WO2010130138A1 - Station (sta) switching method and system while completing wireless local area network privacy infrastructure (wpi) by wireless terminal point (wtp) in convergent wlan - Google Patents

Station (sta) switching method and system while completing wireless local area network privacy infrastructure (wpi) by wireless terminal point (wtp) in convergent wlan Download PDF

Info

Publication number
WO2010130138A1
WO2010130138A1 PCT/CN2009/075899 CN2009075899W WO2010130138A1 WO 2010130138 A1 WO2010130138 A1 WO 2010130138A1 CN 2009075899 W CN2009075899 W CN 2009075899W WO 2010130138 A1 WO2010130138 A1 WO 2010130138A1
Authority
WO
WIPO (PCT)
Prior art keywords
sta
wtp
wireless terminal
access controller
terminal point
Prior art date
Application number
PCT/CN2009/075899
Other languages
French (fr)
Chinese (zh)
Inventor
铁满霞
曹军
杜志强
赖晓龙
黄振海
Original Assignee
西安西电捷通无线网络通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 西安西电捷通无线网络通信有限公司 filed Critical 西安西电捷通无线网络通信有限公司
Publication of WO2010130138A1 publication Critical patent/WO2010130138A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information

Definitions

  • the present invention relates to a STA switching method and a system thereof when WPI is completed by WTP in a convergence WLAN. Background technique
  • the STA (Station) switching method in the WLAN (Wireless Local Area Network) based on the WLAN Authentication and Privacy Infrastructure (WAPI) protocol is proposed under the autonomous WLAN architecture and cannot be directly applied to WAPI-based converged WLAN architecture.
  • access control devices such as access controllers (ACs), wireless switches, or wireless routers centrally manage WLAN authentication and policy enforcement functions. These devices can also provide centralized bridging, forwarding user data, and so on.
  • the present invention provides a convergence WLAN architecture when wirelessly implemented by a wireless terminal point WTP (Wireless Terminal Point).
  • WTP Wireless Terminal Point
  • the access controller here can also be replaced by a device such as a wireless switch or a wireless router.
  • the technical solution of the present invention is:
  • the method for switching between the wireless terminal points WTP of the station ST A under the same access controller AC when the wireless terminal point WTP completes the WI in the convergence type WLAN, and the convergence mode is The STA switching method when the WTP completes the WI includes the following steps: Step 1.
  • the STA of the station re-associates with the access controller AC through the destination wireless terminal point WTP;
  • Step 2 The site S T A and the access controller AC update the negotiation session key based on the negotiated base key;
  • Step 3 The access controller AC and the destination wireless terminal point WTP perform key synchronization; the above step 1 includes the following steps:
  • Step 11 The STA STA reconnects with the access controller AC through the destination wireless terminal point WTP.
  • Step 12 The access controller AC notifies the associated wireless terminal point that the WTP deletes the STA; Step 1 3. The access controller AC notifies the destination wireless terminal that the WTP joins the STA.
  • the above step 1 1 may include the following steps:
  • Step 1 11 The STA passively listens to the destination wireless terminal point WTP beacon frame, which is obtained.
  • the WAPI information element includes the WTP parameters of the destination wireless terminal, and the WAPI information element includes the destination wireless terminal point WTP-supported authentication and key management suite and cipher suite;
  • Step 112 In the local media access control MAC (Med ium Acce s ss Cont ro l) mode, the station STA sends a link verification request frame to the destination wireless terminal point WTP, requesting link verification with the destination wireless terminal point WTP. And the destination wireless terminal point WTP sends a link verification response frame to the station STA according to the link verification request frame of the station STA;
  • MAC Medium Acce s ss Cont ro l
  • Step 11 3 After the link verification succeeds, the STA sends a re-association request frame to the access controller AC, and requests the re-association with the access controller AC.
  • the station STA includes the currently associated wireless terminal point WTP in the re-association request frame. Identifying, accessing the identity of the controller AC, and the WAP I information element to determine the authentication and key management suite and cipher suite selected by the site STA, wherein the authentication and key management suite and cipher suite selected by the site STA and its initial Access controller The authentication and key management suite and cipher suite selected at the time of AC association are the same; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
  • the above step 1 1 may include the following steps:
  • Step 1 1 The STA STA passively listens to the WPT beacon frame of the destination wireless terminal point, and obtains the parameter of the destination wireless terminal point WTP including the WAP I information element, where the WAP I information element includes the destination wireless terminal point WTP support. Authentication and key management suite and cipher suite;
  • Step 1 12 In the split MAC mode, the station STA sends a link verification request frame to the access controller AC, requesting link verification with the access controller AC, and the access controller AC determines the frame according to the link verification request of the station STA. Sending a link verification response frame to the station S TA;
  • Step 1 1 3 After the link authentication succeeds, the station STA sends a re-association request frame to the access controller AC, requesting re-association with the access controller AC, and the station STA includes the currently associated wireless terminal point in the re-association request frame.
  • the identity of the WTP, the identity of the access controller AC, and the WAP I information element to determine the authentication and key management suite and cipher suite selected by the site STA, wherein the authentication and key management suite and cipher suite selected by the site STA and The authentication and key management suite and cipher suite are selected when they are first associated with the access controller AC; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
  • the above step 1 1 may include the following steps:
  • Step 1 1 The station STA actively sends a query request frame to the destination wireless terminal point WTP. After receiving the inquiry request frame of the station STA, the destination wireless terminal point WTP sends an inquiry response frame to the station STA, and the station STA receives the inquiry response frame. Obtaining a parameter of a destination wireless terminal point WTP including a WAP I information element, the WAP I information element including an authentication and key management suite and a cipher suite supported by the destination wireless terminal point WTP;
  • Step 1 1 2 In the local MAC mode, the station STA sends a link verification request frame to the destination wireless terminal point WTP, requesting link verification with the destination wireless terminal point WTP, and the destination wireless terminal point WTP is based on the chain of the station STA.
  • the path verification request frame sends a link verification response frame to the station STA.
  • Step 1 1 3 After the link risk certificate is successful, the station STA sends a re-association to the access controller AC. Requesting a frame, the request is re-associated with the access controller AC, and the station STA includes the identifier of the currently associated wireless terminal point WTP, the identifier of the access controller AC, and the WAPI information element in the re-association request frame to determine the authentication selected by the station STA.
  • the access controller AC resolves the reassociation request frame of the station STA, and sends a reassociation response frame to the station STA.
  • step 11 includes the following steps:
  • Step 111 The station STA actively sends a query request frame to the destination wireless terminal point WTP. After receiving the inquiry request frame of the station STA, the destination wireless terminal point WTP sends a query response frame to the station STA, and the station STA obtains the query response frame to obtain the frame.
  • the WAPI information element includes a WTP parameter of the destination wireless terminal, and the WAPI information element includes an authentication and key management suite and a cipher suite supported by the destination wireless terminal point WTP;
  • Step 112 In the split MAC mode, the station STA sends a link verification request frame to the access controller AC, requesting link verification with the access controller AC, and the access controller AC determines the request frame according to the link STA of the station STA. Sending a link ⁇ danger response frame to the station STA;
  • Step 113 After the link verification succeeds, the station STA sends a re-association request frame to the access controller AC, and the request is re-associated with the access controller AC.
  • the station STA includes the identifier of the currently associated wireless terminal point WTP in the re-association request frame. Accessing the identity of the controller AC and the WAPI information element to determine the authentication and key management suite and cipher suite selected by the STA, wherein the authentication and key management suite and cipher suite selected by the STA and its initial access The authentication and key management suite and cipher suite selected by the controller AC are the same; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
  • step 12 The specific steps of step 12 above are as follows:
  • Step 121 The access controller AC sends a Control Access and Provisioning Protocol (CAPWAP) to the associated wireless terminal point WTP, and the feSTA has a Station Configuration Request (Station Configuration Request). a message containing a message element such as a delete station STA (Delete Station);
  • CAPWAP Control Access and Provisioning Protocol
  • Step 122 The associated wireless terminal point WTP sends a CAPWAP STA configuration response (Station Configuration Response) message to the access controller AC, where the Result Code message element is included, which is used to identify the processing of the CAPWAP STA configuration request message. result.
  • CAPWAP STA configuration response Selection Configuration Response
  • step 13 The specific steps of step 13 above are as follows:
  • Step 131 The access controller AC sends a CAPWAP STA configuration request (Station Configuration Request) message to the destination wireless terminal point WTP, where the message includes the joining station STA (Add Station) and the GB15629.11 joining station STA (GB15629.11 Add Station). , GB15629.11 site STA session key (GB15629. il Station Session Key) and other message elements; wherein, GB15629.11 site STA session key message element A is set to 1 to inform the destination wireless terminal point WTP closed control port, wireless LAN only forwards a corresponding view from the other station STA 1 J infrastructure WAI (WLAN Authentication infrastructure) protocol data;
  • CAPWAP STA configuration request Selection Configuration Request
  • Step 132 The destination wireless terminal point WTP sends a CAPWAP STA configuration response (Station Configuration Response) message to the access controller AC, where the result message (Result Code) message element is used to identify the processing result of the CAPWAP site STA configuration request message. .
  • step 2 The specific steps of step 2 above are as follows:
  • Step 21 The access controller AC and the station STA perform an I unicast key update negotiation process based on the negotiated base key.
  • the method includes: the destination wireless terminal point WTP wraps the WAI unicast of the CAPWAP data encapsulation format encapsulation from the access controller AC.
  • the key negotiation data is decapsulated and then forwarded to the STA; the WAI unicast key negotiation data from the STA is encapsulated according to the CAP P data encapsulation format and sent to the access controller AC;
  • Step 22 The access controller AC and the station STA perform a WAI multicast key update notification process.
  • the method includes: the destination wireless terminal point WTP unpacks the WAI multicast key advertisement data encapsulated by the CAPWAP data encapsulation format of the access controller AC. Forwarded to the site STA; WAI from the site STA The multicast key advertisement data is encapsulated according to the CAPWAP data encapsulation format and sent to the access controller AC.
  • step 3 The specific steps of step 3 above are as follows:
  • Step 31 The access controller AC sends a CAPWAP STA configuration request (Station Configuration Request) message to the destination wireless terminal point WTP, where the message includes the STA station (Add Station) and the GB15629.11 join station STA (GB15629.11 Add Station), GB15629.11 site STA session key (GB15629. il Station Session Key), GB15629.11 information element (GB 15629.11 Information Element) and other message elements; according to the site STA message element in the site STA message MAC address, destination wireless The terminal point WTP opens the corresponding controlled port, and forwards all data from the STA of the station, including WAI protocol data and non-l protocol data;
  • Step 32 The destination wireless terminal point WTP sends a CAPWAP site STA Configuration Response (Station Configuration Response) message to the access controller AC, where the result code (Result Code) message element is used to identify the processing result of the CAPWAP site STA configuration request message.
  • CAPWAP site STA Configuration Response Selection Configuration Response
  • Result Code result Code
  • a STA switching system in a convergence WLAN when WPI is completed by WTP includes an access controller AC, a destination wireless terminal point WTP, an associated WTP, and a station STA; the station STA is used to pass the destination wireless terminal point WTP and The access controller AC performs re-association connection; the access controller AC is configured to notify the associated wireless terminal point WTP to delete the station STA and notify the destination wireless terminal point WTP to join the station ST A; the station STA is also used to negotiate with the access controller AC based on The base key updates the negotiation session key; the access controller AC is also used for key synchronization with the destination wireless terminal point WTP.
  • the present invention provides a STA handover procedure when the WTP is completed by the WTP in the convergence WLAN architecture based on the WAPI protocol.
  • the STA and the AC re-schedule the session key based on the negotiated BK.
  • the method can quickly and securely switch between different WTPs of the STA under the same AC.
  • FIG. 1 is a schematic diagram of switching between WTPs of STAs under the same AC
  • FIG. 2 is a flow chart of switching between WTPs of STAs under the same AC. detailed description
  • the above steps 1 1 ) may specifically include:
  • the WTP beacon frame of the destination obtains the relevant parameters of the destination WTP including the WAPI information element, which includes the authentication and key management suite and cipher suite supported by the destination WTP. Or the STA sends an inquiry request frame to the destination WTP. After receiving the inquiry request frame of the STA, the destination WTP 1 sends a probe response frame to the STA. After receiving the inquiry response frame, the STA obtains the destination including the WAP I information element. Related parameters, the WAP I information element includes the authentication and key management suite and cipher suite supported by the destination WT;
  • the STA sends a link verification request frame to the destination WTP to request link verification with the destination WTP.
  • the destination WTP sends a link to the STA according to the link verification request frame of the STA. Verifying the response frame; in the split MAC mode, the STA sends a link verification request frame to the AC, requesting link verification with the AC, and the AC sends a link verification response frame to the STA according to the link verification request frame of the STA;
  • the STA After the link is successfully authenticated, the STA sends a re-association request frame to the AC, requesting re-association with the AC.
  • the STA includes the identifier of the currently associated WTP, the identity of the AC, and the WAP I in the re-association request frame.
  • the above steps 1 1 ) may also specifically include:
  • the STA STA passively listens to the destination wireless terminal WTP beacon frame to obtain the WTP parameters of the destination wireless terminal point including the WAP I information element, and the WAP H message element includes the destination wireless terminal point WTP support. Authentication and key management suite and cipher suite;
  • the station STA sends a link verification request frame to the access controller AC, requesting link verification with the access controller AC, and the access controller AC performs link verification according to the station STA. Requesting a frame, sending a link verification response frame to the station S TA;
  • the station STA sends a re-association request frame to the access controller AC, requesting re-association with the access controller AC, and the station STA includes the currently associated wireless terminal in the re-association request frame.
  • the authentication and key management suite and cipher suite are selected when they are first associated with the access controller AC; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
  • the above steps 1 1 ) may further include:
  • the station STA actively sends a probe request frame to the destination wireless terminal point WTP. After receiving the inquiry request frame of the station STA, the destination wireless terminal point WTP sends a probe response frame to the station STA, and the station STA receives the probe response frame. That is, obtaining a parameter of a destination wireless terminal point WTP including a WAP I information element, where the WAP I information element includes an authentication and key management suite and a cipher suite supported by the destination wireless terminal point WTP;
  • the station STA sends a link verification request frame to the destination wireless terminal point WTP, requesting link verification with the destination wireless terminal point WTP, and the destination wireless terminal point WTP is based on the station STA.
  • a link verification request frame sending a link verification response frame to the station STA;
  • the station STA sends a reassociation request to the access controller AC.
  • the frame, the request is re-associated with the access controller AC, and the station STA includes the identifier of the currently associated wireless terminal point WTP, the identifier of the access controller AC, and the WAP I information element in the re-association request frame to determine the authentication selected by the station STA.
  • the access controller AC resolves the reassociation request frame of the station STA, and sends a reassociation response frame to the station STA.
  • the above step 11) may further specifically include:
  • the station STA actively sends a query request frame to the destination wireless terminal point WTP. After receiving the inquiry request frame of the station STA, the destination wireless terminal point WTP sends an inquiry response frame to the station STA, and the station STA obtains the inquiry response frame.
  • a parameter of a destination wireless terminal point WTP including a WAPI information element, the WAPI information element including an authentication and key management suite and a cipher suite supported by the destination wireless terminal point WTP;
  • the station STA sends a link verification request frame to the access controller AC, requesting link verification with the access controller AC, and the access controller AC according to the link verification request frame of the station STA Sending a link ⁇ risk response frame to the station STA;
  • the station STA sends a re-association request frame to the access controller AC, requesting re-association with the access controller AC, and the station STA includes the currently associated wireless terminal point WTP in the re-association request frame. Identifying, accessing the identity of the controller AC, and the WAP I information element to determine the authentication and key management suite and cipher suite selected by the site STA, wherein the authentication and key management suite and cipher suite selected by the site ST A and its initial The authentication and key management suite and cipher suite are selected when associated with the access controller AC; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
  • the AC notification is associated with the WTP deletion STA
  • the AC sends a CAPWAP Station Configuration Request message to the associated WTP, and the message includes a message element such as Delete Stat ion;
  • Associated WTP sends CAPWAP Station Configuration Response to AC
  • the message which contains a Result Code message element, is used to identify the processing result of the CAPWAP Station Conf iguration Request.
  • the AC sends a CAPWAP Station Configuration Request message to the destination WTP.
  • the message contains Add Station, GB15629. il Add Station, GB15629. il
  • the message element such as the Station Session Key; wherein A of the GB15629.11 Station Session Key message element is set to 1 to inform the destination WTP to close the controlled port, and only forward the WAI protocol data from the corresponding STA;
  • the WTP sends a CAPWAP Station Configuration Response message to the AC, which contains a Result Code message element, which is used to identify the processing result of the CAPWAP Station Conf iguration Request.
  • the AC and the STA perform the WAI unicast key update negotiation process based on the negotiated BK.
  • the method includes: the destination WTP decapsulates the WAI unicast key negotiation data encapsulated by the CAPWAP data encapsulation format from the AC, and then forwards the data to the STA;
  • the WAI unicast key negotiation data from the STA is encapsulated according to the CAPWAP data encapsulation format and sent to the AC;
  • the process of the WAI multicast key update notification is performed by the AC and the STA.
  • the destination WTP decapsulates the multicast key advertisement data encapsulated by the CAPWAP data encapsulation format from the AC and forwards it to the STA.
  • the multicast key advertisement data is encapsulated according to the CAPWAP data encapsulation format and then sent to the AC.
  • the AC sends a CAPWAP Station Configuration Request message to the destination WTP.
  • the message includes the message elements such as Add Station, GB15629.11 Add Station, GB15629.11 Station Session Key, GB 15629.11 Information Element; according to the MAC address of the STA in the Add Station message element.
  • the destination WTP1 opens the corresponding controlled port, and forwards all data from the STA, including protocol data and non-WAI protocol data;
  • the destination WTP sends a CAPWAP Station Configuration Response message to the AC, which contains a Result Code message element, which is used to identify the processing result of the CAPWAP Station Conf iguration Request information.
  • the present invention also provides a site ST A handover system when a WI is completed by WTP in a convergence WLAN, the system includes an access controller AC, a destination wireless terminal point WTP, an associated WTP, and a station STA;
  • the wireless terminal point WTP is re-associated with the access controller AC;
  • the access controller AC is used to notify the associated wireless terminal point WTP to delete the station STA and notify the destination wireless terminal point WTP to join the station STA;
  • the station STA is also used to access the controller
  • the AC updates the negotiation session key based on the negotiated base key;
  • the access controller AC is also used for key synchronization with the destination wireless terminal point WTP.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A Station (STA) switching method and system while completing Wireless Local Area Network Privacy Infrastructure (WPI) by Wireless Terminal Point (WTP) in the convergent Wireless Local Area Network (WLAN) are provided in the present invention, the method includes the following steps: step 1, Station (STA) performs re-associated connection with Access Controller (AC) through the destination Wireless Terminal Point (WTP); step 2, Station (STA) and Access Controller (AC) update the negotiation session key based on the negotiated base key; step 3, Access Controller (AC) and the destination Wireless Terminal Point (WTP) perform the key synchronization. The present invention can realize the rapid and safe switching for the station which is switched between the wireless terminal points controlled by the same controller in convergent WLAN based on Wireless Local Area Network Authentication and Privacy Infrastructure (WAPI) protocol.

Description

会聚式 WLAN中由 WTP完成 WP I时的 STA切换方法及其系统 本申请要求于 2009 年 5 月 14 日提交中国专利局、 申请号为 200910022523.5, 发明名称为"会聚式 WLAN中由 WTP完成 WPI时的 STA切 换方法及其系统"的中国专利申请的优先权。 技术领域  STA switching method and system for completing WP I by WTP in convergence WLAN This application claims to be submitted to the Chinese Patent Office on May 14, 2009, the application number is 200910022523.5, and the invention name is "WTP when the WTP is completed in the convergence WLAN. The priority of the Chinese patent application for the STA switching method and its system. Technical field
本发明涉及一种会聚式 WLAN中由 WTP完成 WPI时的 STA切换方法及 其系统。 背景技术  The present invention relates to a STA switching method and a system thereof when WPI is completed by WTP in a convergence WLAN. Background technique
目 前基于无线局域网 鉴别 与保密基础结构 WAPI ( WLAN Authentication and Privacy Infrastructure) 协议的 WLAN (Wireless Local Area Network ) 中站点 STA ( Station)切换方法均是在自治式 WLAN 体系架构下提出的, 无法直接适用于基于 WAPI的会聚式 WLAN体系架构。 在会聚式 WLAN体系架构中, 由访问控制器 AC ( Access Controller ) 、 无 线交换机或者无线路由器等访问控制设备集中管理 WLAN 的鉴别和策略执 行功能, 这些设备还可以提供集中的桥接、 转发用户数据等功能。 发明内容  Currently, the STA (Station) switching method in the WLAN (Wireless Local Area Network) based on the WLAN Authentication and Privacy Infrastructure (WAPI) protocol is proposed under the autonomous WLAN architecture and cannot be directly applied to WAPI-based converged WLAN architecture. In the convergence WLAN architecture, access control devices such as access controllers (ACs), wireless switches, or wireless routers centrally manage WLAN authentication and policy enforcement functions. These devices can also provide centralized bridging, forwarding user data, and so on. Features. Summary of the invention
为了解决背景技术存在的目前基于 WAPI的 WLAN中站点 STA切换方法仅 适用于自治式架构的缺陷, 本发明提供了一种会聚式 WLAN体系架构下当由 无线终端点 WTP (Wireless Terminal Point ) 实现无线局 i或网保密基础结 构 WI ( WLAN Privacy Infrastructure ) 时站点 STA在同一访问控制器 AC 下无线终端点 WTP之间的切换方法及其系统。 这里访问控制器也可由无线 交换机或者无线路由器等设备代替。 本发明的技术解决方案是: 本发明为一种会聚式 WLAN中无线终端点 WTP完成 W I时站点 ST A在同一访问控制器 AC下无线终端点 WTP之间的切换 方法, 该会聚式 WLAN中由 WTP完成 W I时的 STA切换方法包括以下步骤: 步骤 1、 站点 STA通过目的无线终端点 WTP与访问控制器 AC进行重新关 联连接; In order to solve the shortcomings of the current site-based STA switching method in the WAPI-based WLAN, the present invention provides a convergence WLAN architecture when wirelessly implemented by a wireless terminal point WTP (Wireless Terminal Point). The method and system for switching between the wireless terminal points WTP of the station STA under the same access controller AC when the i-network security infrastructure WI (WLAN Privacy Infrastructure). The access controller here can also be replaced by a device such as a wireless switch or a wireless router. The technical solution of the present invention is: The method for switching between the wireless terminal points WTP of the station ST A under the same access controller AC when the wireless terminal point WTP completes the WI in the convergence type WLAN, and the convergence mode is The STA switching method when the WTP completes the WI includes the following steps: Step 1. The STA of the station re-associates with the access controller AC through the destination wireless terminal point WTP;
步骤 2、站点 S T A与访问控制器 AC基于已协商的基密钥更新协商会话密 钥;  Step 2. The site S T A and the access controller AC update the negotiation session key based on the negotiated base key;
步骤 3、 访问控制器 AC与目的无线终端点 WTP进行密钥同步; 上述步骤 1包括以下步骤:  Step 3: The access controller AC and the destination wireless terminal point WTP perform key synchronization; the above step 1 includes the following steps:
步骤 11、站点 STA通过目的无线终端点 WTP与访问控制器 AC进行重新关 联连接;  Step 11. The STA STA reconnects with the access controller AC through the destination wireless terminal point WTP.
步骤 12、 访问控制器 AC通知已关联无线终端点 WTP删除站点 STA; 步骤 1 3、 访问控制器 AC通知目的无线终端点 WTP加入站点 STA。  Step 12: The access controller AC notifies the associated wireless terminal point that the WTP deletes the STA; Step 1 3. The access controller AC notifies the destination wireless terminal that the WTP joins the STA.
上述步骤 1 1可以包括以下步骤:  The above step 1 1 may include the following steps:
步骤 1 11、 站点 STA被动侦听目的无线终端点 WTP的信标帧, 获得包括 Step 1 11. The STA passively listens to the destination wireless terminal point WTP beacon frame, which is obtained.
WAPI信息元素在内的目的无线终端点 WTP的参数, 该 WAPI信息元素包括目 的无线终端点 WTP支持的鉴别及密钥管理套件和密码套件; The WAPI information element includes the WTP parameters of the destination wireless terminal, and the WAPI information element includes the destination wireless terminal point WTP-supported authentication and key management suite and cipher suite;
步骤 112、 在本地媒体访问控制 MAC ( Med ium Ac ce s s Cont ro l )模式 中, 站点 STA向目的无线终端点 WTP发送链路验证请求帧, 请求与目的无线 终端点 WTP之间的链路验证, 目的无线终端点 WTP根据站点 STA的链路验证 请求帧, 向站点 STA发送链路验证响应帧;  Step 112: In the local media access control MAC (Med ium Acce s ss Cont ro l) mode, the station STA sends a link verification request frame to the destination wireless terminal point WTP, requesting link verification with the destination wireless terminal point WTP. And the destination wireless terminal point WTP sends a link verification response frame to the station STA according to the link verification request frame of the station STA;
步骤 11 3、 链路验证成功后, 站点 STA向访问控制器 AC发送重新关联请 求帧, 请求与访问控制器 AC进行重新关联, 站点 STA在重新关联请求帧中 包含当前已关联无线终端点 WTP的标识、 访问控制器 AC的标识以及 WAP I信 息元素以确定站点 STA所选择的鉴別及密钥管理套件和密码套件, 其中, 站点 STA所选择的鉴别及密钥管理套件和密码套件和其初次与访问控制器 AC关联时所选择的鉴别及密钥管理套件、 密码套件相同; 访问控制器 AC解 析站点 STA的重新关联请求帧, 向站点 STA发送重新关联响应帧。 Step 11 3. After the link verification succeeds, the STA sends a re-association request frame to the access controller AC, and requests the re-association with the access controller AC. The station STA includes the currently associated wireless terminal point WTP in the re-association request frame. Identifying, accessing the identity of the controller AC, and the WAP I information element to determine the authentication and key management suite and cipher suite selected by the site STA, wherein the authentication and key management suite and cipher suite selected by the site STA and its initial Access controller The authentication and key management suite and cipher suite selected at the time of AC association are the same; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
上述步骤 1 1可以包括以下步骤:  The above step 1 1 may include the following steps:
步骤 1 1 1、 站点 STA被动侦听目的无线终端点 WTP的信标帧, 获得包括 WAP I信息元素在内的目的无线终端点 WTP的参数, 该 WAP I信息元素包括目 的无线终端点 WTP支持的鉴别及密钥管理套件和密码套件;  Step 1 1 1. The STA STA passively listens to the WPT beacon frame of the destination wireless terminal point, and obtains the parameter of the destination wireless terminal point WTP including the WAP I information element, where the WAP I information element includes the destination wireless terminal point WTP support. Authentication and key management suite and cipher suite;
步骤 1 12、 在分离 MAC模式中, 站点 STA向访问控制器 AC发送链路验证 请求帧,请求与访问控制器 AC之间的链路验证,访问控制器 AC根据站点 STA 的链路验证请求帧, 向站点 S TA发送链路验证响应帧;  Step 1 12: In the split MAC mode, the station STA sends a link verification request frame to the access controller AC, requesting link verification with the access controller AC, and the access controller AC determines the frame according to the link verification request of the station STA. Sending a link verification response frame to the station S TA;
步骤 1 1 3、 链路睑证成功后, 站点 STA向访问控制器 AC发送重新关联请 求帧, 请求与访问控制器 AC进行重新关联, 站点 STA在重新关联请求帧中 包含当前已关联无线终端点 WTP的标识、 访问控制器 AC的标识以及 WAP I信 息元素以确定站点 STA所选择的鉴別及密钥管理套件和密码套件, 其中, 站点 STA所选择的鉴别及密钥管理套件和密码套件和其初次与访问控制器 AC关联时所选择的鉴别及密钥管理套件、 密码套件相同; 访问控制器 AC解 析站点 STA的重新关联请求帧, 向站点 STA发送重新关联响应帧。  Step 1 1 3. After the link authentication succeeds, the station STA sends a re-association request frame to the access controller AC, requesting re-association with the access controller AC, and the station STA includes the currently associated wireless terminal point in the re-association request frame. The identity of the WTP, the identity of the access controller AC, and the WAP I information element to determine the authentication and key management suite and cipher suite selected by the site STA, wherein the authentication and key management suite and cipher suite selected by the site STA and The authentication and key management suite and cipher suite are selected when they are first associated with the access controller AC; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
上述步骤 1 1可以包括以下步骤:  The above step 1 1 may include the following steps:
步骤 1 1 1、 站点 STA主动向目的无线终端点 WTP发送探询请求帧, 目的 无线终端点 WTP收到站点 STA的探询请求帧后, 向站点 STA发送探询响应帧, 站点 STA收到探询响应帧即获得包括 WAP I信息元素在内的目的无线终端点 WTP的参数, 该 WAP I信息元素包括目的无线终端点 WTP支持的鉴别及密钥管 理套件和密码套件;  Step 1 1 1. The station STA actively sends a query request frame to the destination wireless terminal point WTP. After receiving the inquiry request frame of the station STA, the destination wireless terminal point WTP sends an inquiry response frame to the station STA, and the station STA receives the inquiry response frame. Obtaining a parameter of a destination wireless terminal point WTP including a WAP I information element, the WAP I information element including an authentication and key management suite and a cipher suite supported by the destination wireless terminal point WTP;
步骤 1 1 2、 在本地 MAC模式中, 站点 STA向目的无线终端点 WTP发送链路 验证请求帧, 请求与目的无线终端点 WTP之间的链路验证, 目的无线终端 点 WTP根据站点 STA的链路验证请求帧, 向站点 STA发送链路验证响应帧; 步骤 1 1 3、 链路险证成功后, 站点 STA向访问控制器 AC发送重新关联请 求帧, 请求与访问控制器 AC进行重新关联, 站点 STA在重新关联请求帧中 包含当前已关联无线终端点 WTP的标识、 访问控制器 AC的标识以及 WAPI信 息元素以确定站点 STA所选择的鉴别及密钥管理套件和密码套件, 其中, 站点 STA所选择的鉴別及密钥管理套件和密码套件和其初次与访问控制器 AC关联时所选择的鉴别及密钥管理套件、 密码套件相同; 访问控制器 AC解 析站点 STA的重新关联请求帧, 向站点 STA发送重新关联响应帧。 Step 1 1 2. In the local MAC mode, the station STA sends a link verification request frame to the destination wireless terminal point WTP, requesting link verification with the destination wireless terminal point WTP, and the destination wireless terminal point WTP is based on the chain of the station STA. The path verification request frame sends a link verification response frame to the station STA. Step 1 1 3. After the link risk certificate is successful, the station STA sends a re-association to the access controller AC. Requesting a frame, the request is re-associated with the access controller AC, and the station STA includes the identifier of the currently associated wireless terminal point WTP, the identifier of the access controller AC, and the WAPI information element in the re-association request frame to determine the authentication selected by the station STA. And a key management suite and a cipher suite, wherein the authentication and key management suite and cipher suite selected by the station STA are the same as the authentication and key management suite and cipher suite selected when initially associated with the access controller AC; The access controller AC resolves the reassociation request frame of the station STA, and sends a reassociation response frame to the station STA.
上述步骤 11包括以下步骤:  The above step 11 includes the following steps:
步骤 111、 站点 STA主动向目的无线终端点 WTP发送探询请求帧, 目的 无线终端点 WTP收到站点 STA的探询请求帧后, 向站点 STA发送探询响应帧, 站点 STA收到探询响应帧即获得包括 WAPI信息元素在内的目的无线终端点 WTP的参数, 该 WAPI信息元素包括目的无线终端点 WTP支持的鉴别及密钥管 理套件和密码套件;  Step 111: The station STA actively sends a query request frame to the destination wireless terminal point WTP. After receiving the inquiry request frame of the station STA, the destination wireless terminal point WTP sends a query response frame to the station STA, and the station STA obtains the query response frame to obtain the frame. The WAPI information element includes a WTP parameter of the destination wireless terminal, and the WAPI information element includes an authentication and key management suite and a cipher suite supported by the destination wireless terminal point WTP;
步骤 112、 在分离 MAC模式中, 站点 STA向访问控制器 AC发送链路验证 请求帧,请求与访问控制器 AC之间的链路验证,访问控制器 AC根据站点 STA 的链路验证请求帧, 向站点 STA发送链路 ^险证响应帧;  Step 112: In the split MAC mode, the station STA sends a link verification request frame to the access controller AC, requesting link verification with the access controller AC, and the access controller AC determines the request frame according to the link STA of the station STA. Sending a link ^ danger response frame to the station STA;
步骤 113、 链路验证成功后, 站点 STA向访问控制器 AC发送重新关联请 求帧, 请求与访问控制器 AC进行重新关联, 站点 STA在重新关联请求帧中 包含当前已关联无线终端点 WTP的标识、 访问控制器 AC的标识以及 WAPI信 息元素以确定站点 STA所选择的鉴别及密钥管理套件和密码套件, 其中 , 站点 STA所选择的鉴別及密钥管理套件和密码套件和其初次与访问控制器 AC关联时所选择的鉴别及密钥管理套件、 密码套件相同; 访问控制器 AC解 析站点 STA的重新关联请求帧, 向站点 STA发送重新关联响应帧。  Step 113: After the link verification succeeds, the station STA sends a re-association request frame to the access controller AC, and the request is re-associated with the access controller AC. The station STA includes the identifier of the currently associated wireless terminal point WTP in the re-association request frame. Accessing the identity of the controller AC and the WAPI information element to determine the authentication and key management suite and cipher suite selected by the STA, wherein the authentication and key management suite and cipher suite selected by the STA and its initial access The authentication and key management suite and cipher suite selected by the controller AC are the same; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
上述步骤 12的具体步骤如下:  The specific steps of step 12 above are as follows:
步骤 121、 访问控制器 AC向已关联无线终端点 WTP发送无线接入点点控 制与配置协议 CAPWAP ( Control And Provisioning of Wireless Access Points protocol ) 占, feSTA酉己置请求 (Station Configuration Request ) 消息, 消息中包含删除站点 STA (Delete Station) 等消息元素; Step 121: The access controller AC sends a Control Access and Provisioning Protocol (CAPWAP) to the associated wireless terminal point WTP, and the feSTA has a Station Configuration Request (Station Configuration Request). a message containing a message element such as a delete station STA (Delete Station);
步骤 122、 已关联无线终端点 WTP向访问控制器 AC发送 CAPWAP站点 STA 配置响应 ( Station Configuration Response ) 消息, 其中包含结果码 (Result Code ) 消息元素, 用于标识对 CAPWAP站点 STA配置请求消息的处 理结果。  Step 122: The associated wireless terminal point WTP sends a CAPWAP STA configuration response (Station Configuration Response) message to the access controller AC, where the Result Code message element is included, which is used to identify the processing of the CAPWAP STA configuration request message. result.
上述步骤 13的具体步骤如下:  The specific steps of step 13 above are as follows:
步骤 131、 访问控制器 AC向目的无线终端点 WTP发送 CAPWAP站点 STA配 置请求 ( Station Configuration Request ) 消息, 消息中包含加入站点 STA( Add Station )、 GB15629.11加入站点 STA( GB15629.11 Add Station )、 GB15629.11站点 STA会话密钥 (GB15629. il Station Session Key ) 等消 息元素; 其中, GB15629.11站点 STA会话密钥消息元素中的 A被置为 1用于 告知目的无线终端点 WTP关闭受控端口, 仅转发来自对应站点 STA的无线局 域网鉴另1 J基础结构 WAI ( WLAN Authentication Infrastructure ) 协议数 据; Step 131: The access controller AC sends a CAPWAP STA configuration request (Station Configuration Request) message to the destination wireless terminal point WTP, where the message includes the joining station STA (Add Station) and the GB15629.11 joining station STA (GB15629.11 Add Station). , GB15629.11 site STA session key (GB15629. il Station Session Key) and other message elements; wherein, GB15629.11 site STA session key message element A is set to 1 to inform the destination wireless terminal point WTP closed control port, wireless LAN only forwards a corresponding view from the other station STA 1 J infrastructure WAI (WLAN Authentication infrastructure) protocol data;
步骤 132、 目的无线终端点 WTP向访问控制器 AC发送 CAPWAP站点 STA配 置响应( Station Configuration Response )消息,其中包含结果码( Result Code ) 消息元素, 用于标识对 CAPWAP站点 STA配置请求消息的处理结果。  Step 132: The destination wireless terminal point WTP sends a CAPWAP STA configuration response (Station Configuration Response) message to the access controller AC, where the result message (Result Code) message element is used to identify the processing result of the CAPWAP site STA configuration request message. .
上述步骤 2的具体步骤如下:  The specific steps of step 2 above are as follows:
步骤 21、访问控制器 A C与站点 S T A基于已协商的基密钥进行 I单播密 钥更新协商过程; 包括: 目的无线终端点 WTP对来自访问控制器 AC的 CAPWAP 数据封装格式封装的 WAI单播密钥协商数据进行拆封后转发给站点 STA; 对 来自站点 STA的 WAI单播密钥协商数据根据 CAP P数据封装格式进行封装 后发送给访问控制器 AC;  Step 21: The access controller AC and the station STA perform an I unicast key update negotiation process based on the negotiated base key. The method includes: the destination wireless terminal point WTP wraps the WAI unicast of the CAPWAP data encapsulation format encapsulation from the access controller AC. The key negotiation data is decapsulated and then forwarded to the STA; the WAI unicast key negotiation data from the STA is encapsulated according to the CAP P data encapsulation format and sent to the access controller AC;
步骤 22、 访问控制器 AC与站点 STA进行 WAI组播密钥更新通告过程; 包 括: 目的无线终端点 WTP对来自访问控制器 AC的 CAPWAP数据封装格式封装 的 WAI组播密钥通告数据进行拆封后转发给站点 STA; 对来自站点 STA的 WAI 组播密钥通告数据根据 CAPWAP数据封装格式进行封装后发送给访问控制 器 AC。 Step 22: The access controller AC and the station STA perform a WAI multicast key update notification process. The method includes: the destination wireless terminal point WTP unpacks the WAI multicast key advertisement data encapsulated by the CAPWAP data encapsulation format of the access controller AC. Forwarded to the site STA; WAI from the site STA The multicast key advertisement data is encapsulated according to the CAPWAP data encapsulation format and sent to the access controller AC.
上述步骤 3的具体步骤如下:  The specific steps of step 3 above are as follows:
步骤 31、访问控制器 AC向目的无线终端点 WTP发送 CAPWAP站点 STA配置 请求 ( Station Configuration Request ) 消息, 消息中包含力口入站点 STA (Add Station) 、 GB15629.11加入站点 STA ( GB15629.11 Add Station ) 、 GB15629.11站点 STA会话密钥 ( GB15629. il Station Session Key ) 、 GB15629.11信息元素 ( GB 15629.11 Information Element ) 等消息元素; 根据加入站点 STA消息元素中站点 STA的 MAC地址, 目的无线终端点 WTP打开 与之对应的受控端口, 转发来自该站点 STA的所有数据, 包括 WAI协议数据 和非 l协议数据;  Step 31: The access controller AC sends a CAPWAP STA configuration request (Station Configuration Request) message to the destination wireless terminal point WTP, where the message includes the STA station (Add Station) and the GB15629.11 join station STA (GB15629.11 Add Station), GB15629.11 site STA session key (GB15629. il Station Session Key), GB15629.11 information element (GB 15629.11 Information Element) and other message elements; according to the site STA message element in the site STA message MAC address, destination wireless The terminal point WTP opens the corresponding controlled port, and forwards all data from the STA of the station, including WAI protocol data and non-l protocol data;
步骤 32、 目的无线终端点 WTP向访问控制器 AC发送 CAPWAP站点 STA配置 响应 ( Station Configuration Response )消息, 其中包含结果码 ( Result Code ) 消息元素, 用于标识对 CAPWAP站点 STA配置请求消息的处理结果。  Step 32: The destination wireless terminal point WTP sends a CAPWAP site STA Configuration Response (Station Configuration Response) message to the access controller AC, where the result code (Result Code) message element is used to identify the processing result of the CAPWAP site STA configuration request message. .
一种会聚式 WLAN中由 WTP完成 WPI时的站点 STA切换系统, 所述系统包 括访问控制器 AC、 目的无线终端点 WTP、 已关联 WTP以及站点 STA; 站点 STA 用于通过目的无线终端点 WTP与访问控制器 AC进行重新关联连接; 访问控 制器 AC用于通知已关联无线终端点 WTP删除站点 STA以及通知目的无线终 端点 WTP加入站点 ST A; 站点 S T A还用于与访问控制器 AC基于已协商的基密 钥更新协商会话密钥; 访问控制器 AC还用于与目的无线终端点 WTP进行密 钥同步。  A STA switching system in a convergence WLAN when WPI is completed by WTP, the system includes an access controller AC, a destination wireless terminal point WTP, an associated WTP, and a station STA; the station STA is used to pass the destination wireless terminal point WTP and The access controller AC performs re-association connection; the access controller AC is configured to notify the associated wireless terminal point WTP to delete the station STA and notify the destination wireless terminal point WTP to join the station ST A; the station STA is also used to negotiate with the access controller AC based on The base key updates the negotiation session key; the access controller AC is also used for key synchronization with the destination wireless terminal point WTP.
本发明提供一种基于 WAPI协议的会聚式 WLAN体系架构下当由 WTP完 成 W1时的 STA切换流程, 在 STA切换过程中, STA与 AC之间基于已协商 产生的 BK重新进行会话密钥协商, 基于 CAPWAP控制消息实现 AC与 WTP 之间的 STA加入、 STA删除、 密钥同步操作, 该方法能够快速安全地实现 STA在同一 AC下不同 WTP之间的切换。 下面通过附图和实施例, 对本发明的技术方案做进一步的详细描述。 附图说明 The present invention provides a STA handover procedure when the WTP is completed by the WTP in the convergence WLAN architecture based on the WAPI protocol. In the STA handover process, the STA and the AC re-schedule the session key based on the negotiated BK. The STA joins, the STA deletes, and the key synchronization operation between the AC and the WTP based on the CAPWAP control message. The method can quickly and securely switch between different WTPs of the STA under the same AC. The technical solution of the present invention will be further described in detail below through the accompanying drawings and embodiments. DRAWINGS
图 1为 STA在同一 AC下的 WTP之间切换示意图;  FIG. 1 is a schematic diagram of switching between WTPs of STAs under the same AC;
图 2为 STA在同一 AC下的 WTP之间切换流程图。 具体实施方式  Figure 2 is a flow chart of switching between WTPs of STAs under the same AC. detailed description
参见图 1、 2 , 根据本发明的优选实施例, 其具体方法如下:  Referring to Figures 1 and 2, in accordance with a preferred embodiment of the present invention, the specific method is as follows:
1 ) STA通过目的 WTP与 AC进行重新关联连接;  1) The STA re-associates with the AC through the destination WTP;
1. 1 ) STA通过目的 WTP与 AC进行重新关联连接;  1. 1) The STA re-associates with the AC through the destination WTP;
上述步骤 1 1 ) 可以具体包括:  The above steps 1 1 ) may specifically include:
1. 1. 1 ) STA被动侦听目的 WTP的信标帧获得包括 WAPI信息元素在内的 目的 WTP的相关参数, 该 WAP I信息元素包括目的 WTP支持的鉴別及密钥管理 套件和密码套件等; 或者 STA主动向目的 WTP发送探询请求帧, 目的 WTP 1收 到 STA的探询请求帧后, 向 STA发送探询响应帧, STA收到探询响应帧即获 得包括 WAP I信息元素在内的目的 ΨΪΡ的相关参数, 该 WAP I信息元素包括目 的 WT Ρ支持的鉴別及密钥管理套件和密码套件等;  1. 1. 1) STA passive interception The WTP beacon frame of the destination obtains the relevant parameters of the destination WTP including the WAPI information element, which includes the authentication and key management suite and cipher suite supported by the destination WTP. Or the STA sends an inquiry request frame to the destination WTP. After receiving the inquiry request frame of the STA, the destination WTP 1 sends a probe response frame to the STA. After receiving the inquiry response frame, the STA obtains the destination including the WAP I information element. Related parameters, the WAP I information element includes the authentication and key management suite and cipher suite supported by the destination WT;
1. 1. 2 )在本地 MAC模式下, STA向目的 WTP发送链路验证请求帧, 请求 与目的 WTP之间的链路验证, 目的 WTP根据 STA的链路验证请求帧, 向 STA发 送链路验证响应帧; 在分离 MAC模式下, STA向 AC发送链路验证请求帧, 请 求与 AC之间的链路验证, AC根据 STA的链路验证请求帧, 向 STA发送链路验 证响应帧;  1. In the local MAC mode, the STA sends a link verification request frame to the destination WTP to request link verification with the destination WTP. The destination WTP sends a link to the STA according to the link verification request frame of the STA. Verifying the response frame; in the split MAC mode, the STA sends a link verification request frame to the AC, requesting link verification with the AC, and the AC sends a link verification response frame to the STA according to the link verification request frame of the STA;
1. 1. 3 )链路验证成功后, STA向 AC发送重新关联请求帧, 请求与 AC进 行重新关联, STA在重新关联请求帧中包含当前已关联 WTP的标识、 AC的标 识, 以及 WAP I信息元素以确定 STA选择的鉴别及密钥管理套件和密码套件 等, 其中, STA所选择的鉴别及密钥管理套件和密码套件等最好和其初次 与 AC关联时所选择的套件相同; AC解析 STA的重新关联请求帧, 向 STA发送 重新关联响应帧。 After the link is successfully authenticated, the STA sends a re-association request frame to the AC, requesting re-association with the AC. The STA includes the identifier of the currently associated WTP, the identity of the AC, and the WAP I in the re-association request frame. Information elements to determine the authentication and key management suite and cipher suite selected by the STA, etc., wherein the authentication and key management suite and cipher suite selected by the STA are preferably the first and the first The selected suite is the same as the one selected when the AC is associated; the AC resolves the STA's reassociation request frame and sends a reassociation response frame to the STA.
上述步骤 1 1 ) 也可以具体包括:  The above steps 1 1 ) may also specifically include:
1. 1. 1 ) 站点 STA被动侦听目的无线终端点 WTP的信标帧获得包括 WAP I 信息元素在内的目的无线终端点 WTP的参数, 该 WAP H言息元素包括目的无 线终端点 WTP支持的鉴别及密钥管理套件和密码套件;  1. 1. 1) The STA STA passively listens to the destination wireless terminal WTP beacon frame to obtain the WTP parameters of the destination wireless terminal point including the WAP I information element, and the WAP H message element includes the destination wireless terminal point WTP support. Authentication and key management suite and cipher suite;
1. 1. 2 ) 在分离 MAC模式中, 站点 STA向访问控制器 AC发送链路验证请 求帧, 请求与访问控制器 AC之间的链路验证, 访问控制器 AC根据站点 STA 的链路验证请求帧, 向站点 S TA发送链路验证响应帧;  1. 1. 2) In the split MAC mode, the station STA sends a link verification request frame to the access controller AC, requesting link verification with the access controller AC, and the access controller AC performs link verification according to the station STA. Requesting a frame, sending a link verification response frame to the station S TA;
1. 1. 3 )链路睑证成功后, 站点 STA向访问控制器 AC发送重新关联请求 帧, 请求与访问控制器 AC进行重新关联, 站点 STA在重新关联请求帧中包 含当前已关联无线终端点 WTP的标识、 访问控制器 AC的标识以及 WAP I信息 元素以确定站点 STA所选择的鉴別及密钥管理套件和密码套件, 其中, 站 点 STA所选择的鉴别及密钥管理套件和密码套件和其初次与访问控制器 AC 关联时所选择的鉴别及密钥管理套件、 密码套件相同; 访问控制器 AC解析 站点 STA的重新关联请求帧, 向站点 STA发送重新关联响应帧。  1. 1. 3) After the link authentication succeeds, the station STA sends a re-association request frame to the access controller AC, requesting re-association with the access controller AC, and the station STA includes the currently associated wireless terminal in the re-association request frame. Pointing the identity of the WTP, the identity of the access controller AC, and the WAP I information element to determine the authentication and key management suite and cipher suite selected by the site STA, wherein the authentication and key management suite and cipher suite selected by the site STA The authentication and key management suite and cipher suite are selected when they are first associated with the access controller AC; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
上述步骤 1 1 )还可以具体包括:  The above steps 1 1 ) may further include:
1. 1. 1 ) 站点 STA主动向目的无线终端点 WTP发送探询请求帧, 目的无 线终端点 WTP收到站点 STA的探询请求帧后, 向站点 STA发送探询响应帧, 站点 STA收到探询响应帧即获得包括 WAP I信息元素在内的目的无线终端点 WTP的参数, 该 WAP I信息元素包括目的无线终端点 WTP支持的鉴别及密钥管 理套件和密码套件;  1. 1. 1) The station STA actively sends a probe request frame to the destination wireless terminal point WTP. After receiving the inquiry request frame of the station STA, the destination wireless terminal point WTP sends a probe response frame to the station STA, and the station STA receives the probe response frame. That is, obtaining a parameter of a destination wireless terminal point WTP including a WAP I information element, where the WAP I information element includes an authentication and key management suite and a cipher suite supported by the destination wireless terminal point WTP;
1. 1. 2 )在本地 MAC模式中, 站点 STA向目的无线终端点 WTP发送链路验 证请求帧, 请求与目的无线终端点 WTP之间的链路验证, 目的无线终端点 WTP根据站点 STA的链路验证请求帧, 向站点 STA发送链路验证响应帧; 1. 1. 2) In the local MAC mode, the station STA sends a link verification request frame to the destination wireless terminal point WTP, requesting link verification with the destination wireless terminal point WTP, and the destination wireless terminal point WTP is based on the station STA. a link verification request frame, sending a link verification response frame to the station STA;
1. 1. 3 )链路险证成功后, 站点 STA向访问控制器 AC发送重新关联请求 帧, 请求与访问控制器 AC进行重新关联, 站点 STA在重新关联请求帧中包 含当前已关联无线终端点 WTP的标识、 访问控制器 AC的标识以及 WAP I信息 元素以确定站点 STA所选择的鉴别及密钥管理套件和密码套件, 其中, 站 点 ST A所选择的鉴别及密钥管理套件和密码套件和其初次与访问控制器 AC 关联时所选择的鉴别及密钥管理套件、 密码套件相同; 访问控制器 AC解析 站点 STA的重新关联请求帧, 向站点 STA发送重新关联响应帧。 1. 1. 3) After the link risk certificate is successful, the station STA sends a reassociation request to the access controller AC. The frame, the request is re-associated with the access controller AC, and the station STA includes the identifier of the currently associated wireless terminal point WTP, the identifier of the access controller AC, and the WAP I information element in the re-association request frame to determine the authentication selected by the station STA. And a key management suite and a cipher suite, wherein the authentication and key management suite and cipher suite selected by the site ST A are the same as the authentication and key management suite and cipher suite selected when initially associated with the access controller AC; The access controller AC resolves the reassociation request frame of the station STA, and sends a reassociation response frame to the station STA.
上述步骤 11 )还可以具体包括:  The above step 11) may further specifically include:
1.1.1 ) 站点 STA主动向目的无线终端点 WTP发送探询请求帧, 目的无 线终端点 WTP收到站点 STA的探询请求帧后, 向站点 STA发送探询响应帧, 站点 STA收到探询响应帧即获得包括 WAPI信息元素在内的目的无线终端点 WTP的参数, 该 WAPI信息元素包括目的无线终端点 WTP支持的鉴别及密钥管 理套件和密码套件;  1.1.1) The station STA actively sends a query request frame to the destination wireless terminal point WTP. After receiving the inquiry request frame of the station STA, the destination wireless terminal point WTP sends an inquiry response frame to the station STA, and the station STA obtains the inquiry response frame. A parameter of a destination wireless terminal point WTP including a WAPI information element, the WAPI information element including an authentication and key management suite and a cipher suite supported by the destination wireless terminal point WTP;
1.1.2 ) 在分离 MAC模式中, 站点 STA向访问控制器 AC发送链路验证请 求帧, 请求与访问控制器 AC之间的链路验证, 访问控制器 AC根据站点 STA 的链路验证请求帧, 向站点 STA发送链路 ^险证响应帧;  1.1.2) In the split MAC mode, the station STA sends a link verification request frame to the access controller AC, requesting link verification with the access controller AC, and the access controller AC according to the link verification request frame of the station STA Sending a link ^ risk response frame to the station STA;
1.1.3)链路验证成功后, 站点 STA向访问控制器 AC发送重新关联请求 帧, 请求与访问控制器 AC进行重新关联, 站点 STA在重新关联请求帧中包 含当前已关联无线终端点 WTP的标识、 访问控制器 AC的标识以及 WAP I信息 元素以确定站点 STA所选择的鉴别及密钥管理套件和密码套件, 其中, 站 点 ST A所选择的鉴别及密钥管理套件和密码套件和其初次与访问控制器 AC 关联时所选择的鉴别及密钥管理套件、 密码套件相同; 访问控制器 AC解析 站点 STA的重新关联请求帧, 向站点 STA发送重新关联响应帧。  1.1.3) After the link verification succeeds, the station STA sends a re-association request frame to the access controller AC, requesting re-association with the access controller AC, and the station STA includes the currently associated wireless terminal point WTP in the re-association request frame. Identifying, accessing the identity of the controller AC, and the WAP I information element to determine the authentication and key management suite and cipher suite selected by the site STA, wherein the authentication and key management suite and cipher suite selected by the site ST A and its initial The authentication and key management suite and cipher suite are selected when associated with the access controller AC; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
1.2 ) AC通知已关联 WTP删除 STA;  1.2) The AC notification is associated with the WTP deletion STA;
1.2.1 ) AC向已关联 WTP发送 CAPWAP Station Configuration Request 消息, 消息中包含 Delete Stat ion等消息元素;  1.2.1) The AC sends a CAPWAP Station Configuration Request message to the associated WTP, and the message includes a message element such as Delete Stat ion;
1.2.2 ) 已关联 WTP向 AC发送 CAPWAP Station Configuration Response 消息, 其中包含 Result Code消息元素, 用于标识对 CAPWAP Station Conf iguration Request ¾'息的处理结果。 1.2.2) Associated WTP sends CAPWAP Station Configuration Response to AC The message, which contains a Result Code message element, is used to identify the processing result of the CAPWAP Station Conf iguration Request.
1.3 ) AC通知目的 WTP加入 STA;  1.3) AC notification destination WTP joins STA;
1.3.1 ) AC向目的 WTP发送 CAPWAP Station Configuration Request消 息, 消息中包含 Add Station, GB15629. il Add Station, GB15629. il 1.3.1) The AC sends a CAPWAP Station Configuration Request message to the destination WTP. The message contains Add Station, GB15629. il Add Station, GB15629. il
Station Session Key等消息元素; 其中, GB15629.11 Station Session Key 消息元素中的 A被置为 1用于告知目的 WTP关闭受控端口, 仅转发来自对应 STA的 WAI协议数据; The message element such as the Station Session Key; wherein A of the GB15629.11 Station Session Key message element is set to 1 to inform the destination WTP to close the controlled port, and only forward the WAI protocol data from the corresponding STA;
1.3.2) 目的 WTP向 AC发送 CAPWAP Station Configuration Response 消息, 其中包含 Result Code消息元素, 用于标识对 CAPWAP Station Conf iguration Request ¾'息的处理结果。  1.3.2) Purpose The WTP sends a CAPWAP Station Configuration Response message to the AC, which contains a Result Code message element, which is used to identify the processing result of the CAPWAP Station Conf iguration Request.
2) STA与 AC基于 BK更新协商会话密钥;  2) STA and AC update the negotiation session key based on BK;
2.1 ) AC与 STA基于已协商的 BK进行 WAI单播密钥更新协商过程; 包括: 目的 WTP对来自 AC的由 CAPWAP数据封装格式封装的 WAI单播密钥协商数据 进行拆封后转发给 STA; 对来自 STA的 WAI单播密钥协商数据根据 CAPWAP数 据封装格式进行封装后发送给 AC;  2.1) The AC and the STA perform the WAI unicast key update negotiation process based on the negotiated BK. The method includes: the destination WTP decapsulates the WAI unicast key negotiation data encapsulated by the CAPWAP data encapsulation format from the AC, and then forwards the data to the STA; The WAI unicast key negotiation data from the STA is encapsulated according to the CAPWAP data encapsulation format and sent to the AC;
2.2 ) AC与 STA进行 WAI组播密钥更新通告过程; 包括: 目的 WTP对来自 AC的由 CAPWAP数据封装格式封装的 l组播密钥通告数据进行拆封后转发 给 STA; 对来自 STA的 WAI组播密钥通告数据根据 CAPWAP数据封装格式进行 封装后发送给 AC。  The process of the WAI multicast key update notification is performed by the AC and the STA. The destination WTP decapsulates the multicast key advertisement data encapsulated by the CAPWAP data encapsulation format from the AC and forwards it to the STA. The multicast key advertisement data is encapsulated according to the CAPWAP data encapsulation format and then sent to the AC.
3 ) AC与目的 WTP进行密钥同步;  3) AC and destination WTP perform key synchronization;
3.1 ) AC向目的 WTP发送 CAPWAP Station Configuration Request消息, 消息中包含 Add Station, GB15629.11 Add Station, GB15629.11 Station Session Key, GB 15629.11 Information Element等消息元素; 根据 Add Station消息元素中 STA的 MAC地址, 目的 WTP1打开与之对应的受控端口, 转发来自该 STA的所有数据, 包括 l协议数据和非 WAI协议数据; 3.2 ) 目的 WTP向 AC发送 CAPWAP Station Configuration Response消 息, 其中包含 Result Code消息元素, 用于标识对 CAPWAP Station Conf iguration Request 息的处理结果。 本发明还提供了一种会聚式 WLAN中由 WTP完成 W I时的站点 ST A切换系 统, 该系统包括访问控制器 AC、 目的无线终端点 WTP、 已关联 WTP以及站点 STA; 站点 STA用于通过目的无线终端点 WTP与访问控制器 AC进行重新关联 连接; 访问控制器 AC用于通知已关联无线终端点 WTP删除站点 STA以及通知 目的无线终端点 WTP加入站点 STA; 站点 STA还用于与访问控制器 AC基于已 协商的基密钥更新协商会话密钥; 访问控制器 AC还用于与目的无线终端点 WTP进行密钥同步。 最后应说明的是: 以上实施例仅用以说明本发明的技术方案, 而非对其 限制; 尽管参照前述实施例对本发明进行了详细的说明, 本领域的普通技术 人员应当理解: 其依然可以对前述各实施例所记载的技术方案进行修改, 或 者对其中部分技术特征进行等同替换; 而这些修改或者替换, 并不使相应技 术方案的本质脱离本发明各实施例技术方案的精神和范围。 3.1) The AC sends a CAPWAP Station Configuration Request message to the destination WTP. The message includes the message elements such as Add Station, GB15629.11 Add Station, GB15629.11 Station Session Key, GB 15629.11 Information Element; according to the MAC address of the STA in the Add Station message element. , the destination WTP1 opens the corresponding controlled port, and forwards all data from the STA, including protocol data and non-WAI protocol data; 3.2) The destination WTP sends a CAPWAP Station Configuration Response message to the AC, which contains a Result Code message element, which is used to identify the processing result of the CAPWAP Station Conf iguration Request information. The present invention also provides a site ST A handover system when a WI is completed by WTP in a convergence WLAN, the system includes an access controller AC, a destination wireless terminal point WTP, an associated WTP, and a station STA; The wireless terminal point WTP is re-associated with the access controller AC; the access controller AC is used to notify the associated wireless terminal point WTP to delete the station STA and notify the destination wireless terminal point WTP to join the station STA; the station STA is also used to access the controller The AC updates the negotiation session key based on the negotiated base key; the access controller AC is also used for key synchronization with the destination wireless terminal point WTP. It should be noted that the above embodiments are only for explaining the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that: The technical solutions described in the foregoing embodiments are modified, or some of the technical features are equivalently replaced. The modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

权 利 要 求 书 Claims
1、 一种会聚式 WLAN中由 WTP完成 WP I时的 STA切换方法, 其特征 在于, 包括:  A STA switching method when a WP I is completed by a WTP in a convergence WLAN, which is characterized in that:
步骤 1、 站点 STA通过目的无线终端点 WTP与访问控制器 AC进行重新关 联连接;  Step 1. The STA STA reconnects with the access controller AC through the destination wireless terminal point WTP.
步骤 2、站点 STA与访问控制器 AC基于已协商的基密钥更新协商会话密 钥;  Step 2. The STA and the access controller AC update the negotiation session key based on the negotiated base key;
步骤 3、 访问控制器 AC与目的无线终端点 WTP进行密钥同步。  Step 3. The access controller AC and the destination wireless terminal point WTP perform key synchronization.
1、 根据权利要求 1所述的会聚式 WLAN中由 WTP完成 W I时的 STA切换方 法, 其特征在于, 所述步骤 1包括:  The STA switching method when the W1 is completed by the WTP in the convergence WLAN according to claim 1, wherein the step 1 includes:
步骤 11、站点 STA通过目的无线终端点 WTP与访问控制器 AC进行重新关 联连接;  Step 11. The STA STA reconnects with the access controller AC through the destination wireless terminal point WTP.
步骤 12、 访问控制器 AC通知已关联无线终端点 WTP删除站点 STA; 步骤 1 3、 访问控制器 AC通知目的无线终端点 WTP加入站点 STA。  Step 12: The access controller AC notifies the associated wireless terminal point that the WTP deletes the STA; Step 1 3. The access controller AC notifies the destination wireless terminal that the WTP joins the STA.
3、 根据权利要求 2所述的会聚式 WLAN中由 WTP完成 WP I时的 STA切换方 法, 其特征在于, 所述步骤 1 1包括:  The STA switching method when the WP I is completed by the WTP in the convergence WLAN according to claim 2, wherein the step 1 1 includes:
步骤 1 1 1、 站点 STA被动侦听目的无线终端点 WTP的信标帧获得包括 WAPI信息元素在内的目的无线终端点 WTP的参数, 该 WAPI信息元素包括目 的无线终端点 WTP支持的鉴别及密钥管理套件和密码套件;  Step 1 1 1. The STA of the station STA passively listens to the target wireless terminal WTP to obtain the WTP parameter of the destination wireless terminal point including the WAPI information element, and the WAPI information element includes the authentication and confidentiality supported by the destination wireless terminal point WTP. Key management suite and cipher suite;
步骤 11 2、 在本地 MAC模式中, 站点 STA向目的无线终端点 WTP发送链路 验证请求帧, 请求与目的无线终端点 WTP之间的链路验证, 目的无线终端 点 WTP根据站点 STA的链路验证请求帧, 向站点 STA发送链路验证响应帧; 步骤 11 3、 链路验证成功后, 站点 STA向访问控制器 AC发送重新关联请 求帧, 请求与访问控制器 AC进行重新关联, 站点 STA在重新关联请求帧中 包含当前已关联无线终端点 WTP的标识、 访问控制器 AC的标识以及 WAP I信 息元素以确定站点 STA所选择的鉴别及密钥管理套件和密码套件, 其中, 站点 STA所选择的鉴别及密钥管理套件和密码套件和其初次与访问控制器 AC关联时所选择的鉴别及密钥管理套件、 密码套件相同; 访问控制器 AC解 析站点 STA的重新关联请求帧, 向站点 STA发送重新关联响应帧。 Step 11 2. In the local MAC mode, the station STA sends a link verification request frame to the destination wireless terminal point WTP, requesting link verification with the destination wireless terminal point WTP, and the destination wireless terminal point WTP is based on the link of the station STA. Verifying the request frame, sending a link verification response frame to the station STA; Step 11 3. After the link verification is successful, the station STA sends a re-association request frame to the access controller AC, requesting re-association with the access controller AC, and the station STA is The re-association request frame includes an identifier of the currently associated wireless terminal point WTP, an identifier of the access controller AC, and a WAP I information element to determine an authentication and key management suite and a cipher suite selected by the station STA, where The authentication and key management suite and cipher suite selected by the station STA are the same as the authentication and key management suite and cipher suite selected when initially associated with the access controller AC; the access controller AC resolves the re-association request frame of the station STA Send a reassociation response frame to the STA.
4、 根据权利要求 2所述的会聚式 WLAN中由 WTP完成 WP I时的 STA切换方 法, 其特征在于, 所述步骤 1 1包括:  The STA switching method when the WP I is completed by the WTP in the convergence WLAN according to claim 2, wherein the step 1 1 includes:
步骤 1 1 1、 站点 STA被动侦听目的无线终端点 WTP的信标帧获得包括 WAPI信息元素在内的目的无线终端点 WTP的参数, 该 WAPI信息元素包括目 的无线终端点 WTP支持的鉴别及密钥管理套件和密码套件;  Step 1 1 1. The STA of the station STA passively listens to the target wireless terminal WTP to obtain the WTP parameter of the destination wireless terminal point including the WAPI information element, and the WAPI information element includes the authentication and confidentiality supported by the destination wireless terminal point WTP. Key management suite and cipher suite;
步骤 1 12、 在分离 MAC模式中, 站点 STA向访问控制器 AC发送链路验证 请求帧,请求与访问控制器 AC之间的链路验证,访问控制器 AC根据站点 STA 的链路验证请求帧, 向站点 S TA发送链路验证响应帧;  Step 1 12: In the split MAC mode, the station STA sends a link verification request frame to the access controller AC, requesting link verification with the access controller AC, and the access controller AC determines the frame according to the link verification request of the station STA. Sending a link verification response frame to the station S TA;
步骤 11 3、 链路验证成功后, 站点 STA向访问控制器 AC发送重新关联请 求帧, 请求与访问控制器 AC进行重新关联, 站点 STA在重新关联请求帧中 包含当前已关联无线终端点 WTP的标识、 访问控制器 AC的标识以及 WAP I信 息元素以确定站点 STA所选择的鉴别及密钥管理套件和密码套件, 其中, 站点 STA所选择的鉴别及密钥管理套件和密码套件和其初次与访问控制器 AC关联时所选择的鉴别及密钥管理套件、 密码套件相同; 访问控制器 AC解 析站点 STA的重新关联请求帧, 向站点 STA发送重新关联响应帧。  Step 11 3. After the link verification succeeds, the STA sends a re-association request frame to the access controller AC, and requests the re-association with the access controller AC. The station STA includes the currently associated wireless terminal point WTP in the re-association request frame. Identifying, accessing the identity of the controller AC, and the WAP I information element to determine the authentication and key management suite and cipher suite selected by the site STA, wherein the authentication and key management suite and cipher suite selected by the site STA and its initial The authentication and key management suite and cipher suite selected when accessing the controller AC association are the same; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
5、 根据权利要求 2所述的会聚式 WLAN中由 WTP完成 WP I时的 STA切换方 法, 其特征在于, 所述步骤 1 1包括:  The STA switching method when the WP I is completed by the WTP in the convergence WLAN according to claim 2, wherein the step 1 1 includes:
步骤 1 11、 站点 STA主动向目的无线终端点 WTP发送探询请求帧, 目的 无线终端点 WTP收到站点 STA的探询请求帧后, 向站点 STA发送探询响应帧, 站点 STA收到探询响应帧即获得包括 WAP I信息元素在内的目的无线终端点 WTP的参数, 该 WAP I信息元素包括目的无线终端点 WTP支持的鉴別及密钥管 理套件和密码套件;  Step 1 11. The station STA actively sends a query request frame to the destination wireless terminal point WTP. After receiving the inquiry request frame of the station STA, the destination wireless terminal point WTP sends an inquiry response frame to the station STA, and the station STA obtains the inquiry response frame. a destination wireless terminal point WTP parameter including a WAP I information element, the WAP I information element includes an authentication and key management suite and a cipher suite supported by the destination wireless terminal point WTP;
步骤 11 2、 在本地 MAC模式中, 站点 STA向目的无线终端点 WTP发送链路 验证请求帧, 请求与目的无线终端点 WTP之间的链路验证, 目的无线终端 点 WTP根据站点 STA的链路验证请求帧, 向站点 STA发送链路验证响应帧; 步骤 11 3、 链路验证成功后, 站点 STA向访问控制器 AC发送重新关联请 求帧, 请求与访问控制器 AC进行重新关联, 站点 STA在重新关联请求帧中 包含当前已关联无线终端点 WTP的标识、 访问控制器 AC的标识以及 WAP I信 息元素以确定站点 STA所选择的鉴别及密钥管理套件和密码套件, 其中, 站点 STA所选择的鉴别及密钥管理套件和密码套件和其初次与访问控制器 AC关联时所选择的鉴别及密钥管理套件、 密码套件相同; 访问控制器 AC解 析站点 STA的重新关联请求帧, 向站点 STA发送重新关联响应帧。 Step 11 2. In the local MAC mode, the station STA sends a link to the destination wireless terminal point WTP. Verifying the request frame, requesting link verification with the destination wireless terminal point WTP, and the destination wireless terminal point WTP sends a link verification response frame to the station STA according to the link verification request frame of the station STA; Step 11 3. Link verification After successful, the station STA sends a re-association request frame to the access controller AC, and the request is re-associated with the access controller AC. The station STA includes the identifier of the currently associated wireless terminal point WTP in the re-association request frame, and accesses the controller AC. And the WAP I information element to determine an authentication and key management suite and cipher suite selected by the STA, wherein the authentication and key management suite and cipher suite selected by the STA are associated with the access controller AC for the first time The selected authentication and key management suite and cipher suite are the same; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA.
6、 根据权利要求 2所述的会聚式 WLAN中由 WTP完成 WP I时的 STA切换方 法, 其特征在于, 所述步骤 1 1包括:  The STA switching method when the WP I is completed by the WTP in the convergence WLAN according to claim 2, wherein the step 1 1 includes:
步骤 1 11、 站点 STA主动向目的无线终端点 WTP发送探询请求帧, 目的 无线终端点 WTP收到站点 STA的探询奇求帧后, 向站点 STA发送探询响应帧, 站点 STA收到探询响应帧即获得包括 WAP I信息元素在内的目的无线终端点 WTP的参数, 该 WAP I信息元素包括目的无线终端点 WTP支持的鉴别及密钥管 理套件和密码套件;  Step 1 11. The station STA actively sends a query request frame to the destination wireless terminal point WTP. After receiving the inquiry request frame of the station STA, the destination wireless terminal point WTP sends an inquiry response frame to the station STA, and the station STA receives the inquiry response frame. Obtaining a parameter of a destination wireless terminal point WTP including a WAP I information element, the WAP I information element including an authentication and key management suite and a cipher suite supported by the destination wireless terminal point WTP;
步骤 1 12、 在分离 MAC模式中, 站点 STA向访问控制器 AC发送链路验证 请求帧,请求与访问控制器 AC之间的链路验证,访问控制器 AC根据站点 STA 的链路验证请求帧, 向站点 S TA发送链路验证响应帧;  Step 1 12: In the split MAC mode, the station STA sends a link verification request frame to the access controller AC, requesting link verification with the access controller AC, and the access controller AC determines the frame according to the link verification request of the station STA. Sending a link verification response frame to the station S TA;
步骤 11 3、 链路险证成功后, 站点 STA向访问控制器 AC发送重新关联请 求帧, 请求与访问控制器 AC进行重新关联, 站点 STA在重新关联请求帧中 包含当前已关联无线终端点 WTP的标识、 访问控制器 AC的标识以及 WAP I信 息元素以确定站点 STA所选择的鉴别及密钥管理套件和密码套件, 其中, 站点 STA所选择的鉴別及密钥管理套件和密码套件和其初次与访问控制器 AC关联时所选择的鉴别及密钥管理套件、 密码套件相同; 访问控制器 AC解 析站点 STA的重新关联请求帧, 向站点 STA发送重新关联响应帧。 7、 根据权利要求 2-6任一所述的会聚式 WLAN中由 WTP完成 WPI时的 STA 切换方法, 其特征在于, 所述步骤 1 2包括: Step 11 3. After the link insurance certificate is successful, the STA sends a re-association request frame to the access controller AC, and requests to re-associate with the access controller AC. The station STA includes the currently associated wireless terminal point WTP in the re-association request frame. Identification, access controller AC identity, and WAP I information element to determine the authentication and key management suite and cipher suite selected by the site STA, wherein the site STA selects the authentication and key management suite and cipher suite and The authentication and key management suite and cipher suite are selected when initially associated with the access controller AC; the access controller AC resolves the re-association request frame of the station STA, and sends a re-association response frame to the station STA. The STA switching method when the WPI is completed by the WTP in the convergence WLAN according to any one of claims 2-6, wherein the step 12 includes:
步骤 121、 访问控制器 AC向已关联的无线终端点 WTP发送无线接入点控 制与配置协议 C APWAP站点 S TA配置请求消息, 该消息中包含删除站点 ST A等 消息元素;  Step 121: The access controller AC sends a wireless access point control and configuration protocol to the associated wireless terminal point WTP. The AP APAP site S TA configuration request message includes a message element such as deleting the station ST A;
步骤 122、 已关联的无线终端点 WTP向访问控制器 AC发送 C AP WAP站点 STA配置响应消息, 该消息中包含结果码消息元素, 用于标识对 CAPWAP站 点 STA配置响应消息的处理结果。  Step 122: The associated wireless terminal point WTP sends a C AP WAP station STA configuration response message to the access controller AC, where the message includes a result code message element, which is used to identify the processing result of the CAPWAP site STA configuration response message.
8、 根据权利要求 2-7任一所述的会聚式 WLAN中由 WTP完成 WPI时的 STA 切换方法, 其特征在于, 所述步骤 1 3包括:  The STA switching method when the WPI is completed by the WTP in the convergence WLAN according to any one of claims 2-7, wherein the step 13 includes:
步骤 1 31、 访问控制器 AC向目的无线终端点 WTP发送 CAPWAP站点 STA配 置请求消息, 该消息中包含加入站点 STA、 GB1 5629. 1 1加入站点 STA、 GB15629. 1 1站点 STA会话密钥消息元素; 其中, GB15629. 1 1站点 STA会话密 钥消息元素中的 A被置为 1用于告知目的无线终端点 WTP关闭受控端口, 仅 转发来自对应站点 STA的 WA I协议数据;  Step 1 31: The access controller AC sends a CAPWAP station STA configuration request message to the destination wireless terminal point WTP, where the message includes the joining station STA, GB1 5629. 1 1 joins the station STA, GB15629. 1 1 STA STA session key message element Wherein, A of the GB15629.1 site STA session key message element is set to 1 for informing the destination wireless terminal that the WTP closes the controlled port, and only forwards the WA I protocol data from the corresponding station STA;
步骤 1 32、 目的无线终端点 WTP向访问控制器 AC发送 CAPWAP站点 STA配 置响应消息, 其中包含结果码消息元素, 用于标识对 CAPWAP站点 STA配置 响应消息的处理结果。  Step 1 32. Destination wireless terminal point The WTP sends a CAPWAP STA STA configuration response message to the access controller AC, which includes a result code message element, which is used to identify the processing result of the STA configuration response message to the CAPWAP station.
9、 根据权利要求 1-8任一所述的会聚式 WLAN中由 WTP完成 WPI时的 STA 切换方法, 其特征在于, 所述步骤 2具体包括:  The STA switching method when the WTP is completed by the WTP in the convergence WLAN according to any one of claims 1 to 8, wherein the step 2 specifically includes:
步骤 21、访问控制器 A C与站点 S T A基于已协商的基密钥进行 I单播密 钥更新协商过程; 包括: 目的无线终端点 WTP对来自访问控制器 AC的按照 CAPWAP数据封装格式封装的 WA I单播密钥协商数据进行拆封后转发给站点 STA; 对来自站点 STA的 WAI单播密钥协商数据按照 CAPWAP数据封装格式进 行封装后发送给访问控制器 AC;  Step 21: The access controller AC and the station STA perform an I unicast key update negotiation process based on the negotiated base key. The method includes: the destination wireless terminal point WTP pairs the WA I encapsulated in the CAPWAP data encapsulation format from the access controller AC. The unicast key negotiation data is decapsulated and then forwarded to the STA; the WAI unicast key negotiation data from the STA is encapsulated in the CAPWAP data encapsulation format and sent to the access controller AC;
步骤 22、 访问控制器 AC与站点 STA进行 WAI组播密钥更新通告过程; 包 括: 目的无线终端点 WTP对来自访问控制器 AC的按照 CAPWAP数据封装格式 封装的 WA I组播密钥通告数据进行拆封后转发给站点 STA; 对来自站点 STA 的 WA I组播密钥通告数据按照 C APWAP数据封装格式进行封装后发送给访问 控制器 AC。 Step 22: The access controller AC and the station STA perform a WAI multicast key update notification process; The destination wireless terminal point WTP decapsulates the WA I multicast key advertisement data encapsulated in the CAPWAP data encapsulation format from the access controller AC and forwards it to the station STA; and advertises the WA I multicast key from the station STA. The data is encapsulated in the C APWAP data encapsulation format and sent to the access controller AC.
10、根据权利要求 1 -9任一所述的会聚式 WLAN中由 WTP完成 WPI时的 STA 切换方法, 其特征在于, 所述步骤 3包括:  The STA switching method when the WPI is completed by the WTP in the convergence WLAN according to any one of claims 1 to 9, wherein the step 3 includes:
步骤 31、访问控制器 AC向目的无线终端点 WTP发送 CAPWAP站点 STA配置 请求消息, 该消息中包含加入站点 STA、 GB1 5629. 1 1加入站点 STA、 GB15629. 1 1站点 STA会话密钥、 GB 15629. 1 1信息元素等消息元素; 4艮据加 入站点 STA消息元素中站点 STA的 MAC地址, 目的无线终端点 WTP打开与之对 应的受控端口,转发来自该站点 STA的所有数据,包括 WAI协议数据和非 WAI 协议数据;  Step 31: The access controller AC sends a CAPWAP site STA configuration request message to the destination wireless terminal point WTP, where the message includes the joining station STA, GB1 5629. 1 1 joins the station STA, GB15629. 1 1 station STA session key, GB 15629 1 1 message element such as information element; 4) according to the MAC address of the station STA in the STA message element of the joining station, the destination wireless terminal point WTP opens the corresponding controlled port, and forwards all data from the STA of the station, including the WAI protocol. Data and non-WAI protocol data;
步骤 32、 目的无线终端点 WTP向访问控制器 AC发送 CAPWAP站点 STA配置 响应消息, 其中包含结果码消息元素, 用于标识对 CAPWAP站点 STA配置响 应消息的处理结果。  Step 32: The destination wireless terminal point WTP sends a CAPWAP station STA configuration response message to the access controller AC, which includes a result code message element, which is used to identify the processing result of the STA configuration response message to the CAPWAP station.
11、 一种会聚式 WLAN中由 WTP完成 WP I时的 STA切换系统, 其特征在于, 所述系统包括访问控制器 AC、 目的无线终端点 WTP、 已关联 WTP以及站点 STA; 所述站点 STA用于通过目的无线终端点 WTP与访问控制器 AC进行重新 关联连接; 所述访问控制器 AC用于通知已关联无线终端点 WTP删除站点 STA 以及通知目的无线终端点 WTP加入站点 STA ; 所述站点 STA还用于与访问控 制器 AC基于已协商的基密钥更新协商会话密钥; 所述访问控制器 AC还用于 与目的无线终端点 WTP进行密钥同步。  A STA switching system when a WP I is completed by a WTP in a convergence WLAN, wherein the system includes an access controller AC, a destination wireless terminal point WTP, an associated WTP, and a station STA; Re-associating the connection with the access controller AC through the destination wireless terminal point WTP; the access controller AC is configured to notify the associated wireless terminal point WTP to delete the station STA and notify the destination wireless terminal point WTP to join the station STA; It is further configured to update the negotiation session key with the access controller AC based on the negotiated base key; the access controller AC is further configured to perform key synchronization with the destination wireless terminal point WTP.
PCT/CN2009/075899 2009-05-14 2009-12-23 Station (sta) switching method and system while completing wireless local area network privacy infrastructure (wpi) by wireless terminal point (wtp) in convergent wlan WO2010130138A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910022523.5 2009-05-14
CN2009100225235A CN101557591B (en) 2009-05-14 2009-05-14 STA switching method for completing WPI by WTP in convergent-type WLAN and system thereof

Publications (1)

Publication Number Publication Date
WO2010130138A1 true WO2010130138A1 (en) 2010-11-18

Family

ID=41175480

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/075899 WO2010130138A1 (en) 2009-05-14 2009-12-23 Station (sta) switching method and system while completing wireless local area network privacy infrastructure (wpi) by wireless terminal point (wtp) in convergent wlan

Country Status (2)

Country Link
CN (1) CN101557591B (en)
WO (1) WO2010130138A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101557591B (en) * 2009-05-14 2011-01-26 西安西电捷通无线网络通信股份有限公司 STA switching method for completing WPI by WTP in convergent-type WLAN and system thereof
WO2021114149A1 (en) * 2019-12-11 2021-06-17 北京小米移动软件有限公司 Reassociation indication method and apparatus, and communication device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101079891A (en) * 2007-06-15 2007-11-28 清华大学 Wireless switching network re-authentication method based on wireless LAN secure standard WAPI
CN101557592A (en) * 2009-05-14 2009-10-14 西安西电捷通无线网络通信有限公司 STA roaming switching method for completing WPI by AC in convergent-type WLAN and system thereof
CN101557591A (en) * 2009-05-14 2009-10-14 西安西电捷通无线网络通信有限公司 STA switching method for completing WPI by WTP in convergent-type WLAN and system thereof
CN101562812A (en) * 2009-05-14 2009-10-21 西安西电捷通无线网络通信有限公司 STA switching method when WPI is finished by AC in convergence type WLAN and system thereof
CN101562811A (en) * 2009-05-14 2009-10-21 西安西电捷通无线网络通信有限公司 STA roaming switching method when WPI is finished by WTP in convergence type WLAN and system thereof

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4280594B2 (en) * 2003-10-01 2009-06-17 キヤノン株式会社 Wireless communication system, control device, communication device, control method, and program
CN101247295A (en) * 2007-02-13 2008-08-20 华为技术有限公司 Method and device for acquiring access controller information in wireless local area network
CN100566240C (en) * 2007-11-16 2009-12-02 西安西电捷通无线网络通信有限公司 A kind of WAPI unicast key negotiation method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101079891A (en) * 2007-06-15 2007-11-28 清华大学 Wireless switching network re-authentication method based on wireless LAN secure standard WAPI
CN101557592A (en) * 2009-05-14 2009-10-14 西安西电捷通无线网络通信有限公司 STA roaming switching method for completing WPI by AC in convergent-type WLAN and system thereof
CN101557591A (en) * 2009-05-14 2009-10-14 西安西电捷通无线网络通信有限公司 STA switching method for completing WPI by WTP in convergent-type WLAN and system thereof
CN101562812A (en) * 2009-05-14 2009-10-21 西安西电捷通无线网络通信有限公司 STA switching method when WPI is finished by AC in convergence type WLAN and system thereof
CN101562811A (en) * 2009-05-14 2009-10-21 西安西电捷通无线网络通信有限公司 STA roaming switching method when WPI is finished by WTP in convergence type WLAN and system thereof

Also Published As

Publication number Publication date
CN101557591A (en) 2009-10-14
CN101557591B (en) 2011-01-26

Similar Documents

Publication Publication Date Title
CN110945892B (en) Security implementation method, related device and system
US7275157B2 (en) Facilitating 802.11 roaming by pre-establishing session keys
KR101467780B1 (en) Method for handover between heterogeneous radio access networks
EP1561331B1 (en) A method for fast, secure 802.11 re-association without additional authentication, accounting, and authorization infrastructure
WO2010130133A1 (en) Method and system for station switching when wpi is implemented by access controller in convergent wlan
KR101490243B1 (en) A Method of establishing fast security association for handover between heterogeneous radio access networks
CN107690138B (en) Fast roaming method, device, system, access point and mobile station
KR20110045796A (en) Method and system for managing security in mobile communication system
WO2010000185A1 (en) A method, apparatus, system and server for network authentication
WO2013166934A1 (en) Method and apparatus for performing roaming handover
WO2007097101A1 (en) Radio access system and radio access method
WO2011137823A1 (en) Key insulation method and device
US8819778B2 (en) Method and system for switching station in centralized WLAN when WPI is performed by access controller
WO2010130191A1 (en) Authentication method of switching access networks, system and device thereof
WO2010130132A1 (en) Method and system for station switching when wireless terminal point completes wpi in convergent wlan
WO2010130198A1 (en) Method, system and equipment for handover between access networks
WO2010130138A1 (en) Station (sta) switching method and system while completing wireless local area network privacy infrastructure (wpi) by wireless terminal point (wtp) in convergent wlan
WO2011000333A1 (en) Method, device and system for heterogeneous network intercommunication entity to choose object access network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09844549

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09844549

Country of ref document: EP

Kind code of ref document: A1