WO2012151905A1 - Method and device for network handover - Google Patents

Method and device for network handover Download PDF

Info

Publication number
WO2012151905A1
WO2012151905A1 PCT/CN2011/082329 CN2011082329W WO2012151905A1 WO 2012151905 A1 WO2012151905 A1 WO 2012151905A1 CN 2011082329 W CN2011082329 W CN 2011082329W WO 2012151905 A1 WO2012151905 A1 WO 2012151905A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
wlan network
authentication
terminal
wlan
Prior art date
Application number
PCT/CN2011/082329
Other languages
French (fr)
Chinese (zh)
Inventor
岳晓贫
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012151905A1 publication Critical patent/WO2012151905A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to the field of communications, and in particular to a network switching method and apparatus.
  • a method for switching between a WLAN (Wireless Local Area Networks) network and a non-WLAN network has a long network switching time and a low handover success rate, and the handover is likely to cause network access discontinuity.
  • the WLAN network browses the webpage. If the WLAN network signal strength is low and needs to be switched to the non-WLAN network, the terminal needs to disconnect the WLAN network, and after the non-WLAN network is authenticated and associated, the terminal can continue to browse the webpage; currently browsing the webpage through the non-WLAN network.
  • a network switching method including: performing pre-identification authentication with a detected target network after the terminal is associated with the current network; and after the pre-identification is successful, the terminal directly Switch to the target network.
  • the above current network includes one of the following: a WLAN network, a non-WLAN network; the above target network includes one of the following: a WLAN network, a non-WLAN network.
  • the terminal performs pre-authentication with the target network, including: The terminal invokes SIM (Subscriber Identity)
  • the authentication information in the Module (User Identification Module) or USIM (Universal Subscriber Identity Module) establishes the identity authentication process between the terminal and the target network through the current network.
  • the terminal invokes the authentication information in the SIM or the USIM to establish an identity authentication process between the terminal and the target network through the current network, including: the terminal and the non-WLAN network are connected to the WLAN network through the terminal.
  • the AP Access Point, access point
  • the AP and the non-WLAN network pass the authentication server of the non-WLAN network and the RADIUS (Remote Authentication Dial In User Service) authentication service of the WLAN network.
  • the wired network between the devices transmits key information, wherein the encryption mode of the key information follows a transmission protocol of the SIM authentication within the WLAN network.
  • the preset condition includes at least one of the following: a signal strength of the WLAN network is lower than a preset threshold, a frame error rate of data transmission between the terminal and the WLAN network is higher than a preset threshold, and a signal noise of data transmission between the terminal and the WLAN network A non-WLAN network is detected below the preset threshold.
  • the terminal invokes the authentication information in the SIM or the USIM to establish an identity authentication process between the terminal and the target network through the current network, including: the terminal and the WLAN network are transmitted through the authentication server of the non-WLAN network.
  • Authentication information; the non-WLAN network and the WLAN network transmit key information through a wired network between the authentication server of the non-WLAN network and the RADIUS authentication server of the WLAN network, and the RADIUS authentication server transmits the key information to the RADIUS authentication server.
  • the associated AP wherein the key information encryption mode follows the SIM authentication transmission protocol of the non-WLAN network and the WLAN network.
  • the preset condition includes at least one of the following: a WLAN network is detected, and a signal strength of the detected WLAN network is greater than a preset threshold.
  • the foregoing authentication information includes: a source code for generating an authentication key, a framing detail of a key frame, a check of a key frame, and a integrity of the key; the key information includes: an encryption mode and an authentication encrypted using the encryption mode Information, wherein the encryption mode includes at least one of the following: non-encrypted mode, RC4 encryption method in WEP (Wired Equivalent Privacy) protocol, WPA (Wi-Fi Protected Access) protocol TKIP (Temporal Key Integrity Protocol) encryption method, AES (Advanced Encryption Standard) encryption method in WPA2 protocol, WAPI (Wireless LAN Authentication and Privacy Infrastructure) WPI (WLAN privacy infrastructure) - SMS4 (Packet Encryption Algorithm) encryption method.
  • WEP Wi-Fi Protected Access
  • TKIP Temporal Key
  • a network switching apparatus located on a terminal, including: a pre-authentication module, configured to perform pre-identification with the detected target network after the terminal is associated with the current network; , set to switch the terminal directly to the target network when the pre-conditions are met after the pre-authentication is successful.
  • the current network includes one of the following: a WLAN network, a non-WLAN network; the foregoing target network includes one of the following: a WLAN network, a non-WLAN network.
  • the present invention solves the prior art by adopting a scheme in which a terminal performs pre-identification with a detected target network that may become a handover target after being associated with the current network, and directly switches to the target network after the preset condition is satisfied.
  • the problem that the network switching time is long and the handover is easy to cause network access discontinuity, thereby reducing the switching time and eliminating the network interruption caused by the handover.
  • FIG. 1 is a flowchart of a network switching method according to an embodiment of the present invention
  • FIG. 2 is a functional structural diagram of a terminal according to an example of the present invention
  • FIG. 3 is a WLAN network switching to a non-WLAN network according to an example of the present invention
  • FIG. 4 is a schematic diagram of a pre-authentication key sharing invocation procedure of a WLAN network switching to a non-WLAN network according to an example of the present invention
  • FIG. 5 is a schematic diagram of a process of switching a non-WLAN network to a WLAN network according to an example of the present invention
  • 6 is a schematic diagram of a pre-authentication key invocation procedure of a non-WLAN network switching to a WLAN network according to an example of the present invention
  • FIG. 7 is a structural block diagram of a network switching apparatus according to an embodiment of the present invention.
  • the network switching method according to the embodiment of the present invention includes: Step S102: After the terminal is associated with the current network, perform pre-identification authentication with the detected target network. Step S104: After the pre-identification authentication succeeds, the terminal is pre- When the condition is met, switch directly to the target network.
  • the current network includes one of the following: a WLAN network, a non-WLAN network; the foregoing target network includes one of the following: a WLAN network, a non-WLAN network.
  • Pre-authentication is a way to speed up association transfers. From the workstation to the new access point, to the new access point to start transmitting frames to the workstation, authentication is the most likely delay in this period of time, the purpose of pre-authentication is to shorten this time, before the need This time-consuming operation establishes a mutual authentication relationship.
  • the workstation must be authenticated before being associated with the access point, but the 802.11 standard, a commonly used wireless LAN standard, does not require an immediate association after low-level authentication.
  • the workstation can perform 802.11 authentication with several access points, so that association operations can be performed immediately when needed. This is called pre-authentication.
  • the benefit of pre-authentication is that once access to the coverage of the access point, the workstation can immediately re-associate with the access point without having to wait for the authentication exchange process.
  • the pre-authentication is mainly performed between the APs of the WLAN network.
  • the current access point AP that has established a security association with the STA (Site) interacts with the destination AP after receiving the pre-authentication data sent by the STA.
  • the mutual authentication of the certificate If the verification result of the certificate of the destination AP is valid, the current AP sends the key information of the security association associated with the STA to the destination AP.
  • the destination AP stores the key information, and the key information includes The STA negotiates the generated base key with the current AP.
  • the method provided in this embodiment fully utilizes the idea of pre-authentication in the foregoing pre-authentication mechanism, and creatively applies it to the process of switching between a WLAN network and a non-WLAN network, that is, the terminal is switched from the WLAN network to the non-WLAN.
  • the process of switching to a WLAN network or a non-WLAN network to a WLAN network is achieved.
  • the terminal After being connected to the current network (WLAN network or non-WLAN network), the terminal performs pre-authentication with the currently detected target network (non-WLAN network or WLAN network) that may become the handover target.
  • the switching conditions (the setting of the switching conditions can be flexibly selected according to the current network and the target network and the specific needs of the application scenario).
  • the target network can be directly switched, thereby greatly reducing the switching time. Avoid network disconnection caused by switching.
  • the method proposed in this embodiment is mainly directed to the handover between the WLAN network and the non-WLAN network, but it is obvious that the method proposed in this embodiment can be applied to the network switching process of the terminal, because The terminal inevitably generates the switching time in the process of network switching, and the shorter the switching time, the smoother the switching process, and the less likely the network interruption occurs, so shorter switching is required in each network switching process of the terminal. Time, and the method proposed in this embodiment can further reduce the switching time for any network switching process, thereby achieving smoother network switching.
  • the terminal performing pre-identification with the target network may include: the terminal invoking the authentication information in the SIM or the USIM to establish an identity authentication process of the terminal and the target network through the current network.
  • the authentication information in the SIM or USIM is a very common authentication basis.
  • the authentication information in the SIM or USIM is used to establish the identity authentication process between the terminal and the target network through the current network. This is very easy to implement and can ensure the successful completion of the pre-authentication.
  • the terminal invoking the authentication information in the SIM or the USIM to establish the identity authentication process of the terminal and the target network through the current network may include: (1) the terminal and the non-WLAN network pass The access point AP of the WLAN network to which the terminal is associated transmits the authentication information;
  • the AP and the non-WLAN network transmit the key information through the wired network between the authentication server of the non-WLAN network and the RADIUS authentication server of the WLAN network, wherein the encryption mode of the key information follows the transmission protocol of the SIM authentication in the WLAN network.
  • the preferred embodiment of the present invention provides a preferred pre-authentication process of the terminal and the target network when the target network is a non-WLAN network, that is, the terminal uses the AP of the WLAN network as the relay relay of the authentication information,
  • the wired network between the authentication server of the non-WLAN network and the RADIUS authentication server of the WLAN network serves as a channel for transmitting key information, and finally completes identity authentication.
  • the preset condition may include at least one of the following: a signal strength of the WLAN network is lower than a preset threshold, and a frame error rate of data transmission between the terminal and the WLAN network is performed. Above the preset threshold, the signal-to-noise ratio of the data transmission between the terminal and the WLAN network is lower than the preset threshold, and the WLAN network is detected.
  • the preferred embodiment provides a preset condition that may be preferred when the current network is a WLAN network, and the target network is a non-WLAN network.
  • the available preset conditions include, but are not limited to, the preset conditions.
  • the current network is a non-WLAN network
  • the terminal invoking the authentication information in the SIM or the USIM to establish the identity authentication process of the terminal and the target network through the current network may include:
  • the terminal and the WLAN network transmit the authentication information through the authentication server of the non-WLAN network
  • the non-WLAN network and the WLAN network transmit the key information through the wired network between the authentication server of the non-WLAN network and the RADIUS authentication server of the WLAN network, and the RADIUS authentication server transmits the key information to the RADIUS authentication server.
  • the associated AP, wherein the key information encryption mode follows the SIM authentication transmission protocol of the non-WLAN network and the WLAN network.
  • the preferred embodiment provides a preferred pre-authentication process of the terminal and the target network when the target network is a WLAN network, that is, the terminal uses a non-WLAN network authentication server.
  • the wired network between the authentication server of the non-WLAN network and the RADIUS authentication server of the WLAN network serves as a channel for transmitting key information, and the RADIUS authentication server transmits the key information to the RADIUS authentication server.
  • the AP associated with the RADIUS authentication server to finalize the authentication process.
  • the preset condition may include at least one of the following: detecting the WLAN network, and detecting that the signal strength of the WLAN network is greater than a preset threshold.
  • the preferred embodiment provides a preset condition that the current network is a non-WLAN network, and the target network is a WLAN network.
  • the available preset conditions include, but are not limited to, the preset conditions.
  • the foregoing authentication information may include: generating source code of the authentication key, framing details of the key frame, verification of the key frame, integrity of the key; the key information may include: an encryption mode and using the encryption mode Encrypted authentication information, wherein the encryption mode includes at least one of the following: non-encryption mode, RC4 encryption mode in WEP protocol, TKIP encryption mode in WPA protocol, AES encryption method in WPA2 protocol, WPI in WAPI protocol SMS4 encryption method.
  • the authentication information should contain all the information required for the pre-authentication process, and the preferred embodiment gives several basic information required for the authentication process.
  • the key information mainly includes the encryption mode and encryption using the encryption mode.
  • the selection of the specific encryption mode may be agreed in advance, including but not limited to the above encryption method, and the key information needs to be encrypted again when transmitting the key information, and the selection of the encryption mode needs to correspond to the corresponding transmission protocol. .
  • the above preferred embodiments will be described in detail below with reference to examples.
  • FIG. 2 is a schematic diagram showing the functional structure of a terminal according to an example of the present invention. As shown in FIG. 2, the terminal applied in this example can be roughly divided into three parts: a WLAN unit, a data transmission unit, and a pre-authentication unit.
  • the WLAN unit is mainly responsible for basic authentication and association operations of the WLAN, and is also used for information interaction with the data transmission unit to feedback the pre-authentication information.
  • the data transmission unit is used for the normal data transmission process such as web browsing on the one hand, and the key information transmission process on the other hand, for example, the key information is transmitted to the WLAN unit, and the key information mainly includes: an encryption mode and use of the Encryption mode encrypted authentication information, where the encryption mode includes: non-encryption mode, RC4 encryption method required in WEP protocol, TKIP encryption method required in WPA protocol, AES encryption method required in WPA2 protocol, and required in WAPI protocol Encryption methods such as WPI-SMS4.
  • the pre-authentication unit is mainly used for storing SIM authentication information of the WLAN network and the non-WLAN network, and analyzing and configuring the authentication information.
  • the foregoing authentication information mainly includes: generating the source code of the authentication key, framing details of the key frame, Information such as the verification of the key frame, the integrity of the key, and so on.
  • 3 is a schematic diagram of a process for a WLAN network to switch to a non-WLAN network according to an example of the present invention. As shown in FIG. 3, the method includes the following steps: Step S302: The terminal performs authentication and association with the current WLAN network, and stores authentication information of the current WLAN network. . The authentication and association process between the terminal and the WLAN network does not use the pre-identification method.
  • the authentication process between the terminal and the WLAN network adopts a normal authentication process, which mainly includes: an authentication request, an authentication response, and an authentication key interaction. , key integrity check.
  • Step S304 the terminal performs data transmission with the associated WLAN network.
  • Step S306 the terminal invokes the stored SIM authentication information to establish an authentication process between the terminal and the current non-WLAN network in the process of data transmission with the associated WLAN network.
  • the authentication interaction information transmission process between the terminal and the non-WLAN network is as shown in FIG. 4, that is, the AP that is associated with the current terminal is used as a relay to control SIM authentication information between the WLAN network and the non-WLAN network.
  • the authentication information transmission process between the terminal and the non-WLAN network uses the AP associated with the current terminal as the relay, and the key information transmission process between the currently associated AP and the destination non-WLAN network uses the authentication server and the WLAN network of the non-WLAN network.
  • the wired network transmission between the RADIUS authentication servers, the key information encryption mode follows the transmission protocol of the internal SIM authentication of the WLAN network, and the information such as the authentication request between the terminal and the non-WLAN network is completely performed by the currently associated AP.
  • Step S308 the terminal switches to a non-WLAN network for data transmission.
  • FIG. 5 is a schematic diagram of a process of switching a non-WLAN network to a WLAN network according to an example of the present invention. As shown in FIG. 5, the method includes the following steps: Step S502: The terminal performs authentication, association, and storage with a current non-WLAN network. Certification Information.
  • Step S504 the terminal performs data transmission with the associated non-WLAN network.
  • Step S506 the terminal is stored in the process of data transmission with the associated non-WLAN network.
  • the authentication information in the SIM card establishes an authentication process between the terminal and the current WLAN network through the currently associated non-WLAN network.
  • the authentication interaction information transmission process between the terminal and the WLAN network is as shown in FIG. 6, that is, the SIM authentication server of the non-WLAN network that is associated with the current terminal is used as a relay to control the current associated non-WLAN network and the WLAN network.
  • the authentication information transmission process between the terminal and the WLAN network is performed by the authentication server of the current non-WLAN network, and the key information transmission process between the currently associated non-WLAN network and the destination WLAN network uses a non-WLAN network authentication server and a WLAN network.
  • Step S508 the terminal switches to the WLAN network for data transmission.
  • the terminal is disconnected from the current non-WLAN network and enters the WLAN network area, the terminal is directly associated with the authenticated WLAN network, and the data is transmitted.
  • the terminal is disconnected from the currently associated non-WLAN network to perform the WLAN network association. Whether there is currently a WLAN network, the signal strength of the WLAN network, and the like.
  • the network switching apparatus includes: a pre-authentication module 72, configured to perform pre-identification authentication with the detected target network after the terminal is associated with the current network; the direct switching module 74 is connected to The pre-authentication module 72 is configured to directly switch the terminal to the target network when the pre-condition is satisfied after the pre-authentication is successful.
  • the current network comprises one of the following: a WLAN network, a non-WLAN network; the target network includes one of the following: a WLAN network, a non-WLAN network.
  • the device provided in this embodiment fully utilizes the idea of pre-authentication and applies it to the process of switching between a WLAN network and a non-WLAN network, that is, the terminal is switched from the WLAN network to the non-WLAN network or switched to the non-WLAN network.
  • the process of WLAN network Through the above device, after the terminal is associated with the current network (WLAN network or non-WLAN network), the terminal performs pre-authentication with the currently detected target network (non-WLAN network or WLAN network) that may become the handover target.
  • Set the switching conditions (the setting of the switching conditions can be flexibly selected according to the current network and the target network and the specific needs of the application scenario). After the satisfaction, the target network can be directly switched, thereby greatly reducing the switching time.
  • the device proposed in this embodiment is mainly directed to the switching between the WLAN network and the non-WLAN network, but it is obvious that the device proposed in this embodiment is actually compatible with each network switching process of the terminal, because the terminal is in In the process of network switching, the switching time is inevitable, and the shorter the switching time, the smoother the switching process is, and the less likely the network interruption is, so in the network switching process of the terminal. A shorter switching time is required.
  • the device proposed in this embodiment can reduce the switching time of any network switching process and achieve smoother network switching.
  • the AP that is currently associated with the WLAN network automatically invokes (U) the identity authentication information stored in the SIM card through the current
  • the associated AP establishes the authentication process between the terminal and the non-WLAN network.
  • the terminal automatically associates the authenticated non-WLAN.
  • the authentication server currently associated with the non-WLAN network will automatically invoke (U) the identity authentication information stored in the SIM card to establish the terminal and the WLAN network through the RADIUS authentication server of the WLAN network.
  • the authentication process automatically associates the authenticated WLAN network when the terminal finds that there is currently a WLAN network access point.
  • the technical solution provided by the present invention implements fast switching between a WLAN network and a non-WLAN network, and can be applied to various types of network switching of the terminal, thereby improving the network switching efficiency of the terminal as a whole.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Abstract

Disclosed are a method and device for a network handover. The method comprises: when a terminal is associated to a current network, performing an identity pre-authentication with a target network detected; when the identity pre-authentication is successful, and when a preset condition is met, the terminal handing over directly to the target network. The technical solution of the present invention solves the problem in the prior art of the network handover requiring extended period of time and resulting in the handover leading easily to network access discontinuity, thus allowing for effects of reduced handover time and eliminated handover-led network intermittence.

Description

网络切换方法及装置 技术领域 本发明涉及通信领域, 具体而言, 涉及一种网络切换方法及装置。 背景技术 现有的 WLAN (Wireless Local Area Networks, 无线局域网络) 网络与非 WLAN 网络之间的切换方法, 网络切换时间较长, 切换成功率较低, 切换很容易导致网络访 问不连续, 当前通过 WLAN网络浏览网页, 若 WLAN网络信号强度较低需要切换到 非 WLAN网络时, 终端需要断开 WLAN网络连接,进行非 WLAN网络的认证和关联 之后才能访问继续浏览网页; 当前通过非 WLAN网络浏览网页, 若发现有 WLAN网 络信号需要切换到 WLAN网络时, 终端需要断开非 WLAN网络连接,进行 WLAN网 络的认证和关联之后才能继续浏览网页。 类似这样的问题普遍存在于终端的网络切换 过程中, 目前尚未提出有效的解决方案。 发明内容 本发明提供了一种网络切换方法及装置, 以至少解决上述问题之一。 根据本发明的一个方面, 提供了一种网络切换方法, 包括: 终端关联至当前网络 后, 与检测到的目标网络进行预先身份认证; 预先身份认证成功后, 终端在预置条件 满足时, 直接切换至目标网络。 上述当前网络包括以下之一: WLAN网络、 非 WLAN网络; 上述目标网络包括 以下之一: WLAN网络、 非 WLAN网络。 终端与目标网络进行预先身份认证包括: 终端调用 SIM ( Subscriber Identity TECHNICAL FIELD The present invention relates to the field of communications, and in particular to a network switching method and apparatus. BACKGROUND OF THE INVENTION A method for switching between a WLAN (Wireless Local Area Networks) network and a non-WLAN network has a long network switching time and a low handover success rate, and the handover is likely to cause network access discontinuity. The WLAN network browses the webpage. If the WLAN network signal strength is low and needs to be switched to the non-WLAN network, the terminal needs to disconnect the WLAN network, and after the non-WLAN network is authenticated and associated, the terminal can continue to browse the webpage; currently browsing the webpage through the non-WLAN network. If a WLAN network signal needs to be switched to the WLAN network, the terminal needs to disconnect the non-WLAN network and authenticate and associate the WLAN network before continuing to browse the webpage. Problems like this are common in the network switching process of terminals, and no effective solution has been proposed yet. SUMMARY OF THE INVENTION The present invention provides a network switching method and apparatus to solve at least one of the above problems. According to an aspect of the present invention, a network switching method is provided, including: performing pre-identification authentication with a detected target network after the terminal is associated with the current network; and after the pre-identification is successful, the terminal directly Switch to the target network. The above current network includes one of the following: a WLAN network, a non-WLAN network; the above target network includes one of the following: a WLAN network, a non-WLAN network. The terminal performs pre-authentication with the target network, including: The terminal invokes SIM (Subscriber Identity)
Module, 用户识别模块) 或 USIM (Universal Subscriber Identity Module, 全球用户识 别模块) 中的认证信息通过当前网络建立终端与目标网络的身份认证过程。 当当前网络为 WLAN网络,目标网络为非 WLAN网络时,终端调用 SIM或 USIM 中的认证信息通过当前网络建立终端与目标网络的身份认证过程包括: 终端与非 WLAN网络通过终端已关联的 WLAN网络的 AP (Access Point, 接入点)传递认证信 息; AP与非 WLAN网络通过非 WLAN网络的认证服务器与 WLAN网络的 RADIUS (Remote Authentication Dial In User Service, 远程身份验证拨入用户服务) 认证服务 器之间的有线网络传递密钥信息, 其中, 密钥信息的加密模式遵循 WLAN 网络内部 SIM认证的传输协议。 上述预置条件包括以下至少之一: WLAN网络的信号强度低于预置门限、 终端与 WLAN网络之间数据传输的误帧率高于预置门限、 终端与 WLAN网络之间数据传输 的信噪比低于预置门限、 检测到非 WLAN网络。 当当前网络为非 WLAN网络,目标网络为 WLAN网络时,终端调用 SIM或 USIM 中的认证信息通过当前网络建立终端与目标网络的身份认证过程包括: 终端与 WLAN 网络通过非 WLAN网络的认证服务器传递认证信息;非 WLAN网络与 WLAN网络通 过非 WLAN网络的认证服务器与 WLAN网络的 RADIUS认证服务器之间的有线网络 传递密钥信息,该 RADIUS认证服务器再将密钥信息传递给与该 RADIUS认证服务器 相关联的 AP, 其中, 密钥信息加密模式遵循非 WLAN网络与 WLAN网络的 SIM认 证传输协议。 上述预置条件包括以下至少之一: 检测到 WLAN网络、 检测到的 WLAN网络的 信号强度大于预置门限。 上述认证信息包括: 生成认证密钥的源码、 密钥帧的成帧细节、 密钥帧的校验、 密钥的完整性; 上述密钥信息包括: 加密模式以及使用该加密模式加密后的认证信息, 其中, 加密模式包括以下至少之一: 非加密模式、 WEP (Wired Equivalent Privacy, 有 线等效保密)协议中的 RC4加密方式、 WPA (Wi-Fi Protected Access, Wi-Fi保护接入) 协议中的 TKIP (Temporal Key Integrity Protocol, 临时密钥完整性协议) 加密方式、 WPA2协议中的 AES (Advanced Encryption Standard, 高级加密标准)加密方式、 WAPI (Wireless LAN Authentication and Privacy Infrastructure, 无线局域网鉴别和保密基石出 结构)协议中的 WPI (WLAN privacy infrastructure, 无线局域网保密基础结构) -SMS4 (分组加密算法) 加密方式。 根据本发明的另一方面, 提供了一种网络切换装置, 位于终端上, 包括: 预先认 证模块, 设置为在终端关联至当前网络后, 与检测到的目标网络进行预先身份认证; 直接切换模块, 设置为在预先身份认证成功后, 预置条件满足时, 直接将终端切换至 目标网络。 上述当前网络包括以下之一: WLAN网络、 非 WLAN网络; 上述目标网络包括 以下之一: WLAN网络、 非 WLAN网络。 通过本发明, 采用终端在关联到当前网络后, 与检测到的可能成为切换目标的目 标网络进行预先身份认证, 当预置条件满足后就直接切换到该目标网络的方案, 解决 了现有技术中网络切换时间较长且切换很容易导致网络访问不连续的问题, 进而达到 了减少切换时间、 消除切换导致的网络断续的效果。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部分, 本发 明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的不当限定。 在附图 中: 图 1是根据本发明实施例的网络切换方法的流程图; 图 2是根据本发明实例的终端的功能结构示意图; 图 3是根据本发明实例的 WLAN网络切换到非 WLAN网络的过程示意图; 图 4是根据本发明实例的 WLAN网络切换到非 WLAN网络的预先身份认证密钥 共享调用过程示意图; 图 5是根据本发明实例的非 WLAN网络切换到 WLAN网络的过程示意图; 图 6是根据本发明实例的非 WLAN网络切换到 WLAN网络的预先身份认证密钥 调用过程示意图; 图 7根据本发明实施例的网络切换装置的结构框图。 具体实施方式 下文中将参考附图并结合实施例来详细说明本发明。 需要说明的是, 在不冲突的 情况下, 本申请中的实施例及实施例中的特征可以相互组合。 图 1是根据本发明实施例的网络切换方法的流程图。 如图 1所示, 根据本发明实 施例的网络切换方法包括: 步骤 S102, 终端关联至当前网络后, 与检测到的目标网络进行预先身份认证; 步骤 S104, 预先身份认证成功后, 终端在预置条件满足时, 直接切换至该目标网 络。 优选地, 上述当前网络包括以下之一: WLAN网络、 非 WLAN网络; 上述目标 网络包括以下之一: WLAN网络、 非 WLAN网络。 预先身份认证是一种加速关联转移的方法。 从工作站决定转移至新接入点, 到新 接入点开始传送帧给工作站, 身份验证是这段时间内最容易造成延迟的因素, 预先身 份验证的目的就是缩短这段时间, 在需要之前进行这项费时的操作以建立彼此的认证 关系。 在与接入点关联之前, 工作站必须先经过身份验证, 不过 802.11标准 (一种常用 的无线局域网标准) 并未要求在低级身份验证之后必须立即进行关联操作。 在扫描阶 段, 工作站可以跟几个接入点进行 802.11身份验证, 如此一来, 当有需要时就可以立 即进行关联操作, 这种做法称为预先身份验证。 预先身份验证的好处是, 一旦进入接 入点的涵盖范围, 工作站就可以立即与接入点重新关联, 而不必等候认证交换过程。 预先身份验证主要存在于 WLAN网络的 AP切换之间, 已与 STA ( Station, 站点) 建立安全关联的当前接入点 AP在接收到 STA发送的预鉴数据后, 与目的 AP进行交 互, 进行双方证书的相互验证, 如果对目的 AP的证书的验证结果为证书有效, 则当 前 AP将其与 STA建立的安全关联的密钥信息发送给目的 AP,目的 AP保存密钥信息, 密钥信息中包含 STA与当前 AP协商生成的基密钥。 本实施例提供的方法充分利用了上述预先身份验证机制中的预认证的思想, 创造 性地将其应用在了 WLAN 网络和非 WLAN 网络之间互相切换的过程中, 即终端由 WLAN网络切换到非 WLAN网络或者由非 WLAN网络切换到 WLAN网络的过程中。 通过上述方法, 终端在关联到当前网络 (WLAN网络或非 WLAN网络) 后, 就会与 当前检测到的可能会成为切换目标的目标网络 (非 WLAN网络或 WLAN网络) 进行 预先身份认证, 当预置的切换条件 (切换条件的设置可以根据当前网络和目标网络的 不同以及应用的场景的具体需要灵活的进行选择) 满足后就可以直接切换到目标网络 了, 从而大大降低了切换时间, 同时也避免了切换导致的网络断续。 在本实施例提出的方法主要是针对于终端在 WLAN网络和非 WLAN网络之间的 切换, 但是很明显的本实施例提出的方法实际上是可以应用到终端的各个网络切换过 程中的, 因为终端在进行网络切换的过程中不可避免的会产生切换时间, 而切换时间 越短切换的过程就越顺畅, 越不容易产生网络中断, 所以在终端的各个网络切换过程 中都要求更短的切换时间, 而本实施例提出的方法对于任何网络切换过程来说, 都可 以进一步降低其切换时间, 从而实现更顺畅的网络切换。 在上述实施例中, 终端在关联到当前网络后, 可能会检测到多个可能成为切换目 标的目标网络, 在这种特殊情况下, 就需要配合相应的选择策略来确定预置条件满足 后最终切换到哪一个目标网络, 例如, 切换到最先检测到的目标网络, 或者说切换到 信号强度最好的目标网络, 或者为各种目标网络预置优先级切换到优先级最高的目标 网络。 在具体认证方式的选择上, 本发明不作具体限定, 可以根据不同的需要灵活的进 行选择。 本优选实施例给出一种优选地认证方式, 优选地, 终端与目标网络进行预先 身份认证可以包括: 终端调用 SIM或 USIM中的认证信息通过当前网络建立终端与目 标网络的身份认证过程。 SIM或 USIM中的认证信息是一种十分通用的认证依据,调用 SIM或 USIM中的 认证信息通过当前网络建立终端与目标网络的身份认证过程, 实现起来十分容易也可 以保证预先身份认证的顺利完成。 优选地, 当前网络为 WLAN网络, 目标网络为非 WLAN网络时, 终端调用 SIM 或 USIM中的认证信息通过当前网络建立终端与目标网络的身份认证过程可以包括: ( 1 )终端与非 WLAN网络通过终端已关联的 WLAN网络的接入点 AP传递认证 信息; The authentication information in the Module (User Identification Module) or USIM (Universal Subscriber Identity Module) establishes the identity authentication process between the terminal and the target network through the current network. When the current network is a WLAN network and the target network is a non-WLAN network, the terminal invokes the authentication information in the SIM or the USIM to establish an identity authentication process between the terminal and the target network through the current network, including: the terminal and the non-WLAN network are connected to the WLAN network through the terminal. The AP (Access Point, access point) passes the authentication information; the AP and the non-WLAN network pass the authentication server of the non-WLAN network and the RADIUS (Remote Authentication Dial In User Service) authentication service of the WLAN network. The wired network between the devices transmits key information, wherein the encryption mode of the key information follows a transmission protocol of the SIM authentication within the WLAN network. The preset condition includes at least one of the following: a signal strength of the WLAN network is lower than a preset threshold, a frame error rate of data transmission between the terminal and the WLAN network is higher than a preset threshold, and a signal noise of data transmission between the terminal and the WLAN network A non-WLAN network is detected below the preset threshold. When the current network is a non-WLAN network and the target network is a WLAN network, the terminal invokes the authentication information in the SIM or the USIM to establish an identity authentication process between the terminal and the target network through the current network, including: the terminal and the WLAN network are transmitted through the authentication server of the non-WLAN network. Authentication information; the non-WLAN network and the WLAN network transmit key information through a wired network between the authentication server of the non-WLAN network and the RADIUS authentication server of the WLAN network, and the RADIUS authentication server transmits the key information to the RADIUS authentication server. The associated AP, wherein the key information encryption mode follows the SIM authentication transmission protocol of the non-WLAN network and the WLAN network. The preset condition includes at least one of the following: a WLAN network is detected, and a signal strength of the detected WLAN network is greater than a preset threshold. The foregoing authentication information includes: a source code for generating an authentication key, a framing detail of a key frame, a check of a key frame, and a integrity of the key; the key information includes: an encryption mode and an authentication encrypted using the encryption mode Information, wherein the encryption mode includes at least one of the following: non-encrypted mode, RC4 encryption method in WEP (Wired Equivalent Privacy) protocol, WPA (Wi-Fi Protected Access) protocol TKIP (Temporal Key Integrity Protocol) encryption method, AES (Advanced Encryption Standard) encryption method in WPA2 protocol, WAPI (Wireless LAN Authentication and Privacy Infrastructure) WPI (WLAN privacy infrastructure) - SMS4 (Packet Encryption Algorithm) encryption method. According to another aspect of the present invention, a network switching apparatus is provided, located on a terminal, including: a pre-authentication module, configured to perform pre-identification with the detected target network after the terminal is associated with the current network; , set to switch the terminal directly to the target network when the pre-conditions are met after the pre-authentication is successful. The current network includes one of the following: a WLAN network, a non-WLAN network; the foregoing target network includes one of the following: a WLAN network, a non-WLAN network. The present invention solves the prior art by adopting a scheme in which a terminal performs pre-identification with a detected target network that may become a handover target after being associated with the current network, and directly switches to the target network after the preset condition is satisfied. The problem that the network switching time is long and the handover is easy to cause network access discontinuity, thereby reducing the switching time and eliminating the network interruption caused by the handover. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1 is a flowchart of a network switching method according to an embodiment of the present invention; FIG. 2 is a functional structural diagram of a terminal according to an example of the present invention; FIG. 3 is a WLAN network switching to a non-WLAN network according to an example of the present invention; FIG. 4 is a schematic diagram of a pre-authentication key sharing invocation procedure of a WLAN network switching to a non-WLAN network according to an example of the present invention; FIG. 5 is a schematic diagram of a process of switching a non-WLAN network to a WLAN network according to an example of the present invention; 6 is a schematic diagram of a pre-authentication key invocation procedure of a non-WLAN network switching to a WLAN network according to an example of the present invention; FIG. 7 is a structural block diagram of a network switching apparatus according to an embodiment of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. 1 is a flow chart of a network switching method according to an embodiment of the present invention. As shown in FIG. 1 , the network switching method according to the embodiment of the present invention includes: Step S102: After the terminal is associated with the current network, perform pre-identification authentication with the detected target network. Step S104: After the pre-identification authentication succeeds, the terminal is pre- When the condition is met, switch directly to the target network. Preferably, the current network includes one of the following: a WLAN network, a non-WLAN network; the foregoing target network includes one of the following: a WLAN network, a non-WLAN network. Pre-authentication is a way to speed up association transfers. From the workstation to the new access point, to the new access point to start transmitting frames to the workstation, authentication is the most likely delay in this period of time, the purpose of pre-authentication is to shorten this time, before the need This time-consuming operation establishes a mutual authentication relationship. The workstation must be authenticated before being associated with the access point, but the 802.11 standard, a commonly used wireless LAN standard, does not require an immediate association after low-level authentication. During the scanning phase, the workstation can perform 802.11 authentication with several access points, so that association operations can be performed immediately when needed. This is called pre-authentication. The benefit of pre-authentication is that once access to the coverage of the access point, the workstation can immediately re-associate with the access point without having to wait for the authentication exchange process. The pre-authentication is mainly performed between the APs of the WLAN network. The current access point AP that has established a security association with the STA (Site) interacts with the destination AP after receiving the pre-authentication data sent by the STA. The mutual authentication of the certificate. If the verification result of the certificate of the destination AP is valid, the current AP sends the key information of the security association associated with the STA to the destination AP. The destination AP stores the key information, and the key information includes The STA negotiates the generated base key with the current AP. The method provided in this embodiment fully utilizes the idea of pre-authentication in the foregoing pre-authentication mechanism, and creatively applies it to the process of switching between a WLAN network and a non-WLAN network, that is, the terminal is switched from the WLAN network to the non-WLAN. The process of switching to a WLAN network or a non-WLAN network to a WLAN network. Through the above method, after being connected to the current network (WLAN network or non-WLAN network), the terminal performs pre-authentication with the currently detected target network (non-WLAN network or WLAN network) that may become the handover target. The switching conditions (the setting of the switching conditions can be flexibly selected according to the current network and the target network and the specific needs of the application scenario). After the satisfaction, the target network can be directly switched, thereby greatly reducing the switching time. Avoid network disconnection caused by switching. The method proposed in this embodiment is mainly directed to the handover between the WLAN network and the non-WLAN network, but it is obvious that the method proposed in this embodiment can be applied to the network switching process of the terminal, because The terminal inevitably generates the switching time in the process of network switching, and the shorter the switching time, the smoother the switching process, and the less likely the network interruption occurs, so shorter switching is required in each network switching process of the terminal. Time, and the method proposed in this embodiment can further reduce the switching time for any network switching process, thereby achieving smoother network switching. In the foregoing embodiment, after the terminal is associated with the current network, multiple target networks that may become the handover target may be detected. In this special case, the corresponding selection policy needs to be matched to determine that the preset condition is met. Which target network to switch to, for example, switch to the first detected target network, or switch to the target network with the best signal strength, or switch the priority to the target network with the highest priority for each target network. The present invention is not limited in specific selection of the authentication method, and can be flexibly selected according to different needs. The preferred embodiment provides a preferred authentication mode. Preferably, the terminal performing pre-identification with the target network may include: the terminal invoking the authentication information in the SIM or the USIM to establish an identity authentication process of the terminal and the target network through the current network. The authentication information in the SIM or USIM is a very common authentication basis. The authentication information in the SIM or USIM is used to establish the identity authentication process between the terminal and the target network through the current network. This is very easy to implement and can ensure the successful completion of the pre-authentication. . Preferably, when the current network is a WLAN network and the target network is a non-WLAN network, the terminal invoking the authentication information in the SIM or the USIM to establish the identity authentication process of the terminal and the target network through the current network may include: (1) the terminal and the non-WLAN network pass The access point AP of the WLAN network to which the terminal is associated transmits the authentication information;
(2) AP 与非 WLAN 网络通过非 WLAN 网络的认证服务器与 WLAN 网络的 RADIUS认证服务器之间的有线网络传递密钥信息, 其中, 密钥信息的加密模式遵循 WLAN网络内部 SIM认证的传输协议。 本优选实施例给出了一种优选的当前网络为 WLAN网络, 目标网络为非 WLAN 网络时, 终端与目标网络的预先认证过程, 即终端以 WLAN网络的 AP作为认证信息 的传递中继, 以非 WLAN网络的认证服务器与 WLAN网络的 RADIUS认证服务器之 间的有线网络作为传递密钥信息的通道, 最终完成身份认证。 优选地, 当前网络为 WLAN网络, 目标网络为非 WLAN网络时, 预置条件可以 包括以下至少之一: WLAN网络的信号强度低于预置门限、 终端与 WLAN网络之间 数据传输的误帧率高于预置门限、终端与 WLAN网络之间数据传输的信噪比低于预置 门限、 检测到 WLAN网络。 本优选实施例给出了几个当前网络为 WLAN网络, 目标网络为非 WLAN网络时 可以优先选用的预置条件, 在具体实施过程中, 可用的预置条件包括但不限于上述预 置条件。 优选地, 当前网络为非 WLAN网络, 目标网络为 WLAN网络时, 终端调用 SIM 或 USIM中的认证信息通过当前网络建立终端与目标网络的身份认证过程可以包括: (2) The AP and the non-WLAN network transmit the key information through the wired network between the authentication server of the non-WLAN network and the RADIUS authentication server of the WLAN network, wherein the encryption mode of the key information follows the transmission protocol of the SIM authentication in the WLAN network. The preferred embodiment of the present invention provides a preferred pre-authentication process of the terminal and the target network when the target network is a non-WLAN network, that is, the terminal uses the AP of the WLAN network as the relay relay of the authentication information, The wired network between the authentication server of the non-WLAN network and the RADIUS authentication server of the WLAN network serves as a channel for transmitting key information, and finally completes identity authentication. Preferably, when the current network is a WLAN network and the target network is a non-WLAN network, the preset condition may include at least one of the following: a signal strength of the WLAN network is lower than a preset threshold, and a frame error rate of data transmission between the terminal and the WLAN network is performed. Above the preset threshold, the signal-to-noise ratio of the data transmission between the terminal and the WLAN network is lower than the preset threshold, and the WLAN network is detected. The preferred embodiment provides a preset condition that may be preferred when the current network is a WLAN network, and the target network is a non-WLAN network. In a specific implementation process, the available preset conditions include, but are not limited to, the preset conditions. Preferably, the current network is a non-WLAN network, and when the target network is a WLAN network, the terminal invoking the authentication information in the SIM or the USIM to establish the identity authentication process of the terminal and the target network through the current network may include:
( 1 ) 终端与 WLAN网络通过非 WLAN网络的认证服务器传递认证信息; (1) The terminal and the WLAN network transmit the authentication information through the authentication server of the non-WLAN network;
(2)非 WLAN网络与 WLAN网络通过非 WLAN网络的认证服务器与 WLAN网 络的 RADIUS认证服务器之间的有线网络传递密钥信息,该 RADIUS认证服务器再将 密钥信息传递给与该 RADIUS认证服务器相关联的 AP, 其中, 密钥信息加密模式遵 循非 WLAN网络与 WLAN网络的 SIM认证传输协议。 对应于上述优选实施例,本优选实施例给出了一种优选的当前网络为非 WLAN网 络, 目标网络为 WLAN网络时,终端与目标网络的预先认证过程, 即终端以非 WLAN 网络的认证服务器作为认证信息的传递中继,以非 WLAN网络的认证服务器与 WLAN 网络的 RADIUS认证服务器之间的有线网络作为传递密钥信息的通道, RADIUS认证 服务器在获得了密钥信息后再将其传递给与该 RADIUS认证服务器相关联的 AP, 以 最终完成认证过程。 优选地, 当前网络为非 WLAN网络, 目标网络为 WLAN网络时, 预置条件可以 包括以下至少之一: 检测到 WLAN网络、 检测到的 WLAN网络的信号强度大于预置 门限。 本优选实施例给出了几个当前网络为非 WLAN网络, 目标网络为 WLAN网络时 可以优先选用的预置条件, 在具体实施过程中, 可用的预置条件包括但不限于上述预 置条件。 优选地, 上述认证信息可以包括: 生成认证密钥的源码、 密钥帧的成帧细节、 密 钥帧的校验、 密钥的完整性; 密钥信息可以包括: 加密模式以及使用该加密模式加密 后的认证信息, 其中, 加密模式包括以下至少之一: 非加密模式、 WEP协议中的 RC4 加密方式、 WPA协议中的 TKIP加密方式、 WPA2协议中的 AES加密方式、 WAPI协 议中的 WPI-SMS4加密方式。 原则上认证信息应该包含完预认证过程所需的所有信息, 本优选实施例给出了认 证过程所需的几种基础信息。 密钥信息主要包括了加密模式以及使用该加密模式加密 后的认证信息, 具体加密模式的选择可以事先约定, 包括但不限于上述加密方式, 在 传输密钥信息时还需要再对其进行加密, 这里加密模式的选择就需要与相应的传输协 议对应了。 下面结合实例对上述优选实施例进行详细说明。 图 2是根据本发明实例的终端的功能结构示意图。 如图 2所示, 本实例中应用的 终端从功能上可以大致划为三个部分: WLAN单元、 数据传输单元和预先身份验证单 元。 (2) The non-WLAN network and the WLAN network transmit the key information through the wired network between the authentication server of the non-WLAN network and the RADIUS authentication server of the WLAN network, and the RADIUS authentication server transmits the key information to the RADIUS authentication server. The associated AP, wherein the key information encryption mode follows the SIM authentication transmission protocol of the non-WLAN network and the WLAN network. Corresponding to the above preferred embodiment, the preferred embodiment provides a preferred pre-authentication process of the terminal and the target network when the target network is a WLAN network, that is, the terminal uses a non-WLAN network authentication server. As the relay relay of the authentication information, the wired network between the authentication server of the non-WLAN network and the RADIUS authentication server of the WLAN network serves as a channel for transmitting key information, and the RADIUS authentication server transmits the key information to the RADIUS authentication server. The AP associated with the RADIUS authentication server to finalize the authentication process. Preferably, when the current network is a non-WLAN network, and the target network is a WLAN network, the preset condition may include at least one of the following: detecting the WLAN network, and detecting that the signal strength of the WLAN network is greater than a preset threshold. The preferred embodiment provides a preset condition that the current network is a non-WLAN network, and the target network is a WLAN network. In the specific implementation, the available preset conditions include, but are not limited to, the preset conditions. Preferably, the foregoing authentication information may include: generating source code of the authentication key, framing details of the key frame, verification of the key frame, integrity of the key; the key information may include: an encryption mode and using the encryption mode Encrypted authentication information, wherein the encryption mode includes at least one of the following: non-encryption mode, RC4 encryption mode in WEP protocol, TKIP encryption mode in WPA protocol, AES encryption method in WPA2 protocol, WPI in WAPI protocol SMS4 encryption method. In principle, the authentication information should contain all the information required for the pre-authentication process, and the preferred embodiment gives several basic information required for the authentication process. The key information mainly includes the encryption mode and encryption using the encryption mode. After the authentication information, the selection of the specific encryption mode may be agreed in advance, including but not limited to the above encryption method, and the key information needs to be encrypted again when transmitting the key information, and the selection of the encryption mode needs to correspond to the corresponding transmission protocol. . The above preferred embodiments will be described in detail below with reference to examples. 2 is a schematic diagram showing the functional structure of a terminal according to an example of the present invention. As shown in FIG. 2, the terminal applied in this example can be roughly divided into three parts: a WLAN unit, a data transmission unit, and a pre-authentication unit.
WLAN单元主要负责 WLAN的基本认证、 关联等操作, 还用于与数据传输单元 进行信息交互, 对预先身份认证信息进行反馈。 数据传输单元, 一方面用于网页浏览等正常数据传输过程, 另一方面用于密钥信 息传输过程, 例如, 将密钥信息传送给 WLAN单元, 上述密钥信息主要包括: 加密模 式以及使用该加密模式加密后的认证信息, 其中, 加密模式包括: 非加密模式、 WEP 协议中要求的 RC4加密方式、 WPA协议中要求的 TKIP加密方式、 WPA2协议中要求 的 AES加密方式、 WAPI协议中要求的 WPI-SMS4等加密方式。 预先身份验证单元,主要用于存储 WLAN网络和非 WLAN网络的 SIM认证信息, 对认证信息进行分析与调配使用, 上述认证信息主要包括: 生成认证密钥的源码、 密 钥帧的成帧细节、 密钥帧的校验、 密钥的完整性等信息。 图 3是根据本发明实例的 WLAN网络切换到非 WLAN网络的过程示意图, 如图 3所示, 包括以下步骤: 步骤 S302, 终端与当前 WLAN网络进行认证、 关联, 存储与当前 WLAN网络的 认证信息。 其中, 终端开机与 WLAN网络之间的认证、 关联过程不采用预先身份认证方法, 终端开机与 WLAN网络之间的认证过程采用常规的认证过程, 主要包括: 认证请求、 认证响应、 认证密钥交互、 密钥完整性校验。 步骤 S304, 终端与已关联 WLAN网络进行数据传输。 步骤 S306,终端在与已关联 WLAN网络进行数据传输的过程中,调用存储的 SIM 认证信息建立终端与当前非 WLAN网络的认证过程。 其中, 终端与非 WLAN网络之间的认证交互信息传递过程如图 4所示, 即以当前 终端已关联的 AP作为中继,控制 WLAN网络与非 WLAN网络之间的 SIM认证信息。 终端与非 WLAN 网络之间的认证信息传递过程以当前终端已关联的 AP作为中 继, 当前已关联 AP与目的非 WLAN网络之间的密钥信息传递过程采用非 WLAN网 络的认证服务器与 WLAN网络的 RADIUS认证服务器之间的有线网络传递, 密钥信 息加密模式遵循 WLAN网络内部 SIM认证的传输协议, 终端与非 WLAN网络之间的 认证请求等信息完全由当前已关联 AP自主进行。 步骤 S308, 终端切换至非 WLAN网络进行数据传输。 其中, 终端是否断开与当前已关联 WLAN网络的链接进行非 WLAN网络关联取 决于当前已关联 WLAN网络的信号强度, 或取决于终端与当前 WLAN网络之间数据 传输的误帧率, 或取决于终端与当前 WLAN网络之间数据传输的信噪比, 或取决于当 前是否存在非 WLAN网络等。 图 5是根据本发明实例的非 WLAN网络切换到 WLAN网络的过程示意图, 如图 5所示, 包括以下步骤: 步骤 S502, 终端与当前非 WLAN网络进行认证、 关联, 存储与当前非 WLAN网 络的认证信息。 其中, 终端开机 (U) SIM 卡的网络注册认证、 关联过程不采用预先身份认证方 法。 步骤 S504, 终端与已关联非 WLAN网络进行数据传输。 步骤 S506, 终端在与已关联非 WLAN网络进行数据传输的过程中, 调用存储在The WLAN unit is mainly responsible for basic authentication and association operations of the WLAN, and is also used for information interaction with the data transmission unit to feedback the pre-authentication information. The data transmission unit is used for the normal data transmission process such as web browsing on the one hand, and the key information transmission process on the other hand, for example, the key information is transmitted to the WLAN unit, and the key information mainly includes: an encryption mode and use of the Encryption mode encrypted authentication information, where the encryption mode includes: non-encryption mode, RC4 encryption method required in WEP protocol, TKIP encryption method required in WPA protocol, AES encryption method required in WPA2 protocol, and required in WAPI protocol Encryption methods such as WPI-SMS4. The pre-authentication unit is mainly used for storing SIM authentication information of the WLAN network and the non-WLAN network, and analyzing and configuring the authentication information. The foregoing authentication information mainly includes: generating the source code of the authentication key, framing details of the key frame, Information such as the verification of the key frame, the integrity of the key, and so on. 3 is a schematic diagram of a process for a WLAN network to switch to a non-WLAN network according to an example of the present invention. As shown in FIG. 3, the method includes the following steps: Step S302: The terminal performs authentication and association with the current WLAN network, and stores authentication information of the current WLAN network. . The authentication and association process between the terminal and the WLAN network does not use the pre-identification method. The authentication process between the terminal and the WLAN network adopts a normal authentication process, which mainly includes: an authentication request, an authentication response, and an authentication key interaction. , key integrity check. Step S304, the terminal performs data transmission with the associated WLAN network. Step S306, the terminal invokes the stored SIM authentication information to establish an authentication process between the terminal and the current non-WLAN network in the process of data transmission with the associated WLAN network. The authentication interaction information transmission process between the terminal and the non-WLAN network is as shown in FIG. 4, that is, the AP that is associated with the current terminal is used as a relay to control SIM authentication information between the WLAN network and the non-WLAN network. The authentication information transmission process between the terminal and the non-WLAN network uses the AP associated with the current terminal as the relay, and the key information transmission process between the currently associated AP and the destination non-WLAN network uses the authentication server and the WLAN network of the non-WLAN network. The wired network transmission between the RADIUS authentication servers, the key information encryption mode follows the transmission protocol of the internal SIM authentication of the WLAN network, and the information such as the authentication request between the terminal and the non-WLAN network is completely performed by the currently associated AP. Step S308, the terminal switches to a non-WLAN network for data transmission. Whether the terminal disconnects the link with the currently associated WLAN network for non-WLAN network connection depends on the signal strength of the currently associated WLAN network, or depends on the frame error rate of data transmission between the terminal and the current WLAN network, or The signal-to-noise ratio of data transmission between the terminal and the current WLAN network, or depending on whether there is currently a non-WLAN network or the like. FIG. 5 is a schematic diagram of a process of switching a non-WLAN network to a WLAN network according to an example of the present invention. As shown in FIG. 5, the method includes the following steps: Step S502: The terminal performs authentication, association, and storage with a current non-WLAN network. Certification Information. The network registration authentication and association process of the terminal boot (U) SIM card does not use the pre-identification method. Step S504, the terminal performs data transmission with the associated non-WLAN network. Step S506, the terminal is stored in the process of data transmission with the associated non-WLAN network.
(U) SIM卡中的认证信息通过当前已关联的非 WLAN网络建立终端与当前 WLAN 网络之间的认证过程。 其中, 终端与 WLAN网络之间的认证交互信息传递过程如图 6所示, 即以当前终 端已关联的非 WLAN网络的 SIM认证服务器作为中继, 控制当前已关联非 WLAN网 络与 WLAN网络之间的认证过程。 终端与 WLAN网络之间的认证信息传递过程以当前非 WLAN网络的认证服务器 作为中继, 当前已关联非 WLAN网络与目的 WLAN网络之间的密钥信息传递过程采 用非 WLAN网络认证服务器与 WLAN网络 RADIUS认证服务器之间的有线网络传递, RADIUS认证服务器再将认证信息传递到与其相关联的 AP,密钥信息加密模式遵循非 WLAN网络与 WLAN网络的 SIM认证传输协议,终端与 WLAN网络之间的认证请求 等信息完全由当前非 WLAN网络的认证服务器负责。 步骤 S508, 终端切换至 WLAN网络进行数据传输。 当终端解除与当前非 WLAN网络的关联进入 WLAN网络区域时, 直接与已认证 的 WLAN网络进行关联、 数据传输, 其中, 终端是否断开与当前已关联非 WLAN网 络的链接进行 WLAN网络关联取决于当前是否存在 WLAN网络、 WLAN网络的信号 强度等。 图 7根据本发明实施例的网络切换装置的结构框图。 如图 7所示, 根据本发明实 施例的网络切换装置包括: 预先认证模块 72, 设置为在终端关联至当前网络后, 与检测到的目标网络进行预 先身份认证; 直接切换模块 74, 连接至预先认证模块 72, 设置为在预先身份认证成功后, 预置 条件满足时, 直接将终端切换至目标网络。 优选地, 当前网络包括以下之一: WLAN网络、 非 WLAN网络; 目标网络包括 以下之一: WLAN网络、 非 WLAN网络。 本实施例提供的装置充分利用了预认证的思想, 将其应用在了 WLAN 网络和非 WLAN网络之间互相切换的过程中, 即终端由 WLAN网络切换到非 WLAN网络或者 由非 WLAN网络切换到 WLAN网络的过程中。 通过上述装置, 终端在关联到当前网 络 (WLAN网络或非 WLAN网络) 后, 就会与当前检测到的可能会成为切换目标的 目标网络(非 WLAN网络或 WLAN网络)进行预先身份认证, 当预置的切换条件(切 换条件的设置可以根据当前网络和目标网络的不同以及应用的场景的具体需要灵活的 进行选) 满足后就可以直接切换到目标网络了, 从而大大降低的切换时间, 同时也避 免了切换导致的网络断续。 在本实施例提出的装置主要是针对于终端在 WLAN网络和非 WLAN网络之间的 切换, 但是很明显的本实施例提出的装置实际上是可以兼容终端的各个网络切换过程 的, 因为终端在进行网络切换的过程中不可避免的会产生切换时间, 而切换时间越短 切换的过程就越顺畅, 越不容易产生网络中断, 所以在终端的各个网络切换过程中都 要求更短的切换时间, 通过本实施例提出的装置可以降低任何网络切换过程的切换时 间, 实现更顺畅的网络切换。 从以上的描述中, 可以看出, 通过本发明提供的技术方案, 当终端开启预先身份 认证功能时, 当前已关联 WLAN网络的 AP会自动调用 (U) SIM卡中存储的身份认 证信息通过当前已关联 AP建立终端与非 WLAN网络的认证过程, 当终端与当前已关 联 AP间的数据传输误帧率较高、或当前已关联 AP的信号强度较低时,终端自动关联 已认证的非 WLAN网络; 若在使用非 WLAN网络时开启预先身份验证功能, 当前已 关联非 WLAN网络的认证服务器会自动调用 (U) SIM卡中存储的身份认证信息通过 WLAN网络的 RADIUS认证服务器建立终端与 WLAN网络的认证过程, 当终端发现 当前存在 WLAN网络接入点时自动关联已认证的 WLAN网络。 本发明提供的技术方 案实现了 WLAN网络与非 WLAN网络之间的快速切换, 且可以应用到终端的各类网 络切换中, 整体上提高终端的网络切换效率。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可以用通用 的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布在多个计算装置所 组成的网络上, 可选地, 它们可以用计算装置可执行的程序代码来实现, 从而, 可以 将它们存储在存储装置中由计算装置来执行, 并且在某些情况下, 可以以不同于此处 的顺序执行所示出或描述的步骤, 或者将它们分别制作成各个集成电路模块, 或者将 它们中的多个模块或步骤制作成单个集成电路模块来实现。 这样, 本发明不限制于任 何特定的硬件和软件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领域的技 术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原则之内, 所作的 任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。 (U) The authentication information in the SIM card establishes an authentication process between the terminal and the current WLAN network through the currently associated non-WLAN network. The authentication interaction information transmission process between the terminal and the WLAN network is as shown in FIG. 6, that is, the SIM authentication server of the non-WLAN network that is associated with the current terminal is used as a relay to control the current associated non-WLAN network and the WLAN network. The certification process. The authentication information transmission process between the terminal and the WLAN network is performed by the authentication server of the current non-WLAN network, and the key information transmission process between the currently associated non-WLAN network and the destination WLAN network uses a non-WLAN network authentication server and a WLAN network. Wired network transfer between RADIUS authentication servers, The RADIUS authentication server then passes the authentication information to the AP associated with it. The key information encryption mode follows the SIM authentication transmission protocol of the non-WLAN network and the WLAN network, and the authentication request information between the terminal and the WLAN network is completely covered by the current non-WLAN network. The authentication server is responsible. Step S508, the terminal switches to the WLAN network for data transmission. When the terminal is disconnected from the current non-WLAN network and enters the WLAN network area, the terminal is directly associated with the authenticated WLAN network, and the data is transmitted. The terminal is disconnected from the currently associated non-WLAN network to perform the WLAN network association. Whether there is currently a WLAN network, the signal strength of the WLAN network, and the like. FIG. 7 is a structural block diagram of a network switching apparatus according to an embodiment of the present invention. As shown in FIG. 7, the network switching apparatus according to the embodiment of the present invention includes: a pre-authentication module 72, configured to perform pre-identification authentication with the detected target network after the terminal is associated with the current network; the direct switching module 74 is connected to The pre-authentication module 72 is configured to directly switch the terminal to the target network when the pre-condition is satisfied after the pre-authentication is successful. Preferably, the current network comprises one of the following: a WLAN network, a non-WLAN network; the target network includes one of the following: a WLAN network, a non-WLAN network. The device provided in this embodiment fully utilizes the idea of pre-authentication and applies it to the process of switching between a WLAN network and a non-WLAN network, that is, the terminal is switched from the WLAN network to the non-WLAN network or switched to the non-WLAN network. The process of WLAN network. Through the above device, after the terminal is associated with the current network (WLAN network or non-WLAN network), the terminal performs pre-authentication with the currently detected target network (non-WLAN network or WLAN network) that may become the handover target. Set the switching conditions (the setting of the switching conditions can be flexibly selected according to the current network and the target network and the specific needs of the application scenario). After the satisfaction, the target network can be directly switched, thereby greatly reducing the switching time. Avoid network disconnection caused by switching. The device proposed in this embodiment is mainly directed to the switching between the WLAN network and the non-WLAN network, but it is obvious that the device proposed in this embodiment is actually compatible with each network switching process of the terminal, because the terminal is in In the process of network switching, the switching time is inevitable, and the shorter the switching time, the smoother the switching process is, and the less likely the network interruption is, so in the network switching process of the terminal. A shorter switching time is required. The device proposed in this embodiment can reduce the switching time of any network switching process and achieve smoother network switching. From the above description, it can be seen that, by the technical solution provided by the present invention, when the terminal turns on the pre-authentication function, the AP that is currently associated with the WLAN network automatically invokes (U) the identity authentication information stored in the SIM card through the current The associated AP establishes the authentication process between the terminal and the non-WLAN network. When the data transmission error rate between the terminal and the currently associated AP is high, or the signal strength of the currently associated AP is low, the terminal automatically associates the authenticated non-WLAN. If the pre-authentication function is enabled when using a non-WLAN network, the authentication server currently associated with the non-WLAN network will automatically invoke (U) the identity authentication information stored in the SIM card to establish the terminal and the WLAN network through the RADIUS authentication server of the WLAN network. The authentication process automatically associates the authenticated WLAN network when the terminal finds that there is currently a WLAN network access point. The technical solution provided by the present invention implements fast switching between a WLAN network and a non-WLAN network, and can be applied to various types of network switching of the terminal, thereby improving the network switching efficiency of the terminal as a whole. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

1. 一种网络切换方法, 包括: A network switching method, comprising:
终端关联至当前网络后, 与检测到的目标网络进行预先身份认证; 所述预先身份认证成功后, 所述终端在预置条件满足时, 直接切换至所述 目标网络。  After the terminal is associated with the current network, the terminal performs pre-identification with the detected target network. After the pre-identification is successful, the terminal directly switches to the target network when the preset condition is met.
2. 根据权利要求 1所述的方法, 其中, 2. The method according to claim 1, wherein
所述当前网络包括以下之一: 无线局域网 WLAN网络、 非 WLAN网络; 所述目标网络包括以下之一: WLAN网络、 非 WLAN网络。  The current network includes one of the following: a wireless local area network WLAN network, a non-WLAN network; the target network includes one of the following: a WLAN network, a non-WLAN network.
3. 根据权利要求 2所述的方法, 其中, 所述终端与所述目标网络进行预先身份认 证包括: 3. The method according to claim 2, wherein the pre-identification of the terminal with the target network comprises:
所述终端调用用户识别模块 SIM或全球用户识别模块 USIM中的认证信息 通过所述当前网络建立所述终端与所述目标网络的身份认证过程。  The terminal invokes the authentication information in the user identification module SIM or the global subscriber identity module USIM to establish an identity authentication process of the terminal and the target network by using the current network.
4. 根据权利要求 3所述的方法, 其中, 当所述当前网络为 WLAN网络, 所述目标 网络为非 WLAN网络时, 所述终端调用 SIM或 USIM中的认证信息通过所述 当前网络建立所述终端与所述目标网络的身份认证过程包括: The method according to claim 3, wherein, when the current network is a WLAN network, and the target network is a non-WLAN network, the terminal invokes authentication information in the SIM or USIM through the current network establishment. The identity authentication process of the terminal and the target network includes:
所述终端与所述非 WLAN网络通过所述终端已关联的所述 WLAN网络的 接入点 AP传递所述认证信息;  The terminal and the non-WLAN network transmit the authentication information by using an access point AP of the WLAN network that the terminal has associated with;
所述 AP与所述非 WLAN网络通过所述非 WLAN网络的认证服务器与所 述 WLAN网络的远程身份验证用户拨入服务 RADIUS认证服务器之间的有线 网络传递密钥信息,其中,所述密钥信息的加密模式遵循所述 WLAN网络内部 SIM认证的传输协议。  Transmitting key information between the AP and the non-WLAN network through a wired network between an authentication server of the non-WLAN network and a remote authentication user of the WLAN network dialed into a serving RADIUS authentication server, where the key The encryption mode of the information follows the transmission protocol of the SIM authentication within the WLAN network.
5. 根据权利要求 4 所述的方法, 其中, 所述预置条件包括以下至少之一: 所述 WLAN网络的信号强度低于预置门限、 所述终端与所述 WLAN网络之间数据 传输的误帧率高于预置门限、所述终端与所述 WLAN网络之间数据传输的信噪 比低于预置门限、 检测到非 WLAN网络。 根据权利要求 3所述的方法, 其中, 当所述当前网络为非 WLAN网络, 所述目 标网络为 WLAN网络时, 所述终端调用 SIM或 USIM中的认证信息通过所述 当前网络建立所述终端与所述目标网络的身份认证过程包括: 5. The method according to claim 4, wherein the preset condition comprises at least one of: a signal strength of the WLAN network is lower than a preset threshold, and data transmission between the terminal and the WLAN network is performed. The frame error rate is higher than the preset threshold, and the signal to noise ratio of the data transmission between the terminal and the WLAN network is lower than a preset threshold, and a non-WLAN network is detected. The method according to claim 3, wherein, when the current network is a non-WLAN network, and the target network is a WLAN network, the terminal calls the authentication information in the SIM or the USIM to establish the terminal through the current network. The identity authentication process with the target network includes:
所述终端与所述 WLAN网络通过所述非 WLAN网络的认证服务器传递所 述认证信息;  Transmitting, by the terminal, the authentication information to the WLAN network by using an authentication server of the non-WLAN network;
所述非 WLAN网络与所述 WLAN网络通过所述非 WLAN网络的认证服务 器与所述 WLAN网络的 RADIUS认证服务器之间的有线网络传递密钥信息, 该 RADIUS认证服务器再将所述密钥信息传递给与该 RADIUS认证服务器相关 联的 AP, 其中, 所述密钥信息加密模式遵循所述非 WLAN网络与所述 WLAN 网络的 SIM认证传输协议。 根据权利要求 6所述的方法, 其中, 所述预置条件包括以下至少之一: 检测到 WLAN网络、 检测到的 WLAN网络的信号强度大于预置门限。 根据权利要求 4至 7中任一项所述的方法, 其中,  The non-WLAN network and the WLAN network transmit key information through a wired network between the authentication server of the non-WLAN network and the RADIUS authentication server of the WLAN network, and the RADIUS authentication server transmits the key information again An AP associated with the RADIUS authentication server, wherein the key information encryption mode follows a SIM authentication transmission protocol of the non-WLAN network and the WLAN network. The method according to claim 6, wherein the preset condition comprises at least one of the following: detecting a WLAN network, and detecting a signal strength of the WLAN network is greater than a preset threshold. The method according to any one of claims 4 to 7, wherein
所述认证信息包括: 生成认证密钥的源码、 密钥帧的成帧细节、 密钥帧的 校验、 密钥的完整性;  The authentication information includes: a source code for generating an authentication key, a framing detail of a key frame, a check of a key frame, and a integrity of the key;
所述密钥信息包括: 加密模式以及使用该加密模式加密后的认证信息, 其 中, 所述加密模式包括以下至少之一: 非加密模式、 有效等效保密 WEP协议 中的 RC4加密方式、 Wi-Fi保护接入 WPA协议中的临时密钥完整性协议 TKIP 加密方式、 WPA2协议中的高级加密标准 AES加密方式、无线局域网鉴别和保 密基础结构 WAPI协议中的无线局域网保密基础结构 WPI-SMS4加密方式。 一种网络切换装置, 包括:  The key information includes: an encryption mode and authentication information encrypted by using the encryption mode, wherein the encryption mode includes at least one of the following: an unencrypted mode, an RC4 encryption method in a valid equivalent secure WEP protocol, and a Wi- Fi protection access to the temporary key integrity protocol TKIP encryption method in the WPA protocol, the advanced encryption standard AES encryption method in the WPA2 protocol, the wireless local area network authentication and the privacy infrastructure WAPI protocol, the wireless local area network security infrastructure WPI-SMS4 encryption method . A network switching device includes:
预先认证模块, 设置为在所述终端关联至当前网络后, 与检测到的目标网 络进行预先身份认证;  a pre-authentication module, configured to perform pre-identification with the detected target network after the terminal is associated with the current network;
直接切换模块, 设置为在所述预先身份认证成功后, 预置条件满足时, 直 接将所述终端切换至所述目标网络。 根据权利要 9所述的装置, 其中,  The direct switching module is configured to directly switch the terminal to the target network when the preset condition is satisfied after the pre-authentication is successful. The device according to claim 9, wherein
所述当前网络包括以下之一: 无线局域网 WLAN网络、 非 WLAN网络; 所述目标网络包括以下之一: WLAN网络、 非 WLAN网络。  The current network includes one of the following: a wireless local area network WLAN network, a non-WLAN network; the target network includes one of the following: a WLAN network, a non-WLAN network.
PCT/CN2011/082329 2011-09-01 2011-11-17 Method and device for network handover WO2012151905A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110256553XA CN102970680A (en) 2011-09-01 2011-09-01 Method and device for network switching
CN201110256553.X 2011-09-01

Publications (1)

Publication Number Publication Date
WO2012151905A1 true WO2012151905A1 (en) 2012-11-15

Family

ID=47138701

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/082329 WO2012151905A1 (en) 2011-09-01 2011-11-17 Method and device for network handover

Country Status (2)

Country Link
CN (1) CN102970680A (en)
WO (1) WO2012151905A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743214A (en) * 2019-03-01 2019-05-10 致讯科技(天津)有限公司 A kind of message gateway exchange controller

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6225260B2 (en) * 2014-03-31 2017-11-01 ▲華▼▲為▼終端有限公司Huawei Device Co., Ltd. Method for accessing wireless fidelity (Wi-Fi) by user equipment and Wi-Fi access point
CN104469871A (en) * 2014-10-30 2015-03-25 宇龙计算机通信科技(深圳)有限公司 Communication network switching method and device
CN106161577B (en) * 2015-04-28 2019-01-18 李明 SIM card authentication method and system and mobile terminal based on cloud platform
CN109219044A (en) * 2017-07-06 2019-01-15 中兴通讯股份有限公司 Switching method, mobile terminal and the computer readable storage medium of wireless network
CN108712715B (en) * 2018-04-04 2020-08-21 天地融科技股份有限公司 Method for switching network by using Bluetooth hotspot
CN112105069B (en) * 2020-09-22 2023-04-28 云南电网有限责任公司电力科学研究院 Internet edge computing wireless network switching method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050122941A1 (en) * 2003-12-03 2005-06-09 Po-Chung Wu System and method for data communication handoff across heterogeneous wireless networks
US20100040016A1 (en) * 2008-08-15 2010-02-18 Kar-Wing Edward Lor Wireless Network Handoff Method and Mobile Device Using Same
WO2010077007A2 (en) * 2008-12-29 2010-07-08 Samsung Electronics Co., Ltd. Handover method of mobile terminal between heterogeneous networks
CN101828343A (en) * 2007-10-17 2010-09-08 Lg电子株式会社 Method for handover between heterogeneous radio access networks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050122941A1 (en) * 2003-12-03 2005-06-09 Po-Chung Wu System and method for data communication handoff across heterogeneous wireless networks
CN101828343A (en) * 2007-10-17 2010-09-08 Lg电子株式会社 Method for handover between heterogeneous radio access networks
US20100040016A1 (en) * 2008-08-15 2010-02-18 Kar-Wing Edward Lor Wireless Network Handoff Method and Mobile Device Using Same
WO2010077007A2 (en) * 2008-12-29 2010-07-08 Samsung Electronics Co., Ltd. Handover method of mobile terminal between heterogeneous networks

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743214A (en) * 2019-03-01 2019-05-10 致讯科技(天津)有限公司 A kind of message gateway exchange controller

Also Published As

Publication number Publication date
CN102970680A (en) 2013-03-13

Similar Documents

Publication Publication Date Title
US10716002B2 (en) Method and system for authenticating access in mobile wireless network system
US20220385445A1 (en) EMBEDDED UNIVERSAL INTEGRATED CIRCUIT CARD (eUICC) PROFILE CONTENT MANAGEMENT
AU2005236981B2 (en) Improved subscriber authentication for unlicensed mobile access signaling
EP2900006B1 (en) Method and system for securely accessing portable hotspot of smart phones
US9391776B2 (en) Method and system for authenticating peer devices using EAP
TWI420921B (en) Fast authentication between heterogeneous wireless networks
KR101438243B1 (en) Sim based authentication
US8595485B2 (en) Security management method and system for WAPI terminal accessing IMS network
WO2019019736A1 (en) Security implementation method, and related apparatus and system
EP2432265B1 (en) Method and apparatus for sending a key on a wireless local area network
US8881305B2 (en) Methods and apparatus for maintaining secure connections in a wireless communication network
JP4687788B2 (en) Wireless access system and wireless access method
WO2012151905A1 (en) Method and device for network handover
WO2006003859A1 (en) Communication handover method, communication message processing method, and communication control method
JP2005525740A (en) Seamless public wireless local area network user authentication
US10004017B2 (en) Switching method and switching system between heterogeneous networks
WO2009152749A1 (en) A binding authentication method, system and apparatus
KR20080086127A (en) A method and apparatus of security and authentication for mobile telecommunication system
JP6123035B1 (en) Protection of WLCP message exchange between TWAG and UE
CA2660581C (en) Method and system for authenticating peer devices using eap
US20110002272A1 (en) Communication apparatus and communication method
US8255976B2 (en) Prevention of a bidding-down attack in a communication system
Martinovic et al. Measurement and analysis of handover latencies in IEEE 802.11 i secured networks
CA2708898C (en) Methods and apparatus for maintaining secure connections in a wireless communication network
US8359470B1 (en) Increased security during network entry of wireless communication devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11865248

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11865248

Country of ref document: EP

Kind code of ref document: A1