies the wireless terminal linked sites deleted, comprising:
Has associated access control information deleting request information site according to the unicast session key or a group key object access controller, the access point transmits control and configuration protocol linked to the wireless terminal point site configuration request message, the site configuration request message includes message deleting the site elements;
Linked wireless terminal point wireless access point transmits the configuration protocol to control access controller linked site configuration response message, the response message includes site configuration for identifying the configuration of the access controller linked to the site associated with the wireless terminal point transmission result code message element request message processing result.
5. The method of claim any one of claims 1-4, wherein the destination access point controller notifies the destination wireless terminal joining station, comprising:
Object access controller transmits to the destination wireless terminal point wireless access point and the control station configuration protocol configuration request message, the wireless access point and the control station configuration protocol configuration request message includes a joining station, GB15629.il joining station, GB15629.il site session key message elements; wherein, G B15629.ll site session key message elements a is set to 1, for the purpose of informing the radio terminal controlled port closes, forward only WLAN authentication infrastructure from the corresponding sites protocol transactions; destination wireless terminal point transmits the wireless access point to the object of control and configuration protocol configuration response message site access controller, the access point configuration control protocol configuration response message includes the site for the purpose of identification of the object to the access controller the wireless terminal station transmission point configuration request message processing result message result code elements.
6. A method according to any one of claims 1-5, characterized in that said access controller and the destination station based on the unicast session key or a group key negotiation request the session key, comprising:
When the destination access controller linked to the access request from the controller is a base key, the object of the access controller and the station based on the requested group key authentication infrastructure wireless LAN unicast key negotiation;
When the destination access controller linked to the access controller request is a unicast session key, the destination station access controller and the wireless LAN authentication infrastructure multicast key announcement.
7. The method according to claim 6, wherein,
When the destination access controller linked to the access request from the controller is a base key, the object access controller based on base station requested key authentication infrastructure wireless LAN unicast key negotiation, comprising: after forwarding destination wireless terminal point, in accordance with the data encapsulation format encapsulated with the wireless access point control configuration protocol authentication infrastructure WLAN access controller from the destination unicast key negotiation data, to the site opened; destination wireless terminal point wireless LAN authentication infrastructure sites from unicast key negotiation data is encapsulated according to the radio access point configuration control and data encapsulation protocol format, sent to the destination access controller;
When the destination access controller linked to the access controller request unicast session key is an object of the access controller and the station for the wireless LAN authentication infrastructure multicast key announcement, comprising: a wireless terminal point of the object , encapsulated in accordance with the data encapsulation format of the wireless access point wireless LAN configuration protocol control and authentication infrastructure data multicast key announcement, after unsealing forwarded from the destination station to the access controller; destination wireless terminal point from the wireless station LAN authentication infrastructure data multicast key announcement, the encapsulated packet encapsulation according to the radio access point configuration control protocol, the access controller transmits to the destination.
8, a method according to claim any one of claims 1-7, wherein the destination access point controller to inform the destination wireless terminal opens the controlled port, comprising:
The object of the access controller transmits to the destination wireless terminal point wireless access point and the control station configuration protocol configuration request message, the site configuration request message includes joining station, GB15629.il joining station, GB15629.il site session key message element; wherein the message session key site elements C is set, for the purpose of informing wireless terminal point corresponding to the site controlled open ports, forwards all data from the site, including WLAN protocol data and authentication infrastructure non-WLAN authentication infrastructure protocols transactions;
The destination node sends the wireless terminal and the wireless access point control configuration protocol to the destination site access controller configuration response message, the site configuration response message includes the site for identifying the transmission destination wireless terminal point to object to the access controller configuration request message processing result message result code elements.
9. A centralized WLAN when the site is completed WPI switching system by the access controller comprising:
Object access controller, the access controller linked, destination wireless terminal point, end point, and has been associated with the wireless station;
The object of the station performed by the wireless terminal and the destination access point reassociation connection controller; the destination access controller requests a unicast session key or a group key to the access controller is associated; access controller linked to the notification delete the site associated with the wireless terminal point;
The destination access point controller notifies the destination wireless terminal station is added;
The object of the station and the access controller requested session-based unicast key negotiation session key or key group.
PCT/CN2009/075566 2009-05-14 2009-12-14 Method and system for station switching when wpi is implemented by access controller in convergent wlan WO2010130133A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN200910022527.3 2009-05-14
CN 200910022527 CN101557592B (en) 2009-05-14 2009-05-14 STA roaming switching method for completing WPI by AC in convergent-type WLAN and system thereof

Publications (1)

Publication Number Publication Date
WO2010130133A1 true WO2010130133A1 (en) 2010-11-18

Family

ID=41175481

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/075566 WO2010130133A1 (en) 2009-05-14 2009-12-14 Method and system for station switching when wpi is implemented by access controller in convergent wlan

Country Status (2)

Country Link
CN (1) CN101557592B (en)
WO (1) WO2010130133A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2461624A1 (en) * 2010-12-01 2012-06-06 Juniper Networks, Inc. System, apparatus and methods for highly scalable continuous roaming within a wireless network
US8340110B2 (en) 2006-09-15 2012-12-25 Trapeze Networks, Inc. Quality of service provisioning for wireless networks
US8509128B2 (en) 2007-09-18 2013-08-13 Trapeze Networks, Inc. High level instruction convergence function
US8514827B2 (en) 2005-10-13 2013-08-20 Trapeze Networks, Inc. System and network for wireless network monitoring
US8818322B2 (en) 2006-06-09 2014-08-26 Trapeze Networks, Inc. Untethered access point mesh system and method
US8902904B2 (en) 2007-09-07 2014-12-02 Trapeze Networks, Inc. Network assignment based on priority
US8966018B2 (en) 2006-05-19 2015-02-24 Trapeze Networks, Inc. Automated network device configuration and network deployment
US9258702B2 (en) 2006-06-09 2016-02-09 Trapeze Networks, Inc. AP-local dynamic switching

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101562812B (en) 2009-05-14 2011-06-01 西安西电捷通无线网络通信股份有限公司 STA switching method when WPI is finished by AC in convergence type WLAN and system thereof
CN101557592B (en) * 2009-05-14 2011-06-01 西安西电捷通无线网络通信股份有限公司 STA roaming switching method for completing WPI by AC in convergent-type WLAN and system thereof
CN101562811B (en) * 2009-05-14 2011-04-06 西安西电捷通无线网络通信股份有限公司 STA roaming switching method when WPI is finished by WTP in convergence type WLAN and system thereof
CN101557591B (en) * 2009-05-14 2011-01-26 西安西电捷通无线网络通信股份有限公司 STA switching method for completing WPI by WTP in convergent-type WLAN and system thereof
CN102883385B (en) * 2011-07-14 2016-06-29 智邦科技股份有限公司 Connection method for controlling wireless access point and the wireless mobile devices
CN103596161B (en) * 2012-08-14 2016-06-08 杭州华三通信技术有限公司 A radio access controller and a roaming method
CN103686890B (en) * 2012-09-07 2016-12-28 中兴通讯股份有限公司 The method of wireless local area network wireless terminal roaming and handoff system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050254653A1 (en) * 2004-05-14 2005-11-17 Proxim Corporation Pre-authentication of mobile clients by sharing a master key among secured authenticators
CN101079891A (en) * 2007-06-15 2007-11-28 清华大学 Wireless switching network re-authentication method based on wireless LAN secure standard WAPI
CN101155396A (en) * 2006-09-25 2008-04-02 联想(北京)有限公司 Terminal node switching method
CN101557592A (en) * 2009-05-14 2009-10-14 西安西电捷通无线网络通信有限公司 STA roaming switching method for completing WPI by AC in convergent-type WLAN and system thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050254653A1 (en) * 2004-05-14 2005-11-17 Proxim Corporation Pre-authentication of mobile clients by sharing a master key among secured authenticators
CN101155396A (en) * 2006-09-25 2008-04-02 联想(北京)有限公司 Terminal node switching method
CN101079891A (en) * 2007-06-15 2007-11-28 清华大学 Wireless switching network re-authentication method based on wireless LAN secure standard WAPI
CN101557592A (en) * 2009-05-14 2009-10-14 西安西电捷通无线网络通信有限公司 STA roaming switching method for completing WPI by AC in convergent-type WLAN and system thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements - Part 11 : Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications - Amendment 1", THE PEOPLE'S REPUBLIC OF CHINA NATIONAL STANDARD GB15629.11-2003/XG1-2006, 27 January 2006 (2006-01-27) *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8514827B2 (en) 2005-10-13 2013-08-20 Trapeze Networks, Inc. System and network for wireless network monitoring
US8966018B2 (en) 2006-05-19 2015-02-24 Trapeze Networks, Inc. Automated network device configuration and network deployment
US9258702B2 (en) 2006-06-09 2016-02-09 Trapeze Networks, Inc. AP-local dynamic switching
US9838942B2 (en) 2006-06-09 2017-12-05 Trapeze Networks, Inc. AP-local dynamic switching
US8818322B2 (en) 2006-06-09 2014-08-26 Trapeze Networks, Inc. Untethered access point mesh system and method
US10327202B2 (en) 2006-06-09 2019-06-18 Trapeze Networks, Inc. AP-local dynamic switching
US8340110B2 (en) 2006-09-15 2012-12-25 Trapeze Networks, Inc. Quality of service provisioning for wireless networks
US8902904B2 (en) 2007-09-07 2014-12-02 Trapeze Networks, Inc. Network assignment based on priority
US8509128B2 (en) 2007-09-18 2013-08-13 Trapeze Networks, Inc. High level instruction convergence function
EP2461624A1 (en) * 2010-12-01 2012-06-06 Juniper Networks, Inc. System, apparatus and methods for highly scalable continuous roaming within a wireless network

Also Published As

Publication number Publication date
CN101557592B (en) 2011-06-01
CN101557592A (en) 2009-10-14

Similar Documents

Publication Publication Date Title
KR100999761B1 (en) Service in wlan inter-working, address management system, and method
CN101873268B (en) Method of communication supporting media independent handover
KR101101060B1 (en) Apparatus, and an associated method, for facilitating fast transition in a network system
US7519363B2 (en) Roaming method between wireless local area network and cellular network
US10085148B2 (en) Method and apparatus for new key derivation upon handoff in wireless networks
CN100399780C (en) Method and apparatus for providing configurable layers and protocols
CN100508474C (en) Method for switching over between switch-in points moving terminal in wireless local network
CN101400059B (en) Cipher key updating method and device under active state
JP4444336B2 (en) Fast network re-entry system and method in a broadband wireless access communication system
CN102685820B (en) A method of handling an inter rat handover in wireless communication system and a related communication device
US7231046B1 (en) Method for controlling connections to a mobile station
US20060128362A1 (en) UMTS-WLAN interworking system and authentication method therefor
CN101378591B (en) Method, system and device for negotiating safety capability when terminal is moving
US20140079007A1 (en) Data stream transmission method and related device and system
US9276909B2 (en) Integrity protection and/or ciphering for UE registration with a wireless network
CN104285422B (en) Using a computing device for secure communications are adjacent and services
CN101828343B (en) Method for handover between heterogeneous radio access networks
EP2117248B1 (en) A method, system and device for security function negotiation
JP4965655B2 (en) System and method for key management for a wireless communication system
CN101577978B (en) Method for realizing convergence WAPI network architecture in local MAC mode
CN101594578B (en) Establishment method of direct connected link, station device and communication system
CA2396769C (en) Method and apparatus for requesting point-to-point protocol (ppp) instances from a packet data services network
US8505076B2 (en) Proactive authentication
EP2174444B1 (en) Methods and apparatus for providing pmip key hierarchy in wireless communication networks
US8170560B2 (en) Method and system for managing context of mobile station

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09844544

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09844544

Country of ref document: EP

Kind code of ref document: A1